Search in sources :

Example 11 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SeriesServiceDatabaseImpl method deleteSeries.

/*
   * (non-Javadoc)
   *
   * @see org.opencastproject.series.impl.SeriesServiceDatabase#deleteSeries(java.lang.String)
   */
@Override
public void deleteSeries(String seriesId) throws SeriesServiceDatabaseException, NotFoundException {
    EntityManager em = emf.createEntityManager();
    EntityTransaction tx = em.getTransaction();
    try {
        tx.begin();
        SeriesEntity entity = getSeriesEntity(seriesId, em);
        if (entity == null) {
            throw new NotFoundException("Series with ID " + seriesId + " does not exist");
        }
        // Ensure this user is allowed to delete this series
        String accessControlXml = entity.getAccessControl();
        if (accessControlXml != null) {
            AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
            User currentUser = securityService.getUser();
            Organization currentOrg = securityService.getOrganization();
            if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
                throw new UnauthorizedException(currentUser + " is not authorized to update series " + seriesId);
            }
        }
        em.remove(entity);
        tx.commit();
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not delete series: {}", e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SeriesServiceDatabaseException(e);
    } finally {
        em.close();
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) EntityTransaction(javax.persistence.EntityTransaction) EntityManager(javax.persistence.EntityManager) User(org.opencastproject.security.api.User) Organization(org.opencastproject.security.api.Organization) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) NoResultException(javax.persistence.NoResultException) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) IOException(java.io.IOException) AccessControlParsingException(org.opencastproject.security.api.AccessControlParsingException)

Example 12 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SeriesServiceDatabaseImpl method getSeries.

/**
 * {@inheritDoc}
 *
 * @see org.opencastproject.series.impl.SeriesServiceDatabase#getSeries(java.lang.String)
 */
@Override
public DublinCoreCatalog getSeries(String seriesId) throws NotFoundException, SeriesServiceDatabaseException {
    EntityManager em = emf.createEntityManager();
    EntityTransaction tx = em.getTransaction();
    try {
        tx.begin();
        SeriesEntity entity = getSeriesEntity(seriesId, em);
        if (entity == null) {
            throw new NotFoundException("No series with id=" + seriesId + " exists");
        }
        // Ensure this user is allowed to read this series
        String accessControlXml = entity.getAccessControl();
        if (accessControlXml != null) {
            AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
            User currentUser = securityService.getUser();
            Organization currentOrg = securityService.getOrganization();
            // There are several reasons a user may need to load a series: to read content, to edit it, or add content
            if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.READ.toString()) && !AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.CONTRIBUTE.toString()) && !AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
                throw new UnauthorizedException(currentUser + " is not authorized to see series " + seriesId);
            }
        }
        return dcService.load(IOUtils.toInputStream(entity.getDublinCoreXML(), "UTF-8"));
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not update series: {}", e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SeriesServiceDatabaseException(e);
    } finally {
        em.close();
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) EntityTransaction(javax.persistence.EntityTransaction) EntityManager(javax.persistence.EntityManager) User(org.opencastproject.security.api.User) Organization(org.opencastproject.security.api.Organization) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) NoResultException(javax.persistence.NoResultException) SeriesServiceDatabaseException(org.opencastproject.series.impl.SeriesServiceDatabaseException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) IOException(java.io.IOException) AccessControlParsingException(org.opencastproject.security.api.AccessControlParsingException)

Example 13 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class ServiceRegistryJpaImpl method createJob.

/**
 * Creates a job on a remote host.
 */
public Job createJob(String host, String serviceType, String operation, List<String> arguments, String payload, boolean dispatchable, Job parentJob, float jobLoad) throws ServiceRegistryException {
    if (StringUtils.isBlank(host)) {
        throw new IllegalArgumentException("Host can't be null");
    }
    if (StringUtils.isBlank(serviceType)) {
        throw new IllegalArgumentException("Service type can't be null");
    }
    if (StringUtils.isBlank(operation)) {
        throw new IllegalArgumentException("Operation can't be null");
    }
    EntityManager em = null;
    EntityTransaction tx = null;
    try {
        em = emf.createEntityManager();
        tx = em.getTransaction();
        tx.begin();
        ServiceRegistrationJpaImpl creatingService = getServiceRegistration(em, serviceType, host);
        if (creatingService == null) {
            throw new ServiceRegistryException("No service registration exists for type '" + serviceType + "' on host '" + host + "'");
        }
        if (creatingService.getHostRegistration().isMaintenanceMode()) {
            logger.warn("Creating a job from {}, which is currently in maintenance mode.", creatingService.getHost());
        } else if (!creatingService.getHostRegistration().isActive()) {
            logger.warn("Creating a job from {}, which is currently inactive.", creatingService.getHost());
        }
        User currentUser = securityService.getUser();
        Organization currentOrganization = securityService.getOrganization();
        JpaJob jpaJob = new JpaJob(currentUser, currentOrganization, creatingService, operation, arguments, payload, dispatchable, jobLoad);
        // Bind the given parent job to the new job
        if (parentJob != null) {
            // Get the JPA instance of the parent job
            JpaJob jpaParentJob;
            try {
                jpaParentJob = getJpaJob(parentJob.getId());
            } catch (NotFoundException e) {
                logger.error("{} not found in the persistence context", parentJob);
                throw new ServiceRegistryException(e);
            }
            jpaJob.setParentJob(jpaParentJob);
            // Get the JPA instance of the root job
            JpaJob jpaRootJob = jpaParentJob;
            if (parentJob.getRootJobId() != null) {
                try {
                    jpaRootJob = getJpaJob(parentJob.getRootJobId());
                } catch (NotFoundException e) {
                    logger.error("job with id {} not found in the persistence context", parentJob.getRootJobId());
                    throw new ServiceRegistryException(e);
                }
            }
            jpaJob.setRootJob(jpaRootJob);
        }
        // if this job is not dispatchable, it must be handled by the host that has created it
        if (dispatchable) {
            jpaJob.setStatus(Status.QUEUED);
        } else {
            jpaJob.setProcessorServiceRegistration(creatingService);
        }
        em.persist(jpaJob);
        tx.commit();
        setJobUri(jpaJob);
        Job job = jpaJob.toJob();
        return job;
    } catch (RollbackException e) {
        if (tx != null && tx.isActive()) {
            tx.rollback();
        }
        throw e;
    } finally {
        if (em != null)
            em.close();
    }
}
Also used : EntityTransaction(javax.persistence.EntityTransaction) EntityManager(javax.persistence.EntityManager) User(org.opencastproject.security.api.User) Organization(org.opencastproject.security.api.Organization) NotFoundException(org.opencastproject.util.NotFoundException) ServiceRegistrationJpaImpl(org.opencastproject.serviceregistry.impl.jpa.ServiceRegistrationJpaImpl) JpaJob(org.opencastproject.job.jpa.JpaJob) JpaJob.fnToJob(org.opencastproject.job.jpa.JpaJob.fnToJob) Job(org.opencastproject.job.api.Job) JpaJob(org.opencastproject.job.jpa.JpaJob) RollbackException(javax.persistence.RollbackException) ServiceRegistryException(org.opencastproject.serviceregistry.api.ServiceRegistryException)

Example 14 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SearchServiceDatabaseImpl method getOrganizationId.

/**
 * {@inheritDoc}
 *
 * @see org.opencastproject.search.impl.persistence.SearchServiceDatabase#getOrganizationId(String)
 */
@Override
public String getOrganizationId(String mediaPackageId) throws NotFoundException, SearchServiceDatabaseException {
    EntityManager em = null;
    EntityTransaction tx = null;
    try {
        em = emf.createEntityManager();
        tx = em.getTransaction();
        tx.begin();
        SearchEntity searchEntity = getSearchEntity(mediaPackageId, em);
        if (searchEntity == null)
            throw new NotFoundException("No media package with id=" + mediaPackageId + " exists");
        // Ensure this user is allowed to read this media package
        String accessControlXml = searchEntity.getAccessControl();
        if (accessControlXml != null) {
            AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
            User currentUser = securityService.getUser();
            Organization currentOrg = securityService.getOrganization();
            if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, READ.toString()))
                throw new UnauthorizedException(currentUser + " is not authorized to read media package " + mediaPackageId);
        }
        return searchEntity.getOrganization();
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not get deletion date {}: {}", mediaPackageId, e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SearchServiceDatabaseException(e);
    } finally {
        if (em != null)
            em.close();
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) EntityTransaction(javax.persistence.EntityTransaction) EntityManager(javax.persistence.EntityManager) User(org.opencastproject.security.api.User) Organization(org.opencastproject.security.api.Organization) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) NoResultException(javax.persistence.NoResultException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException)

Example 15 with Organization

use of org.opencastproject.security.api.Organization in project opencast by opencast.

the class SeriesServiceImpl method repopulate.

@Override
public void repopulate(final String indexName) {
    final String destinationId = SeriesItem.SERIES_QUEUE_PREFIX + indexName.substring(0, 1).toUpperCase() + indexName.substring(1);
    try {
        final int total = persistence.countSeries();
        logger.info("Re-populating '{}' index with series. There are {} series to add to the index.", indexName, total);
        final int responseInterval = (total < 100) ? 1 : (total / 100);
        List<SeriesEntity> databaseSeries = persistence.getAllSeries();
        int current = 1;
        for (SeriesEntity series : databaseSeries) {
            Organization organization = orgDirectory.getOrganization(series.getOrganization());
            SecurityUtil.runAs(securityService, organization, SecurityUtil.createSystemUser(systemUserName, organization), new Function0.X<Void>() {

                @Override
                public Void xapply() throws Exception {
                    String id = series.getSeriesId();
                    logger.trace("Adding series '{}' for org '{}'", id, series.getOrganization());
                    DublinCoreCatalog catalog = DublinCoreXmlFormat.read(series.getDublinCoreXML());
                    messageSender.sendObjectMessage(destinationId, MessageSender.DestinationType.Queue, SeriesItem.updateCatalog(catalog));
                    AccessControlList acl = AccessControlParser.parseAcl(series.getAccessControl());
                    if (acl != null) {
                        messageSender.sendObjectMessage(destinationId, MessageSender.DestinationType.Queue, SeriesItem.updateAcl(id, acl));
                    }
                    messageSender.sendObjectMessage(destinationId, MessageSender.DestinationType.Queue, SeriesItem.updateOptOut(id, series.isOptOut()));
                    for (Entry<String, String> property : persistence.getSeriesProperties(id).entrySet()) {
                        messageSender.sendObjectMessage(destinationId, MessageSender.DestinationType.Queue, SeriesItem.updateProperty(id, property.getKey(), property.getValue()));
                    }
                    return null;
                }
            });
            if ((current % responseInterval == 0) || (current == total)) {
                logger.info("Initializing {} series index rebuild {}/{}: {} percent", indexName, current, total, current * 100 / total);
            }
            current++;
        }
        logger.info("Finished initializing '{}' index rebuild", indexName);
    } catch (Exception e) {
        logger.warn("Unable to index series instances:", e);
        throw new ServiceException(e.getMessage());
    }
    Organization organization = new DefaultOrganization();
    SecurityUtil.runAs(securityService, organization, SecurityUtil.createSystemUser(systemUserName, organization), new Effect0() {

        @Override
        protected void run() {
            messageSender.sendObjectMessage(IndexProducer.RESPONSE_QUEUE, MessageSender.DestinationType.Queue, IndexRecreateObject.end(indexName, IndexRecreateObject.Service.Series));
        }
    });
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) Organization(org.opencastproject.security.api.Organization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) SeriesEntity(org.opencastproject.series.impl.persistence.SeriesEntity) Function0(org.opencastproject.util.data.Function0) ServiceException(org.osgi.framework.ServiceException) SeriesException(org.opencastproject.series.api.SeriesException) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) FunctionException(org.opencastproject.util.data.FunctionException) Entry(java.util.Map.Entry) ServiceException(org.osgi.framework.ServiceException) Effect0(org.opencastproject.util.data.Effect0) DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization)

Aggregations

Organization (org.opencastproject.security.api.Organization)135 User (org.opencastproject.security.api.User)60 DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)46 NotFoundException (org.opencastproject.util.NotFoundException)43 JaxbOrganization (org.opencastproject.security.api.JaxbOrganization)29 SecurityService (org.opencastproject.security.api.SecurityService)29 IOException (java.io.IOException)24 Before (org.junit.Before)24 ArrayList (java.util.ArrayList)23 AccessControlList (org.opencastproject.security.api.AccessControlList)22 OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)22 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)22 JaxbRole (org.opencastproject.security.api.JaxbRole)21 MediaPackage (org.opencastproject.mediapackage.MediaPackage)20 JaxbUser (org.opencastproject.security.api.JaxbUser)20 UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)19 File (java.io.File)18 HashMap (java.util.HashMap)17 WorkflowInstance (org.opencastproject.workflow.api.WorkflowInstance)17 Test (org.junit.Test)15