Example 81 with AccessControlList
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class EventIndexUtils method addAuthorization.
/**
* Adds authorization fields to the input document.
*
* @param doc
* the input document
* @param aclString
* the access control list string
*/
private static void addAuthorization(SearchMetadataCollection doc, String aclString) {
Map<String, List<String>> permissions = new HashMap<String, List<String>>();
// Define containers for common permissions
for (Action action : Permissions.Action.values()) {
permissions.put(action.toString(), new ArrayList<String>());
}
AccessControlList acl = AccessControlParser.parseAclSilent(aclString);
for (AccessControlEntry entry : acl.getEntries()) {
if (!entry.isAllow()) {
logger.info("Event index does not support denial via ACL, ignoring {}", entry);
continue;
}
List<String> actionPermissions = permissions.get(entry.getAction());
if (actionPermissions == null) {
actionPermissions = new ArrayList<String>();
permissions.put(entry.getAction(), actionPermissions);
}
actionPermissions.add(entry.getRole());
}
// Write the permissions to the input document
for (Map.Entry<String, List<String>> entry : permissions.entrySet()) {
String fieldName = EventIndexSchema.ACL_PERMISSION_PREFIX.concat(entry.getKey());
doc.addField(fieldName, entry.getValue(), false);
}
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
Action(org.opencastproject.security.api.Permissions.Action)
HashMap(java.util.HashMap)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
ArrayList(java.util.ArrayList)
ListProviderUtil.splitStringList(org.opencastproject.index.service.util.ListProviderUtil.splitStringList)
AccessControlList(org.opencastproject.security.api.AccessControlList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 82 with AccessControlList
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SeriesIndexUtils method addAuthorization.
/**
* Adds authorization fields to the input document.
*
* @param doc
* the input document
* @param aclString
* the access control list string
*/
private static void addAuthorization(SearchMetadataCollection doc, String aclString) {
Map<String, List<String>> permissions = new HashMap<String, List<String>>();
// Define containers for common permissions
for (Action action : Permissions.Action.values()) {
permissions.put(action.toString(), new ArrayList<String>());
}
AccessControlList acl = AccessControlParser.parseAclSilent(aclString);
for (AccessControlEntry entry : acl.getEntries()) {
if (!entry.isAllow()) {
logger.info("Series index does not support denial via ACL, ignoring {}", entry);
continue;
}
List<String> actionPermissions = permissions.get(entry.getAction());
if (actionPermissions == null) {
actionPermissions = new ArrayList<String>();
permissions.put(entry.getAction(), actionPermissions);
}
actionPermissions.add(entry.getRole());
}
// Write the permissions to the input document
for (Map.Entry<String, List<String>> entry : permissions.entrySet()) {
String fieldName = SeriesIndexSchema.ACL_PERMISSION_PREFIX.concat(entry.getKey());
doc.addField(fieldName, entry.getValue(), false);
}
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
Action(org.opencastproject.security.api.Permissions.Action)
HashMap(java.util.HashMap)
AccessControlEntry(org.opencastproject.security.api.AccessControlEntry)
ArrayList(java.util.ArrayList)
ListProviderUtil.splitStringList(org.opencastproject.index.service.util.ListProviderUtil.splitStringList)
AccessControlList(org.opencastproject.security.api.AccessControlList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 83 with AccessControlList
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class WorkflowMessageReceiverImpl method execute.
@Override
protected void execute(WorkflowItem workflowItem) {
String organization = getSecurityService().getOrganization().getId();
User user = getSecurityService().getUser();
String eventId = null;
switch(workflowItem.getType()) {
case UpdateInstance:
logger.debug("Received Update Workflow instance Entry for index {}", getSearchIndex().getIndexName());
WorkflowInstance wf = workflowItem.getWorkflowInstance();
MediaPackage mp = wf.getMediaPackage();
eventId = mp.getIdentifier().toString();
// Load or create the corresponding recording event
Event event = null;
try {
event = getOrCreateEvent(eventId, organization, user, getSearchIndex());
event.setCreator(getSecurityService().getUser().getName());
event.setWorkflowId(wf.getId());
event.setWorkflowDefinitionId(wf.getTemplate());
event.setWorkflowState(wf.getState());
WorkflowInstance.WorkflowState state = wf.getState();
if (!(WorkflowInstance.WorkflowState.SUCCEEDED.equals(state) || WorkflowInstance.WorkflowState.FAILED.equals(state) || WorkflowInstance.WorkflowState.STOPPED.equals(state))) {
Tuple<AccessControlList, AclScope> activeAcl = authorizationService.getActiveAcl(mp);
List<ManagedAcl> acls = aclServiceFactory.serviceFor(getSecurityService().getOrganization()).getAcls();
Option<ManagedAcl> managedAcl = AccessInformationUtil.matchAcls(acls, activeAcl.getA());
if (managedAcl.isSome()) {
event.setManagedAcl(managedAcl.get().getName());
}
event.setAccessPolicy(AccessControlParser.toJsonSilent(activeAcl.getA()));
try {
Opt<DublinCoreCatalog> loadedDC = DublinCoreUtil.loadEpisodeDublinCore(workspace, mp);
if (loadedDC.isSome())
updateEvent(event, loadedDC.get());
} catch (Throwable t) {
logger.warn("Unable to load dublincore catalog for the workflow {}", wf.getId(), t);
}
}
updateEvent(event, mp);
} catch (SearchIndexException e) {
logger.error("Error retrieving the recording event from the search index: {}", e.getMessage());
return;
}
// Update series name if not already done
try {
EventIndexUtils.updateSeriesName(event, organization, user, getSearchIndex());
} catch (SearchIndexException e) {
logger.error("Error updating the series name of the event to index: {}", ExceptionUtils.getStackTrace(e));
}
// Persist the scheduling event
try {
getSearchIndex().addOrUpdate(event);
logger.debug("Workflow instance {} updated in the search index", event.getIdentifier());
} catch (SearchIndexException e) {
logger.error("Error retrieving the recording event from the search index: {}", e.getMessage());
return;
}
return;
case DeleteInstance:
logger.debug("Received Delete Workflow instance Entry {}", eventId);
eventId = workflowItem.getWorkflowInstance().getMediaPackage().getIdentifier().toString();
// Remove the Workflow instance entry from the search index
try {
getSearchIndex().deleteWorkflow(organization, user, eventId, workflowItem.getWorkflowInstanceId());
logger.debug("Workflow instance mediapackage {} removed from search index", eventId);
} catch (NotFoundException e) {
logger.warn("Workflow instance mediapackage {} not found for deletion", eventId);
} catch (SearchIndexException e) {
logger.error("Error deleting the Workflow instance entry {} from the search index: {}", eventId, ExceptionUtils.getStackTrace(e));
}
return;
case AddDefinition:
// TODO: Update the index with it as soon as the definition are part of it
return;
case DeleteDefinition:
// TODO: Update the index with it as soon as the definition are part of it
return;
default:
throw new IllegalArgumentException("Unhandled type of WorkflowItem");
}
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
User(org.opencastproject.security.api.User)
SearchIndexException(org.opencastproject.matterhorn.search.SearchIndexException)
ManagedAcl(org.opencastproject.authorization.xacml.manager.api.ManagedAcl)
NotFoundException(org.opencastproject.util.NotFoundException)
AclScope(org.opencastproject.security.api.AclScope)
WorkflowInstance(org.opencastproject.workflow.api.WorkflowInstance)
MediaPackage(org.opencastproject.mediapackage.MediaPackage)
Event(org.opencastproject.index.service.impl.index.event.Event)
EventIndexUtils.getOrCreateEvent(org.opencastproject.index.service.impl.index.event.EventIndexUtils.getOrCreateEvent)
EventIndexUtils.updateEvent(org.opencastproject.index.service.impl.index.event.EventIndexUtils.updateEvent)
DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog)
Example 84 with AccessControlList
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class OaiPmhUpdatedEventHandlerTest method createSnapshot.
private AssetManagerItem.TakeSnapshot createSnapshot(MediaPackage mediaPackage) throws Exception {
AccessControlList acl = new AccessControlList();
AssetManagerItem.TakeSnapshot result = AssetManagerItem.add(workspace, mediaPackage, acl, 0L, new Date());
return result;
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
AssetManagerItem(org.opencastproject.message.broker.api.assetmanager.AssetManagerItem)
Date(java.util.Date)
Example 85 with AccessControlList
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SeriesServiceDatabaseImpl method storeSeries.
/*
* (non-Javadoc)
*
* @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeries(org.opencastproject.metadata.dublincore.
* DublinCoreCatalog)
*/
@Override
public DublinCoreCatalog storeSeries(DublinCoreCatalog dc) throws SeriesServiceDatabaseException, UnauthorizedException {
if (dc == null) {
throw new SeriesServiceDatabaseException("Invalid value for Dublin core catalog: null");
}
String seriesId = dc.getFirst(DublinCore.PROPERTY_IDENTIFIER);
String seriesXML;
try {
seriesXML = serializeDublinCore(dc);
} catch (Exception e1) {
logger.error("Could not serialize Dublin Core: {}", e1);
throw new SeriesServiceDatabaseException(e1);
}
EntityManager em = emf.createEntityManager();
EntityTransaction tx = em.getTransaction();
DublinCoreCatalog newSeries = null;
try {
tx.begin();
SeriesEntity entity = getSeriesEntity(seriesId, em);
if (entity == null) {
// no series stored, create new entity
entity = new SeriesEntity();
entity.setOrganization(securityService.getOrganization().getId());
entity.setSeriesId(seriesId);
entity.setSeries(seriesXML);
em.persist(entity);
newSeries = dc;
} else {
// Ensure this user is allowed to update this series
String accessControlXml = entity.getAccessControl();
if (accessControlXml != null) {
AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
User currentUser = securityService.getUser();
Organization currentOrg = securityService.getOrganization();
if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
throw new UnauthorizedException(currentUser + " is not authorized to update series " + seriesId);
}
}
entity.setSeries(seriesXML);
em.merge(entity);
}
tx.commit();
return newSeries;
} catch (Exception e) {
logger.error("Could not update series: {}", e.getMessage());
if (tx.isActive()) {
tx.rollback();
}
throw new SeriesServiceDatabaseException(e);
} finally {
em.close();
}
}
Also used :
AccessControlList(org.opencastproject.security.api.AccessControlList)
EntityTransaction(javax.persistence.EntityTransaction)
EntityManager(javax.persistence.EntityManager)
User(org.opencastproject.security.api.User)
Organization(org.opencastproject.security.api.Organization)
SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException)
UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)
DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog)
NoResultException(javax.persistence.NoResultException)
SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException)
UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)
NotFoundException(org.opencastproject.util.NotFoundException)
IOException(java.io.IOException)
AccessControlParsingException(org.opencastproject.security.api.AccessControlParsingException)
Aggregations
AccessControlList (org.opencastproject.security.api.AccessControlList)108
NotFoundException (org.opencastproject.util.NotFoundException)46
UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)38
AccessControlEntry (org.opencastproject.security.api.AccessControlEntry)30
MediaPackage (org.opencastproject.mediapackage.MediaPackage)27
Test (org.junit.Test)26
IOException (java.io.IOException)22
Organization (org.opencastproject.security.api.Organization)22
User (org.opencastproject.security.api.User)21
DublinCoreCatalog (org.opencastproject.metadata.dublincore.DublinCoreCatalog)19
ArrayList (java.util.ArrayList)18
SeriesException (org.opencastproject.series.api.SeriesException)18
ManagedAcl (org.opencastproject.authorization.xacml.manager.api.ManagedAcl)16
MediaPackageException (org.opencastproject.mediapackage.MediaPackageException)16
Date (java.util.Date)15
SchedulerException (org.opencastproject.scheduler.api.SchedulerException)14
Path (javax.ws.rs.Path)13
RestQuery (org.opencastproject.util.doc.rest.RestQuery)13
WebApplicationException (javax.ws.rs.WebApplicationException)12
File (java.io.File)10
