use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SeriesServiceRemoteImpl method getSeriesAccessControl.
@Override
public AccessControlList getSeriesAccessControl(String seriesID) throws NotFoundException, SeriesException {
HttpGet get = new HttpGet(seriesID + "/acl.xml");
HttpResponse response = getResponse(get, SC_OK, SC_NOT_FOUND);
try {
if (response != null) {
if (SC_NOT_FOUND == response.getStatusLine().getStatusCode()) {
throw new NotFoundException("Series ACL " + seriesID + " not found on remote series index!");
} else {
AccessControlList acl = AccessControlParser.parseAcl(response.getEntity().getContent());
logger.info("Successfully get series ACL {} from the remote series index", seriesID);
return acl;
}
}
} catch (NotFoundException e) {
throw e;
} catch (Exception e) {
throw new SeriesException("Unable to parse series ACL form remote series index: " + e);
} finally {
closeConnection(response);
}
throw new SeriesException("Unable to get series ACL from remote series index");
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SearchServiceDatabaseImpl method getOrganizationId.
/**
* {@inheritDoc}
*
* @see org.opencastproject.search.impl.persistence.SearchServiceDatabase#getOrganizationId(String)
*/
@Override
public String getOrganizationId(String mediaPackageId) throws NotFoundException, SearchServiceDatabaseException {
EntityManager em = null;
EntityTransaction tx = null;
try {
em = emf.createEntityManager();
tx = em.getTransaction();
tx.begin();
SearchEntity searchEntity = getSearchEntity(mediaPackageId, em);
if (searchEntity == null)
throw new NotFoundException("No media package with id=" + mediaPackageId + " exists");
// Ensure this user is allowed to read this media package
String accessControlXml = searchEntity.getAccessControl();
if (accessControlXml != null) {
AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
User currentUser = securityService.getUser();
Organization currentOrg = securityService.getOrganization();
if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, READ.toString()))
throw new UnauthorizedException(currentUser + " is not authorized to read media package " + mediaPackageId);
}
return searchEntity.getOrganization();
} catch (NotFoundException e) {
throw e;
} catch (Exception e) {
logger.error("Could not get deletion date {}: {}", mediaPackageId, e.getMessage());
if (tx.isActive()) {
tx.rollback();
}
throw new SearchServiceDatabaseException(e);
} finally {
if (em != null)
em.close();
}
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SolrIndexManager method setAuthorization.
/**
* Adds authorization fields to the solr document.
*
* @param doc
* the solr document
* @param acl
* the access control list
*/
static void setAuthorization(SolrInputDocument doc, SecurityService securityService, AccessControlList acl) {
Map<String, List<String>> permissions = new HashMap<String, List<String>>();
// Define containers for common permissions
List<String> reads = new ArrayList<String>();
permissions.put(READ.toString(), reads);
List<String> writes = new ArrayList<String>();
permissions.put(WRITE.toString(), writes);
String adminRole = securityService.getOrganization().getAdminRole();
// The admin user can read and write
if (adminRole != null) {
reads.add(adminRole);
writes.add(adminRole);
}
for (AccessControlEntry entry : acl.getEntries()) {
if (!entry.isAllow()) {
logger.warn("Search service does not support denial via ACL, ignoring {}", entry);
continue;
}
List<String> actionPermissions = permissions.get(entry.getAction());
/*
* MH-8353 a series could have a permission defined we don't know how to handle -DH
*/
if (actionPermissions == null) {
logger.warn("Search service doesn't know how to handle action: " + entry.getAction());
continue;
}
if (acl == null) {
actionPermissions = new ArrayList<String>();
permissions.put(entry.getAction(), actionPermissions);
}
actionPermissions.add(entry.getRole());
}
// Write the permissions to the solr document
for (Map.Entry<String, List<String>> entry : permissions.entrySet()) {
Schema.setOcAcl(doc, new DField<String>(mkString(entry.getValue(), " "), entry.getKey()));
}
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SeriesServiceImplTest method testACLEquality2.
@Test
public void testACLEquality2() {
AccessControlList a = new AccessControlList();
AccessControlList b = new AccessControlList();
assertTrue(AccessControlUtil.equals(a, b));
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SeriesServiceImplTest method testACLEquality1.
@Test
public void testACLEquality1() {
AccessControlList a = new AccessControlList(new AccessControlEntry("a", Permissions.Action.READ.toString(), true), new AccessControlEntry("b", Permissions.Action.WRITE.toString(), false));
AccessControlList b = new AccessControlList(new AccessControlEntry("b", Permissions.Action.WRITE.toString(), false), new AccessControlEntry("a", Permissions.Action.READ.toString(), true));
assertTrue(AccessControlUtil.equals(a, b));
}
Aggregations