Examples with AccessControlList org.opencastproject.security.api.AccessControlList used on opensource projects

Example 86 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServiceDatabaseImpl method storeSeriesAccessControl.

/*
   * (non-Javadoc)
   *
   * @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeriesAccessControl(java.lang.String,
   * org.opencastproject.security.api.AccessControlList)
   */
@Override
public boolean storeSeriesAccessControl(String seriesId, AccessControlList accessControl) throws NotFoundException, SeriesServiceDatabaseException {
    if (accessControl == null) {
        logger.error("Access control parameter is <null> for series '{}'", seriesId);
        throw new IllegalArgumentException("Argument for updating ACL for series " + seriesId + " is null");
    }
    String serializedAC;
    try {
        serializedAC = AccessControlParser.toXml(accessControl);
    } catch (Exception e) {
        logger.error("Could not serialize access control parameter: {}", e.getMessage());
        throw new SeriesServiceDatabaseException(e);
    }
    EntityManager em = emf.createEntityManager();
    EntityTransaction tx = em.getTransaction();
    boolean updated = false;
    try {
        tx.begin();
        SeriesEntity entity = getSeriesEntity(seriesId, em);
        if (entity == null) {
            throw new NotFoundException("Series with ID " + seriesId + " does not exist.");
        }
        if (entity.getAccessControl() != null) {
            // Ensure this user is allowed to update this series
            String accessControlXml = entity.getAccessControl();
            if (accessControlXml != null) {
                AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
                User currentUser = securityService.getUser();
                Organization currentOrg = securityService.getOrganization();
                if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
                    throw new UnauthorizedException(currentUser + " is not authorized to update ACLs on series " + seriesId);
                }
            }
            updated = true;
        }
        entity.setAccessControl(serializedAC);
        em.merge(entity);
        tx.commit();
        return updated;
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not update series: {}", e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SeriesServiceDatabaseException(e);
    } finally {
        em.close();
    }
}

Example 87 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServiceSolrIndex method getAccessControl.

/*
   * (non-Javadoc)
   *
   * @see org.opencastproject.series.impl.SeriesServiceIndex#getAccessControl(java.lang.String)
   */
@Override
public AccessControlList getAccessControl(String seriesID) throws NotFoundException, SeriesServiceDatabaseException {
    SolrDocument seriesDoc = getSolrDocumentByID(seriesID);
    if (seriesDoc == null) {
        logger.debug("No series exists with ID '{}'", seriesID);
        throw new NotFoundException("No series with ID " + seriesID + " found.");
    }
    String serializedAC = (String) seriesDoc.get(SolrFields.ACCESS_CONTROL_KEY);
    AccessControlList accessControl;
    if (serializedAC == null) {
        accessControl = new AccessControlList();
    } else {
        try {
            accessControl = AccessControlParser.parseAcl(serializedAC);
        } catch (Exception e) {
            logger.error("Could not parse access control: {}", e.getMessage());
            throw new SeriesServiceDatabaseException(e);
        }
    }
    return accessControl;
}

Example 88 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServicePersistenceTest method testAccessControlManagment.

@Test
public void testAccessControlManagment() throws Exception {
    // sample access control list
    AccessControlList accessControlList = new AccessControlList();
    List<AccessControlEntry> acl = accessControlList.getEntries();
    acl.add(new AccessControlEntry("admin", "delete", true));
    seriesDatabase.storeSeries(testCatalog);
    String seriesID = testCatalog.getFirst(DublinCore.PROPERTY_IDENTIFIER);
    seriesDatabase.storeSeriesAccessControl(seriesID, accessControlList);
    AccessControlList retrievedACL = seriesDatabase.getAccessControlList(seriesID);
    assertNotNull(retrievedACL);
    acl = retrievedACL.getEntries();
    assertEquals(acl.size(), 1);
    assertEquals(acl.get(0).getRole(), "admin");
    try {
        seriesDatabase.storeSeriesAccessControl("failid", accessControlList);
        fail("Should fail when adding ACL to nonexistent series");
    } catch (NotFoundException e) {
    // expected
    }
}

Example 89 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SearchServiceImplTest method setUp.

@Before
public void setUp() throws Exception {
    // workspace
    Workspace workspace = EasyMock.createNiceMock(Workspace.class);
    EasyMock.expect(workspace.get((URI) EasyMock.anyObject())).andAnswer(new IAnswer<File>() {

        @Override
        public File answer() throws Throwable {
            return new File(new URI(EasyMock.getCurrentArguments()[0].toString()));
        }
    }).anyTimes();
    EasyMock.replay(workspace);
    // User, organization and service registry
    userResponder = new Responder<User>(defaultUser);
    organizationResponder = new Responder<Organization>(defaultOrganization);
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
    EasyMock.expect(securityService.getOrganization()).andAnswer(organizationResponder).anyTimes();
    EasyMock.replay(securityService);
    User anonymous = new JaxbUser("anonymous", "test", defaultOrganization, new JaxbRole(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, defaultOrganization));
    UserDirectoryService userDirectoryService = EasyMock.createMock(UserDirectoryService.class);
    EasyMock.expect(userDirectoryService.loadUser((String) EasyMock.anyObject())).andReturn(anonymous).anyTimes();
    EasyMock.replay(userDirectoryService);
    Organization organization = new DefaultOrganization();
    OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
    EasyMock.expect(organizationDirectoryService.getOrganization((String) EasyMock.anyObject())).andReturn(organization).anyTimes();
    EasyMock.replay(organizationDirectoryService);
    // mpeg7 service
    Mpeg7CatalogService mpeg7CatalogService = new Mpeg7CatalogService();
    // Persistence storage
    searchDatabase = new SearchServiceDatabaseImpl();
    searchDatabase.setEntityManagerFactory(newTestEntityManagerFactory(SearchServiceDatabaseImpl.PERSISTENCE_UNIT));
    searchDatabase.activate(null);
    searchDatabase.setSecurityService(securityService);
    // search service
    service = new SearchServiceImpl();
    serviceRegistry = new ServiceRegistryInMemoryImpl(service, securityService, userDirectoryService, organizationDirectoryService, EasyMock.createNiceMock(IncidentService.class));
    StaticMetadataService mdService = newStaticMetadataService(workspace);
    SeriesService seriesService = EasyMock.createNiceMock(SeriesService.class);
    DublinCoreCatalog seriesCatalog = getSeriesDublinCoreCatalog("/series-dublincore.xml");
    AccessControlList seriesAcl = new AccessControlList();
    EasyMock.expect(seriesService.getSeries((String) EasyMock.anyObject())).andReturn(seriesCatalog).anyTimes();
    EasyMock.expect(seriesService.getSeriesAccessControl((String) EasyMock.anyObject())).andReturn(seriesAcl).anyTimes();
    EasyMock.replay(seriesService);
    service.setStaticMetadataService(mdService);
    service.setWorkspace(workspace);
    service.setMpeg7CatalogService(mpeg7CatalogService);
    service.setSecurityService(securityService);
    service.setOrganizationDirectoryService(organizationDirectoryService);
    service.setUserDirectoryService(userDirectoryService);
    service.setServiceRegistry(serviceRegistry);
    service.setPersistence(searchDatabase);
    SolrServer solrServer = SearchServiceImpl.setupSolr(new File(solrRoot));
    service.testSetup(solrServer, new SolrRequester(solrServer, securityService), new SolrIndexManager(solrServer, workspace, Arrays.asList(mdService), seriesService, mpeg7CatalogService, securityService));
    // acl
    String anonymousRole = securityService.getOrganization().getAnonymousRole();
    acl = new AccessControlList(new AccessControlEntry(anonymousRole, Permissions.Action.READ.toString(), true));
    authorizationService = EasyMock.createNiceMock(AuthorizationService.class);
    EasyMock.expect(authorizationService.getActiveAcl((MediaPackage) EasyMock.anyObject())).andReturn(Tuple.tuple(acl, AclScope.Series)).anyTimes();
    EasyMock.expect(authorizationService.hasPermission((MediaPackage) EasyMock.anyObject(), (String) EasyMock.anyObject())).andReturn(true).anyTimes();
    service.setAuthorizationService(authorizationService);
    EasyMock.replay(authorizationService);
}

Example 90 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SearchServiceImpl method populateIndex.

protected void populateIndex(String systemUserName) {
    long instancesInSolr = 0L;
    try {
        instancesInSolr = indexManager.count();
    } catch (Exception e) {
        throw new IllegalStateException(e);
    }
    if (instancesInSolr > 0) {
        logger.debug("Search index found");
        return;
    }
    if (instancesInSolr == 0L) {
        logger.info("No search index found");
        logger.info("Starting population of search index from database");
        Iterator<Tuple<MediaPackage, String>> mediaPackages;
        try {
            mediaPackages = persistence.getAllMediaPackages();
        } catch (SearchServiceDatabaseException e) {
            logger.error("Unable to load the search entries: {}", e.getMessage());
            throw new ServiceException(e.getMessage());
        }
        int errors = 0;
        while (mediaPackages.hasNext()) {
            try {
                Tuple<MediaPackage, String> mediaPackage = mediaPackages.next();
                String mediaPackageId = mediaPackage.getA().getIdentifier().toString();
                Organization organization = organizationDirectory.getOrganization(mediaPackage.getB());
                securityService.setOrganization(organization);
                securityService.setUser(SecurityUtil.createSystemUser(systemUserName, organization));
                AccessControlList acl = persistence.getAccessControlList(mediaPackageId);
                Date modificationDate = persistence.getModificationDate(mediaPackageId);
                Date deletionDate = persistence.getDeletionDate(mediaPackageId);
                indexManager.add(mediaPackage.getA(), acl, deletionDate, modificationDate);
            } catch (Exception e) {
                logger.error("Unable to index search instances:", e);
                if (retryToPopulateIndex(systemUserName)) {
                    logger.warn("Trying to re-index search index later. Aborting for now.");
                    return;
                }
                errors++;
            } finally {
                securityService.setOrganization(null);
                securityService.setUser(null);
            }
        }
        if (errors > 0)
            logger.error("Skipped {} erroneous search entries while populating the search index", errors);
        logger.info("Finished populating search index");
    }
}