Example 31 with ManagedAcl
use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.
the class AbstractEventEndpoint method getEventAccessInformation.
@GET
@Path("{eventId}/access.json")
@SuppressWarnings("unchecked")
@Produces(MediaType.APPLICATION_JSON)
@RestQuery(name = "getEventAccessInformation", description = "Get the access information of an event", returnDescription = "The access information", pathParameters = { @RestParameter(name = "eventId", isRequired = true, description = "The event identifier", type = RestParameter.Type.STRING) }, reponses = { @RestResponse(responseCode = SC_BAD_REQUEST, description = "The required form params were missing in the request."), @RestResponse(responseCode = SC_NOT_FOUND, description = "If the event has not been found."), @RestResponse(responseCode = SC_OK, description = "The access information ") })
public Response getEventAccessInformation(@PathParam("eventId") String eventId) throws Exception {
Opt<Event> optEvent = getIndexService().getEvent(eventId, getIndex());
if (optEvent.isNone())
return notFound("Cannot find an event with id '%s'.", eventId);
// Add all available ACLs to the response
JSONArray systemAclsJson = new JSONArray();
List<ManagedAcl> acls = getAclService().getAcls();
for (ManagedAcl acl : acls) {
systemAclsJson.add(AccessInformationUtil.serializeManagedAcl(acl));
}
// Get the episode ACL
final TransitionQuery q = TransitionQuery.query().withId(eventId).withScope(AclScope.Episode);
List<EpisodeACLTransition> episodeTransistions;
JSONArray transitionsJson = new JSONArray();
try {
episodeTransistions = getAclService().getTransitions(q).getEpisodeTransistions();
for (EpisodeACLTransition trans : episodeTransistions) {
transitionsJson.add(AccessInformationUtil.serializeEpisodeACLTransition(trans));
}
} catch (AclServiceException e) {
logger.error("There was an error while trying to get the ACL transitions for series '{}' from the ACL service: {}", eventId, ExceptionUtils.getStackTrace(e));
return RestUtil.R.serverError();
}
AccessControlList activeAcl = new AccessControlList();
try {
if (optEvent.get().getAccessPolicy() != null)
activeAcl = AccessControlParser.parseAcl(optEvent.get().getAccessPolicy());
} catch (Exception e) {
logger.error("Unable to parse access policy because: {}", ExceptionUtils.getStackTrace(e));
}
Option<ManagedAcl> currentAcl = AccessInformationUtil.matchAcls(acls, activeAcl);
JSONObject episodeAccessJson = new JSONObject();
episodeAccessJson.put("current_acl", currentAcl.isSome() ? currentAcl.get().getId() : 0L);
episodeAccessJson.put("acl", AccessControlParser.toJsonSilent(activeAcl));
episodeAccessJson.put("privileges", AccessInformationUtil.serializePrivilegesByRole(activeAcl));
episodeAccessJson.put("transitions", transitionsJson);
if (StringUtils.isNotBlank(optEvent.get().getWorkflowState()) && WorkflowUtil.isActive(WorkflowInstance.WorkflowState.valueOf(optEvent.get().getWorkflowState())))
episodeAccessJson.put("locked", true);
JSONObject jsonReturnObj = new JSONObject();
jsonReturnObj.put("episode_access", episodeAccessJson);
jsonReturnObj.put("system_acls", systemAclsJson);
return Response.ok(jsonReturnObj.toString()).build();
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
AclServiceException(org.opencastproject.authorization.xacml.manager.api.AclServiceException)
JSONArray(org.json.simple.JSONArray)
ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl)
SchedulerException(org.opencastproject.scheduler.api.SchedulerException)
WebApplicationException(javax.ws.rs.WebApplicationException)
EventCommentException(org.opencastproject.event.comment.EventCommentException)
JSONException(org.codehaus.jettison.json.JSONException)
JobEndpointException(org.opencastproject.adminui.exception.JobEndpointException)
SearchIndexException(org.opencastproject.matterhorn.search.SearchIndexException)
ParseException(java.text.ParseException)
IndexServiceException(org.opencastproject.index.service.exception.IndexServiceException)
UrlSigningException(org.opencastproject.security.urlsigning.exception.UrlSigningException)
AclServiceException(org.opencastproject.authorization.xacml.manager.api.AclServiceException)
UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)
NotFoundException(org.opencastproject.util.NotFoundException)
WorkflowDatabaseException(org.opencastproject.workflow.api.WorkflowDatabaseException)
WorkflowStateException(org.opencastproject.workflow.api.WorkflowStateException)
JSONObject(org.json.simple.JSONObject)
TransitionQuery(org.opencastproject.authorization.xacml.manager.api.TransitionQuery)
Event(org.opencastproject.index.service.impl.index.event.Event)
EpisodeACLTransition(org.opencastproject.authorization.xacml.manager.api.EpisodeACLTransition)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
RestQuery(org.opencastproject.util.doc.rest.RestQuery)
Example 32 with ManagedAcl
use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.
the class SeriesEndpoint method getSeriesAccessInformation.
@GET
@Path("{seriesId}/access.json")
@SuppressWarnings("unchecked")
@Produces(MediaType.APPLICATION_JSON)
@RestQuery(name = "getseriesaccessinformation", description = "Get the access information of a series", returnDescription = "The access information", pathParameters = { @RestParameter(name = "seriesId", isRequired = true, description = "The series identifier", type = Type.STRING) }, reponses = { @RestResponse(responseCode = SC_BAD_REQUEST, description = "The required form params were missing in the request."), @RestResponse(responseCode = SC_NOT_FOUND, description = "If the series has not been found."), @RestResponse(responseCode = SC_OK, description = "The access information ") })
public Response getSeriesAccessInformation(@PathParam("seriesId") String seriesId) throws NotFoundException {
if (StringUtils.isBlank(seriesId))
return RestUtil.R.badRequest("Path parameter series ID is missing");
boolean hasProcessingEvents = hasProcessingEvents(seriesId);
// Add all available ACLs to the response
JSONArray systemAclsJson = new JSONArray();
List<ManagedAcl> acls = getAclService().getAcls();
for (ManagedAcl acl : acls) {
systemAclsJson.add(AccessInformationUtil.serializeManagedAcl(acl));
}
final TransitionQuery q = TransitionQuery.query().withId(seriesId).withScope(AclScope.Series);
List<SeriesACLTransition> seriesTransistions;
JSONArray transitionsJson = new JSONArray();
try {
seriesTransistions = getAclService().getTransitions(q).getSeriesTransistions();
for (SeriesACLTransition trans : seriesTransistions) {
transitionsJson.add(AccessInformationUtil.serializeSeriesACLTransition(trans));
}
} catch (AclServiceException e) {
logger.error("There was an error while trying to get the ACL transitions for serie '{}' from the ACL service: {}", seriesId, e);
return RestUtil.R.serverError();
}
JSONObject seriesAccessJson = new JSONObject();
try {
AccessControlList seriesAccessControl = seriesService.getSeriesAccessControl(seriesId);
Option<ManagedAcl> currentAcl = AccessInformationUtil.matchAcls(acls, seriesAccessControl);
seriesAccessJson.put("current_acl", currentAcl.isSome() ? currentAcl.get().getId() : 0);
seriesAccessJson.put("privileges", AccessInformationUtil.serializePrivilegesByRole(seriesAccessControl));
seriesAccessJson.put("acl", AccessControlParser.toJsonSilent(seriesAccessControl));
seriesAccessJson.put("transitions", transitionsJson);
seriesAccessJson.put("locked", hasProcessingEvents);
} catch (SeriesException e) {
logger.error("Unable to get ACL from series {}: {}", seriesId, ExceptionUtils.getStackTrace(e));
return RestUtil.R.serverError();
}
JSONObject jsonReturnObj = new JSONObject();
jsonReturnObj.put("system_acls", systemAclsJson);
jsonReturnObj.put("series_access", seriesAccessJson);
return Response.ok(jsonReturnObj.toString()).build();
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
AclServiceException(org.opencastproject.authorization.xacml.manager.api.AclServiceException)
SeriesACLTransition(org.opencastproject.authorization.xacml.manager.api.SeriesACLTransition)
JSONObject(org.json.simple.JSONObject)
JSONArray(org.json.simple.JSONArray)
ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl)
TransitionQuery(org.opencastproject.authorization.xacml.manager.api.TransitionQuery)
SeriesException(org.opencastproject.series.api.SeriesException)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
RestQuery(org.opencastproject.util.doc.rest.RestQuery)
Example 33 with ManagedAcl
use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.
the class TestAclEndpoint method setupServices.
private void setupServices() {
final DefaultOrganization org = new DefaultOrganization();
AccessControlEntry ace1 = new AccessControlEntry("ROLE_ADMIN", "read", true);
AccessControlEntry ace2 = new AccessControlEntry("ROLE_ANONYMOUS", "read", true);
AccessControlEntry ace3 = new AccessControlEntry("ROLE_ADMIN", "read", false);
AccessControlEntry ace4 = new AccessControlEntry("ROLE_ANONYMOUS", "read", false);
AccessControlList publicAcl = new AccessControlList(ace1, ace2);
AccessControlList privateAcl = new AccessControlList(ace3, ace4);
List<ManagedAcl> managedAcls = new ArrayList<ManagedAcl>();
managedAcls.add(new ManagedAclImpl(1L, "public", org.getId(), publicAcl));
managedAcls.add(new ManagedAclImpl(2L, "private", org.getId(), privateAcl));
AclService aclService = EasyMock.createNiceMock(AclService.class);
EasyMock.expect(aclService.getAcls()).andReturn(managedAcls).anyTimes();
EasyMock.expect(aclService.getAcl(EasyMock.anyLong())).andReturn(Option.some(managedAcls.get(0))).anyTimes();
EasyMock.replay(aclService);
AclServiceFactory aclServiceFactory = EasyMock.createNiceMock(AclServiceFactory.class);
EasyMock.expect(aclServiceFactory.serviceFor(EasyMock.anyObject(Organization.class))).andReturn(aclService).anyTimes();
EasyMock.replay(aclServiceFactory);
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
EasyMock.expect(securityService.getOrganization()).andReturn(org).anyTimes();
EasyMock.replay(securityService);
this.setAclServiceFactory(aclServiceFactory);
this.setSecurityService(securityService);
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
AclServiceFactory(org.opencastproject.authorization.xacml.manager.api.AclServiceFactory)
SecurityService(org.opencastproject.security.api.SecurityService)
ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl)
ArrayList(java.util.ArrayList)
ManagedAclImpl(org.opencastproject.authorization.xacml.manager.impl.ManagedAclImpl)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
AclService(org.opencastproject.authorization.xacml.manager.api.AclService)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
Example 34 with ManagedAcl
use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.
the class SeriesMessageReceiverImpl method execute.
@Override
protected void execute(SeriesItem seriesItem) {
Series series = null;
String organization = getSecurityService().getOrganization().getId();
User user = getSecurityService().getUser();
switch(seriesItem.getType()) {
case UpdateCatalog:
logger.debug("Received Update Series for index {}", getSearchIndex().getIndexName());
DublinCoreCatalog dc = seriesItem.getMetadata();
String seriesId = dc.getFirst(DublinCoreCatalog.PROPERTY_IDENTIFIER);
// Load or create the corresponding series
try {
series = SeriesIndexUtils.getOrCreate(seriesId, organization, user, getSearchIndex());
series.setCreator(getSecurityService().getUser().getName());
SeriesIndexUtils.updateSeries(series, dc);
} catch (SearchIndexException e) {
logger.error("Error retrieving series {} from the search index: {}", seriesId, ExceptionUtils.getStackTrace(e));
return;
}
// Update the event series titles if they changed
try {
SeriesIndexUtils.updateEventSeriesTitles(series, organization, getSecurityService().getUser(), getSearchIndex());
} catch (SearchIndexException e) {
logger.error("Error updating the series name of series {} from the associated events: {}", series.getIdentifier(), ExceptionUtils.getStackTrace(e));
}
// Persist the series
update(seriesItem.getSeriesId(), series);
break;
case UpdateAcl:
logger.debug("Received Update Series ACL for index {}", getSearchIndex().getIndexName());
// Load or create the corresponding series
try {
series = SeriesIndexUtils.getOrCreate(seriesItem.getSeriesId(), organization, user, getSearchIndex());
List<ManagedAcl> acls = aclServiceFactory.serviceFor(getSecurityService().getOrganization()).getAcls();
Option<ManagedAcl> managedAcl = AccessInformationUtil.matchAcls(acls, seriesItem.getAcl());
if (managedAcl.isSome())
series.setManagedAcl(managedAcl.get().getName());
series.setAccessPolicy(AccessControlParser.toJsonSilent(seriesItem.getAcl()));
} catch (SearchIndexException e) {
logger.error("Error retrieving series {} from the search index: {}", seriesItem.getSeriesId(), ExceptionUtils.getStackTrace(e));
return;
}
// Persist the updated series
update(seriesItem.getSeriesId(), series);
break;
case UpdateOptOut:
logger.debug("Received update opt out status of series {} for index {}", seriesItem.getSeriesId(), getSearchIndex().getIndexName());
// Load or create the corresponding series
try {
series = SeriesIndexUtils.getOrCreate(seriesItem.getSeriesId(), organization, user, getSearchIndex());
series.setOptOut(seriesItem.getOptOut());
} catch (SearchIndexException e) {
logger.error("Error retrieving series {} from the search index: {}", seriesItem.getSeriesId(), ExceptionUtils.getStackTrace(e));
return;
}
// Persist the updated series
update(seriesItem.getSeriesId(), series);
break;
case UpdateProperty:
logger.debug("Received update property of series {} for index {}", seriesItem.getSeriesId(), getSearchIndex().getIndexName());
if (!THEME_PROPERTY_NAME.equals(seriesItem.getPropertyName()))
break;
// Load or create the corresponding series
try {
series = SeriesIndexUtils.getOrCreate(seriesItem.getSeriesId(), organization, user, getSearchIndex());
series.setTheme(Opt.nul(seriesItem.getPropertyValue()).bind(Strings.toLong).orNull());
} catch (SearchIndexException e) {
logger.error("Error retrieving series {} from the search index: {}", seriesItem.getSeriesId(), ExceptionUtils.getStackTrace(e));
return;
}
// Persist the updated series
update(seriesItem.getSeriesId(), series);
break;
case Delete:
logger.debug("Received Delete Series Event {} for index {}", seriesItem.getSeriesId(), getSearchIndex().getIndexName());
// Remove the series from the search index
try {
getSearchIndex().delete(Series.DOCUMENT_TYPE, seriesItem.getSeriesId().concat(organization));
logger.debug("Series {} removed from search index", seriesItem.getSeriesId());
} catch (SearchIndexException e) {
logger.error("Error deleting the series {} from the search index: {}", seriesItem.getSeriesId(), ExceptionUtils.getStackTrace(e));
return;
}
return;
case UpdateElement:
// nothing to do
break;
default:
throw new IllegalArgumentException("Unhandled type of SeriesItem");
}
}
Also used :
Series(org.opencastproject.index.service.impl.index.series.Series)
User(org.opencastproject.security.api.User)
SearchIndexException(org.opencastproject.matterhorn.search.SearchIndexException)
ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl)
DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog)
Example 35 with ManagedAcl
use of org.opencastproject.authorization.xacml.manager.api.ManagedAcl in project opencast by opencast.
the class WorkflowMessageReceiverImpl method execute.
@Override
protected void execute(WorkflowItem workflowItem) {
String organization = getSecurityService().getOrganization().getId();
User user = getSecurityService().getUser();
String eventId = null;
switch(workflowItem.getType()) {
case UpdateInstance:
logger.debug("Received Update Workflow instance Entry for index {}", getSearchIndex().getIndexName());
WorkflowInstance wf = workflowItem.getWorkflowInstance();
MediaPackage mp = wf.getMediaPackage();
eventId = mp.getIdentifier().toString();
// Load or create the corresponding recording event
Event event = null;
try {
event = getOrCreateEvent(eventId, organization, user, getSearchIndex());
event.setCreator(getSecurityService().getUser().getName());
event.setWorkflowId(wf.getId());
event.setWorkflowDefinitionId(wf.getTemplate());
event.setWorkflowState(wf.getState());
WorkflowInstance.WorkflowState state = wf.getState();
if (!(WorkflowInstance.WorkflowState.SUCCEEDED.equals(state) || WorkflowInstance.WorkflowState.FAILED.equals(state) || WorkflowInstance.WorkflowState.STOPPED.equals(state))) {
Tuple<AccessControlList, AclScope> activeAcl = authorizationService.getActiveAcl(mp);
List<ManagedAcl> acls = aclServiceFactory.serviceFor(getSecurityService().getOrganization()).getAcls();
Option<ManagedAcl> managedAcl = AccessInformationUtil.matchAcls(acls, activeAcl.getA());
if (managedAcl.isSome()) {
event.setManagedAcl(managedAcl.get().getName());
}
event.setAccessPolicy(AccessControlParser.toJsonSilent(activeAcl.getA()));
try {
Opt<DublinCoreCatalog> loadedDC = DublinCoreUtil.loadEpisodeDublinCore(workspace, mp);
if (loadedDC.isSome())
updateEvent(event, loadedDC.get());
} catch (Throwable t) {
logger.warn("Unable to load dublincore catalog for the workflow {}", wf.getId(), t);
}
}
updateEvent(event, mp);
} catch (SearchIndexException e) {
logger.error("Error retrieving the recording event from the search index: {}", e.getMessage());
return;
}
// Update series name if not already done
try {
EventIndexUtils.updateSeriesName(event, organization, user, getSearchIndex());
} catch (SearchIndexException e) {
logger.error("Error updating the series name of the event to index: {}", ExceptionUtils.getStackTrace(e));
}
// Persist the scheduling event
try {
getSearchIndex().addOrUpdate(event);
logger.debug("Workflow instance {} updated in the search index", event.getIdentifier());
} catch (SearchIndexException e) {
logger.error("Error retrieving the recording event from the search index: {}", e.getMessage());
return;
}
return;
case DeleteInstance:
logger.debug("Received Delete Workflow instance Entry {}", eventId);
eventId = workflowItem.getWorkflowInstance().getMediaPackage().getIdentifier().toString();
// Remove the Workflow instance entry from the search index
try {
getSearchIndex().deleteWorkflow(organization, user, eventId, workflowItem.getWorkflowInstanceId());
logger.debug("Workflow instance mediapackage {} removed from search index", eventId);
} catch (NotFoundException e) {
logger.warn("Workflow instance mediapackage {} not found for deletion", eventId);
} catch (SearchIndexException e) {
logger.error("Error deleting the Workflow instance entry {} from the search index: {}", eventId, ExceptionUtils.getStackTrace(e));
}
return;
case AddDefinition:
// TODO: Update the index with it as soon as the definition are part of it
return;
case DeleteDefinition:
// TODO: Update the index with it as soon as the definition are part of it
return;
default:
throw new IllegalArgumentException("Unhandled type of WorkflowItem");
}
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
User(org.opencastproject.security.api.User)
SearchIndexException(org.opencastproject.matterhorn.search.SearchIndexException)
ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl)
NotFoundException(org.opencastproject.util.NotFoundException)
AclScope(org.opencastproject.security.api.AclScope)
WorkflowInstance(org.opencastproject.workflow.api.WorkflowInstance)
MediaPackage(org.opencastproject.mediapackage.MediaPackage)
Event(org.opencastproject.index.service.impl.index.event.Event)
EventIndexUtils.getOrCreateEvent(org.opencastproject.index.service.impl.index.event.EventIndexUtils.getOrCreateEvent)
EventIndexUtils.updateEvent(org.opencastproject.index.service.impl.index.event.EventIndexUtils.updateEvent)
DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog)
Aggregations
ManagedAcl (org.opencastproject.authorization.xacml.manager.api.ManagedAcl)35
Test (org.junit.Test)18
AccessControlList (org.opencastproject.security.api.AccessControlList)16
Date (java.util.Date)12
SeriesACLTransition (org.opencastproject.authorization.xacml.manager.api.SeriesACLTransition)8
ArrayList (java.util.ArrayList)7
EpisodeACLTransition (org.opencastproject.authorization.xacml.manager.api.EpisodeACLTransition)7
NotFoundException (org.opencastproject.util.NotFoundException)7
File (java.io.File)5
Path (javax.ws.rs.Path)5
Produces (javax.ws.rs.Produces)5
RestQuery (org.opencastproject.util.doc.rest.RestQuery)5
TransitionQuery (org.opencastproject.authorization.xacml.manager.api.TransitionQuery)4
AclTransitionDbException (org.opencastproject.authorization.xacml.manager.impl.AclTransitionDbException)4
SearchIndexException (org.opencastproject.matterhorn.search.SearchIndexException)4
GET (javax.ws.rs.GET)3
WebApplicationException (javax.ws.rs.WebApplicationException)3
JSONObject (org.codehaus.jettison.json.JSONObject)3
ManagedAclImpl (org.opencastproject.authorization.xacml.manager.impl.ManagedAclImpl)3
Event (org.opencastproject.index.service.impl.index.event.Event)3
