use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SchedulerMigrationService method schedule.
void schedule(SchedulerTransaction tx, Event event) {
final Map<String, String> wfProperties = Collections.emptyMap();
final Map<String, String> caMetadata = PropertiesUtil.toMap(event.captureAgentProperites);
final MediaPackage mp = mkMediaPackage();
mp.setIdentifier(new IdImpl(event.mediaPackageId));
// create the catalog
final DublinCoreCatalog dc = event.dublinCore;
mp.setSeries(dc.getFirst(DublinCore.PROPERTY_IS_PART_OF));
// and make them available for download in the workspace
dc.setURI(storeInWs(event.mediaPackageId, dc.getIdentifier(), "dc-episode.xml", inputStream(dc)));
// add them to the media package
mp.add(dc);
// add acl to the media package
for (AccessControlList acl : event.accessControlList) {
authorizationService.setAcl(mp, AclScope.Episode, acl);
}
//
// add to scheduler service
Tuple<Date, Date> schedulingDate = getSchedulingDate(dc);
String caId = dc.getFirst(DublinCore.PROPERTY_SPATIAL);
try {
tx.addEvent(schedulingDate.getA(), schedulingDate.getB(), caId, Collections.<String>emptySet(), mp, wfProperties, caMetadata, Opt.some(event.optOut));
} catch (UnauthorizedException e) {
logger.error("Not authorized to schedule an event", e);
chuck(e);
} catch (SchedulerException e) {
logger.warn("Not able to schedule event.", e);
chuck(e);
} catch (NotFoundException e) {
logger.error("Transaction disappeared");
chuck(e);
}
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class EventsEndpointTest method testSerializationOfAcl.
@Ignore
@Test
public void testSerializationOfAcl() throws IOException {
String emptyAclJson = IOUtils.toString(getClass().getResource("/acl-empty.json"));
// Test empty acl
AccessControlList acl = new AccessControlList();
Event event = new Event();
event.setAccessPolicy(AccessControlParser.toJsonSilent(acl));
Response result = ApiResponses.Json.ok(ApiVersion.VERSION_1_0_0, arr(AclUtils.serializeAclToJson(acl)));
assertTrue(result.getMetadata().get("Content-Type") != null);
assertEquals("application/" + ApiVersion.CURRENT_VERSION + "+json", result.getMetadata().get("Content-Type").get(0).toString().toLowerCase());
assertThat(emptyAclJson, SameJSONAs.sameJSONAs(result.getEntity().toString()).allowingAnyArrayOrdering());
// Test acl with one entry
String oneAclJson = IOUtils.toString(getClass().getResource("/acl-one.json"));
AccessControlEntry ace = new AccessControlEntry("ROLE_ADMIN", "write", true);
acl = new AccessControlList(ace);
event = new Event();
event.setAccessPolicy(AccessControlParser.toJsonSilent(acl));
result = ApiResponses.Json.ok(ApiVersion.VERSION_1_0_0, arr(AclUtils.serializeAclToJson(acl)));
assertTrue(result.getMetadata().get("Content-Type") != null);
assertEquals("application/" + ApiVersion.CURRENT_VERSION + "+json", result.getMetadata().get("Content-Type").get(0).toString().toLowerCase());
assertThat(oneAclJson, SameJSONAs.sameJSONAs(result.getEntity().toString()).allowingAnyArrayOrdering());
// Test acl with many entries
String manyAclJson = IOUtils.toString(getClass().getResource("/acl-many.json"));
AccessControlEntry ace1 = new AccessControlEntry("ROLE_ADMIN", "write", true);
AccessControlEntry ace2 = new AccessControlEntry("ROLE_USER", "read", true);
acl = new AccessControlList(ace1, ace2);
event = new Event();
event.setAccessPolicy(AccessControlParser.toJsonSilent(acl));
result = ApiResponses.Json.ok(ApiVersion.VERSION_1_0_0, arr(AclUtils.serializeAclToJson(acl)));
assertTrue(result.getMetadata().get("Content-Type") != null);
assertEquals("application/" + ApiVersion.CURRENT_VERSION + "+json", result.getMetadata().get("Content-Type").get(0).toString().toLowerCase());
assertThat(manyAclJson, SameJSONAs.sameJSONAs(result.getEntity().toString()).allowingAnyArrayOrdering());
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class EventsEndpointTest method testDeserializationOfAcl.
@Test
public void testDeserializationOfAcl() throws IOException, ParseException {
String emptyAclJson = IOUtils.toString(getClass().getResource("/acl-empty.json"));
AccessControlList acl = AclUtils.deserializeJsonToAcl(emptyAclJson, false);
assertEquals(acl.getEntries().size(), 0);
// Test acl with one entry
String oneAclJson = IOUtils.toString(getClass().getResource("/acl-one.json"));
acl = AclUtils.deserializeJsonToAcl(oneAclJson, false);
assertEquals(acl.getEntries().size(), 1);
assertEquals(acl.getEntries().get(0).getAction(), "write");
assertEquals(acl.getEntries().get(0).isAllow(), true);
assertEquals(acl.getEntries().get(0).getRole(), "ROLE_ADMIN");
// Test acl with many entries
String manyAclJson = IOUtils.toString(getClass().getResource("/acl-many.json"));
acl = AclUtils.deserializeJsonToAcl(manyAclJson, false);
assertEquals(acl.getEntries().size(), 2);
assertEquals(acl.getEntries().get(0).getAction(), "write");
assertEquals(acl.getEntries().get(0).isAllow(), true);
assertEquals(acl.getEntries().get(0).getRole(), "ROLE_ADMIN");
assertEquals(acl.getEntries().get(1).getAction(), "read");
assertEquals(acl.getEntries().get(1).isAllow(), true);
assertEquals(acl.getEntries().get(1).getRole(), "ROLE_USER");
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class SeriesEndpoint method createNewSeries.
@POST
@Path("")
@Produces({ "application/json", "application/v1.0.0+json" })
@RestQuery(name = "createseries", description = "Creates a series.", returnDescription = "", restParameters = { @RestParameter(name = "metadata", isRequired = true, description = "Series metadata", type = STRING), @RestParameter(name = "acl", description = "A collection of roles with their possible action", isRequired = false, type = STRING), @RestParameter(name = "theme", description = "The theme ID to be applied to the series", isRequired = false, type = STRING) }, reponses = { @RestResponse(description = "A new series is created and its identifier is returned in the Location header.", responseCode = HttpServletResponse.SC_CREATED), @RestResponse(description = "The request is invalid or inconsistent..", responseCode = HttpServletResponse.SC_BAD_REQUEST), @RestResponse(description = "The user doesn't have the rights to create the series.", responseCode = HttpServletResponse.SC_UNAUTHORIZED) })
public Response createNewSeries(@HeaderParam("Accept") String acceptHeader, @FormParam("metadata") String metadataParam, @FormParam("acl") String aclParam, @FormParam("theme") String themeIdParam) throws UnauthorizedException, NotFoundException {
if (isBlank(metadataParam))
return R.badRequest("Required parameter 'metadata' is missing or invalid");
MetadataList metadataList;
try {
metadataList = deserializeMetadataList(metadataParam);
} catch (ParseException e) {
logger.debug("Unable to parse series metadata '{}' because: {}", metadataParam, ExceptionUtils.getStackTrace(e));
return R.badRequest(String.format("Unable to parse metadata because '%s'", e.toString()));
} catch (NotFoundException e) {
// One of the metadata fields could not be found in the catalogs or one of the catalogs cannot be found.
return R.badRequest(e.getMessage());
} catch (IllegalArgumentException e) {
logger.debug("Unable to create series with metadata '{}' because: {}", metadataParam, ExceptionUtils.getStackTrace(e));
return R.badRequest(e.getMessage());
}
Map<String, String> options = new TreeMap<>();
Opt<Long> optThemeId = Opt.none();
if (StringUtils.trimToNull(themeIdParam) != null) {
try {
Long themeId = Long.parseLong(themeIdParam);
optThemeId = Opt.some(themeId);
} catch (NumberFormatException e) {
return R.badRequest(String.format("Unable to parse the theme id '%s' into a number", themeIdParam));
}
}
AccessControlList acl;
try {
acl = AclUtils.deserializeJsonToAcl(aclParam, false);
} catch (ParseException e) {
logger.debug("Unable to parse acl '{}' because: '{}'", aclParam, ExceptionUtils.getStackTrace(e));
return R.badRequest(String.format("Unable to parse acl '%s' because '%s'", aclParam, e.getMessage()));
} catch (IllegalArgumentException e) {
logger.debug("Unable to create new series with acl '{}' because: '{}'", aclParam, ExceptionUtils.getStackTrace(e));
return R.badRequest(e.getMessage());
}
try {
String seriesId = indexService.createSeries(metadataList, options, Opt.some(acl), optThemeId);
return ApiResponses.Json.created(VERSION_1_0_0, URI.create(getSeriesUrl(seriesId)), obj(f("identifier", v(seriesId, BLANK))));
} catch (IndexServiceException e) {
logger.error("Unable to create series with metadata '{}', acl '{}', theme '{}' because: ", metadataParam, aclParam, themeIdParam, ExceptionUtils.getStackTrace(e));
throw new WebApplicationException(e, Status.INTERNAL_SERVER_ERROR);
}
}
use of org.opencastproject.security.api.AccessControlList in project opencast by opencast.
the class AclUtils method deserializeJsonToAcl.
/**
* De-serialize an JSON into an {@link AccessControlList}.
*
* @param json
* The {@link AccessControlList} to serialize.
* @param assumeAllow
* Assume that all entries are allows.
* @return An {@link AccessControlList} representation of the Json
* @throws IllegalArgumentException
* Thrown if essential parts of an access control element is missing.
* @throws ParseException
* Thrown if unable to parse the json value of the acl.
*/
public static AccessControlList deserializeJsonToAcl(String json, boolean assumeAllow) throws IllegalArgumentException, ParseException {
JSONParser parser = new JSONParser();
JSONArray aclJson = (JSONArray) parser.parse(json);
@SuppressWarnings("unchecked") ListIterator<Object> iterator = aclJson.listIterator();
JSONObject aceJson;
List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();
while (iterator.hasNext()) {
aceJson = (JSONObject) iterator.next();
String action = aceJson.get(ACTION_JSON_KEY) != null ? aceJson.get(ACTION_JSON_KEY).toString() : "";
String allow;
if (assumeAllow) {
allow = "true";
} else {
allow = aceJson.get(ALLOW_JSON_KEY) != null ? aceJson.get(ALLOW_JSON_KEY).toString() : "";
}
String role = aceJson.get(ROLE_JSON_KEY) != null ? aceJson.get(ROLE_JSON_KEY).toString() : "";
if (StringUtils.trimToNull(action) != null && StringUtils.trimToNull(allow) != null && StringUtils.trimToNull(role) != null) {
AccessControlEntry ace = new AccessControlEntry(role, action, Boolean.parseBoolean(allow));
entries.add(ace);
} else {
throw new IllegalArgumentException(String.format("One of the access control elements is missing a property. The action was '%s', allow was '%s' and the role was '%s'", action, allow, role));
}
}
return new AccessControlList(entries);
}
Aggregations