Examples with AccessControlList org.opencastproject.security.api.AccessControlList used on opensource projects

Example 71 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class EventsEndpoint method addEventAce.

@POST
@Path("{eventId}/acl/{action}")
@Produces({ "application/json", "application/v1.0.0+json" })
@RestQuery(name = "addeventace", description = "Grants permission to execute action on the specified event to any user with role role. Note that this is a convenience method to avoid having to build and post a complete access control list.", returnDescription = "", pathParameters = { @RestParameter(name = "eventId", description = "The event id", isRequired = true, type = STRING), @RestParameter(name = "action", description = "The action that is allowed to be executed", isRequired = true, type = STRING) }, restParameters = { @RestParameter(name = "role", isRequired = true, description = "The role that is granted permission", type = STRING) }, reponses = { @RestResponse(description = "The permission has been created in the access control list of the specified event.", responseCode = HttpServletResponse.SC_NO_CONTENT), @RestResponse(description = "The specified event does not exist.", responseCode = HttpServletResponse.SC_NOT_FOUND) })
public Response addEventAce(@HeaderParam("Accept") String acceptHeader, @PathParam("eventId") String id, @PathParam("action") String action, @FormParam("role") String role) throws Exception {
    List<AccessControlEntry> entries = new ArrayList<>();
    for (final Event event : indexService.getEvent(id, externalIndex)) {
        AccessControlList accessControlList = getAclFromEvent(event);
        AccessControlEntry newAce = new AccessControlEntry(role, action, true);
        boolean alreadyInAcl = false;
        for (AccessControlEntry ace : accessControlList.getEntries()) {
            if (ace.equals(newAce)) {
                // We have found an identical access control entry so just return.
                entries = accessControlList.getEntries();
                alreadyInAcl = true;
                break;
            } else if (ace.getAction().equals(newAce.getAction()) && ace.getRole().equals(newAce.getRole()) && !ace.isAllow()) {
                entries.add(newAce);
                alreadyInAcl = true;
            } else {
                entries.add(ace);
            }
        }
        if (!alreadyInAcl) {
            entries.add(newAce);
        }
        AccessControlList withNewAce = new AccessControlList(entries);
        try {
            withNewAce = indexService.updateEventAcl(id, withNewAce, externalIndex);
        } catch (IllegalArgumentException e) {
            logger.error("Unable to update event '{}' acl entry with action '{}' and role '{}' because: {}", id, action, role, ExceptionUtils.getStackTrace(e));
            return Response.status(Status.FORBIDDEN).build();
        }
        return ApiResponses.Json.noContent(ApiVersion.VERSION_1_0_0);
    }
    return ApiResponses.notFound("Cannot find an event with id '%s'.", id);
}

Example 72 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesEndpoint method updateSeriesAcl.

@PUT
@Path("{seriesId}/acl")
@Produces({ "application/json", "application/v1.0.0+json" })
@RestQuery(name = "updateseriesacl", description = "Updates a series' access policy.", returnDescription = "", pathParameters = { @RestParameter(name = "seriesId", description = "The series id", isRequired = true, type = STRING) }, restParameters = { @RestParameter(name = "acl", isRequired = true, description = "Access policy", type = STRING) }, reponses = { @RestResponse(description = "The access control list for the specified series is updated.", responseCode = HttpServletResponse.SC_OK), @RestResponse(description = "The specified series does not exist.", responseCode = HttpServletResponse.SC_NOT_FOUND) })
public Response updateSeriesAcl(@HeaderParam("Accept") String acceptHeader, @PathParam("seriesId") String seriesID, @FormParam("acl") String aclJson) throws NotFoundException, SeriesException, UnauthorizedException {
    if (isBlank(aclJson))
        return R.badRequest("Missing form parameter 'acl'");
    JSONParser parser = new JSONParser();
    JSONArray acl;
    try {
        acl = (JSONArray) parser.parse(aclJson);
    } catch (ParseException e) {
        logger.debug("Could not parse ACL ({}): {}", aclJson, getStackTrace(e));
        return R.badRequest("Could not parse ACL");
    }
    List<AccessControlEntry> accessControlEntries = $(acl.toArray()).map(new Fn<Object, AccessControlEntry>() {

        @Override
        public AccessControlEntry apply(Object a) {
            JSONObject ace = (JSONObject) a;
            return new AccessControlEntry((String) ace.get("role"), (String) ace.get("action"), (boolean) ace.get("allow"));
        }
    }).toList();
    seriesService.updateAccessControl(seriesID, new AccessControlList(accessControlEntries));
    return ApiResponses.Json.ok(VERSION_1_0_0, aclJson);
}

Example 73 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class EventsEndpoint method deleteEventAce.

@DELETE
@Path("{eventId}/acl/{action}/{role}")
@Produces({ "application/json", "application/v1.0.0+json" })
@RestQuery(name = "deleteeventace", description = "Revokes permission to execute action on the specified event from any user with role role.", returnDescription = "", pathParameters = { @RestParameter(name = "eventId", description = "The event id", isRequired = true, type = STRING), @RestParameter(name = "action", description = "The action that is no longer allowed to be executed", isRequired = true, type = STRING), @RestParameter(name = "role", description = "The role that is no longer granted permission", isRequired = true, type = STRING) }, reponses = { @RestResponse(description = "The permission has been revoked from the access control list of the specified event.", responseCode = HttpServletResponse.SC_NO_CONTENT), @RestResponse(description = "The specified event does not exist.", responseCode = HttpServletResponse.SC_NOT_FOUND) })
public Response deleteEventAce(@HeaderParam("Accept") String acceptHeader, @PathParam("eventId") String id, @PathParam("action") String action, @PathParam("role") String role) throws Exception {
    List<AccessControlEntry> entries = new ArrayList<>();
    for (final Event event : indexService.getEvent(id, externalIndex)) {
        AccessControlList accessControlList = getAclFromEvent(event);
        boolean foundDelete = false;
        for (AccessControlEntry ace : accessControlList.getEntries()) {
            if (ace.getAction().equals(action) && ace.getRole().equals(role)) {
                foundDelete = true;
            } else {
                entries.add(ace);
            }
        }
        if (!foundDelete) {
            return ApiResponses.notFound("Unable to find an access control entry with action '%s' and role '%s'", action, role);
        }
        AccessControlList withoutDeleted = new AccessControlList(entries);
        try {
            withoutDeleted = indexService.updateEventAcl(id, withoutDeleted, externalIndex);
        } catch (IllegalArgumentException e) {
            logger.error("Unable to delete event's '{}' acl entry with action '{}' and role '{}' because: {}", id, action, role, ExceptionUtils.getStackTrace(e));
            return Response.status(Status.FORBIDDEN).build();
        }
        return ApiResponses.Json.noContent(ApiVersion.VERSION_1_0_0);
    }
    return ApiResponses.notFound("Cannot find an event with id '%s'.", id);
}

Example 74 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class TestAclEndpoint method setupServices.

private void setupServices() {
    final DefaultOrganization org = new DefaultOrganization();
    AccessControlEntry ace1 = new AccessControlEntry("ROLE_ADMIN", "read", true);
    AccessControlEntry ace2 = new AccessControlEntry("ROLE_ANONYMOUS", "read", true);
    AccessControlEntry ace3 = new AccessControlEntry("ROLE_ADMIN", "read", false);
    AccessControlEntry ace4 = new AccessControlEntry("ROLE_ANONYMOUS", "read", false);
    AccessControlList publicAcl = new AccessControlList(ace1, ace2);
    AccessControlList privateAcl = new AccessControlList(ace3, ace4);
    List<ManagedAcl> managedAcls = new ArrayList<ManagedAcl>();
    managedAcls.add(new ManagedAclImpl(1L, "public", org.getId(), publicAcl));
    managedAcls.add(new ManagedAclImpl(2L, "private", org.getId(), privateAcl));
    AclService aclService = EasyMock.createNiceMock(AclService.class);
    EasyMock.expect(aclService.getAcls()).andReturn(managedAcls).anyTimes();
    EasyMock.expect(aclService.getAcl(EasyMock.anyLong())).andReturn(Option.some(managedAcls.get(0))).anyTimes();
    EasyMock.replay(aclService);
    AclServiceFactory aclServiceFactory = EasyMock.createNiceMock(AclServiceFactory.class);
    EasyMock.expect(aclServiceFactory.serviceFor(EasyMock.anyObject(Organization.class))).andReturn(aclService).anyTimes();
    EasyMock.replay(aclServiceFactory);
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getOrganization()).andReturn(org).anyTimes();
    EasyMock.replay(securityService);
    this.setAclServiceFactory(aclServiceFactory);
    this.setSecurityService(securityService);
}

Example 75 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AssetManagerWithSecurity method takeSnapshot.

@Override
public Snapshot takeSnapshot(String owner, MediaPackage mp) {
    if (isAuthorizedByAcl(mp, WRITE_ACTION)) {
        final Snapshot snapshot = super.takeSnapshot(owner, mp);
        final AccessControlList acl = authSvc.getActiveAcl(mp).getA();
        storeAclAsProperties(snapshot, acl);
        return snapshot;
    } else {
        return chuck(new UnauthorizedException("Not allowed to take snapshot of media package " + mp.getIdentifier().toString()));
    }
}