Examples with AccessControlList org.opencastproject.security.api.AccessControlList used on opensource projects

Example 36 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesServiceImpl method repopulate.

@Override
public void repopulate(final String indexName) {
    final String destinationId = SeriesItem.SERIES_QUEUE_PREFIX + indexName.substring(0, 1).toUpperCase() + indexName.substring(1);
    try {
        final int total = persistence.countSeries();
        logger.info("Re-populating '{}' index with series. There are {} series to add to the index.", indexName, total);
        final int responseInterval = (total < 100) ? 1 : (total / 100);
        List<SeriesEntity> databaseSeries = persistence.getAllSeries();
        int current = 1;
        for (SeriesEntity series : databaseSeries) {
            Organization organization = orgDirectory.getOrganization(series.getOrganization());
            SecurityUtil.runAs(securityService, organization, SecurityUtil.createSystemUser(systemUserName, organization), new Function0.X<Void>() {

                @Override
                public Void xapply() throws Exception {
                    String id = series.getSeriesId();
                    logger.trace("Adding series '{}' for org '{}'", id, series.getOrganization());
                    DublinCoreCatalog catalog = DublinCoreXmlFormat.read(series.getDublinCoreXML());
                    messageSender.sendObjectMessage(destinationId, MessageSender.DestinationType.Queue, SeriesItem.updateCatalog(catalog));
                    AccessControlList acl = AccessControlParser.parseAcl(series.getAccessControl());
                    if (acl != null) {
                        messageSender.sendObjectMessage(destinationId, MessageSender.DestinationType.Queue, SeriesItem.updateAcl(id, acl));
                    }
                    messageSender.sendObjectMessage(destinationId, MessageSender.DestinationType.Queue, SeriesItem.updateOptOut(id, series.isOptOut()));
                    for (Entry<String, String> property : persistence.getSeriesProperties(id).entrySet()) {
                        messageSender.sendObjectMessage(destinationId, MessageSender.DestinationType.Queue, SeriesItem.updateProperty(id, property.getKey(), property.getValue()));
                    }
                    return null;
                }
            });
            if ((current % responseInterval == 0) || (current == total)) {
                logger.info("Initializing {} series index rebuild {}/{}: {} percent", indexName, current, total, current * 100 / total);
            }
            current++;
        }
        logger.info("Finished initializing '{}' index rebuild", indexName);
    } catch (Exception e) {
        logger.warn("Unable to index series instances:", e);
        throw new ServiceException(e.getMessage());
    }
    Organization organization = new DefaultOrganization();
    SecurityUtil.runAs(securityService, organization, SecurityUtil.createSystemUser(systemUserName, organization), new Effect0() {

        @Override
        protected void run() {
            messageSender.sendObjectMessage(IndexProducer.RESPONSE_QUEUE, MessageSender.DestinationType.Queue, IndexRecreateObject.end(indexName, IndexRecreateObject.Service.Series));
        }
    });
}

Example 37 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class EventsLoader method getBasicMediaPackage.

private MediaPackage getBasicMediaPackage(EventEntry event) throws Exception {
    URL baseMediapackageUrl = EventsLoader.class.getResource("/base_mediapackage.xml");
    MediaPackage mediaPackage = MediaPackageParser.getFromXml(IOUtils.toString(baseMediapackageUrl));
    DublinCoreCatalog episodeDublinCore = getBasicEpisodeDublinCore(event);
    mediaPackage.setDate(event.getRecordingDate());
    mediaPackage.setIdentifier(new IdImpl(episodeDublinCore.getFirst(DublinCoreCatalog.PROPERTY_IDENTIFIER)));
    mediaPackage.setTitle(event.getTitle());
    addDublinCoreCatalog(IOUtils.toInputStream(episodeDublinCore.toXmlString(), "UTF-8"), MediaPackageElements.EPISODE, mediaPackage);
    // assign to a series
    if (event.getSeries().isSome()) {
        DublinCoreCatalog seriesCatalog = seriesService.getSeries(event.getSeries().get());
        mediaPackage.setSeries(event.getSeries().get());
        mediaPackage.setSeriesTitle(seriesCatalog.getFirst(DublinCoreCatalog.PROPERTY_TITLE));
        addDublinCoreCatalog(IOUtils.toInputStream(seriesCatalog.toXmlString(), "UTF-8"), MediaPackageElements.SERIES, mediaPackage);
        AccessControlList acl = seriesService.getSeriesAccessControl(event.getSeries().get());
        if (acl != null) {
            authorizationService.setAcl(mediaPackage, AclScope.Series, acl);
        }
    }
    // Set track URI's to demo file
    for (Track track : mediaPackage.getTracks()) {
        InputStream in = null;
        try {
            in = getClass().getResourceAsStream("/av.mov");
            URI uri = workspace.put(mediaPackage.getIdentifier().compact(), track.getIdentifier(), FilenameUtils.getName(track.toString()), in);
            track.setURI(uri);
            track.setChecksum(Checksum.create(ChecksumType.DEFAULT_TYPE, getClass().getResourceAsStream("/av.mov")));
        } finally {
            IOUtils.closeQuietly(in);
        }
    }
    return mediaPackage;
}

Example 38 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AclEndpoint method createAcl.

@POST
@Path("")
@Produces(MediaType.APPLICATION_JSON)
@RestQuery(name = "createacl", description = "Create an ACL", returnDescription = "Create an ACL", restParameters = { @RestParameter(name = "name", isRequired = true, description = "The ACL name", type = STRING), @RestParameter(name = "acl", isRequired = true, description = "The access control list", type = STRING) }, reponses = { @RestResponse(responseCode = SC_OK, description = "The ACL has successfully been added"), @RestResponse(responseCode = SC_CONFLICT, description = "An ACL with the same name already exists"), @RestResponse(responseCode = SC_BAD_REQUEST, description = "Unable to parse the ACL") })
public Response createAcl(@FormParam("name") String name, @FormParam("acl") String accessControlList) {
    final AccessControlList acl = parseAcl.apply(accessControlList);
    final Opt<ManagedAcl> managedAcl = aclService().createAcl(acl, name).toOpt();
    if (managedAcl.isNone()) {
        logger.info("An ACL with the same name '{}' already exists", name);
        throw new WebApplicationException(Response.Status.CONFLICT);
    }
    return RestUtils.okJson(full(managedAcl.get()));
}

Example 39 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AssetManagerWithSecurity method isAuthorizedByAcl.

private boolean isAuthorizedByAcl(Version version, String mpId, String action) {
    Opt<Asset> secAsset = super.getAsset(version, mpId, "security-policy-episode");
    if (secAsset.isSome()) {
        InputStream in = secAsset.get().getInputStream();
        final AccessControlList acl = authSvc.getAclFromInputStream(in).getA();
        return isAuthorizedByAcl(acl, action);
    }
    return false;
}

Example 40 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesEndpoint method applyAclToSeries.

@POST
@Path("/{seriesId}/access")
@RestQuery(name = "applyAclToSeries", description = "Immediate application of an ACL to a series", returnDescription = "Status code", pathParameters = { @RestParameter(name = "seriesId", isRequired = true, description = "The series ID", type = STRING) }, restParameters = { @RestParameter(name = "acl", isRequired = true, description = "The ACL to apply", type = STRING), @RestParameter(name = "override", isRequired = false, defaultValue = "false", description = "If true the series ACL will take precedence over any existing episode ACL", type = BOOLEAN) }, reponses = { @RestResponse(responseCode = SC_OK, description = "The ACL has been successfully applied"), @RestResponse(responseCode = SC_BAD_REQUEST, description = "Unable to parse the given ACL"), @RestResponse(responseCode = SC_NOT_FOUND, description = "The series has not been found"), @RestResponse(responseCode = SC_INTERNAL_SERVER_ERROR, description = "Internal error") })
public Response applyAclToSeries(@PathParam("seriesId") String seriesId, @FormParam("acl") String acl, @DefaultValue("false") @FormParam("override") boolean override) throws SearchIndexException {
    AccessControlList accessControlList;
    try {
        accessControlList = AccessControlParser.parseAcl(acl);
    } catch (Exception e) {
        logger.warn("Unable to parse ACL '{}'", acl);
        return badRequest();
    }
    Opt<Series> series = indexService.getSeries(seriesId, searchIndex);
    if (series.isNone())
        return notFound("Cannot find a series with id {}", seriesId);
    if (hasProcessingEvents(seriesId)) {
        logger.warn("Can not update the ACL from series {}. Events being part of the series are currently processed.", seriesId);
        return conflict();
    }
    try {
        if (getAclService().applyAclToSeries(seriesId, accessControlList, override, Option.none()))
            return ok();
        else {
            logger.warn("Unable to find series '{}' to apply the ACL.", seriesId);
            return notFound();
        }
    } catch (AclServiceException e) {
        logger.error("Error applying acl to series {}", seriesId);
        return serverError();
    }
}