Examples with AccessControlEntry org.opencastproject.security.api.AccessControlEntry used on opensource projects

Example 6 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class SolrIndexManager method setAuthorization.

/**
 * Adds authorization fields to the solr document.
 *
 * @param doc
 *          the solr document
 * @param acl
 *          the access control list
 */
static void setAuthorization(SolrInputDocument doc, SecurityService securityService, AccessControlList acl) {
    Map<String, List<String>> permissions = new HashMap<String, List<String>>();
    // Define containers for common permissions
    List<String> reads = new ArrayList<String>();
    permissions.put(READ.toString(), reads);
    List<String> writes = new ArrayList<String>();
    permissions.put(WRITE.toString(), writes);
    String adminRole = securityService.getOrganization().getAdminRole();
    // The admin user can read and write
    if (adminRole != null) {
        reads.add(adminRole);
        writes.add(adminRole);
    }
    for (AccessControlEntry entry : acl.getEntries()) {
        if (!entry.isAllow()) {
            logger.warn("Search service does not support denial via ACL, ignoring {}", entry);
            continue;
        }
        List<String> actionPermissions = permissions.get(entry.getAction());
        /*
       * MH-8353 a series could have a permission defined we don't know how to handle -DH
       */
        if (actionPermissions == null) {
            logger.warn("Search service doesn't know how to handle action: " + entry.getAction());
            continue;
        }
        if (acl == null) {
            actionPermissions = new ArrayList<String>();
            permissions.put(entry.getAction(), actionPermissions);
        }
        actionPermissions.add(entry.getRole());
    }
    // Write the permissions to the solr document
    for (Map.Entry<String, List<String>> entry : permissions.entrySet()) {
        Schema.setOcAcl(doc, new DField<String>(mkString(entry.getValue(), " "), entry.getKey()));
    }
}

Example 7 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class SearchServiceImplTest method testDeleteMediaPackage.

/**
 * Test removal from the search index.
 */
@Test
public void testDeleteMediaPackage() throws Exception {
    MediaPackage mediaPackage = getMediaPackage("/manifest-simple.xml");
    // Make sure our mocked ACL has the read and write permission
    acl.getEntries().add(new AccessControlEntry(ROLE_STUDENT, READ.toString(), true));
    acl.getEntries().add(new AccessControlEntry(ROLE_STUDENT, WRITE.toString(), true));
    // Add the media package to the search index
    Job job = service.add(mediaPackage);
    JobBarrier barrier = new JobBarrier(null, serviceRegistry, 1000, job);
    barrier.waitForJobs();
    // Now take the role away from the user
    userResponder.setResponse(userWithoutPermissions);
    Map<String, Integer> servers = new HashMap<String, Integer>();
    servers.put("http://localhost", 8080);
    organizationResponder.setResponse(new JaxbOrganization(DefaultOrganization.DEFAULT_ORGANIZATION_ID, DefaultOrganization.DEFAULT_ORGANIZATION_NAME, servers, DefaultOrganization.DEFAULT_ORGANIZATION_ADMIN, DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, null));
    // Try to delete it
    job = service.delete(mediaPackage.getIdentifier().toString());
    barrier = new JobBarrier(null, serviceRegistry, 1000, job);
    barrier.waitForJobs();
    assertEquals("Job to delete mediapackage did not finish", Job.Status.FINISHED, job.getStatus());
    assertEquals("Unauthorized user was able to delete a mediapackage", Boolean.FALSE.toString(), job.getPayload());
    // Second try with a "fixed" roleset
    User adminUser = new JaxbUser("admin", "test", defaultOrganization, new JaxbRole(defaultOrganization.getAdminRole(), defaultOrganization));
    userResponder.setResponse(adminUser);
    Date deletedDate = new Date();
    job = service.delete(mediaPackage.getIdentifier().toString());
    barrier = new JobBarrier(null, serviceRegistry, 1000, job);
    barrier.waitForJobs();
    assertEquals("Unauthorized user was able to delete a mediapackage", Job.Status.FINISHED, job.getStatus());
    // Now go back to the original security service and user
    userResponder.setResponse(defaultUser);
    organizationResponder.setResponse(defaultOrganization);
    SearchQuery q = new SearchQuery();
    q.includeEpisodes(true);
    q.includeSeries(false);
    q.withId("10.0000/1");
    assertEquals(0, service.getByQuery(q).size());
    // Clear the ID requirement
    q.withId(null);
    assertEquals(0, service.getByQuery(q).size());
    q = new SearchQuery();
    q.withDeletedSince(deletedDate);
    assertEquals(1, service.getByQuery(q).size());
}

Example 8 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class SeriesServiceImplTest method testACLEquality1.

@Test
public void testACLEquality1() {
    AccessControlList a = new AccessControlList(new AccessControlEntry("a", Permissions.Action.READ.toString(), true), new AccessControlEntry("b", Permissions.Action.WRITE.toString(), false));
    AccessControlList b = new AccessControlList(new AccessControlEntry("b", Permissions.Action.WRITE.toString(), false), new AccessControlEntry("a", Permissions.Action.READ.toString(), true));
    assertTrue(AccessControlUtil.equals(a, b));
}

Example 9 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class SeriesServiceImplTest method testACLEquality4.

@Test
public void testACLEquality4() {
    AccessControlList a = new AccessControlList(new AccessControlEntry("b", Permissions.Action.WRITE.toString(), false));
    AccessControlList b = new AccessControlList(new AccessControlEntry("b", Permissions.Action.WRITE.toString(), false), new AccessControlEntry("b", Permissions.Action.READ.toString(), false));
    assertFalse(AccessControlUtil.equals(a, b));
}

Example 10 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class SeriesServiceImplTest method testACLManagement.

@Test
public void testACLManagement() throws Exception {
    // sample access control list
    AccessControlList accessControlList = new AccessControlList();
    List<AccessControlEntry> acl = accessControlList.getEntries();
    acl.add(new AccessControlEntry("admin", "delete", true));
    try {
        seriesService.updateAccessControl("failid", accessControlList);
        Assert.fail("Should fail when adding ACL to nonexistent series,");
    } catch (NotFoundException e) {
    // expected
    }
    seriesService.updateSeries(testCatalog);
    seriesService.updateAccessControl(testCatalog.getFirst(DublinCore.PROPERTY_IDENTIFIER), accessControlList);
    AccessControlList retrievedACL = seriesService.getSeriesAccessControl(testCatalog.getFirst(DublinCore.PROPERTY_IDENTIFIER));
    Assert.assertNotNull(retrievedACL);
    acl = retrievedACL.getEntries();
    Assert.assertEquals(acl.size(), 1);
    Assert.assertEquals("admin", acl.get(0).getRole());
    acl = accessControlList.getEntries();
    acl.clear();
    acl.add(new AccessControlEntry("student", Permissions.Action.READ.toString(), true));
    seriesService.updateAccessControl(testCatalog.getFirst(DublinCore.PROPERTY_IDENTIFIER), accessControlList);
    retrievedACL = seriesService.getSeriesAccessControl(testCatalog.getFirst(DublinCore.PROPERTY_IDENTIFIER));
    Assert.assertNotNull(retrievedACL);
    acl = retrievedACL.getEntries();
    Assert.assertEquals(acl.size(), 1);
    Assert.assertEquals("student", acl.get(0).getRole());
}