Examples with Organization org.opencastproject.security.api.Organization used on opensource projects

Example 66 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SchedulerMigrationService method activate.

public void activate(final ComponentContext cc) throws ConfigurationException, SQLException {
    logger.info("Start migrating scheduled events");
    // read config
    final String orgId = StringUtils.trimToNull((String) cc.getBundleContext().getProperty(CFG_ORGANIZATION));
    if (StringUtils.isBlank(orgId)) {
        logger.debug("No organization set for migration. Aborting.");
        return;
    }
    // create security context
    final Organization org;
    try {
        org = organizationDirectoryService.getOrganization(orgId);
    } catch (NotFoundException e) {
        throw new ConfigurationException(CFG_ORGANIZATION, String.format("Could not find organization '%s'", orgId), e);
    }
    SecurityUtil.runAs(securityService, org, SecurityUtil.createSystemUser(cc, org), new Effect0() {

        @Override
        protected void run() {
            // check if migration is needed
            try {
                int size = schedulerService.search(none(), none(), none(), none(), none()).size();
                if (size > 0) {
                    logger.info("There are already '{}' existing scheduled events, skip scheduler migration!", size);
                    return;
                }
            } catch (UnauthorizedException | SchedulerException e) {
                logger.error("Unable to read existing scheduled events, skip scheduler migration!", e);
            }
            try {
                migrateScheduledEvents();
            } catch (SQLException e) {
                chuck(e);
            }
        }
    });
    logger.info("Finished migrating scheduled events");
}

Example 67 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class AclScannerTest method setUp.

@Before
public void setUp() throws Exception {
    Organization org1 = new JpaOrganization("org1", "org1", new HashMap<String, Integer>(), "ADMIN", "ANONYMOUS", new HashMap<String, String>());
    Organization org2 = new JpaOrganization("org2", "org2", new HashMap<String, Integer>(), "ADMIN", "ANONYMOUS", new HashMap<String, String>());
    Organization org3 = new JpaOrganization("org3", "org3", new HashMap<String, Integer>(), "ADMIN", "ANONYMOUS", new HashMap<String, String>());
    List<Organization> orgs = new ArrayList<>();
    orgs.add(org1);
    orgs.add(org2);
    orgs.add(org3);
    aclDb = EasyMock.createNiceMock(AclDb.class);
    orgService = EasyMock.createNiceMock(OrganizationDirectoryService.class);
    EasyMock.expect(orgService.getOrganizations()).andReturn(orgs).anyTimes();
    final SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    final MessageSender messageSender = EasyMock.createNiceMock(MessageSender.class);
    final AclTransitionDb aclTransitionDb = EasyMock.createNiceMock(AclTransitionDb.class);
    List<EpisodeACLTransition> episodeTransitions = new ArrayList<>();
    List<SeriesACLTransition> seriesTransitions = new ArrayList<>();
    EasyMock.expect(aclTransitionDb.getByQuery(EasyMock.anyObject(Organization.class), EasyMock.anyObject(TransitionQuery.class))).andReturn(new TransitionResultImpl(episodeTransitions, seriesTransitions)).anyTimes();
    // EasyMock.replay(aclDb);
    EasyMock.replay(orgService, messageSender, aclTransitionDb, securityService);
    AclServiceFactory aclServiceFactory = new AclServiceFactory() {

        @Override
        public AclService serviceFor(Organization org) {
            return new AclServiceImpl(new DefaultOrganization(), aclDb, aclTransitionDb, null, null, null, null, messageSender, null);
        }
    };
    aclScanner = new AclScanner();
    aclScanner.setAclServiceFactory(aclServiceFactory);
    aclScanner.setOrganizationDirectoryService(orgService);
    aclScanner.setSecurityService(securityService);
}

Example 68 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class AclScanner method updateAcl.

/**
 * Update an ACL based upon an XACML file on all the organizations.
 *
 * @param artifact
 *          The File representing the XACML File.
 * @throws IOException
 * @throws JAXBException
 */
private void updateAcl(File artifact) throws IOException, XACMLParsingException {
    List<Organization> organizations = organizationDirectoryService.getOrganizations();
    logger.debug("Updating Acl {}", artifact.getAbsolutePath());
    String fileName = FilenameUtils.removeExtension(artifact.getName());
    AccessControlList acl = parseToAcl(artifact);
    // Update the Acl on all the organizations
    for (Organization org : organizations) {
        securityService.setOrganization(org);
        Long id = managedAcls.get(generateAclId(fileName, org));
        if (id != null) {
            // If the Acl Id is in the managedAcls map, we update the Acl
            if (!getAclService(org).updateAcl(new ManagedAclImpl(id, fileName, org.getId(), acl))) {
                logger.warn("No Acl found with the id {} for the organisation {}.", id, org.getName());
            } else {
                logger.debug("Acl from XACML file {} has been updated for the organisation {}", fileName, org.getName());
            }
        } else {
            logger.info("The XACML file {} has not been added to the organisation {} and will therefore not be updated", fileName, org.getName());
        }
    }
}

Example 69 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class AclScanner method removeAcl.

/**
 * Remove an ACL based upon an XACML file from all the organizations.
 *
 * @param artifact
 *          The File representing the XACML File.
 * @throws IOException
 * @throws JAXBException
 */
private void removeAcl(File artifact) throws IOException, JAXBException {
    List<Organization> organizations = organizationDirectoryService.getOrganizations();
    logger.debug("Removing Acl {}", artifact.getAbsolutePath());
    String fileName = FilenameUtils.removeExtension(artifact.getName());
    // Remove the Acl on all the organizations
    for (Organization org : organizations) {
        securityService.setOrganization(org);
        Long id = managedAcls.get(generateAclId(fileName, org));
        if (id != null) {
            try {
                getAclService(org).deleteAcl(id);
            } catch (NotFoundException e) {
                logger.warn("Unable to delete managec acl {}: Managed acl already deleted!", id);
            } catch (AclServiceException e) {
                logger.error("Unable to delete managed acl {}: {}", id, ExceptionUtils.getStackTrace(e));
            }
        } else {
            logger.debug("No Acl found with the id {}.", id);
        }
    }
}

Example 70 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class AssetManagerWithSecurityTest method parametersForTestQuery.

private Object parametersForTestQuery() {
    final Organization org1 = TestOrganization.mk("org1", ROLE_ANONYMOUS, ROLE_ORG_ADMIN);
    final Organization org2 = TestOrganization.mk("org2", ROLE_ANONYMOUS, ROLE_ORG_ADMIN);
    return $a(// make sure that a role with read rights can access its episodes
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, ROLE_TEACHER), true, true), // make sure that roles without read rights cannot read
    $a(acl(ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, ROLE_TEACHER), false, true), // make sure that a different role cannot read
    $a(acl(ace(ROLE_USER, READ_ACTION), ace(ROLE_USER, WRITE_ACTION)), TestUser.mk(org1, ROLE_USER), TestUser.mk(org1, ROLE_TEACHER), false, false), // make sure that the organization's admin can always read the episodes of her organization
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, org1.getAdminRole()), true, true), // make sure that the global admin is always allowed to read
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org1, SecurityConstants.GLOBAL_ADMIN_ROLE), true, true), // make sure that the global admin is always allowed to read, no matter what organization she is from
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org2, SecurityConstants.GLOBAL_ADMIN_ROLE), true, true), // cannot read the episodes from a another one.
    $a(acl(ace(ROLE_TEACHER, READ_ACTION), ace(ROLE_TEACHER, WRITE_ACTION)), TestUser.mk(org1, ROLE_TEACHER), TestUser.mk(org2, org2.getAdminRole()), false, false));
}