Search in sources :

Example 41 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SchedulerMigrationService method schedule.

void schedule(SchedulerTransaction tx, Event event) {
    final Map<String, String> wfProperties = Collections.emptyMap();
    final Map<String, String> caMetadata = PropertiesUtil.toMap(event.captureAgentProperites);
    final MediaPackage mp = mkMediaPackage();
    mp.setIdentifier(new IdImpl(event.mediaPackageId));
    // create the catalog
    final DublinCoreCatalog dc = event.dublinCore;
    mp.setSeries(dc.getFirst(DublinCore.PROPERTY_IS_PART_OF));
    // and make them available for download in the workspace
    dc.setURI(storeInWs(event.mediaPackageId, dc.getIdentifier(), "dc-episode.xml", inputStream(dc)));
    // add them to the media package
    mp.add(dc);
    // add acl to the media package
    for (AccessControlList acl : event.accessControlList) {
        authorizationService.setAcl(mp, AclScope.Episode, acl);
    }
    // 
    // add to scheduler service
    Tuple<Date, Date> schedulingDate = getSchedulingDate(dc);
    String caId = dc.getFirst(DublinCore.PROPERTY_SPATIAL);
    try {
        tx.addEvent(schedulingDate.getA(), schedulingDate.getB(), caId, Collections.<String>emptySet(), mp, wfProperties, caMetadata, Opt.some(event.optOut));
    } catch (UnauthorizedException e) {
        logger.error("Not authorized to schedule an event", e);
        chuck(e);
    } catch (SchedulerException e) {
        logger.warn("Not able to schedule event.", e);
        chuck(e);
    } catch (NotFoundException e) {
        logger.error("Transaction disappeared");
        chuck(e);
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) SchedulerException(org.opencastproject.scheduler.api.SchedulerException) MediaPackage(org.opencastproject.mediapackage.MediaPackage) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog) IdImpl(org.opencastproject.mediapackage.identifier.IdImpl) Date(java.util.Date)

Example 42 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class EventsEndpointTest method testSerializationOfAcl.

@Ignore
@Test
public void testSerializationOfAcl() throws IOException {
    String emptyAclJson = IOUtils.toString(getClass().getResource("/acl-empty.json"));
    // Test empty acl
    AccessControlList acl = new AccessControlList();
    Event event = new Event();
    event.setAccessPolicy(AccessControlParser.toJsonSilent(acl));
    Response result = ApiResponses.Json.ok(ApiVersion.VERSION_1_0_0, arr(AclUtils.serializeAclToJson(acl)));
    assertTrue(result.getMetadata().get("Content-Type") != null);
    assertEquals("application/" + ApiVersion.CURRENT_VERSION + "+json", result.getMetadata().get("Content-Type").get(0).toString().toLowerCase());
    assertThat(emptyAclJson, SameJSONAs.sameJSONAs(result.getEntity().toString()).allowingAnyArrayOrdering());
    // Test acl with one entry
    String oneAclJson = IOUtils.toString(getClass().getResource("/acl-one.json"));
    AccessControlEntry ace = new AccessControlEntry("ROLE_ADMIN", "write", true);
    acl = new AccessControlList(ace);
    event = new Event();
    event.setAccessPolicy(AccessControlParser.toJsonSilent(acl));
    result = ApiResponses.Json.ok(ApiVersion.VERSION_1_0_0, arr(AclUtils.serializeAclToJson(acl)));
    assertTrue(result.getMetadata().get("Content-Type") != null);
    assertEquals("application/" + ApiVersion.CURRENT_VERSION + "+json", result.getMetadata().get("Content-Type").get(0).toString().toLowerCase());
    assertThat(oneAclJson, SameJSONAs.sameJSONAs(result.getEntity().toString()).allowingAnyArrayOrdering());
    // Test acl with many entries
    String manyAclJson = IOUtils.toString(getClass().getResource("/acl-many.json"));
    AccessControlEntry ace1 = new AccessControlEntry("ROLE_ADMIN", "write", true);
    AccessControlEntry ace2 = new AccessControlEntry("ROLE_USER", "read", true);
    acl = new AccessControlList(ace1, ace2);
    event = new Event();
    event.setAccessPolicy(AccessControlParser.toJsonSilent(acl));
    result = ApiResponses.Json.ok(ApiVersion.VERSION_1_0_0, arr(AclUtils.serializeAclToJson(acl)));
    assertTrue(result.getMetadata().get("Content-Type") != null);
    assertEquals("application/" + ApiVersion.CURRENT_VERSION + "+json", result.getMetadata().get("Content-Type").get(0).toString().toLowerCase());
    assertThat(manyAclJson, SameJSONAs.sameJSONAs(result.getEntity().toString()).allowingAnyArrayOrdering());
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) Response(javax.ws.rs.core.Response) Event(org.opencastproject.index.service.impl.index.event.Event) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) Ignore(org.junit.Ignore) Test(org.junit.Test)

Example 43 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class EventsEndpointTest method testDeserializationOfAcl.

@Test
public void testDeserializationOfAcl() throws IOException, ParseException {
    String emptyAclJson = IOUtils.toString(getClass().getResource("/acl-empty.json"));
    AccessControlList acl = AclUtils.deserializeJsonToAcl(emptyAclJson, false);
    assertEquals(acl.getEntries().size(), 0);
    // Test acl with one entry
    String oneAclJson = IOUtils.toString(getClass().getResource("/acl-one.json"));
    acl = AclUtils.deserializeJsonToAcl(oneAclJson, false);
    assertEquals(acl.getEntries().size(), 1);
    assertEquals(acl.getEntries().get(0).getAction(), "write");
    assertEquals(acl.getEntries().get(0).isAllow(), true);
    assertEquals(acl.getEntries().get(0).getRole(), "ROLE_ADMIN");
    // Test acl with many entries
    String manyAclJson = IOUtils.toString(getClass().getResource("/acl-many.json"));
    acl = AclUtils.deserializeJsonToAcl(manyAclJson, false);
    assertEquals(acl.getEntries().size(), 2);
    assertEquals(acl.getEntries().get(0).getAction(), "write");
    assertEquals(acl.getEntries().get(0).isAllow(), true);
    assertEquals(acl.getEntries().get(0).getRole(), "ROLE_ADMIN");
    assertEquals(acl.getEntries().get(1).getAction(), "read");
    assertEquals(acl.getEntries().get(1).isAllow(), true);
    assertEquals(acl.getEntries().get(1).getRole(), "ROLE_USER");
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) Test(org.junit.Test)

Example 44 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class SeriesEndpoint method createNewSeries.

@POST
@Path("")
@Produces({ "application/json", "application/v1.0.0+json" })
@RestQuery(name = "createseries", description = "Creates a series.", returnDescription = "", restParameters = { @RestParameter(name = "metadata", isRequired = true, description = "Series metadata", type = STRING), @RestParameter(name = "acl", description = "A collection of roles with their possible action", isRequired = false, type = STRING), @RestParameter(name = "theme", description = "The theme ID to be applied to the series", isRequired = false, type = STRING) }, reponses = { @RestResponse(description = "A new series is created and its identifier is returned in the Location header.", responseCode = HttpServletResponse.SC_CREATED), @RestResponse(description = "The request is invalid or inconsistent..", responseCode = HttpServletResponse.SC_BAD_REQUEST), @RestResponse(description = "The user doesn't have the rights to create the series.", responseCode = HttpServletResponse.SC_UNAUTHORIZED) })
public Response createNewSeries(@HeaderParam("Accept") String acceptHeader, @FormParam("metadata") String metadataParam, @FormParam("acl") String aclParam, @FormParam("theme") String themeIdParam) throws UnauthorizedException, NotFoundException {
    if (isBlank(metadataParam))
        return R.badRequest("Required parameter 'metadata' is missing or invalid");
    MetadataList metadataList;
    try {
        metadataList = deserializeMetadataList(metadataParam);
    } catch (ParseException e) {
        logger.debug("Unable to parse series metadata '{}' because: {}", metadataParam, ExceptionUtils.getStackTrace(e));
        return R.badRequest(String.format("Unable to parse metadata because '%s'", e.toString()));
    } catch (NotFoundException e) {
        // One of the metadata fields could not be found in the catalogs or one of the catalogs cannot be found.
        return R.badRequest(e.getMessage());
    } catch (IllegalArgumentException e) {
        logger.debug("Unable to create series with metadata '{}' because: {}", metadataParam, ExceptionUtils.getStackTrace(e));
        return R.badRequest(e.getMessage());
    }
    Map<String, String> options = new TreeMap<>();
    Opt<Long> optThemeId = Opt.none();
    if (StringUtils.trimToNull(themeIdParam) != null) {
        try {
            Long themeId = Long.parseLong(themeIdParam);
            optThemeId = Opt.some(themeId);
        } catch (NumberFormatException e) {
            return R.badRequest(String.format("Unable to parse the theme id '%s' into a number", themeIdParam));
        }
    }
    AccessControlList acl;
    try {
        acl = AclUtils.deserializeJsonToAcl(aclParam, false);
    } catch (ParseException e) {
        logger.debug("Unable to parse acl '{}' because: '{}'", aclParam, ExceptionUtils.getStackTrace(e));
        return R.badRequest(String.format("Unable to parse acl '%s' because '%s'", aclParam, e.getMessage()));
    } catch (IllegalArgumentException e) {
        logger.debug("Unable to create new series with acl '{}' because: '{}'", aclParam, ExceptionUtils.getStackTrace(e));
        return R.badRequest(e.getMessage());
    }
    try {
        String seriesId = indexService.createSeries(metadataList, options, Opt.some(acl), optThemeId);
        return ApiResponses.Json.created(VERSION_1_0_0, URI.create(getSeriesUrl(seriesId)), obj(f("identifier", v(seriesId, BLANK))));
    } catch (IndexServiceException e) {
        logger.error("Unable to create series with metadata '{}', acl '{}', theme '{}' because: ", metadataParam, aclParam, themeIdParam, ExceptionUtils.getStackTrace(e));
        throw new WebApplicationException(e, Status.INTERNAL_SERVER_ERROR);
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) WebApplicationException(javax.ws.rs.WebApplicationException) NotFoundException(org.opencastproject.util.NotFoundException) TreeMap(java.util.TreeMap) MetadataList(org.opencastproject.index.service.catalog.adapter.MetadataList) ParseException(org.json.simple.parser.ParseException) IndexServiceException(org.opencastproject.index.service.exception.IndexServiceException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) RestQuery(org.opencastproject.util.doc.rest.RestQuery)

Example 45 with AccessControlList

use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.

the class AclUtils method deserializeJsonToAcl.

/**
 * De-serialize an JSON into an {@link AccessControlList}.
 *
 * @param json
 *          The {@link AccessControlList} to serialize.
 * @param assumeAllow
 *          Assume that all entries are allows.
 * @return An {@link AccessControlList} representation of the Json
 * @throws IllegalArgumentException
 *           Thrown if essential parts of an access control element is missing.
 * @throws ParseException
 *           Thrown if unable to parse the json value of the acl.
 */
public static AccessControlList deserializeJsonToAcl(String json, boolean assumeAllow) throws IllegalArgumentException, ParseException {
    JSONParser parser = new JSONParser();
    JSONArray aclJson = (JSONArray) parser.parse(json);
    @SuppressWarnings("unchecked") ListIterator<Object> iterator = aclJson.listIterator();
    JSONObject aceJson;
    List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();
    while (iterator.hasNext()) {
        aceJson = (JSONObject) iterator.next();
        String action = aceJson.get(ACTION_JSON_KEY) != null ? aceJson.get(ACTION_JSON_KEY).toString() : "";
        String allow;
        if (assumeAllow) {
            allow = "true";
        } else {
            allow = aceJson.get(ALLOW_JSON_KEY) != null ? aceJson.get(ALLOW_JSON_KEY).toString() : "";
        }
        String role = aceJson.get(ROLE_JSON_KEY) != null ? aceJson.get(ROLE_JSON_KEY).toString() : "";
        if (StringUtils.trimToNull(action) != null && StringUtils.trimToNull(allow) != null && StringUtils.trimToNull(role) != null) {
            AccessControlEntry ace = new AccessControlEntry(role, action, Boolean.parseBoolean(allow));
            entries.add(ace);
        } else {
            throw new IllegalArgumentException(String.format("One of the access control elements is missing a property. The action was '%s', allow was '%s' and the role was '%s'", action, allow, role));
        }
    }
    return new AccessControlList(entries);
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) JSONObject(org.json.simple.JSONObject) JSONArray(org.json.simple.JSONArray) ArrayList(java.util.ArrayList) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) JSONParser(org.json.simple.parser.JSONParser) JSONObject(org.json.simple.JSONObject)

Aggregations

AccessControlList (org.opencastproject.security.api.AccessControlList)108 NotFoundException (org.opencastproject.util.NotFoundException)46 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)38 AccessControlEntry (org.opencastproject.security.api.AccessControlEntry)30 MediaPackage (org.opencastproject.mediapackage.MediaPackage)27 Test (org.junit.Test)26 IOException (java.io.IOException)22 Organization (org.opencastproject.security.api.Organization)22 User (org.opencastproject.security.api.User)21 DublinCoreCatalog (org.opencastproject.metadata.dublincore.DublinCoreCatalog)19 ArrayList (java.util.ArrayList)18 SeriesException (org.opencastproject.series.api.SeriesException)18 ManagedAcl (org.opencastproject.authorization.xacml.manager.api.ManagedAcl)16 MediaPackageException (org.opencastproject.mediapackage.MediaPackageException)16 Date (java.util.Date)15 SchedulerException (org.opencastproject.scheduler.api.SchedulerException)14 Path (javax.ws.rs.Path)13 RestQuery (org.opencastproject.util.doc.rest.RestQuery)13 WebApplicationException (javax.ws.rs.WebApplicationException)12 File (java.io.File)10