Example 1 with AccessControlEntry
use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.
the class AssetManagerItemTest method testSerializeUpdate.
@Test
public void testSerializeUpdate() throws Exception {
final Workspace workspace = EasyMock.createNiceMock(Workspace.class);
EasyMock.expect(workspace.get(EasyMock.anyObject(URI.class))).andReturn(new File(getClass().getResource("/dublincore-a.xml").toURI())).once();
EasyMock.expect(workspace.read(EasyMock.anyObject(URI.class))).andAnswer(() -> getClass().getResourceAsStream("/dublincore-a.xml")).once();
EasyMock.replay(workspace);
final MediaPackage mp = MediaPackageBuilderFactory.newInstance().newMediaPackageBuilder().createNew();
mp.add(DublinCores.mkOpencastEpisode().getCatalog());
final AccessControlList acl = new AccessControlList(new AccessControlEntry("admin", "read", true));
final Date now = new Date();
final AssetManagerItem item = AssetManagerItem.add(workspace, mp, acl, 10L, now);
final AssetManagerItem deserialized = IoSupport.serializeDeserialize(item);
assertEquals(item.getDate(), deserialized.getDate());
assertEquals(item.getType(), deserialized.getType());
assertEquals(item.decompose(TakeSnapshot.getMediaPackage, null, null).getIdentifier(), deserialized.decompose(TakeSnapshot.getMediaPackage, null, null).getIdentifier());
assertEquals(item.decompose(TakeSnapshot.getAcl, null, null).getEntries(), deserialized.decompose(TakeSnapshot.getAcl, null, null).getEntries());
assertTrue(DublinCoreUtil.equals(item.decompose(TakeSnapshot.getEpisodeDublincore, null, null).get(), deserialized.decompose(TakeSnapshot.getEpisodeDublincore, null, null).get()));
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
MediaPackage(org.opencastproject.mediapackage.MediaPackage)
AssetManagerItem(org.opencastproject.message.broker.api.assetmanager.AssetManagerItem)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
File(java.io.File)
Date(java.util.Date)
Workspace(org.opencastproject.workspace.api.Workspace)
Test(org.junit.Test)
Example 2 with AccessControlEntry
use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.
the class IngestServiceImpl method setPublicAclIfEmpty.
private void setPublicAclIfEmpty(MediaPackage mp) {
AccessControlList activeAcl = authorizationService.getActiveAcl(mp).getA();
if (activeAcl.getEntries().size() == 0) {
String anonymousRole = securityService.getOrganization().getAnonymousRole();
activeAcl = new AccessControlList(new AccessControlEntry(anonymousRole, Permissions.Action.READ.toString(), true));
authorizationService.setAcl(mp, AclScope.Series, activeAcl);
}
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
Example 3 with AccessControlEntry
use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.
the class IngestServiceImpl method updateSeries.
/**
* Updates the persistent representation of a series based on a potentially modified dublin core document.
*
* @param uri
* the URI to the dublin core document containing series metadata.
* @return
* true, if the series is created or overwritten, false if the existing series remains intact.
*/
protected boolean updateSeries(URI uri) throws IOException, IngestException {
HttpResponse response = null;
InputStream in = null;
boolean isUpdated = false;
try {
HttpGet getDc = new HttpGet(uri);
response = httpClient.execute(getDc);
in = response.getEntity().getContent();
DublinCoreCatalog dc = dublinCoreService.load(in);
String id = dc.getFirst(DublinCore.PROPERTY_IDENTIFIER);
if (id == null) {
logger.warn("Series dublin core document contains no identifier, rejecting ingested series cagtalog.");
} else {
try {
try {
seriesService.getSeries(id);
if (isOverwriteSeries) {
// Update existing series
seriesService.updateSeries(dc);
isUpdated = true;
logger.debug("Ingest is overwriting the existing series {} with the ingested series", id);
} else {
logger.debug("Series {} already exists. Ignoring series catalog from ingest.", id);
}
} catch (NotFoundException e) {
logger.info("Creating new series {} with default ACL", id);
seriesService.updateSeries(dc);
isUpdated = true;
String anonymousRole = securityService.getOrganization().getAnonymousRole();
AccessControlList acl = new AccessControlList(new AccessControlEntry(anonymousRole, "read", true));
seriesService.updateAccessControl(id, acl);
}
} catch (Exception e) {
throw new IngestException(e);
}
}
in.close();
} catch (IOException e) {
logger.error("Error updating series from DublinCoreCatalog: {}", e.getMessage());
} finally {
IOUtils.closeQuietly(in);
httpClient.close(response);
}
return isUpdated;
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
ProgressInputStream(org.opencastproject.util.ProgressInputStream)
ZipArchiveInputStream(org.apache.commons.compress.archivers.zip.ZipArchiveInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpResponse(org.apache.http.HttpResponse)
NotFoundException(org.opencastproject.util.NotFoundException)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
IngestException(org.opencastproject.ingest.api.IngestException)
IOException(java.io.IOException)
DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog)
SchedulerException(org.opencastproject.scheduler.api.SchedulerException)
ServiceRegistryException(org.opencastproject.serviceregistry.api.ServiceRegistryException)
IngestException(org.opencastproject.ingest.api.IngestException)
HandleException(org.opencastproject.mediapackage.identifier.HandleException)
ConfigurationException(org.opencastproject.util.ConfigurationException)
IOException(java.io.IOException)
JDOMException(org.jdom.JDOMException)
WorkflowException(org.opencastproject.workflow.api.WorkflowException)
MediaPackageException(org.opencastproject.mediapackage.MediaPackageException)
UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)
NotFoundException(org.opencastproject.util.NotFoundException)
WorkflowDatabaseException(org.opencastproject.workflow.api.WorkflowDatabaseException)
Example 4 with AccessControlEntry
use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.
the class AccessInformationUtil method serializePrivilegesByRole.
/**
* Serialize a {@link AccessControlList} as {@link JSONObject}. The JSON structure will look like this
*
* <pre>
* {
* "ROLE_STUDENT": {
* "read": true,
* "write": false
* },
* "ROLE_TEACHER": {
* "read": true,
* "write": true
* }
* }
* </pre>
*
* @param acl
* the access control list to serialize
* @return the acl as JSON object
* @throws IllegalArgumentException
* if the <code>acl</code> parameter is null
*/
public static JSONObject serializePrivilegesByRole(AccessControlList acl) {
if (acl == null)
throw new IllegalArgumentException("The parameter trans must not be null");
Map<String, JSONObject> privilegesByRole = new HashMap<String, JSONObject>();
for (AccessControlEntry entry : acl.getEntries()) {
JSONObject rolePrivileges;
if (privilegesByRole.containsKey(entry.getRole())) {
rolePrivileges = privilegesByRole.get(entry.getRole());
} else {
rolePrivileges = new JSONObject();
privilegesByRole.put(entry.getRole(), rolePrivileges);
}
try {
rolePrivileges.put(entry.getAction(), entry.isAllow());
} catch (JSONException e) {
// This should never happen, because the key is never null
logger.error("An unexpected error occured:", e);
}
}
JSONObject privilegesJson = new JSONObject();
for (Entry<String, JSONObject> privilege : privilegesByRole.entrySet()) {
try {
privilegesJson.put(privilege.getKey(), privilege.getValue());
} catch (JSONException e) {
// This should never happen, because the key is never null
logger.error("An unexpected error occured:", e);
}
}
return privilegesJson;
}
Also used :
JSONObject(org.codehaus.jettison.json.JSONObject)
HashMap(java.util.HashMap)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
JSONException(org.codehaus.jettison.json.JSONException)
Example 5 with AccessControlEntry
use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.
the class SeriesServiceSolrIndex method updateSecurityPolicy.
@Override
public void updateSecurityPolicy(String seriesId, AccessControlList accessControl) throws NotFoundException, SeriesServiceDatabaseException {
if (accessControl == null) {
logger.warn("Access control parameter is null: skipping update for series '{}'", seriesId);
return;
}
SolrDocument seriesDoc = getSolrDocumentByID(seriesId);
if (seriesDoc == null) {
logger.debug("No series with ID " + seriesId + " found.");
throw new NotFoundException("Series with ID " + seriesId + " was not found.");
}
String serializedAC;
try {
serializedAC = AccessControlParser.toXml(accessControl);
} catch (Exception e) {
logger.error("Could not parse access control parameter: {}", e.getMessage());
throw new SeriesServiceDatabaseException(e);
}
final SolrInputDocument inputDoc = ClientUtils.toSolrInputDocument(seriesDoc);
inputDoc.setField(SolrFields.ACCESS_CONTROL_KEY, serializedAC);
inputDoc.removeField(SolrFields.ACCESS_CONTROL_CONTRIBUTE);
inputDoc.removeField(SolrFields.ACCESS_CONTROL_EDIT);
inputDoc.removeField(SolrFields.ACCESS_CONTROL_READ);
for (AccessControlEntry ace : accessControl.getEntries()) {
if (Permissions.Action.CONTRIBUTE.toString().equals(ace.getAction()) && ace.isAllow()) {
inputDoc.addField(SolrFields.ACCESS_CONTROL_CONTRIBUTE, ace.getRole());
} else if (Permissions.Action.WRITE.toString().equals(ace.getAction()) && ace.isAllow()) {
inputDoc.addField(SolrFields.ACCESS_CONTROL_EDIT, ace.getRole());
} else if (Permissions.Action.READ.toString().equals(ace.getAction()) && ace.isAllow()) {
inputDoc.addField(SolrFields.ACCESS_CONTROL_READ, ace.getRole());
}
}
if (synchronousIndexing) {
try {
synchronized (solrServer) {
solrServer.add(inputDoc);
solrServer.commit();
}
} catch (Exception e) {
throw new SeriesServiceDatabaseException("Unable to index ACL", e);
}
} else {
indexingExecutor.submit(new Runnable() {
@Override
public void run() {
try {
synchronized (solrServer) {
solrServer.add(inputDoc);
solrServer.commit();
}
} catch (Exception e) {
logger.warn("Unable to index ACL for series {}: {}", inputDoc.getFieldValue(SolrFields.COMPOSITE_ID_KEY), e.getMessage());
}
}
});
}
}
Also used :
SolrInputDocument(org.apache.solr.common.SolrInputDocument)
SolrDocument(org.apache.solr.common.SolrDocument)
SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException)
NotFoundException(org.opencastproject.util.NotFoundException)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
SolrServerException(org.apache.solr.client.solrj.SolrServerException)
SeriesException(org.opencastproject.series.api.SeriesException)
SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException)
NotFoundException(org.opencastproject.util.NotFoundException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
Aggregations
AccessControlEntry (org.opencastproject.security.api.AccessControlEntry)38
AccessControlList (org.opencastproject.security.api.AccessControlList)30
Test (org.junit.Test)18
MediaPackage (org.opencastproject.mediapackage.MediaPackage)12
ArrayList (java.util.ArrayList)10
HashMap (java.util.HashMap)7
Job (org.opencastproject.job.api.Job)6
JaxbRole (org.opencastproject.security.api.JaxbRole)6
JobBarrier (org.opencastproject.job.api.JobBarrier)5
JaxbUser (org.opencastproject.security.api.JaxbUser)5
Date (java.util.Date)4
List (java.util.List)4
Map (java.util.Map)4
SearchQuery (org.opencastproject.search.api.SearchQuery)4
AuthorizationService (org.opencastproject.security.api.AuthorizationService)4
DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)4
SecurityService (org.opencastproject.security.api.SecurityService)4
User (org.opencastproject.security.api.User)4
NotFoundException (org.opencastproject.util.NotFoundException)4
File (java.io.File)3
