Examples with AccessControlList - org.opencastproject.security.api.AccessControlList

Example 1 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AclScanner method addAcl.

/**
 * Add an ACL based upon an XACML file to all the organizations.
 *
 * @param artifact
 *          The File representing the XACML File.
 * @throws IOException
 * @throws JAXBException
 */
private void addAcl(File artifact) throws IOException, XACMLParsingException {
    List<Organization> organizations = organizationDirectoryService.getOrganizations();
    logger.debug("Adding Acl {}", artifact.getAbsolutePath());
    String fileName = FilenameUtils.removeExtension(artifact.getName());
    AccessControlList acl = parseToAcl(artifact);
    Option<ManagedAcl> managedAcl = Option.<ManagedAcl>none();
    // Add the Acl to all the organizations
    for (Organization org : organizations) {
        securityService.setOrganization(org);
        // If there are already (not-default) Acl defined for this organization, we skip this one.
        boolean skip = false;
        for (ManagedAcl a : getAclService(org).getAcls()) {
            if (managedAcls.get(generateAclId(a.getName(), org)) == null) {
                logger.debug("The Acl {} will be not added to the organisation {} as it already contains other not-default Acls.", fileName, org.getName());
                skip = true;
                continue;
            }
        }
        if (!skip) {
            managedAcl = getAclService(org).createAcl(acl, fileName);
            if (managedAcl.isSome()) {
                managedAcls.put(generateAclId(fileName, org), managedAcl.get().getId());
                logger.debug("Acl from '{}' has been added for the organisation {}", fileName, org.getName());
            } else {
                logger.debug("Acl from '{}' has already been added to the organisation {}.", fileName, org.getName());
            }
        }
    }
}

Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) Organization(org.opencastproject.security.api.Organization) ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl)

Example 2 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AbstractAclServiceRestEndpoint method updateAcl.

@PUT
@Path("/acl/{aclId}")
@Produces(MediaType.APPLICATION_JSON)
@RestQuery(name = "updateacl", description = "Update an ACL", returnDescription = "Update an ACL", pathParameters = { @RestParameter(name = "aclId", isRequired = true, description = "The ACL identifier", type = INTEGER) }, restParameters = { @RestParameter(name = "name", isRequired = true, description = "The ACL name", type = STRING), @RestParameter(name = "acl", isRequired = true, description = "The access control list", type = STRING) }, reponses = { @RestResponse(responseCode = SC_OK, description = "The ACL has successfully been updated"), @RestResponse(responseCode = SC_NOT_FOUND, description = "The ACL has not been found"), @RestResponse(responseCode = SC_BAD_REQUEST, description = "Unable to parse the ACL"), @RestResponse(responseCode = SC_INTERNAL_SERVER_ERROR, description = "Error during updating the ACL") })
public String updateAcl(@PathParam("aclId") long aclId, @FormParam("name") String name, @FormParam("acl") String accessControlList) throws NotFoundException {
    final Organization org = getSecurityService().getOrganization();
    final AccessControlList acl = parseAcl.apply(accessControlList);
    final ManagedAclImpl managedAcl = new ManagedAclImpl(aclId, name, org.getId(), acl);
    if (!aclService().updateAcl(managedAcl)) {
        logger.info("No ACL with id '{}' could be found under organization '{}'", aclId, org.getId());
        throw new NotFoundException();
    }
    return JsonConv.full(managedAcl).toJson();
}

Also used : JsonConv.fullAccessControlList(org.opencastproject.authorization.xacml.manager.endpoint.JsonConv.fullAccessControlList) AccessControlList(org.opencastproject.security.api.AccessControlList) Organization(org.opencastproject.security.api.Organization) ManagedAclImpl(org.opencastproject.authorization.xacml.manager.impl.ManagedAclImpl) NotFoundException(org.opencastproject.util.NotFoundException) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) RestQuery(org.opencastproject.util.doc.rest.RestQuery) PUT(javax.ws.rs.PUT)

Example 3 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AbstractAclServiceRestEndpoint method createAcl.

@POST
@Path("/acl")
@Produces(MediaType.APPLICATION_JSON)
@RestQuery(name = "createacl", description = "Create an ACL", returnDescription = "Create an ACL", restParameters = { @RestParameter(name = "name", isRequired = true, description = "The ACL name", type = STRING), @RestParameter(name = "acl", isRequired = true, description = "The access control list", type = STRING) }, reponses = { @RestResponse(responseCode = SC_OK, description = "The ACL has successfully been added"), @RestResponse(responseCode = SC_CONFLICT, description = "An ACL with the same name already exists"), @RestResponse(responseCode = SC_BAD_REQUEST, description = "Unable to parse the ACL"), @RestResponse(responseCode = SC_INTERNAL_SERVER_ERROR, description = "Error during adding the ACL") })
public String createAcl(@FormParam("name") String name, @FormParam("acl") String accessControlList) {
    final AccessControlList acl = parseAcl.apply(accessControlList);
    final Option<ManagedAcl> managedAcl = aclService().createAcl(acl, name);
    if (managedAcl.isNone()) {
        logger.info("An ACL with the same name '{}' already exists", name);
        throw new WebApplicationException(Response.Status.CONFLICT);
    }
    return JsonConv.full(managedAcl.get()).toJson();
}

Also used : JsonConv.fullAccessControlList(org.opencastproject.authorization.xacml.manager.endpoint.JsonConv.fullAccessControlList) AccessControlList(org.opencastproject.security.api.AccessControlList) WebApplicationException(javax.ws.rs.WebApplicationException) ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl) JsonConv.digestManagedAcl(org.opencastproject.authorization.xacml.manager.endpoint.JsonConv.digestManagedAcl) Util.getManagedAcl(org.opencastproject.authorization.xacml.manager.impl.Util.getManagedAcl) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) RestQuery(org.opencastproject.util.doc.rest.RestQuery)

Example 4 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AbstractAclServiceRestEndpoint method getActiveAclForEpisode.

private Either<AccessControlList, Tuple<ManagedAcl, AclScope>> getActiveAclForEpisode(AclService aclService, String episodeId) {
    final AQueryBuilder q = getAssetManager().createQuery();
    final ASelectQuery sq = q.select(q.snapshot()).where(q.mediaPackageId(episodeId).and(q.version().isLatest()));
    for (Snapshot snapshot : enrich(sq.run()).getSnapshots().head()) {
        // get active ACL of found media package
        final Tuple<AccessControlList, AclScope> activeAcl = getAuthorizationService().getActiveAcl(snapshot.getMediaPackage());
        // find corresponding managed ACL
        for (ManagedAcl macl : matchAcls(aclService, activeAcl.getA())) {
            return right(tuple(macl, activeAcl.getB()));
        }
        return left(activeAcl.getA());
    }
    // episode does not exist
    logger.warn("Episode {} cannot be found in Archive", episodeId);
    return left(EMPTY_ACL);
}

Also used : JsonConv.fullAccessControlList(org.opencastproject.authorization.xacml.manager.endpoint.JsonConv.fullAccessControlList) AccessControlList(org.opencastproject.security.api.AccessControlList) Snapshot(org.opencastproject.assetmanager.api.Snapshot) ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl) JsonConv.digestManagedAcl(org.opencastproject.authorization.xacml.manager.endpoint.JsonConv.digestManagedAcl) Util.getManagedAcl(org.opencastproject.authorization.xacml.manager.impl.Util.getManagedAcl) AQueryBuilder(org.opencastproject.assetmanager.api.query.AQueryBuilder) AclScope(org.opencastproject.security.api.AclScope) ASelectQuery(org.opencastproject.assetmanager.api.query.ASelectQuery)

Example 5 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AclServiceImpl method applyAclToEpisode.

@Override
public boolean applyAclToEpisode(String episodeId, AccessControlList acl, Option<ConfiguredWorkflowRef> workflow) throws AclServiceException {
    try {
        Option<MediaPackage> mediaPackage = Option.none();
        if (assetManager != null)
            mediaPackage = getFromAssetManagerByMpId(episodeId);
        Option<AccessControlList> aclOpt = Option.option(acl);
        // the episode service is the source of authority for the retrieval of media packages
        for (final MediaPackage episodeSvcMp : mediaPackage) {
            aclOpt.fold(new Option.EMatch<AccessControlList>() {

                // set the new episode ACL
                @Override
                public void esome(final AccessControlList acl) {
                    // update in episode service
                    MediaPackage mp = authorizationService.setAcl(episodeSvcMp, AclScope.Episode, acl).getA();
                    if (assetManager != null)
                        assetManager.takeSnapshot(mp);
                }

                // if none EpisodeACLTransition#isDelete returns true so delete the episode ACL
                @Override
                public void enone() {
                    // update in episode service
                    MediaPackage mp = authorizationService.removeAcl(episodeSvcMp, AclScope.Episode);
                    if (assetManager != null)
                        assetManager.takeSnapshot(mp);
                }
            });
            // apply optional workflow
            for (ConfiguredWorkflowRef workflowRef : workflow) applyWorkflow(list(episodeSvcMp), workflowRef);
            return true;
        }
        // not found
        return false;
    } catch (Exception e) {
        logger.error("Error applying episode ACL", e);
        throw new AclServiceException(e);
    }
}

Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) AclServiceException(org.opencastproject.authorization.xacml.manager.api.AclServiceException) MediaPackage(org.opencastproject.mediapackage.MediaPackage) Option(org.opencastproject.util.data.Option) ConfiguredWorkflowRef(org.opencastproject.workflow.api.ConfiguredWorkflowRef) AclServiceException(org.opencastproject.authorization.xacml.manager.api.AclServiceException) NotFoundException(org.opencastproject.util.NotFoundException)

Aggregations

AccessControlList (org.opencastproject.security.api.AccessControlList)108 NotFoundException (org.opencastproject.util.NotFoundException)46 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)38 AccessControlEntry (org.opencastproject.security.api.AccessControlEntry)30 MediaPackage (org.opencastproject.mediapackage.MediaPackage)27 Test (org.junit.Test)26 IOException (java.io.IOException)22 Organization (org.opencastproject.security.api.Organization)22 User (org.opencastproject.security.api.User)21 DublinCoreCatalog (org.opencastproject.metadata.dublincore.DublinCoreCatalog)19 ArrayList (java.util.ArrayList)18 SeriesException (org.opencastproject.series.api.SeriesException)18 ManagedAcl (org.opencastproject.authorization.xacml.manager.api.ManagedAcl)16 MediaPackageException (org.opencastproject.mediapackage.MediaPackageException)16 Date (java.util.Date)15 SchedulerException (org.opencastproject.scheduler.api.SchedulerException)14 Path (javax.ws.rs.Path)13 RestQuery (org.opencastproject.util.doc.rest.RestQuery)13 WebApplicationException (javax.ws.rs.WebApplicationException)12 File (java.io.File)10