Example 36 with AccessControlEntry
use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.
the class SchedulerUtilTest method testCalculateChecksum.
@Test
public void testCalculateChecksum() throws Exception {
String extendedFlavorType = "extended";
DublinCoreCatalog dc = SchedulerServiceImplTest.generateExtendedEvent(Opt.<String>none(), extendedFlavorType);
FileUtils.writeStringToFile(workspaceFile, dc.toXmlString(), "UTF-8");
List<MediaPackageElementFlavor> catalogAdapterFlavors = new ArrayList<>();
catalogAdapterFlavors.add(new MediaPackageElementFlavor(extendedFlavorType, "episode"));
AccessControlList acl = new AccessControlList(new AccessControlEntry("ROLE_ADMIN", "write", true));
Date start = new Date(DateTimeSupport.fromUTC("2008-03-16T14:00:00Z"));
Date end = new Date(DateTimeSupport.fromUTC("2008-03-16T15:00:00Z"));
String captureDeviceID = "demo";
String seriesId = "series1";
Set<String> userIds = new HashSet<>();
userIds.add("user2");
userIds.add("user1");
MediaPackage mp = SchedulerServiceImplTest.generateEvent(Opt.<String>none());
mp.setSeries(seriesId);
DublinCoreCatalog event = SchedulerServiceImplTest.generateEvent(captureDeviceID, start, end);
event.set(PROPERTY_CREATED, EncodingSchemeUtils.encodeDate(start, Precision.Minute));
String catalogId = UUID.randomUUID().toString();
MediaPackageElement catalog = mp.add(new URI("location" + catalogId), Type.Catalog, event.getFlavor());
catalog.setIdentifier(catalogId);
String extendedCatalogId = UUID.randomUUID().toString();
MediaPackageElement extendedCatalog = mp.add(new URI("location" + extendedCatalogId), Type.Catalog, dc.getFlavor());
extendedCatalog.setIdentifier(extendedCatalogId);
Map<String, String> caProperties = SchedulerServiceImplTest.generateCaptureAgentMetadata("demo");
Map<String, String> wfProperties = new HashMap<String, String>();
wfProperties.put("test", "true");
wfProperties.put("clear", "all");
String expectedChecksum = "91f54dbcb65d2759e79f1da9edce7915";
String checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertEquals(expectedChecksum, checksum);
// change start date
start = new Date();
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertNotEquals(expectedChecksum, checksum);
// change end date
start = new Date(DateTimeSupport.fromUTC("2008-03-16T14:00:00Z"));
end = new Date();
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertNotEquals(expectedChecksum, checksum);
// change device
end = new Date(DateTimeSupport.fromUTC("2008-03-16T15:00:00Z"));
captureDeviceID = "demo1";
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertNotEquals(expectedChecksum, checksum);
// change users
captureDeviceID = "demo";
userIds.add("test");
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertNotEquals(expectedChecksum, checksum);
// change episode dublincore
userIds.remove("test");
catalog.setChecksum(null);
event.set(PROPERTY_CREATED, EncodingSchemeUtils.encodeDate(end, Precision.Minute));
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertNotEquals(expectedChecksum, checksum);
// change extended dublincore
catalog.setChecksum(null);
event.set(PROPERTY_CREATED, EncodingSchemeUtils.encodeDate(start, Precision.Minute));
extendedCatalog.setChecksum(null);
dc.set(PROPERTY_CREATED, EncodingSchemeUtils.encodeDate(start, Precision.Minute));
FileUtils.writeStringToFile(workspaceFile, dc.toXmlString(), "UTF-8");
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertNotEquals(expectedChecksum, checksum);
// change wf properties
extendedCatalog.setChecksum(null);
dc.remove(PROPERTY_CREATED);
FileUtils.writeStringToFile(workspaceFile, dc.toXmlString(), "UTF-8");
wfProperties.put("change", "change");
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertNotEquals(expectedChecksum, checksum);
// change ca properties
wfProperties.remove("change");
caProperties.put("change", "change");
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertNotEquals(expectedChecksum, checksum);
// change opt out status
caProperties.remove("change");
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, true, acl);
Assert.assertNotEquals(expectedChecksum, checksum);
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, acl);
Assert.assertEquals(expectedChecksum, checksum);
// change access control list
checksum = SchedulerUtil.calculateChecksum(workspace, catalogAdapterFlavors, start, end, captureDeviceID, userIds, mp, Opt.some(event), wfProperties, caProperties, false, new AccessControlList(new AccessControlEntry("ROLE_ADMIN", "write", false)));
Assert.assertNotEquals(expectedChecksum, checksum);
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
MediaPackageElementFlavor(org.opencastproject.mediapackage.MediaPackageElementFlavor)
URI(java.net.URI)
Date(java.util.Date)
MediaPackageElement(org.opencastproject.mediapackage.MediaPackageElement)
MediaPackage(org.opencastproject.mediapackage.MediaPackage)
DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 37 with AccessControlEntry
use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.
the class SearchServicePersistenceTest method setUp.
/**
* @throws java.lang.Exception
*/
@Before
public void setUp() throws Exception {
securityService = EasyMock.createNiceMock(SecurityService.class);
DefaultOrganization defaultOrganization = new DefaultOrganization();
User user = new JaxbUser("admin", "test", defaultOrganization, new JaxbRole(SecurityConstants.GLOBAL_ADMIN_ROLE, defaultOrganization));
EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
EasyMock.replay(securityService);
searchDatabase = new SearchServiceDatabaseImpl();
searchDatabase.setEntityManagerFactory(newTestEntityManagerFactory(SearchServiceDatabaseImpl.PERSISTENCE_UNIT));
searchDatabase.setSecurityService(securityService);
searchDatabase.activate(null);
mediaPackage = MediaPackageBuilderFactory.newInstance().newMediaPackageBuilder().createNew();
accessControlList = new AccessControlList();
List<AccessControlEntry> acl = accessControlList.getEntries();
acl.add(new AccessControlEntry("admin", Permissions.Action.WRITE.toString(), true));
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
JaxbRole(org.opencastproject.security.api.JaxbRole)
SecurityService(org.opencastproject.security.api.SecurityService)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
JaxbUser(org.opencastproject.security.api.JaxbUser)
DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)
Before(org.junit.Before)
Example 38 with AccessControlEntry
use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.
the class WorkflowServiceImplAuthzTest method testWorkflowWithSecurityPolicy.
@Test
public void testWorkflowWithSecurityPolicy() throws Exception {
// Create an ACL for the authorization service to return
AccessControlList acl = new AccessControlList();
acl.getEntries().add(new AccessControlEntry("ROLE_INSTRUCTOR", Permissions.Action.READ.toString(), true));
acl.getEntries().add(new AccessControlEntry("ROLE_INSTRUCTOR", Permissions.Action.WRITE.toString(), true));
// Mock up an authorization service that always returns "true" for hasPermission()
AuthorizationService authzService = EasyMock.createNiceMock(AuthorizationService.class);
EasyMock.expect(authzService.getActiveAcl((MediaPackage) EasyMock.anyObject())).andReturn(Tuple.tuple(acl, AclScope.Series)).anyTimes();
EasyMock.expect(authzService.hasPermission((MediaPackage) EasyMock.anyObject(), (String) EasyMock.anyObject())).andReturn(true).anyTimes();
EasyMock.replay(authzService);
service.setAuthorizationService(authzService);
dao.setAuthorizationService(authzService);
// Create the workflow and its dependent object graph
WorkflowDefinitionImpl def = new WorkflowDefinitionImpl();
def.add(new WorkflowOperationDefinitionImpl("op1", "op1", null, true));
MediaPackage mp = MediaPackageBuilderFactory.newInstance().newMediaPackageBuilder().createNew();
// As an instructor, create a workflow. We don't care if it passes or fails. We just care about access to it.
userResponder.setResponse(instructor1);
WorkflowInstance workflow = service.start(def, mp);
service.suspend(workflow.getId());
// Ensure that this instructor can access the workflow
try {
service.getWorkflowById(workflow.getId());
assertEquals(1, service.countWorkflowInstances());
} catch (Exception e) {
fail(e.getMessage());
}
// Ensure the organization admin can access that workflow
userResponder.setResponse(DEFAULT_ORG_ADMIN);
try {
service.getWorkflowById(workflow.getId());
assertEquals(1, service.countWorkflowInstances());
} catch (Exception e) {
fail(e.getMessage());
}
// Ensure the global admin can access that workflow
userResponder.setResponse(globalAdmin);
try {
service.getWorkflowById(workflow.getId());
assertEquals(1, service.countWorkflowInstances());
} catch (Exception e) {
fail(e.getMessage());
}
// Ensure the other instructor from this organization can also see the workflow, since this is specified in the
// security policy
userResponder.setResponse(instructor2);
try {
service.getWorkflowById(workflow.getId());
assertEquals(1, service.countWorkflowInstances());
} catch (Exception e) {
fail(e.getMessage());
}
// TODO change to answer show in episode or series how to do it. Cool stuff
// Ensure the instructor from a different org can not see the workflow, even though they share the same role
organizationResponder.setResponse(otherOrganization);
userResponder.setResponse(instructorFromDifferentOrg);
try {
service.getWorkflowById(workflow.getId());
fail();
} catch (Exception e) {
// expected
}
assertEquals(0, service.countWorkflowInstances());
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
WorkflowOperationDefinitionImpl(org.opencastproject.workflow.api.WorkflowOperationDefinitionImpl)
WorkflowDefinitionImpl(org.opencastproject.workflow.api.WorkflowDefinitionImpl)
AuthorizationService(org.opencastproject.security.api.AuthorizationService)
MediaPackage(org.opencastproject.mediapackage.MediaPackage)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
WorkflowInstance(org.opencastproject.workflow.api.WorkflowInstance)
UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)
Test(org.junit.Test)
Aggregations
AccessControlEntry (org.opencastproject.security.api.AccessControlEntry)38
AccessControlList (org.opencastproject.security.api.AccessControlList)30
Test (org.junit.Test)18
MediaPackage (org.opencastproject.mediapackage.MediaPackage)12
ArrayList (java.util.ArrayList)10
HashMap (java.util.HashMap)7
Job (org.opencastproject.job.api.Job)6
JaxbRole (org.opencastproject.security.api.JaxbRole)6
JobBarrier (org.opencastproject.job.api.JobBarrier)5
JaxbUser (org.opencastproject.security.api.JaxbUser)5
Date (java.util.Date)4
List (java.util.List)4
Map (java.util.Map)4
SearchQuery (org.opencastproject.search.api.SearchQuery)4
AuthorizationService (org.opencastproject.security.api.AuthorizationService)4
DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)4
SecurityService (org.opencastproject.security.api.SecurityService)4
User (org.opencastproject.security.api.User)4
NotFoundException (org.opencastproject.util.NotFoundException)4
File (java.io.File)3
