Example 1 with Group
use of org.opencastproject.security.api.Group in project opencast by opencast.
the class JpaGroupRoleProviderTest method testUpdateGroupNotAllowedAsNonAdminUser.
@Test
public void testUpdateGroupNotAllowedAsNonAdminUser() throws UnauthorizedException {
JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", Collections.set(new JpaRole(SecurityConstants.GLOBAL_ADMIN_ROLE, org1)));
try {
provider.addGroup(group);
Group loadGroup = provider.loadGroup(group.getGroupId(), group.getOrganization().getId());
assertNotNull(loadGroup);
assertEquals(loadGroup.getGroupId(), loadGroup.getGroupId());
} catch (Exception e) {
fail("The group schould be added");
}
JpaUser user = new JpaUser("user", "pass1", org1, "User", "user@localhost", "opencast", true, Collections.set(new JpaRole("ROLE_USER", org1)));
// Set the security sevice
SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
EasyMock.expect(securityService.getOrganization()).andReturn(org1).anyTimes();
EasyMock.replay(securityService);
provider.setSecurityService(securityService);
try {
// try add ROLE_USER
Response updateGroupResponse = provider.updateGroup(group.getGroupId(), group.getName(), group.getDescription(), "ROLE_USER, " + SecurityConstants.GLOBAL_ADMIN_ROLE, null);
assertNotNull(updateGroupResponse);
assertEquals(HttpStatus.SC_FORBIDDEN, updateGroupResponse.getStatus());
// try remove ROLE_ADMIN
updateGroupResponse = provider.updateGroup(group.getGroupId(), group.getName(), group.getDescription(), "ROLE_USER", null);
assertNotNull(updateGroupResponse);
assertEquals(HttpStatus.SC_FORBIDDEN, updateGroupResponse.getStatus());
} catch (NotFoundException e) {
fail("The existing group isn't found");
}
}
Also used :
JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup)
Response(javax.ws.rs.core.Response)
JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup)
Group(org.opencastproject.security.api.Group)
SecurityService(org.opencastproject.security.api.SecurityService)
JpaRole(org.opencastproject.security.impl.jpa.JpaRole)
NotFoundException(org.opencastproject.util.NotFoundException)
JpaUser(org.opencastproject.security.impl.jpa.JpaUser)
UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)
NotFoundException(org.opencastproject.util.NotFoundException)
Test(org.junit.Test)
Example 2 with Group
use of org.opencastproject.security.api.Group in project opencast by opencast.
the class JpaGroupRoleProvider method removeGroup.
private void removeGroup(String groupId, String orgId) throws NotFoundException, UnauthorizedException, Exception {
Group group = loadGroup(groupId, orgId);
if (group != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, group.getRoles()))
throw new UnauthorizedException("The user is not allowed to delete a group with the admin role");
UserDirectoryPersistenceUtil.removeGroup(groupId, orgId, emf);
messageSender.sendObjectMessage(GroupItem.GROUP_QUEUE, MessageSender.DestinationType.Queue, GroupItem.delete(groupId));
}
Also used :
JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup)
JaxbGroup(org.opencastproject.security.api.JaxbGroup)
Group(org.opencastproject.security.api.Group)
UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)
Example 3 with Group
use of org.opencastproject.security.api.Group in project opencast by opencast.
the class JpaGroupRoleProvider method getGroupsRoles.
/**
* Returns all roles from a given group list
*
* @param groups
* the group list
* @return the role list
*/
private List<Role> getGroupsRoles(List<JpaGroup> groups) {
List<Role> roles = new ArrayList<Role>();
for (Group group : groups) {
roles.add(new JaxbRole(group.getRole(), JaxbOrganization.fromOrganization(group.getOrganization()), "", Role.Type.GROUP));
for (Role role : group.getRoles()) {
JaxbRole grouprole = new JaxbRole(role.getName(), JaxbOrganization.fromOrganization(role.getOrganization()), role.getDescription(), Role.Type.DERIVED);
roles.add(grouprole);
}
}
return roles;
}
Also used :
JaxbRole(org.opencastproject.security.api.JaxbRole)
Role(org.opencastproject.security.api.Role)
JpaRole(org.opencastproject.security.impl.jpa.JpaRole)
JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup)
JaxbGroup(org.opencastproject.security.api.JaxbGroup)
Group(org.opencastproject.security.api.Group)
JaxbRole(org.opencastproject.security.api.JaxbRole)
ArrayList(java.util.ArrayList)
Example 4 with Group
use of org.opencastproject.security.api.Group in project opencast by opencast.
the class JpaGroupRoleProvider method getRolesForGroup.
/**
* {@inheritDoc}
*
* @see org.opencastproject.security.api.RoleProvider#getRolesForUser(String)
*/
@Override
public List<Role> getRolesForGroup(String groupName) {
List<Role> roles = new ArrayList<Role>();
String orgId = securityService.getOrganization().getId();
Group group = UserDirectoryPersistenceUtil.findGroupByRole(groupName, orgId, emf);
if (group != null) {
for (Role role : group.getRoles()) {
JaxbRole grouprole = new JaxbRole(role.getName(), JaxbOrganization.fromOrganization(role.getOrganization()), role.getDescription(), Role.Type.DERIVED);
roles.add(grouprole);
}
} else {
logger.warn("Group {} not found", groupName);
}
return roles;
}
Also used :
JaxbRole(org.opencastproject.security.api.JaxbRole)
Role(org.opencastproject.security.api.Role)
JpaRole(org.opencastproject.security.impl.jpa.JpaRole)
JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup)
JaxbGroup(org.opencastproject.security.api.JaxbGroup)
Group(org.opencastproject.security.api.Group)
JaxbRole(org.opencastproject.security.api.JaxbRole)
ArrayList(java.util.ArrayList)
Example 5 with Group
use of org.opencastproject.security.api.Group in project opencast by opencast.
the class JpaGroupRoleProvider method addGroup.
/**
* Adds or updates a group to the persistence.
*
* @param group
* the group to add
*/
public void addGroup(final JpaGroup group) throws UnauthorizedException {
if (group != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, group.getRoles()))
throw new UnauthorizedException("The user is not allowed to add or update a group with the admin role");
Group existingGroup = loadGroup(group.getGroupId(), group.getOrganization().getId());
if (existingGroup != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, existingGroup.getRoles()))
throw new UnauthorizedException("The user is not allowed to update a group with the admin role");
Set<JpaRole> roles = UserDirectoryPersistenceUtil.saveRoles(group.getRoles(), emf);
JpaOrganization organization = UserDirectoryPersistenceUtil.saveOrganization(group.getOrganization(), emf);
JpaGroup jpaGroup = new JpaGroup(group.getGroupId(), organization, group.getName(), group.getDescription(), roles, group.getMembers());
// Then save the jpaGroup
EntityManager em = null;
EntityTransaction tx = null;
try {
em = emf.createEntityManager();
tx = em.getTransaction();
tx.begin();
JpaGroup foundGroup = UserDirectoryPersistenceUtil.findGroup(jpaGroup.getGroupId(), jpaGroup.getOrganization().getId(), emf);
if (foundGroup == null) {
em.persist(jpaGroup);
} else {
foundGroup.setName(jpaGroup.getName());
foundGroup.setDescription(jpaGroup.getDescription());
foundGroup.setMembers(jpaGroup.getMembers());
foundGroup.setRoles(roles);
em.merge(foundGroup);
}
tx.commit();
messageSender.sendObjectMessage(GroupItem.GROUP_QUEUE, MessageSender.DestinationType.Queue, GroupItem.update(JaxbGroup.fromGroup(jpaGroup)));
} finally {
if (tx.isActive()) {
tx.rollback();
}
if (em != null)
em.close();
}
}
Also used :
JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup)
JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup)
JaxbGroup(org.opencastproject.security.api.JaxbGroup)
Group(org.opencastproject.security.api.Group)
EntityTransaction(javax.persistence.EntityTransaction)
EntityManager(javax.persistence.EntityManager)
JpaOrganization(org.opencastproject.security.impl.jpa.JpaOrganization)
UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)
JpaRole(org.opencastproject.security.impl.jpa.JpaRole)
Aggregations
Group (org.opencastproject.security.api.Group)7
JpaGroup (org.opencastproject.security.impl.jpa.JpaGroup)7
JpaRole (org.opencastproject.security.impl.jpa.JpaRole)6
JaxbGroup (org.opencastproject.security.api.JaxbGroup)4
UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)4
Test (org.junit.Test)3
ArrayList (java.util.ArrayList)2
Response (javax.ws.rs.core.Response)2
JaxbRole (org.opencastproject.security.api.JaxbRole)2
Role (org.opencastproject.security.api.Role)2
SecurityService (org.opencastproject.security.api.SecurityService)2
JpaUser (org.opencastproject.security.impl.jpa.JpaUser)2
NotFoundException (org.opencastproject.util.NotFoundException)2
HashSet (java.util.HashSet)1
EntityManager (javax.persistence.EntityManager)1
EntityTransaction (javax.persistence.EntityTransaction)1
JpaOrganization (org.opencastproject.security.impl.jpa.JpaOrganization)1
