Search in sources :

Example 86 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class AssetManagerUpdatedEventHandler method handleEvent.

public void handleEvent(final SeriesItem seriesItem) {
    // A series or its ACL has been updated. Find any mediapackages with that series, and update them.
    logger.debug("Handling {}", seriesItem);
    String seriesId = seriesItem.getSeriesId();
    // We must be an administrative user to make this query
    final User prevUser = securityService.getUser();
    final Organization prevOrg = securityService.getOrganization();
    try {
        securityService.setUser(SecurityUtil.createSystemUser(systemAccount, prevOrg));
        final AQueryBuilder q = assetManager.createQuery();
        final AResult result = q.select(q.snapshot()).where(q.seriesId().eq(seriesId).and(q.version().isLatest())).run();
        for (Snapshot snapshot : enrich(result).getSnapshots()) {
            final String orgId = snapshot.getOrganizationId();
            final Organization organization = organizationDirectoryService.getOrganization(orgId);
            if (organization == null) {
                logger.warn("Skipping update of episode {} since organization {} is unknown", snapshot.getMediaPackage().getIdentifier().compact(), orgId);
                continue;
            }
            securityService.setOrganization(organization);
            MediaPackage mp = snapshot.getMediaPackage();
            // Update the series XACML file
            if (SeriesItem.Type.UpdateAcl.equals(seriesItem.getType())) {
                // Build a new XACML file for this mediapackage
                authorizationService.setAcl(mp, AclScope.Series, seriesItem.getAcl());
            }
            // Update the series dublin core or extended metadata
            if (SeriesItem.Type.UpdateCatalog.equals(seriesItem.getType()) || SeriesItem.Type.UpdateElement.equals(seriesItem.getType())) {
                DublinCoreCatalog seriesDublinCore = null;
                MediaPackageElementFlavor catalogType = null;
                if (SeriesItem.Type.UpdateCatalog.equals(seriesItem.getType())) {
                    seriesDublinCore = seriesItem.getMetadata();
                    mp.setSeriesTitle(seriesDublinCore.getFirst(DublinCore.PROPERTY_TITLE));
                    catalogType = MediaPackageElements.SERIES;
                } else {
                    seriesDublinCore = seriesItem.getExtendedMetadata();
                    catalogType = MediaPackageElementFlavor.flavor(seriesItem.getElementType(), "series");
                }
                // Update the series dublin core
                Catalog[] seriesCatalogs = mp.getCatalogs(catalogType);
                if (seriesCatalogs.length == 1) {
                    Catalog c = seriesCatalogs[0];
                    String filename = FilenameUtils.getName(c.getURI().toString());
                    URI uri = workspace.put(mp.getIdentifier().toString(), c.getIdentifier(), filename, dublinCoreService.serialize(seriesDublinCore));
                    c.setURI(uri);
                    // setting the URI to a new source so the checksum will most like be invalid
                    c.setChecksum(null);
                }
            }
            // Remove the series catalogs and isPartOf from episode catalog
            if (SeriesItem.Type.Delete.equals(seriesItem.getType())) {
                mp.setSeries(null);
                mp.setSeriesTitle(null);
                for (Catalog seriesCatalog : mp.getCatalogs(MediaPackageElements.SERIES)) {
                    mp.remove(seriesCatalog);
                }
                authorizationService.removeAcl(mp, AclScope.Series);
                for (Catalog episodeCatalog : mp.getCatalogs(MediaPackageElements.EPISODE)) {
                    DublinCoreCatalog episodeDublinCore = DublinCoreUtil.loadDublinCore(workspace, episodeCatalog);
                    episodeDublinCore.remove(DublinCore.PROPERTY_IS_PART_OF);
                    String filename = FilenameUtils.getName(episodeCatalog.getURI().toString());
                    URI uri = workspace.put(mp.getIdentifier().toString(), episodeCatalog.getIdentifier(), filename, dublinCoreService.serialize(episodeDublinCore));
                    episodeCatalog.setURI(uri);
                    // setting the URI to a new source so the checksum will most like be invalid
                    episodeCatalog.setChecksum(null);
                }
                // here we don't know the series extended metadata types,
                // we assume that all series catalog flavors have a fixed subtype: series
                MediaPackageElementFlavor seriesFlavor = MediaPackageElementFlavor.flavor("*", "series");
                for (Catalog catalog : mp.getCatalogs()) {
                    if (catalog.getFlavor().matches(seriesFlavor))
                        mp.remove(catalog);
                }
            }
            try {
                // Update the asset manager with the modified mediapackage
                assetManager.takeSnapshot(snapshot.getOwner(), mp);
            } catch (AssetManagerException e) {
                logger.error("Error updating mediapackage {}", mp.getIdentifier().compact(), e);
            }
        }
    } catch (NotFoundException e) {
        logger.warn(e.getMessage());
    } catch (IOException e) {
        logger.warn(e.getMessage());
    } finally {
        securityService.setOrganization(prevOrg);
        securityService.setUser(prevUser);
    }
}
Also used : User(org.opencastproject.security.api.User) Organization(org.opencastproject.security.api.Organization) AQueryBuilder(org.opencastproject.assetmanager.api.query.AQueryBuilder) NotFoundException(org.opencastproject.util.NotFoundException) AssetManagerException(org.opencastproject.assetmanager.api.AssetManagerException) IOException(java.io.IOException) MediaPackageElementFlavor(org.opencastproject.mediapackage.MediaPackageElementFlavor) URI(java.net.URI) Catalog(org.opencastproject.mediapackage.Catalog) DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog) Snapshot(org.opencastproject.assetmanager.api.Snapshot) MediaPackage(org.opencastproject.mediapackage.MediaPackage) AResult(org.opencastproject.assetmanager.api.query.AResult) DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog)

Example 87 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class OaiPmhUpdatedEventHandlerTest method mockSecurityService.

private void mockSecurityService() {
    Organization organization = new DefaultOrganization();
    User user = mock(User.class);
    expect(user.getOrganization()).andReturn(organization).anyTimes();
    adminUserCapture = Capture.newInstance();
    expect(securityServiceMock.getUser()).andReturn(user);
    expect(securityServiceMock.getOrganization()).andReturn(organization);
    securityServiceMock.setUser(capture(adminUserCapture));
    securityServiceMock.setUser(user);
    securityServiceMock.setOrganization(organization);
}
Also used : Organization(org.opencastproject.security.api.Organization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) User(org.opencastproject.security.api.User) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)

Example 88 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class WorkflowPermissionsUpdatedEventHandler method handleEvent.

public void handleEvent(final SeriesItem seriesItem) {
    // A series or its ACL has been updated. Find any mediapackages with that series, and update them.
    logger.debug("Handling {}", seriesItem);
    String seriesId = seriesItem.getSeriesId();
    // We must be an administrative user to make this query
    final User prevUser = securityService.getUser();
    final Organization prevOrg = securityService.getOrganization();
    try {
        securityService.setUser(SecurityUtil.createSystemUser(systemAccount, prevOrg));
        // Note: getWorkflowInstances will only return a given number of results (default 20)
        WorkflowQuery q = new WorkflowQuery().withSeriesId(seriesId);
        WorkflowSet result = workflowService.getWorkflowInstancesForAdministrativeRead(q);
        Integer offset = 0;
        while (result.size() > 0) {
            for (WorkflowInstance instance : result.getItems()) {
                if (!instance.isActive())
                    continue;
                Organization org = instance.getOrganization();
                securityService.setOrganization(org);
                MediaPackage mp = instance.getMediaPackage();
                // Update the series XACML file
                if (SeriesItem.Type.UpdateAcl.equals(seriesItem.getType())) {
                    // Build a new XACML file for this mediapackage
                    authorizationService.setAcl(mp, AclScope.Series, seriesItem.getAcl());
                }
                // Update the series dublin core
                if (SeriesItem.Type.UpdateCatalog.equals(seriesItem.getType())) {
                    DublinCoreCatalog seriesDublinCore = seriesItem.getMetadata();
                    mp.setSeriesTitle(seriesDublinCore.getFirst(DublinCore.PROPERTY_TITLE));
                    // Update the series dublin core
                    Catalog[] seriesCatalogs = mp.getCatalogs(MediaPackageElements.SERIES);
                    if (seriesCatalogs.length == 1) {
                        Catalog c = seriesCatalogs[0];
                        String filename = FilenameUtils.getName(c.getURI().toString());
                        URI uri = workspace.put(mp.getIdentifier().toString(), c.getIdentifier(), filename, dublinCoreService.serialize(seriesDublinCore));
                        c.setURI(uri);
                        // setting the URI to a new source so the checksum will most like be invalid
                        c.setChecksum(null);
                    }
                }
                // Remove the series catalog and isPartOf from episode catalog
                if (SeriesItem.Type.Delete.equals(seriesItem.getType())) {
                    mp.setSeries(null);
                    mp.setSeriesTitle(null);
                    for (Catalog c : mp.getCatalogs(MediaPackageElements.SERIES)) {
                        mp.remove(c);
                        try {
                            workspace.delete(c.getURI());
                        } catch (NotFoundException e) {
                            logger.info("No series catalog to delete found {}", c.getURI());
                        }
                    }
                    for (Catalog episodeCatalog : mp.getCatalogs(MediaPackageElements.EPISODE)) {
                        DublinCoreCatalog episodeDublinCore = DublinCoreUtil.loadDublinCore(workspace, episodeCatalog);
                        episodeDublinCore.remove(DublinCore.PROPERTY_IS_PART_OF);
                        String filename = FilenameUtils.getName(episodeCatalog.getURI().toString());
                        URI uri = workspace.put(mp.getIdentifier().toString(), episodeCatalog.getIdentifier(), filename, dublinCoreService.serialize(episodeDublinCore));
                        episodeCatalog.setURI(uri);
                        // setting the URI to a new source so the checksum will most like be invalid
                        episodeCatalog.setChecksum(null);
                    }
                }
                // Update the search index with the modified mediapackage
                workflowService.update(instance);
            }
            offset++;
            q = q.withStartPage(offset);
            result = workflowService.getWorkflowInstancesForAdministrativeRead(q);
        }
    } catch (WorkflowException e) {
        logger.warn(e.getMessage());
    } catch (UnauthorizedException e) {
        logger.warn(e.getMessage());
    } catch (IOException e) {
        logger.warn(e.getMessage());
    } finally {
        securityService.setOrganization(prevOrg);
        securityService.setUser(prevUser);
    }
}
Also used : WorkflowSet(org.opencastproject.workflow.api.WorkflowSet) WorkflowQuery(org.opencastproject.workflow.api.WorkflowQuery) User(org.opencastproject.security.api.User) Organization(org.opencastproject.security.api.Organization) WorkflowException(org.opencastproject.workflow.api.WorkflowException) NotFoundException(org.opencastproject.util.NotFoundException) IOException(java.io.IOException) WorkflowInstance(org.opencastproject.workflow.api.WorkflowInstance) URI(java.net.URI) Catalog(org.opencastproject.mediapackage.Catalog) DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog) MediaPackage(org.opencastproject.mediapackage.MediaPackage) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog)

Example 89 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SeriesServiceDatabaseImpl method storeSeries.

/*
   * (non-Javadoc)
   *
   * @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeries(org.opencastproject.metadata.dublincore.
   * DublinCoreCatalog)
   */
@Override
public DublinCoreCatalog storeSeries(DublinCoreCatalog dc) throws SeriesServiceDatabaseException, UnauthorizedException {
    if (dc == null) {
        throw new SeriesServiceDatabaseException("Invalid value for Dublin core catalog: null");
    }
    String seriesId = dc.getFirst(DublinCore.PROPERTY_IDENTIFIER);
    String seriesXML;
    try {
        seriesXML = serializeDublinCore(dc);
    } catch (Exception e1) {
        logger.error("Could not serialize Dublin Core: {}", e1);
        throw new SeriesServiceDatabaseException(e1);
    }
    EntityManager em = emf.createEntityManager();
    EntityTransaction tx = em.getTransaction();
    DublinCoreCatalog newSeries = null;
    try {
        tx.begin();
        SeriesEntity entity = getSeriesEntity(seriesId, em);
        if (entity == null) {
            // no series stored, create new entity
            entity = new SeriesEntity();
            entity.setOrganization(securityService.getOrganization().getId());
            entity.setSeriesId(seriesId);
            entity.setSeries(seriesXML);
            em.persist(entity);
            newSeries = dc;
        } else {
            // Ensure this user is allowed to update this series
            String accessControlXml = entity.getAccessControl();
            if (accessControlXml != null) {
                AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
                User currentUser = securityService.getUser();
                Organization currentOrg = securityService.getOrganization();
                if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
                    throw new UnauthorizedException(currentUser + " is not authorized to update series " + seriesId);
                }
            }
            entity.setSeries(seriesXML);
            em.merge(entity);
        }
        tx.commit();
        return newSeries;
    } catch (Exception e) {
        logger.error("Could not update series: {}", e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SeriesServiceDatabaseException(e);
    } finally {
        em.close();
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) EntityTransaction(javax.persistence.EntityTransaction) EntityManager(javax.persistence.EntityManager) User(org.opencastproject.security.api.User) Organization(org.opencastproject.security.api.Organization) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog) NoResultException(javax.persistence.NoResultException) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) IOException(java.io.IOException) AccessControlParsingException(org.opencastproject.security.api.AccessControlParsingException)

Example 90 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SeriesServiceDatabaseImpl method storeSeriesAccessControl.

/*
   * (non-Javadoc)
   *
   * @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeriesAccessControl(java.lang.String,
   * org.opencastproject.security.api.AccessControlList)
   */
@Override
public boolean storeSeriesAccessControl(String seriesId, AccessControlList accessControl) throws NotFoundException, SeriesServiceDatabaseException {
    if (accessControl == null) {
        logger.error("Access control parameter is <null> for series '{}'", seriesId);
        throw new IllegalArgumentException("Argument for updating ACL for series " + seriesId + " is null");
    }
    String serializedAC;
    try {
        serializedAC = AccessControlParser.toXml(accessControl);
    } catch (Exception e) {
        logger.error("Could not serialize access control parameter: {}", e.getMessage());
        throw new SeriesServiceDatabaseException(e);
    }
    EntityManager em = emf.createEntityManager();
    EntityTransaction tx = em.getTransaction();
    boolean updated = false;
    try {
        tx.begin();
        SeriesEntity entity = getSeriesEntity(seriesId, em);
        if (entity == null) {
            throw new NotFoundException("Series with ID " + seriesId + " does not exist.");
        }
        if (entity.getAccessControl() != null) {
            // Ensure this user is allowed to update this series
            String accessControlXml = entity.getAccessControl();
            if (accessControlXml != null) {
                AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
                User currentUser = securityService.getUser();
                Organization currentOrg = securityService.getOrganization();
                if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
                    throw new UnauthorizedException(currentUser + " is not authorized to update ACLs on series " + seriesId);
                }
            }
            updated = true;
        }
        entity.setAccessControl(serializedAC);
        em.merge(entity);
        tx.commit();
        return updated;
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not update series: {}", e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SeriesServiceDatabaseException(e);
    } finally {
        em.close();
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) EntityTransaction(javax.persistence.EntityTransaction) User(org.opencastproject.security.api.User) Organization(org.opencastproject.security.api.Organization) NotFoundException(org.opencastproject.util.NotFoundException) NoResultException(javax.persistence.NoResultException) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) IOException(java.io.IOException) AccessControlParsingException(org.opencastproject.security.api.AccessControlParsingException) EntityManager(javax.persistence.EntityManager) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException)

Aggregations

Organization (org.opencastproject.security.api.Organization)135 User (org.opencastproject.security.api.User)60 DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)46 NotFoundException (org.opencastproject.util.NotFoundException)43 JaxbOrganization (org.opencastproject.security.api.JaxbOrganization)29 SecurityService (org.opencastproject.security.api.SecurityService)29 IOException (java.io.IOException)24 Before (org.junit.Before)24 ArrayList (java.util.ArrayList)23 AccessControlList (org.opencastproject.security.api.AccessControlList)22 OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)22 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)22 JaxbRole (org.opencastproject.security.api.JaxbRole)21 MediaPackage (org.opencastproject.mediapackage.MediaPackage)20 JaxbUser (org.opencastproject.security.api.JaxbUser)20 UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)19 File (java.io.File)18 HashMap (java.util.HashMap)17 WorkflowInstance (org.opencastproject.workflow.api.WorkflowInstance)17 Test (org.junit.Test)15