use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class AssetManagerUpdatedEventHandler method handleEvent.
public void handleEvent(final SeriesItem seriesItem) {
// A series or its ACL has been updated. Find any mediapackages with that series, and update them.
logger.debug("Handling {}", seriesItem);
String seriesId = seriesItem.getSeriesId();
// We must be an administrative user to make this query
final User prevUser = securityService.getUser();
final Organization prevOrg = securityService.getOrganization();
try {
securityService.setUser(SecurityUtil.createSystemUser(systemAccount, prevOrg));
final AQueryBuilder q = assetManager.createQuery();
final AResult result = q.select(q.snapshot()).where(q.seriesId().eq(seriesId).and(q.version().isLatest())).run();
for (Snapshot snapshot : enrich(result).getSnapshots()) {
final String orgId = snapshot.getOrganizationId();
final Organization organization = organizationDirectoryService.getOrganization(orgId);
if (organization == null) {
logger.warn("Skipping update of episode {} since organization {} is unknown", snapshot.getMediaPackage().getIdentifier().compact(), orgId);
continue;
}
securityService.setOrganization(organization);
MediaPackage mp = snapshot.getMediaPackage();
// Update the series XACML file
if (SeriesItem.Type.UpdateAcl.equals(seriesItem.getType())) {
// Build a new XACML file for this mediapackage
authorizationService.setAcl(mp, AclScope.Series, seriesItem.getAcl());
}
// Update the series dublin core or extended metadata
if (SeriesItem.Type.UpdateCatalog.equals(seriesItem.getType()) || SeriesItem.Type.UpdateElement.equals(seriesItem.getType())) {
DublinCoreCatalog seriesDublinCore = null;
MediaPackageElementFlavor catalogType = null;
if (SeriesItem.Type.UpdateCatalog.equals(seriesItem.getType())) {
seriesDublinCore = seriesItem.getMetadata();
mp.setSeriesTitle(seriesDublinCore.getFirst(DublinCore.PROPERTY_TITLE));
catalogType = MediaPackageElements.SERIES;
} else {
seriesDublinCore = seriesItem.getExtendedMetadata();
catalogType = MediaPackageElementFlavor.flavor(seriesItem.getElementType(), "series");
}
// Update the series dublin core
Catalog[] seriesCatalogs = mp.getCatalogs(catalogType);
if (seriesCatalogs.length == 1) {
Catalog c = seriesCatalogs[0];
String filename = FilenameUtils.getName(c.getURI().toString());
URI uri = workspace.put(mp.getIdentifier().toString(), c.getIdentifier(), filename, dublinCoreService.serialize(seriesDublinCore));
c.setURI(uri);
// setting the URI to a new source so the checksum will most like be invalid
c.setChecksum(null);
}
}
// Remove the series catalogs and isPartOf from episode catalog
if (SeriesItem.Type.Delete.equals(seriesItem.getType())) {
mp.setSeries(null);
mp.setSeriesTitle(null);
for (Catalog seriesCatalog : mp.getCatalogs(MediaPackageElements.SERIES)) {
mp.remove(seriesCatalog);
}
authorizationService.removeAcl(mp, AclScope.Series);
for (Catalog episodeCatalog : mp.getCatalogs(MediaPackageElements.EPISODE)) {
DublinCoreCatalog episodeDublinCore = DublinCoreUtil.loadDublinCore(workspace, episodeCatalog);
episodeDublinCore.remove(DublinCore.PROPERTY_IS_PART_OF);
String filename = FilenameUtils.getName(episodeCatalog.getURI().toString());
URI uri = workspace.put(mp.getIdentifier().toString(), episodeCatalog.getIdentifier(), filename, dublinCoreService.serialize(episodeDublinCore));
episodeCatalog.setURI(uri);
// setting the URI to a new source so the checksum will most like be invalid
episodeCatalog.setChecksum(null);
}
// here we don't know the series extended metadata types,
// we assume that all series catalog flavors have a fixed subtype: series
MediaPackageElementFlavor seriesFlavor = MediaPackageElementFlavor.flavor("*", "series");
for (Catalog catalog : mp.getCatalogs()) {
if (catalog.getFlavor().matches(seriesFlavor))
mp.remove(catalog);
}
}
try {
// Update the asset manager with the modified mediapackage
assetManager.takeSnapshot(snapshot.getOwner(), mp);
} catch (AssetManagerException e) {
logger.error("Error updating mediapackage {}", mp.getIdentifier().compact(), e);
}
}
} catch (NotFoundException e) {
logger.warn(e.getMessage());
} catch (IOException e) {
logger.warn(e.getMessage());
} finally {
securityService.setOrganization(prevOrg);
securityService.setUser(prevUser);
}
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class OaiPmhUpdatedEventHandlerTest method mockSecurityService.
private void mockSecurityService() {
Organization organization = new DefaultOrganization();
User user = mock(User.class);
expect(user.getOrganization()).andReturn(organization).anyTimes();
adminUserCapture = Capture.newInstance();
expect(securityServiceMock.getUser()).andReturn(user);
expect(securityServiceMock.getOrganization()).andReturn(organization);
securityServiceMock.setUser(capture(adminUserCapture));
securityServiceMock.setUser(user);
securityServiceMock.setOrganization(organization);
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class WorkflowPermissionsUpdatedEventHandler method handleEvent.
public void handleEvent(final SeriesItem seriesItem) {
// A series or its ACL has been updated. Find any mediapackages with that series, and update them.
logger.debug("Handling {}", seriesItem);
String seriesId = seriesItem.getSeriesId();
// We must be an administrative user to make this query
final User prevUser = securityService.getUser();
final Organization prevOrg = securityService.getOrganization();
try {
securityService.setUser(SecurityUtil.createSystemUser(systemAccount, prevOrg));
// Note: getWorkflowInstances will only return a given number of results (default 20)
WorkflowQuery q = new WorkflowQuery().withSeriesId(seriesId);
WorkflowSet result = workflowService.getWorkflowInstancesForAdministrativeRead(q);
Integer offset = 0;
while (result.size() > 0) {
for (WorkflowInstance instance : result.getItems()) {
if (!instance.isActive())
continue;
Organization org = instance.getOrganization();
securityService.setOrganization(org);
MediaPackage mp = instance.getMediaPackage();
// Update the series XACML file
if (SeriesItem.Type.UpdateAcl.equals(seriesItem.getType())) {
// Build a new XACML file for this mediapackage
authorizationService.setAcl(mp, AclScope.Series, seriesItem.getAcl());
}
// Update the series dublin core
if (SeriesItem.Type.UpdateCatalog.equals(seriesItem.getType())) {
DublinCoreCatalog seriesDublinCore = seriesItem.getMetadata();
mp.setSeriesTitle(seriesDublinCore.getFirst(DublinCore.PROPERTY_TITLE));
// Update the series dublin core
Catalog[] seriesCatalogs = mp.getCatalogs(MediaPackageElements.SERIES);
if (seriesCatalogs.length == 1) {
Catalog c = seriesCatalogs[0];
String filename = FilenameUtils.getName(c.getURI().toString());
URI uri = workspace.put(mp.getIdentifier().toString(), c.getIdentifier(), filename, dublinCoreService.serialize(seriesDublinCore));
c.setURI(uri);
// setting the URI to a new source so the checksum will most like be invalid
c.setChecksum(null);
}
}
// Remove the series catalog and isPartOf from episode catalog
if (SeriesItem.Type.Delete.equals(seriesItem.getType())) {
mp.setSeries(null);
mp.setSeriesTitle(null);
for (Catalog c : mp.getCatalogs(MediaPackageElements.SERIES)) {
mp.remove(c);
try {
workspace.delete(c.getURI());
} catch (NotFoundException e) {
logger.info("No series catalog to delete found {}", c.getURI());
}
}
for (Catalog episodeCatalog : mp.getCatalogs(MediaPackageElements.EPISODE)) {
DublinCoreCatalog episodeDublinCore = DublinCoreUtil.loadDublinCore(workspace, episodeCatalog);
episodeDublinCore.remove(DublinCore.PROPERTY_IS_PART_OF);
String filename = FilenameUtils.getName(episodeCatalog.getURI().toString());
URI uri = workspace.put(mp.getIdentifier().toString(), episodeCatalog.getIdentifier(), filename, dublinCoreService.serialize(episodeDublinCore));
episodeCatalog.setURI(uri);
// setting the URI to a new source so the checksum will most like be invalid
episodeCatalog.setChecksum(null);
}
}
// Update the search index with the modified mediapackage
workflowService.update(instance);
}
offset++;
q = q.withStartPage(offset);
result = workflowService.getWorkflowInstancesForAdministrativeRead(q);
}
} catch (WorkflowException e) {
logger.warn(e.getMessage());
} catch (UnauthorizedException e) {
logger.warn(e.getMessage());
} catch (IOException e) {
logger.warn(e.getMessage());
} finally {
securityService.setOrganization(prevOrg);
securityService.setUser(prevUser);
}
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class SeriesServiceDatabaseImpl method storeSeries.
/*
* (non-Javadoc)
*
* @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeries(org.opencastproject.metadata.dublincore.
* DublinCoreCatalog)
*/
@Override
public DublinCoreCatalog storeSeries(DublinCoreCatalog dc) throws SeriesServiceDatabaseException, UnauthorizedException {
if (dc == null) {
throw new SeriesServiceDatabaseException("Invalid value for Dublin core catalog: null");
}
String seriesId = dc.getFirst(DublinCore.PROPERTY_IDENTIFIER);
String seriesXML;
try {
seriesXML = serializeDublinCore(dc);
} catch (Exception e1) {
logger.error("Could not serialize Dublin Core: {}", e1);
throw new SeriesServiceDatabaseException(e1);
}
EntityManager em = emf.createEntityManager();
EntityTransaction tx = em.getTransaction();
DublinCoreCatalog newSeries = null;
try {
tx.begin();
SeriesEntity entity = getSeriesEntity(seriesId, em);
if (entity == null) {
// no series stored, create new entity
entity = new SeriesEntity();
entity.setOrganization(securityService.getOrganization().getId());
entity.setSeriesId(seriesId);
entity.setSeries(seriesXML);
em.persist(entity);
newSeries = dc;
} else {
// Ensure this user is allowed to update this series
String accessControlXml = entity.getAccessControl();
if (accessControlXml != null) {
AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
User currentUser = securityService.getUser();
Organization currentOrg = securityService.getOrganization();
if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
throw new UnauthorizedException(currentUser + " is not authorized to update series " + seriesId);
}
}
entity.setSeries(seriesXML);
em.merge(entity);
}
tx.commit();
return newSeries;
} catch (Exception e) {
logger.error("Could not update series: {}", e.getMessage());
if (tx.isActive()) {
tx.rollback();
}
throw new SeriesServiceDatabaseException(e);
} finally {
em.close();
}
}
use of org.opencastproject.security.api.Organization in project opencast by opencast.
the class SeriesServiceDatabaseImpl method storeSeriesAccessControl.
/*
* (non-Javadoc)
*
* @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeriesAccessControl(java.lang.String,
* org.opencastproject.security.api.AccessControlList)
*/
@Override
public boolean storeSeriesAccessControl(String seriesId, AccessControlList accessControl) throws NotFoundException, SeriesServiceDatabaseException {
if (accessControl == null) {
logger.error("Access control parameter is <null> for series '{}'", seriesId);
throw new IllegalArgumentException("Argument for updating ACL for series " + seriesId + " is null");
}
String serializedAC;
try {
serializedAC = AccessControlParser.toXml(accessControl);
} catch (Exception e) {
logger.error("Could not serialize access control parameter: {}", e.getMessage());
throw new SeriesServiceDatabaseException(e);
}
EntityManager em = emf.createEntityManager();
EntityTransaction tx = em.getTransaction();
boolean updated = false;
try {
tx.begin();
SeriesEntity entity = getSeriesEntity(seriesId, em);
if (entity == null) {
throw new NotFoundException("Series with ID " + seriesId + " does not exist.");
}
if (entity.getAccessControl() != null) {
// Ensure this user is allowed to update this series
String accessControlXml = entity.getAccessControl();
if (accessControlXml != null) {
AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
User currentUser = securityService.getUser();
Organization currentOrg = securityService.getOrganization();
if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
throw new UnauthorizedException(currentUser + " is not authorized to update ACLs on series " + seriesId);
}
}
updated = true;
}
entity.setAccessControl(serializedAC);
em.merge(entity);
tx.commit();
return updated;
} catch (NotFoundException e) {
throw e;
} catch (Exception e) {
logger.error("Could not update series: {}", e.getMessage());
if (tx.isActive()) {
tx.rollback();
}
throw new SeriesServiceDatabaseException(e);
} finally {
em.close();
}
}
Aggregations