use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SeriesServiceDatabaseImpl method storeSeriesAccessControl.
/*
* (non-Javadoc)
*
* @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeriesAccessControl(java.lang.String,
* org.opencastproject.security.api.AccessControlList)
*/
@Override
public boolean storeSeriesAccessControl(String seriesId, AccessControlList accessControl) throws NotFoundException, SeriesServiceDatabaseException {
if (accessControl == null) {
logger.error("Access control parameter is <null> for series '{}'", seriesId);
throw new IllegalArgumentException("Argument for updating ACL for series " + seriesId + " is null");
}
String serializedAC;
try {
serializedAC = AccessControlParser.toXml(accessControl);
} catch (Exception e) {
logger.error("Could not serialize access control parameter: {}", e.getMessage());
throw new SeriesServiceDatabaseException(e);
}
EntityManager em = emf.createEntityManager();
EntityTransaction tx = em.getTransaction();
boolean updated = false;
try {
tx.begin();
SeriesEntity entity = getSeriesEntity(seriesId, em);
if (entity == null) {
throw new NotFoundException("Series with ID " + seriesId + " does not exist.");
}
if (entity.getAccessControl() != null) {
// Ensure this user is allowed to update this series
String accessControlXml = entity.getAccessControl();
if (accessControlXml != null) {
AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
User currentUser = securityService.getUser();
Organization currentOrg = securityService.getOrganization();
if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
throw new UnauthorizedException(currentUser + " is not authorized to update ACLs on series " + seriesId);
}
}
updated = true;
}
entity.setAccessControl(serializedAC);
em.merge(entity);
tx.commit();
return updated;
} catch (NotFoundException e) {
throw e;
} catch (Exception e) {
logger.error("Could not update series: {}", e.getMessage());
if (tx.isActive()) {
tx.rollback();
}
throw new SeriesServiceDatabaseException(e);
} finally {
em.close();
}
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SeriesServiceSolrIndex method getAccessControl.
/*
* (non-Javadoc)
*
* @see org.opencastproject.series.impl.SeriesServiceIndex#getAccessControl(java.lang.String)
*/
@Override
public AccessControlList getAccessControl(String seriesID) throws NotFoundException, SeriesServiceDatabaseException {
SolrDocument seriesDoc = getSolrDocumentByID(seriesID);
if (seriesDoc == null) {
logger.debug("No series exists with ID '{}'", seriesID);
throw new NotFoundException("No series with ID " + seriesID + " found.");
}
String serializedAC = (String) seriesDoc.get(SolrFields.ACCESS_CONTROL_KEY);
AccessControlList accessControl;
if (serializedAC == null) {
accessControl = new AccessControlList();
} else {
try {
accessControl = AccessControlParser.parseAcl(serializedAC);
} catch (Exception e) {
logger.error("Could not parse access control: {}", e.getMessage());
throw new SeriesServiceDatabaseException(e);
}
}
return accessControl;
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SeriesServicePersistenceTest method testAccessControlManagment.
@Test
public void testAccessControlManagment() throws Exception {
// sample access control list
AccessControlList accessControlList = new AccessControlList();
List<AccessControlEntry> acl = accessControlList.getEntries();
acl.add(new AccessControlEntry("admin", "delete", true));
seriesDatabase.storeSeries(testCatalog);
String seriesID = testCatalog.getFirst(DublinCore.PROPERTY_IDENTIFIER);
seriesDatabase.storeSeriesAccessControl(seriesID, accessControlList);
AccessControlList retrievedACL = seriesDatabase.getAccessControlList(seriesID);
assertNotNull(retrievedACL);
acl = retrievedACL.getEntries();
assertEquals(acl.size(), 1);
assertEquals(acl.get(0).getRole(), "admin");
try {
seriesDatabase.storeSeriesAccessControl("failid", accessControlList);
fail("Should fail when adding ACL to nonexistent series");
} catch (NotFoundException e) {
// expected
}
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SearchServiceImplTest method setUp.
@Before
public void setUp() throws Exception {
// workspace
Workspace workspace = EasyMock.createNiceMock(Workspace.class);
EasyMock.expect(workspace.get((URI) EasyMock.anyObject())).andAnswer(new IAnswer<File>() {
@Override
public File answer() throws Throwable {
return new File(new URI(EasyMock.getCurrentArguments()[0].toString()));
}
}).anyTimes();
EasyMock.replay(workspace);
// User, organization and service registry
userResponder = new Responder<User>(defaultUser);
organizationResponder = new Responder<Organization>(defaultOrganization);
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
EasyMock.expect(securityService.getOrganization()).andAnswer(organizationResponder).anyTimes();
EasyMock.replay(securityService);
User anonymous = new JaxbUser("anonymous", "test", defaultOrganization, new JaxbRole(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, defaultOrganization));
UserDirectoryService userDirectoryService = EasyMock.createMock(UserDirectoryService.class);
EasyMock.expect(userDirectoryService.loadUser((String) EasyMock.anyObject())).andReturn(anonymous).anyTimes();
EasyMock.replay(userDirectoryService);
Organization organization = new DefaultOrganization();
OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
EasyMock.expect(organizationDirectoryService.getOrganization((String) EasyMock.anyObject())).andReturn(organization).anyTimes();
EasyMock.replay(organizationDirectoryService);
// mpeg7 service
Mpeg7CatalogService mpeg7CatalogService = new Mpeg7CatalogService();
// Persistence storage
searchDatabase = new SearchServiceDatabaseImpl();
searchDatabase.setEntityManagerFactory(newTestEntityManagerFactory(SearchServiceDatabaseImpl.PERSISTENCE_UNIT));
searchDatabase.activate(null);
searchDatabase.setSecurityService(securityService);
// search service
service = new SearchServiceImpl();
serviceRegistry = new ServiceRegistryInMemoryImpl(service, securityService, userDirectoryService, organizationDirectoryService, EasyMock.createNiceMock(IncidentService.class));
StaticMetadataService mdService = newStaticMetadataService(workspace);
SeriesService seriesService = EasyMock.createNiceMock(SeriesService.class);
DublinCoreCatalog seriesCatalog = getSeriesDublinCoreCatalog("/series-dublincore.xml");
AccessControlList seriesAcl = new AccessControlList();
EasyMock.expect(seriesService.getSeries((String) EasyMock.anyObject())).andReturn(seriesCatalog).anyTimes();
EasyMock.expect(seriesService.getSeriesAccessControl((String) EasyMock.anyObject())).andReturn(seriesAcl).anyTimes();
EasyMock.replay(seriesService);
service.setStaticMetadataService(mdService);
service.setWorkspace(workspace);
service.setMpeg7CatalogService(mpeg7CatalogService);
service.setSecurityService(securityService);
service.setOrganizationDirectoryService(organizationDirectoryService);
service.setUserDirectoryService(userDirectoryService);
service.setServiceRegistry(serviceRegistry);
service.setPersistence(searchDatabase);
SolrServer solrServer = SearchServiceImpl.setupSolr(new File(solrRoot));
service.testSetup(solrServer, new SolrRequester(solrServer, securityService), new SolrIndexManager(solrServer, workspace, Arrays.asList(mdService), seriesService, mpeg7CatalogService, securityService));
// acl
String anonymousRole = securityService.getOrganization().getAnonymousRole();
acl = new AccessControlList(new AccessControlEntry(anonymousRole, Permissions.Action.READ.toString(), true));
authorizationService = EasyMock.createNiceMock(AuthorizationService.class);
EasyMock.expect(authorizationService.getActiveAcl((MediaPackage) EasyMock.anyObject())).andReturn(Tuple.tuple(acl, AclScope.Series)).anyTimes();
EasyMock.expect(authorizationService.hasPermission((MediaPackage) EasyMock.anyObject(), (String) EasyMock.anyObject())).andReturn(true).anyTimes();
service.setAuthorizationService(authorizationService);
EasyMock.replay(authorizationService);
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SearchServiceImpl method populateIndex.
protected void populateIndex(String systemUserName) {
long instancesInSolr = 0L;
try {
instancesInSolr = indexManager.count();
} catch (Exception e) {
throw new IllegalStateException(e);
}
if (instancesInSolr > 0) {
logger.debug("Search index found");
return;
}
if (instancesInSolr == 0L) {
logger.info("No search index found");
logger.info("Starting population of search index from database");
Iterator<Tuple<MediaPackage, String>> mediaPackages;
try {
mediaPackages = persistence.getAllMediaPackages();
} catch (SearchServiceDatabaseException e) {
logger.error("Unable to load the search entries: {}", e.getMessage());
throw new ServiceException(e.getMessage());
}
int errors = 0;
while (mediaPackages.hasNext()) {
try {
Tuple<MediaPackage, String> mediaPackage = mediaPackages.next();
String mediaPackageId = mediaPackage.getA().getIdentifier().toString();
Organization organization = organizationDirectory.getOrganization(mediaPackage.getB());
securityService.setOrganization(organization);
securityService.setUser(SecurityUtil.createSystemUser(systemUserName, organization));
AccessControlList acl = persistence.getAccessControlList(mediaPackageId);
Date modificationDate = persistence.getModificationDate(mediaPackageId);
Date deletionDate = persistence.getDeletionDate(mediaPackageId);
indexManager.add(mediaPackage.getA(), acl, deletionDate, modificationDate);
} catch (Exception e) {
logger.error("Unable to index search instances:", e);
if (retryToPopulateIndex(systemUserName)) {
logger.warn("Trying to re-index search index later. Aborting for now.");
return;
}
errors++;
} finally {
securityService.setOrganization(null);
securityService.setUser(null);
}
}
if (errors > 0)
logger.error("Skipped {} erroneous search entries while populating the search index", errors);
logger.info("Finished populating search index");
}
}
Aggregations