Examples with AccessControlList org.opencastproject.security.api.AccessControlList used on opensource projects

Example 26 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServiceRemoteImpl method getSeriesAccessControl.

@Override
public AccessControlList getSeriesAccessControl(String seriesID) throws NotFoundException, SeriesException {
    HttpGet get = new HttpGet(seriesID + "/acl.xml");
    HttpResponse response = getResponse(get, SC_OK, SC_NOT_FOUND);
    try {
        if (response != null) {
            if (SC_NOT_FOUND == response.getStatusLine().getStatusCode()) {
                throw new NotFoundException("Series ACL " + seriesID + " not found on remote series index!");
            } else {
                AccessControlList acl = AccessControlParser.parseAcl(response.getEntity().getContent());
                logger.info("Successfully get series ACL {} from the remote series index", seriesID);
                return acl;
            }
        }
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        throw new SeriesException("Unable to parse series ACL form remote series index: " + e);
    } finally {
        closeConnection(response);
    }
    throw new SeriesException("Unable to get series ACL from remote series index");
}

Example 27 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SearchServiceDatabaseImpl method getOrganizationId.

/**
 * {@inheritDoc}
 *
 * @see org.opencastproject.search.impl.persistence.SearchServiceDatabase#getOrganizationId(String)
 */
@Override
public String getOrganizationId(String mediaPackageId) throws NotFoundException, SearchServiceDatabaseException {
    EntityManager em = null;
    EntityTransaction tx = null;
    try {
        em = emf.createEntityManager();
        tx = em.getTransaction();
        tx.begin();
        SearchEntity searchEntity = getSearchEntity(mediaPackageId, em);
        if (searchEntity == null)
            throw new NotFoundException("No media package with id=" + mediaPackageId + " exists");
        // Ensure this user is allowed to read this media package
        String accessControlXml = searchEntity.getAccessControl();
        if (accessControlXml != null) {
            AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
            User currentUser = securityService.getUser();
            Organization currentOrg = securityService.getOrganization();
            if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, READ.toString()))
                throw new UnauthorizedException(currentUser + " is not authorized to read media package " + mediaPackageId);
        }
        return searchEntity.getOrganization();
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not get deletion date {}: {}", mediaPackageId, e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SearchServiceDatabaseException(e);
    } finally {
        if (em != null)
            em.close();
    }
}

Example 28 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SolrIndexManager method setAuthorization.

/**
 * Adds authorization fields to the solr document.
 *
 * @param doc
 *          the solr document
 * @param acl
 *          the access control list
 */
static void setAuthorization(SolrInputDocument doc, SecurityService securityService, AccessControlList acl) {
    Map<String, List<String>> permissions = new HashMap<String, List<String>>();
    // Define containers for common permissions
    List<String> reads = new ArrayList<String>();
    permissions.put(READ.toString(), reads);
    List<String> writes = new ArrayList<String>();
    permissions.put(WRITE.toString(), writes);
    String adminRole = securityService.getOrganization().getAdminRole();
    // The admin user can read and write
    if (adminRole != null) {
        reads.add(adminRole);
        writes.add(adminRole);
    }
    for (AccessControlEntry entry : acl.getEntries()) {
        if (!entry.isAllow()) {
            logger.warn("Search service does not support denial via ACL, ignoring {}", entry);
            continue;
        }
        List<String> actionPermissions = permissions.get(entry.getAction());
        /*
       * MH-8353 a series could have a permission defined we don't know how to handle -DH
       */
        if (actionPermissions == null) {
            logger.warn("Search service doesn't know how to handle action: " + entry.getAction());
            continue;
        }
        if (acl == null) {
            actionPermissions = new ArrayList<String>();
            permissions.put(entry.getAction(), actionPermissions);
        }
        actionPermissions.add(entry.getRole());
    }
    // Write the permissions to the solr document
    for (Map.Entry<String, List<String>> entry : permissions.entrySet()) {
        Schema.setOcAcl(doc, new DField<String>(mkString(entry.getValue(), " "), entry.getKey()));
    }
}

Example 29 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServiceImplTest method testACLEquality2.

@Test
public void testACLEquality2() {
    AccessControlList a = new AccessControlList();
    AccessControlList b = new AccessControlList();
    assertTrue(AccessControlUtil.equals(a, b));
}

Example 30 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServiceImplTest method testACLEquality1.

@Test
public void testACLEquality1() {
    AccessControlList a = new AccessControlList(new AccessControlEntry("a", Permissions.Action.READ.toString(), true), new AccessControlEntry("b", Permissions.Action.WRITE.toString(), false));
    AccessControlList b = new AccessControlList(new AccessControlEntry("b", Permissions.Action.WRITE.toString(), false), new AccessControlEntry("a", Permissions.Action.READ.toString(), true));
    assertTrue(AccessControlUtil.equals(a, b));
}