use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class SchedulerMigrationService method activate.
public void activate(final ComponentContext cc) throws ConfigurationException, SQLException {
logger.info("Start migrating scheduled events");
// read config
final String orgId = StringUtils.trimToNull((String) cc.getBundleContext().getProperty(CFG_ORGANIZATION));
if (StringUtils.isBlank(orgId)) {
logger.debug("No organization set for migration. Aborting.");
return;
}
// create security context
final Organization org;
try {
org = organizationDirectoryService.getOrganization(orgId);
} catch (NotFoundException e) {
throw new ConfigurationException(CFG_ORGANIZATION, String.format("Could not find organization '%s'", orgId), e);
}
SecurityUtil.runAs(securityService, org, SecurityUtil.createSystemUser(cc, org), new Effect0() {
@Override
protected void run() {
// check if migration is needed
try {
int size = schedulerService.search(none(), none(), none(), none(), none()).size();
if (size > 0) {
logger.info("There are already '{}' existing scheduled events, skip scheduler migration!", size);
return;
}
} catch (UnauthorizedException | SchedulerException e) {
logger.error("Unable to read existing scheduled events, skip scheduler migration!", e);
}
try {
migrateScheduledEvents();
} catch (SQLException e) {
chuck(e);
}
}
});
logger.info("Finished migrating scheduled events");
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class AclScannerTest method setUp.
@Before
public void setUp() throws Exception {
Organization org1 = new JpaOrganization("org1", "org1", new HashMap<String, Integer>(), "ADMIN", "ANONYMOUS", new HashMap<String, String>());
Organization org2 = new JpaOrganization("org2", "org2", new HashMap<String, Integer>(), "ADMIN", "ANONYMOUS", new HashMap<String, String>());
Organization org3 = new JpaOrganization("org3", "org3", new HashMap<String, Integer>(), "ADMIN", "ANONYMOUS", new HashMap<String, String>());
List<Organization> orgs = new ArrayList<>();
orgs.add(org1);
orgs.add(org2);
orgs.add(org3);
aclDb = EasyMock.createNiceMock(AclDb.class);
orgService = EasyMock.createNiceMock(OrganizationDirectoryService.class);
EasyMock.expect(orgService.getOrganizations()).andReturn(orgs).anyTimes();
final SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
final MessageSender messageSender = EasyMock.createNiceMock(MessageSender.class);
final AclTransitionDb aclTransitionDb = EasyMock.createNiceMock(AclTransitionDb.class);
List<EpisodeACLTransition> episodeTransitions = new ArrayList<>();
List<SeriesACLTransition> seriesTransitions = new ArrayList<>();
EasyMock.expect(aclTransitionDb.getByQuery(EasyMock.anyObject(Organization.class), EasyMock.anyObject(TransitionQuery.class))).andReturn(new TransitionResultImpl(episodeTransitions, seriesTransitions)).anyTimes();
// EasyMock.replay(aclDb);
EasyMock.replay(orgService, messageSender, aclTransitionDb, securityService);
AclServiceFactory aclServiceFactory = new AclServiceFactory() {
@Override
public AclService serviceFor(Organization org) {
return new AclServiceImpl(new DefaultOrganization(), aclDb, aclTransitionDb, null, null, null, null, messageSender, null);
}
};
aclScanner = new AclScanner();
aclScanner.setAclServiceFactory(aclServiceFactory);
aclScanner.setOrganizationDirectoryService(orgService);
aclScanner.setSecurityService(securityService);
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class AclScanner method updateAcl.
/**
* Update an ACL based upon an XACML file on all the organizations.
*
* @param artifact
* The File representing the XACML File.
* @throws IOException
* @throws JAXBException
*/
private void updateAcl(File artifact) throws IOException, XACMLParsingException {
List<Organization> organizations = organizationDirectoryService.getOrganizations();
logger.debug("Updating Acl {}", artifact.getAbsolutePath());
String fileName = FilenameUtils.removeExtension(artifact.getName());
AccessControlList acl = parseToAcl(artifact);
// Update the Acl on all the organizations
for (Organization org : organizations) {
securityService.setOrganization(org);
Long id = managedAcls.get(generateAclId(fileName, org));
if (id != null) {
// If the Acl Id is in the managedAcls map, we update the Acl
if (!getAclService(org).updateAcl(new ManagedAclImpl(id, fileName, org.getId(), acl))) {
logger.warn("No Acl found with the id {} for the organisation {}.", id, org.getName());
} else {
logger.debug("Acl from XACML file {} has been updated for the organisation {}", fileName, org.getName());
}
} else {
logger.info("The XACML file {} has not been added to the organisation {} and will therefore not be updated", fileName, org.getName());
}
}
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class AclScanner method removeAcl.
/**
* Remove an ACL based upon an XACML file from all the organizations.
*
* @param artifact
* The File representing the XACML File.
* @throws IOException
* @throws JAXBException
*/
private void removeAcl(File artifact) throws IOException, JAXBException {
List<Organization> organizations = organizationDirectoryService.getOrganizations();
logger.debug("Removing Acl {}", artifact.getAbsolutePath());
String fileName = FilenameUtils.removeExtension(artifact.getName());
// Remove the Acl on all the organizations
for (Organization org : organizations) {
securityService.setOrganization(org);
Long id = managedAcls.get(generateAclId(fileName, org));
if (id != null) {
try {
getAclService(org).deleteAcl(id);
} catch (NotFoundException e) {
logger.warn("Unable to delete managec acl {}: Managed acl already deleted!", id);
} catch (AclServiceException e) {
logger.error("Unable to delete managed acl {}: {}", id, ExceptionUtils.getStackTrace(e));
}
} else {
logger.debug("No Acl found with the id {}.", id);
}
}
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class AssetManagerWithSecurityTest method parametersForTestQuery.
private Object parametersForTestQuery() {
final Organization org1 = TestOrganization.mk("org1", ROLE_ANONYMOUS, ROLE_ORG_ADMIN);
final Organization org2 = TestOrganization.mk("org2", ROLE_ANONYMOUS, ROLE_ORG_ADMIN);
return $a(// make sure that a role with read rights can access its episodes
$a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, ROLE_TEACHER), true, true), // make sure that roles without read rights cannot read
$a(acl(ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, ROLE_TEACHER), false, true), // make sure that a different role cannot read
$a(acl(ace(ROLE_USER, READ_ACTION), ace(ROLE_USER, WRITE_ACTION)), TestUser.mk(org1, ROLE_USER), TestUser.mk(org1, ROLE_TEACHER), false, false), // make sure that the organization's admin can always read the episodes of her organization
$a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, org1.getAdminRole()), true, true), // make sure that the global admin is always allowed to read
$a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, SecurityConstants.GLOBAL_ADMIN_ROLE), true, true), // make sure that the global admin is always allowed to read, no matter what organization she is from
$a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org2, SecurityConstants.GLOBAL_ADMIN_ROLE), true, true), // cannot read the episodes from a another one.
$a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org2, org2.getAdminRole()), false, false));
}
Aggregations