Search in sources :

Example 86 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServiceDatabaseImpl method storeSeriesAccessControl.

/*
   * (non-Javadoc)
   *
   * @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeriesAccessControl(java.lang.String,
   * org.opencastproject.security.api.AccessControlList)
   */
@Override
public boolean storeSeriesAccessControl(String seriesId, AccessControlList accessControl) throws NotFoundException, SeriesServiceDatabaseException {
    if (accessControl == null) {
        logger.error("Access control parameter is <null> for series '{}'", seriesId);
        throw new IllegalArgumentException("Argument for updating ACL for series " + seriesId + " is null");
    }
    String serializedAC;
    try {
        serializedAC = AccessControlParser.toXml(accessControl);
    } catch (Exception e) {
        logger.error("Could not serialize access control parameter: {}", e.getMessage());
        throw new SeriesServiceDatabaseException(e);
    }
    EntityManager em = emf.createEntityManager();
    EntityTransaction tx = em.getTransaction();
    boolean updated = false;
    try {
        tx.begin();
        SeriesEntity entity = getSeriesEntity(seriesId, em);
        if (entity == null) {
            throw new NotFoundException("Series with ID " + seriesId + " does not exist.");
        }
        if (entity.getAccessControl() != null) {
            // Ensure this user is allowed to update this series
            String accessControlXml = entity.getAccessControl();
            if (accessControlXml != null) {
                AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
                User currentUser = securityService.getUser();
                Organization currentOrg = securityService.getOrganization();
                if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
                    throw new UnauthorizedException(currentUser + " is not authorized to update ACLs on series " + seriesId);
                }
            }
            updated = true;
        }
        entity.setAccessControl(serializedAC);
        em.merge(entity);
        tx.commit();
        return updated;
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not update series: {}", e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SeriesServiceDatabaseException(e);
    } finally {
        em.close();
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) EntityTransaction(javax.persistence.EntityTransaction) User(org.opencastproject.security.api.User) Organization(org.opencastproject.security.api.Organization) NotFoundException(org.opencastproject.util.NotFoundException) NoResultException(javax.persistence.NoResultException) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) IOException(java.io.IOException) AccessControlParsingException(org.opencastproject.security.api.AccessControlParsingException) EntityManager(javax.persistence.EntityManager) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)

Example 87 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServiceSolrIndex method getAccessControl.

/*
   * (non-Javadoc)
   *
   * @see org.opencastproject.series.impl.SeriesServiceIndex#getAccessControl(java.lang.String)
   */
@Override
public AccessControlList getAccessControl(String seriesID) throws NotFoundException, SeriesServiceDatabaseException {
    SolrDocument seriesDoc = getSolrDocumentByID(seriesID);
    if (seriesDoc == null) {
        logger.debug("No series exists with ID '{}'", seriesID);
        throw new NotFoundException("No series with ID " + seriesID + " found.");
    }
    String serializedAC = (String) seriesDoc.get(SolrFields.ACCESS_CONTROL_KEY);
    AccessControlList accessControl;
    if (serializedAC == null) {
        accessControl = new AccessControlList();
    } else {
        try {
            accessControl = AccessControlParser.parseAcl(serializedAC);
        } catch (Exception e) {
            logger.error("Could not parse access control: {}", e.getMessage());
            throw new SeriesServiceDatabaseException(e);
        }
    }
    return accessControl;
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) SolrDocument(org.apache.solr.common.SolrDocument) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) NotFoundException(org.opencastproject.util.NotFoundException) SolrServerException(org.apache.solr.client.solrj.SolrServerException) SeriesException(org.opencastproject.series.api.SeriesException) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) NotFoundException(org.opencastproject.util.NotFoundException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException)

Example 88 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServicePersistenceTest method testAccessControlManagment.

@Test
public void testAccessControlManagment() throws Exception {
    // sample access control list
    AccessControlList accessControlList = new AccessControlList();
    List<AccessControlEntry> acl = accessControlList.getEntries();
    acl.add(new AccessControlEntry("admin", "delete", true));
    seriesDatabase.storeSeries(testCatalog);
    String seriesID = testCatalog.getFirst(DublinCore.PROPERTY_IDENTIFIER);
    seriesDatabase.storeSeriesAccessControl(seriesID, accessControlList);
    AccessControlList retrievedACL = seriesDatabase.getAccessControlList(seriesID);
    assertNotNull(retrievedACL);
    acl = retrievedACL.getEntries();
    assertEquals(acl.size(), 1);
    assertEquals(acl.get(0).getRole(), "admin");
    try {
        seriesDatabase.storeSeriesAccessControl("failid", accessControlList);
        fail("Should fail when adding ACL to nonexistent series");
    } catch (NotFoundException e) {
    // expected
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) NotFoundException(org.opencastproject.util.NotFoundException) Test(org.junit.Test)

Example 89 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SearchServiceImplTest method setUp.

@Before
public void setUp() throws Exception {
    // workspace
    Workspace workspace = EasyMock.createNiceMock(Workspace.class);
    EasyMock.expect(workspace.get((URI) EasyMock.anyObject())).andAnswer(new IAnswer<File>() {

        @Override
        public File answer() throws Throwable {
            return new File(new URI(EasyMock.getCurrentArguments()[0].toString()));
        }
    }).anyTimes();
    EasyMock.replay(workspace);
    // User, organization and service registry
    userResponder = new Responder<User>(defaultUser);
    organizationResponder = new Responder<Organization>(defaultOrganization);
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
    EasyMock.expect(securityService.getOrganization()).andAnswer(organizationResponder).anyTimes();
    EasyMock.replay(securityService);
    User anonymous = new JaxbUser("anonymous", "test", defaultOrganization, new JaxbRole(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, defaultOrganization));
    UserDirectoryService userDirectoryService = EasyMock.createMock(UserDirectoryService.class);
    EasyMock.expect(userDirectoryService.loadUser((String) EasyMock.anyObject())).andReturn(anonymous).anyTimes();
    EasyMock.replay(userDirectoryService);
    Organization organization = new DefaultOrganization();
    OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
    EasyMock.expect(organizationDirectoryService.getOrganization((String) EasyMock.anyObject())).andReturn(organization).anyTimes();
    EasyMock.replay(organizationDirectoryService);
    // mpeg7 service
    Mpeg7CatalogService mpeg7CatalogService = new Mpeg7CatalogService();
    // Persistence storage
    searchDatabase = new SearchServiceDatabaseImpl();
    searchDatabase.setEntityManagerFactory(newTestEntityManagerFactory(SearchServiceDatabaseImpl.PERSISTENCE_UNIT));
    searchDatabase.activate(null);
    searchDatabase.setSecurityService(securityService);
    // search service
    service = new SearchServiceImpl();
    serviceRegistry = new ServiceRegistryInMemoryImpl(service, securityService, userDirectoryService, organizationDirectoryService, EasyMock.createNiceMock(IncidentService.class));
    StaticMetadataService mdService = newStaticMetadataService(workspace);
    SeriesService seriesService = EasyMock.createNiceMock(SeriesService.class);
    DublinCoreCatalog seriesCatalog = getSeriesDublinCoreCatalog("/series-dublincore.xml");
    AccessControlList seriesAcl = new AccessControlList();
    EasyMock.expect(seriesService.getSeries((String) EasyMock.anyObject())).andReturn(seriesCatalog).anyTimes();
    EasyMock.expect(seriesService.getSeriesAccessControl((String) EasyMock.anyObject())).andReturn(seriesAcl).anyTimes();
    EasyMock.replay(seriesService);
    service.setStaticMetadataService(mdService);
    service.setWorkspace(workspace);
    service.setMpeg7CatalogService(mpeg7CatalogService);
    service.setSecurityService(securityService);
    service.setOrganizationDirectoryService(organizationDirectoryService);
    service.setUserDirectoryService(userDirectoryService);
    service.setServiceRegistry(serviceRegistry);
    service.setPersistence(searchDatabase);
    SolrServer solrServer = SearchServiceImpl.setupSolr(new File(solrRoot));
    service.testSetup(solrServer, new SolrRequester(solrServer, securityService), new SolrIndexManager(solrServer, workspace, Arrays.asList(mdService), seriesService, mpeg7CatalogService, securityService));
    // acl
    String anonymousRole = securityService.getOrganization().getAnonymousRole();
    acl = new AccessControlList(new AccessControlEntry(anonymousRole, Permissions.Action.READ.toString(), true));
    authorizationService = EasyMock.createNiceMock(AuthorizationService.class);
    EasyMock.expect(authorizationService.getActiveAcl((MediaPackage) EasyMock.anyObject())).andReturn(Tuple.tuple(acl, AclScope.Series)).anyTimes();
    EasyMock.expect(authorizationService.hasPermission((MediaPackage) EasyMock.anyObject(), (String) EasyMock.anyObject())).andReturn(true).anyTimes();
    service.setAuthorizationService(authorizationService);
    EasyMock.replay(authorizationService);
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) User(org.opencastproject.security.api.User) JaxbUser(org.opencastproject.security.api.JaxbUser) Organization(org.opencastproject.security.api.Organization) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) JaxbUser(org.opencastproject.security.api.JaxbUser) StaticMetadataService(org.opencastproject.metadata.api.StaticMetadataService) URI(java.net.URI) SolrServer(org.apache.solr.client.solrj.SolrServer) SecurityService(org.opencastproject.security.api.SecurityService) SolrRequester(org.opencastproject.search.impl.solr.SolrRequester) ServiceRegistryInMemoryImpl(org.opencastproject.serviceregistry.api.ServiceRegistryInMemoryImpl) SolrIndexManager(org.opencastproject.search.impl.solr.SolrIndexManager) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) Mpeg7CatalogService(org.opencastproject.metadata.mpeg7.Mpeg7CatalogService) UserDirectoryService(org.opencastproject.security.api.UserDirectoryService) IAnswer(org.easymock.IAnswer) JaxbRole(org.opencastproject.security.api.JaxbRole) SeriesService(org.opencastproject.series.api.SeriesService) AuthorizationService(org.opencastproject.security.api.AuthorizationService) MediaPackage(org.opencastproject.mediapackage.MediaPackage) SearchServiceDatabaseImpl(org.opencastproject.search.impl.persistence.SearchServiceDatabaseImpl) DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog) File(java.io.File) Workspace(org.opencastproject.workspace.api.Workspace) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService) Before(org.junit.Before)

Example 90 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SearchServiceImpl method populateIndex.

protected void populateIndex(String systemUserName) {
    long instancesInSolr = 0L;
    try {
        instancesInSolr = indexManager.count();
    } catch (Exception e) {
        throw new IllegalStateException(e);
    }
    if (instancesInSolr > 0) {
        logger.debug("Search index found");
        return;
    }
    if (instancesInSolr == 0L) {
        logger.info("No search index found");
        logger.info("Starting population of search index from database");
        Iterator<Tuple<MediaPackage, String>> mediaPackages;
        try {
            mediaPackages = persistence.getAllMediaPackages();
        } catch (SearchServiceDatabaseException e) {
            logger.error("Unable to load the search entries: {}", e.getMessage());
            throw new ServiceException(e.getMessage());
        }
        int errors = 0;
        while (mediaPackages.hasNext()) {
            try {
                Tuple<MediaPackage, String> mediaPackage = mediaPackages.next();
                String mediaPackageId = mediaPackage.getA().getIdentifier().toString();
                Organization organization = organizationDirectory.getOrganization(mediaPackage.getB());
                securityService.setOrganization(organization);
                securityService.setUser(SecurityUtil.createSystemUser(systemUserName, organization));
                AccessControlList acl = persistence.getAccessControlList(mediaPackageId);
                Date modificationDate = persistence.getModificationDate(mediaPackageId);
                Date deletionDate = persistence.getDeletionDate(mediaPackageId);
                indexManager.add(mediaPackage.getA(), acl, deletionDate, modificationDate);
            } catch (Exception e) {
                logger.error("Unable to index search instances:", e);
                if (retryToPopulateIndex(systemUserName)) {
                    logger.warn("Trying to re-index search index later. Aborting for now.");
                    return;
                }
                errors++;
            } finally {
                securityService.setOrganization(null);
                securityService.setUser(null);
            }
        }
        if (errors > 0)
            logger.error("Skipped {} erroneous search entries while populating the search index", errors);
        logger.info("Finished populating search index");
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) Organization(org.opencastproject.security.api.Organization) ServiceException(org.osgi.framework.ServiceException) SolrServerException(org.apache.solr.client.solrj.SolrServerException) ConfigurationException(org.osgi.service.cm.ConfigurationException) ServiceRegistryException(org.opencastproject.serviceregistry.api.ServiceRegistryException) MediaPackageException(org.opencastproject.mediapackage.MediaPackageException) SearchServiceDatabaseException(org.opencastproject.search.impl.persistence.SearchServiceDatabaseException) SearchException(org.opencastproject.search.api.SearchException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) Date(java.util.Date) SearchServiceDatabaseException(org.opencastproject.search.impl.persistence.SearchServiceDatabaseException) ServiceException(org.osgi.framework.ServiceException) MediaPackage(org.opencastproject.mediapackage.MediaPackage) Tuple(org.opencastproject.util.data.Tuple)

Aggregations

AccessControlList (org.opencastproject.security.api.AccessControlList)108 NotFoundException (org.opencastproject.util.NotFoundException)46 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)38 AccessControlEntry (org.opencastproject.security.api.AccessControlEntry)30 MediaPackage (org.opencastproject.mediapackage.MediaPackage)27 Test (org.junit.Test)26 IOException (java.io.IOException)22 Organization (org.opencastproject.security.api.Organization)22 User (org.opencastproject.security.api.User)21 DublinCoreCatalog (org.opencastproject.metadata.dublincore.DublinCoreCatalog)19 ArrayList (java.util.ArrayList)18 SeriesException (org.opencastproject.series.api.SeriesException)18 ManagedAcl (org.opencastproject.authorization.xacml.manager.api.ManagedAcl)16 MediaPackageException (org.opencastproject.mediapackage.MediaPackageException)16 Date (java.util.Date)15 SchedulerException (org.opencastproject.scheduler.api.SchedulerException)14 Path (javax.ws.rs.Path)13 RestQuery (org.opencastproject.util.doc.rest.RestQuery)13 WebApplicationException (javax.ws.rs.WebApplicationException)12 File (java.io.File)10