Search in sources :

Example 66 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SchedulerMigrationService method activate.

public void activate(final ComponentContext cc) throws ConfigurationException, SQLException {
    logger.info("Start migrating scheduled events");
    // read config
    final String orgId = StringUtils.trimToNull((String) cc.getBundleContext().getProperty(CFG_ORGANIZATION));
    if (StringUtils.isBlank(orgId)) {
        logger.debug("No organization set for migration. Aborting.");
        return;
    }
    // create security context
    final Organization org;
    try {
        org = organizationDirectoryService.getOrganization(orgId);
    } catch (NotFoundException e) {
        throw new ConfigurationException(CFG_ORGANIZATION, String.format("Could not find organization '%s'", orgId), e);
    }
    SecurityUtil.runAs(securityService, org, SecurityUtil.createSystemUser(cc, org), new Effect0() {

        @Override
        protected void run() {
            // check if migration is needed
            try {
                int size = schedulerService.search(none(), none(), none(), none(), none()).size();
                if (size > 0) {
                    logger.info("There are already '{}' existing scheduled events, skip scheduler migration!", size);
                    return;
                }
            } catch (UnauthorizedException | SchedulerException e) {
                logger.error("Unable to read existing scheduled events, skip scheduler migration!", e);
            }
            try {
                migrateScheduledEvents();
            } catch (SQLException e) {
                chuck(e);
            }
        }
    });
    logger.info("Finished migrating scheduled events");
}
Also used : Organization(org.opencastproject.security.api.Organization) ConfigurationException(org.osgi.service.cm.ConfigurationException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) SQLException(java.sql.SQLException) Effect0(org.opencastproject.util.data.Effect0) NotFoundException(org.opencastproject.util.NotFoundException)

Example 67 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class AclScannerTest method setUp.

@Before
public void setUp() throws Exception {
    Organization org1 = new JpaOrganization("org1", "org1", new HashMap<String, Integer>(), "ADMIN", "ANONYMOUS", new HashMap<String, String>());
    Organization org2 = new JpaOrganization("org2", "org2", new HashMap<String, Integer>(), "ADMIN", "ANONYMOUS", new HashMap<String, String>());
    Organization org3 = new JpaOrganization("org3", "org3", new HashMap<String, Integer>(), "ADMIN", "ANONYMOUS", new HashMap<String, String>());
    List<Organization> orgs = new ArrayList<>();
    orgs.add(org1);
    orgs.add(org2);
    orgs.add(org3);
    aclDb = EasyMock.createNiceMock(AclDb.class);
    orgService = EasyMock.createNiceMock(OrganizationDirectoryService.class);
    EasyMock.expect(orgService.getOrganizations()).andReturn(orgs).anyTimes();
    final SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    final MessageSender messageSender = EasyMock.createNiceMock(MessageSender.class);
    final AclTransitionDb aclTransitionDb = EasyMock.createNiceMock(AclTransitionDb.class);
    List<EpisodeACLTransition> episodeTransitions = new ArrayList<>();
    List<SeriesACLTransition> seriesTransitions = new ArrayList<>();
    EasyMock.expect(aclTransitionDb.getByQuery(EasyMock.anyObject(Organization.class), EasyMock.anyObject(TransitionQuery.class))).andReturn(new TransitionResultImpl(episodeTransitions, seriesTransitions)).anyTimes();
    // EasyMock.replay(aclDb);
    EasyMock.replay(orgService, messageSender, aclTransitionDb, securityService);
    AclServiceFactory aclServiceFactory = new AclServiceFactory() {

        @Override
        public AclService serviceFor(Organization org) {
            return new AclServiceImpl(new DefaultOrganization(), aclDb, aclTransitionDb, null, null, null, null, messageSender, null);
        }
    };
    aclScanner = new AclScanner();
    aclScanner.setAclServiceFactory(aclServiceFactory);
    aclScanner.setOrganizationDirectoryService(orgService);
    aclScanner.setSecurityService(securityService);
}
Also used : Organization(org.opencastproject.security.api.Organization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) JpaOrganization(org.opencastproject.security.impl.jpa.JpaOrganization) JpaOrganization(org.opencastproject.security.impl.jpa.JpaOrganization) SeriesACLTransition(org.opencastproject.authorization.xacml.manager.api.SeriesACLTransition) MessageSender(org.opencastproject.message.broker.api.MessageSender) ArrayList(java.util.ArrayList) EasyMock.anyString(org.easymock.EasyMock.anyString) AclServiceFactory(org.opencastproject.authorization.xacml.manager.api.AclServiceFactory) SecurityService(org.opencastproject.security.api.SecurityService) EpisodeACLTransition(org.opencastproject.authorization.xacml.manager.api.EpisodeACLTransition) OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) Before(org.junit.Before)

Example 68 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class AclScanner method updateAcl.

/**
 * Update an ACL based upon an XACML file on all the organizations.
 *
 * @param artifact
 *          The File representing the XACML File.
 * @throws IOException
 * @throws JAXBException
 */
private void updateAcl(File artifact) throws IOException, XACMLParsingException {
    List<Organization> organizations = organizationDirectoryService.getOrganizations();
    logger.debug("Updating Acl {}", artifact.getAbsolutePath());
    String fileName = FilenameUtils.removeExtension(artifact.getName());
    AccessControlList acl = parseToAcl(artifact);
    // Update the Acl on all the organizations
    for (Organization org : organizations) {
        securityService.setOrganization(org);
        Long id = managedAcls.get(generateAclId(fileName, org));
        if (id != null) {
            // If the Acl Id is in the managedAcls map, we update the Acl
            if (!getAclService(org).updateAcl(new ManagedAclImpl(id, fileName, org.getId(), acl))) {
                logger.warn("No Acl found with the id {} for the organisation {}.", id, org.getName());
            } else {
                logger.debug("Acl from XACML file {} has been updated for the organisation {}", fileName, org.getName());
            }
        } else {
            logger.info("The XACML file {} has not been added to the organisation {} and will therefore not be updated", fileName, org.getName());
        }
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) Organization(org.opencastproject.security.api.Organization)

Example 69 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class AclScanner method removeAcl.

/**
 * Remove an ACL based upon an XACML file from all the organizations.
 *
 * @param artifact
 *          The File representing the XACML File.
 * @throws IOException
 * @throws JAXBException
 */
private void removeAcl(File artifact) throws IOException, JAXBException {
    List<Organization> organizations = organizationDirectoryService.getOrganizations();
    logger.debug("Removing Acl {}", artifact.getAbsolutePath());
    String fileName = FilenameUtils.removeExtension(artifact.getName());
    // Remove the Acl on all the organizations
    for (Organization org : organizations) {
        securityService.setOrganization(org);
        Long id = managedAcls.get(generateAclId(fileName, org));
        if (id != null) {
            try {
                getAclService(org).deleteAcl(id);
            } catch (NotFoundException e) {
                logger.warn("Unable to delete managec acl {}: Managed acl already deleted!", id);
            } catch (AclServiceException e) {
                logger.error("Unable to delete managed acl {}: {}", id, ExceptionUtils.getStackTrace(e));
            }
        } else {
            logger.debug("No Acl found with the id {}.", id);
        }
    }
}
Also used : AclServiceException(org.opencastproject.authorization.xacml.manager.api.AclServiceException) Organization(org.opencastproject.security.api.Organization) NotFoundException(org.opencastproject.util.NotFoundException) FileNotFoundException(java.io.FileNotFoundException)

Example 70 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class AssetManagerWithSecurityTest method parametersForTestQuery.

private Object parametersForTestQuery() {
    final Organization org1 = TestOrganization.mk("org1", ROLE_ANONYMOUS, ROLE_ORG_ADMIN);
    final Organization org2 = TestOrganization.mk("org2", ROLE_ANONYMOUS, ROLE_ORG_ADMIN);
    return $a(// make sure that a role with read rights can access its episodes
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, ROLE_TEACHER), true, true), // make sure that roles without read rights cannot read
    $a(acl(ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, ROLE_TEACHER), false, true), // make sure that a different role cannot read
    $a(acl(ace(ROLE_USER, READ_ACTION), ace(ROLE_USER, WRITE_ACTION)), TestUser.mk(org1, ROLE_USER), TestUser.mk(org1, ROLE_TEACHER), false, false), // make sure that the organization's admin can always read the episodes of her organization
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, org1.getAdminRole()), true, true), // make sure that the global admin is always allowed to read
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, SecurityConstants.GLOBAL_ADMIN_ROLE), true, true), // make sure that the global admin is always allowed to read, no matter what organization she is from
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org2, SecurityConstants.GLOBAL_ADMIN_ROLE), true, true), // cannot read the episodes from a another one.
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org2, org2.getAdminRole()), false, false));
}
Also used : Organization(org.opencastproject.security.api.Organization) TestOrganization(org.opencastproject.assetmanager.impl.util.TestOrganization)

Aggregations

Organization (org.opencastproject.security.api.Organization)135 User (org.opencastproject.security.api.User)60 DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)46 NotFoundException (org.opencastproject.util.NotFoundException)43 JaxbOrganization (org.opencastproject.security.api.JaxbOrganization)29 SecurityService (org.opencastproject.security.api.SecurityService)29 IOException (java.io.IOException)24 Before (org.junit.Before)24 ArrayList (java.util.ArrayList)23 AccessControlList (org.opencastproject.security.api.AccessControlList)22 OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)22 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)22 JaxbRole (org.opencastproject.security.api.JaxbRole)21 MediaPackage (org.opencastproject.mediapackage.MediaPackage)20 JaxbUser (org.opencastproject.security.api.JaxbUser)20 UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)19 File (java.io.File)18 HashMap (java.util.HashMap)17 WorkflowInstance (org.opencastproject.workflow.api.WorkflowInstance)17 Test (org.junit.Test)15