Examples with ManagedAcl org.opencastproject.authorization.xacml.manager.api.ManagedAcl used on opensource projects

Example 11 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class AclListProvider method getList.

@Override
public Map<String, String> getList(String listName, ResourceListQuery query, Organization organization) {
    Map<String, String> aclsList = new HashMap<String, String>();
    List<ManagedAcl> acls = aclServiceFactory.serviceFor(organization).getAcls();
    for (ManagedAcl a : acls) {
        if (ID.equals(listName)) {
            aclsList.put(a.getId().toString(), a.getId().toString());
        } else if (NAME.equals(listName)) {
            aclsList.put(a.getName(), a.getName());
        } else {
            aclsList.put(a.getId().toString(), a.getName());
        }
    }
    return ListProviderUtil.filterMap(aclsList, query);
}

Example 12 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class AssetManagerMessageReceiverImpl method handleMessage.

/**
 * Handle an update message.
 */
private void handleMessage(TakeSnapshot msg) {
    logger.debug("Received AssetManager take snapshot message");
    final MediaPackage mp = msg.getMediapackage();
    final Opt<DublinCoreCatalog> episodeDublincore = msg.getEpisodeDublincore();
    final String organization = getSecurityService().getOrganization().getId();
    final User user = getSecurityService().getUser();
    // Load or create the corresponding recording event
    final Event event;
    try {
        event = getOrCreateEvent(mp.getIdentifier().toString(), organization, user, getSearchIndex());
        final AccessControlList acl = msg.getAcl();
        List<ManagedAcl> acls = aclServiceFactory.serviceFor(getSecurityService().getOrganization()).getAcls();
        for (final ManagedAcl managedAcl : AccessInformationUtil.matchAcls(acls, acl)) {
            event.setManagedAcl(managedAcl.getName());
        }
        event.setAccessPolicy(AccessControlParser.toJsonSilent(acl));
        event.setArchiveVersion(msg.getVersion());
        if (isBlank(event.getCreator()))
            event.setCreator(getSecurityService().getUser().getName());
        updateEvent(event, mp);
        if (episodeDublincore.isSome()) {
            updateEvent(event, episodeDublincore.get());
        }
    } catch (SearchIndexException e) {
        logger.error("Error retrieving the recording event from the search index: {}", e.getMessage());
        return;
    }
    // Update series name if not already done
    try {
        EventIndexUtils.updateSeriesName(event, organization, user, getSearchIndex());
    } catch (SearchIndexException e) {
        logger.error("Error updating the series name of the event to index: {}", ExceptionUtils.getStackTrace(e));
    }
    // Persist the scheduling event
    try {
        getSearchIndex().addOrUpdate(event);
        logger.debug("Asset manager entry {} updated in the admin ui search index", event.getIdentifier());
    } catch (SearchIndexException e) {
        logger.error("Error retrieving the recording event from the search index: {}", e.getMessage());
    }
}

Example 13 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class AclEndpoint method getAclsAsJson.

@GET
@Path("acls.json")
@Produces(MediaType.APPLICATION_JSON)
@RestQuery(name = "allaclasjson", description = "Returns a list of acls", returnDescription = "Returns a JSON representation of the list of acls available the current user's organization", restParameters = { @RestParameter(name = "filter", isRequired = false, description = "The filter used for the query. They should be formated like that: 'filter1:value1,filter2:value2'", type = STRING), @RestParameter(name = "sort", isRequired = false, description = "The sort order. May include any of the following: NAME. Add '_DESC' to reverse the sort order (e.g. NAME_DESC).", type = STRING), @RestParameter(defaultValue = "100", description = "The maximum number of items to return per page.", isRequired = false, name = "limit", type = RestParameter.Type.STRING), @RestParameter(defaultValue = "0", description = "The page number.", isRequired = false, name = "offset", type = RestParameter.Type.STRING) }, reponses = { @RestResponse(responseCode = SC_OK, description = "The list of ACL's has successfully been returned") })
public Response getAclsAsJson(@QueryParam("filter") String filter, @QueryParam("sort") String sort, @QueryParam("offset") int offset, @QueryParam("limit") int limit) throws IOException {
    if (limit < 1)
        limit = 100;
    Opt<String> optSort = Opt.nul(trimToNull(sort));
    Option<String> filterName = Option.none();
    Option<String> filterText = Option.none();
    Map<String, String> filters = RestUtils.parseFilter(filter);
    for (String name : filters.keySet()) {
        String value = filters.get(name);
        if (AclsListQuery.FILTER_NAME_NAME.equals(name)) {
            filterName = Option.some(value);
        } else if ((AclsListQuery.FILTER_TEXT_NAME.equals(name)) && (StringUtils.isNotBlank(value))) {
            filterText = Option.some(value);
        }
    }
    // Filter acls by filter criteria
    List<ManagedAcl> filteredAcls = new ArrayList<>();
    for (ManagedAcl acl : aclService().getAcls()) {
        // Filter list
        if ((filterName.isSome() && !filterName.get().equals(acl.getName())) || (filterText.isSome() && !TextFilter.match(filterText.get(), acl.getName()))) {
            continue;
        }
        filteredAcls.add(acl);
    }
    int total = filteredAcls.size();
    // Sort by name, description or role
    if (optSort.isSome()) {
        final Set<SortCriterion> sortCriteria = RestUtils.parseSortQueryParameter(optSort.get());
        Collections.sort(filteredAcls, new Comparator<ManagedAcl>() {

            @Override
            public int compare(ManagedAcl acl1, ManagedAcl acl2) {
                for (SortCriterion criterion : sortCriteria) {
                    Order order = criterion.getOrder();
                    switch(criterion.getFieldName()) {
                        case "name":
                            if (order.equals(Order.Descending))
                                return ObjectUtils.compare(acl2.getName(), acl1.getName());
                            return ObjectUtils.compare(acl1.getName(), acl2.getName());
                        default:
                            logger.info("Unkown sort type: {}", criterion.getFieldName());
                            return 0;
                    }
                }
                return 0;
            }
        });
    }
    // Apply Limit and offset
    List<JValue> aclJSON = Stream.$(filteredAcls).drop(offset).apply(limit > 0 ? StreamOp.<ManagedAcl>id().take(limit) : StreamOp.<ManagedAcl>id()).map(fullManagedAcl).toList();
    return okJsonList(aclJSON, offset, limit, total);
}

Example 14 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class AclEndpoint method createAcl.

@POST
@Path("")
@Produces(MediaType.APPLICATION_JSON)
@RestQuery(name = "createacl", description = "Create an ACL", returnDescription = "Create an ACL", restParameters = { @RestParameter(name = "name", isRequired = true, description = "The ACL name", type = STRING), @RestParameter(name = "acl", isRequired = true, description = "The access control list", type = STRING) }, reponses = { @RestResponse(responseCode = SC_OK, description = "The ACL has successfully been added"), @RestResponse(responseCode = SC_CONFLICT, description = "An ACL with the same name already exists"), @RestResponse(responseCode = SC_BAD_REQUEST, description = "Unable to parse the ACL") })
public Response createAcl(@FormParam("name") String name, @FormParam("acl") String accessControlList) {
    final AccessControlList acl = parseAcl.apply(accessControlList);
    final Opt<ManagedAcl> managedAcl = aclService().createAcl(acl, name).toOpt();
    if (managedAcl.isNone()) {
        logger.info("An ACL with the same name '{}' already exists", name);
        throw new WebApplicationException(Response.Status.CONFLICT);
    }
    return RestUtils.okJson(full(managedAcl.get()));
}

Example 15 with ManagedAcl

use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.

the class JpaAclDbTest method testProvider.

@Test
public void testProvider() {
    // 
    // add ACL to org1
    final AccessControlList publicAcl = acl(entry("anonymous", "read", true));
    final Option<ManagedAcl> acl = p.createAcl(org1, publicAcl, "public");
    assertTrue(acl.isSome());
    assertTrue(p.getAcl(org1, acl.get().getId()).isSome());
    // ACL should not be visible for org2
    assertTrue(p.getAcl(org2, acl.get().getId()).isNone());
    // create duplicate which should be denied
    assertTrue(p.createAcl(org1, publicAcl, "public").isNone());
    // 
    // add another ACL to org1
    p.createAcl(org1, acl(entries("instructor", tuple("read", true), tuple("write", true))), "instructor");
    assertEquals(2, p.getAcls(org1).size());
    // org2 should still have no ACLs
    assertEquals(0, p.getAcls(org2).size());
    // 
    // add same ACL to org2
    p.createAcl(org2, publicAcl, "public");
    assertEquals(1, p.getAcls(org2).size());
    assertEquals(2, p.getAcls(org1).size());
    // 
    // update
    final ManagedAcl org1Acl = acl.get();
    // update with new ACL
    assertTrue(p.updateAcl(new ManagedAclImpl(org1Acl.getId(), org1Acl.getName(), org1Acl.getOrganizationId(), acl(entry("anonymous", "write", true)))));
    assertEquals("write", p.getAcl(org1, org1Acl.getId()).get().getAcl().getEntries().get(0).getAction());
    // update with new name
    final ManagedAcl org1AclUpdated = new ManagedAclImpl(org1Acl.getId(), "public2", org1Acl.getOrganizationId(), org1Acl.getAcl());
    assertTrue(p.updateAcl(org1AclUpdated));
    assertEquals("public2", p.getAcl(org1, org1AclUpdated.getId()).get().getName());
    // try to update a non-existing ACL
    assertFalse(p.updateAcl(new ManagedAclImpl(27427492384723L, "public2", org1.getId(), org1Acl.getAcl())));
    assertEquals(2, p.getAcls(org1).size());
    // update without any update
    assertTrue(p.updateAcl(org1AclUpdated));
    assertEquals(2, p.getAcls(org1).size());
    // try to update an ACL of a different org
    assertFalse(p.updateAcl(new ManagedAclImpl(org1Acl.getId(), "bla", org2.getId(), org1Acl.getAcl())));
    // 
    // delete
    assertTrue(p.deleteAcl(org1, org1Acl.getId()));
    assertEquals(1, p.getAcls(org1).size());
    // try to delete a non-existing ACL
    assertFalse(p.deleteAcl(org1, 894892374923L));
    // try to delete an ACL of a different org
    assertFalse(p.deleteAcl(org2, org1Acl.getId()));
    assertEquals(1, p.getAcls(org2).size());
}