use of org.opencastproject.security.api.Role in project opencast by opencast.
the class SolrRequester method getForAction.
/**
* Converts the query object into a solr query and returns the results.
*
* @param q
* the query
* @param action
* one of {@link org.opencastproject.search.api.SearchService#READ_PERMISSION},
* {@link org.opencastproject.search.api.SearchService#WRITE_PERMISSION}
* @param applyPermissions
* whether to apply the permissions to the query. Set to false for administrative queries.
* @return the search results
*/
private SolrQuery getForAction(SearchQuery q, String action, boolean applyPermissions) throws SolrServerException {
StringBuilder sb = new StringBuilder();
if (StringUtils.isNotBlank(q.getQuery()))
sb.append(q.getQuery());
String solrIdRequest = StringUtils.trimToNull(q.getId());
if (solrIdRequest != null) {
String cleanSolrIdRequest = SolrUtils.clean(solrIdRequest);
if (sb.length() > 0)
sb.append(" AND ");
sb.append("(");
sb.append(Schema.ID);
sb.append(":");
sb.append(cleanSolrIdRequest);
if (q.isIncludeEpisodes() && q.isIncludeSeries()) {
sb.append(" OR ");
sb.append(Schema.DC_IS_PART_OF);
sb.append(":");
sb.append(cleanSolrIdRequest);
}
sb.append(")");
}
String solrSeriesIdRequest = StringUtils.trimToNull(q.getSeriesId());
if (solrSeriesIdRequest != null) {
String cleanSolrSeriesIdRequest = SolrUtils.clean(solrSeriesIdRequest);
if (sb.length() > 0) {
sb.append(" AND ");
}
sb.append("(");
sb.append(Schema.DC_IS_PART_OF);
sb.append(":");
sb.append(cleanSolrSeriesIdRequest);
sb.append(")");
}
String solrTextRequest = StringUtils.trimToNull(q.getText());
if (solrTextRequest != null) {
String cleanSolrTextRequest = SolrUtils.clean(q.getText());
if (StringUtils.isNotEmpty(cleanSolrTextRequest)) {
if (sb.length() > 0)
sb.append(" AND ");
sb.append("( *:");
sb.append(boost(cleanSolrTextRequest));
sb.append(" OR (");
sb.append(Schema.ID);
sb.append(":");
sb.append(cleanSolrTextRequest);
sb.append(") )");
}
}
if (q.getElementTags() != null && q.getElementTags().length > 0) {
if (sb.length() > 0)
sb.append(" AND ");
StringBuilder tagBuilder = new StringBuilder();
for (int i = 0; i < q.getElementTags().length; i++) {
String tag = SolrUtils.clean(q.getElementTags()[i]);
if (StringUtils.isEmpty(tag))
continue;
if (tagBuilder.length() == 0) {
tagBuilder.append("(");
} else {
tagBuilder.append(" OR ");
}
tagBuilder.append(Schema.OC_ELEMENTTAGS);
tagBuilder.append(":");
tagBuilder.append(tag);
}
if (tagBuilder.length() > 0) {
tagBuilder.append(") ");
sb.append(tagBuilder);
}
}
if (q.getElementFlavors() != null && q.getElementFlavors().length > 0) {
if (sb.length() > 0)
sb.append(" AND ");
StringBuilder flavorBuilder = new StringBuilder();
for (int i = 0; i < q.getElementFlavors().length; i++) {
String flavor = SolrUtils.clean(q.getElementFlavors()[i].toString());
if (StringUtils.isEmpty(flavor))
continue;
if (flavorBuilder.length() == 0) {
flavorBuilder.append("(");
} else {
flavorBuilder.append(" OR ");
}
flavorBuilder.append(Schema.OC_ELEMENTFLAVORS);
flavorBuilder.append(":");
flavorBuilder.append(flavor);
}
if (flavorBuilder.length() > 0) {
flavorBuilder.append(") ");
sb.append(flavorBuilder);
}
}
if (q.getDeletedDate() != null) {
if (sb.length() > 0)
sb.append(" AND ");
sb.append(Schema.OC_DELETED + ":" + SolrUtils.serializeDateRange(option(q.getDeletedDate()), Option.<Date>none()));
}
if (sb.length() == 0)
sb.append("*:*");
if (applyPermissions) {
sb.append(" AND ").append(Schema.OC_ORGANIZATION).append(":").append(SolrUtils.clean(securityService.getOrganization().getId()));
User user = securityService.getUser();
Set<Role> roles = user.getRoles();
boolean userHasAnonymousRole = false;
if (roles.size() > 0) {
sb.append(" AND (");
StringBuilder roleList = new StringBuilder();
for (Role role : roles) {
if (roleList.length() > 0)
roleList.append(" OR ");
roleList.append(Schema.OC_ACL_PREFIX).append(action).append(":").append(SolrUtils.clean(role.getName()));
if (role.getName().equalsIgnoreCase(securityService.getOrganization().getAnonymousRole())) {
userHasAnonymousRole = true;
}
}
if (!userHasAnonymousRole) {
if (roleList.length() > 0)
roleList.append(" OR ");
roleList.append(Schema.OC_ACL_PREFIX).append(action).append(":").append(SolrUtils.clean(securityService.getOrganization().getAnonymousRole()));
}
sb.append(roleList.toString());
sb.append(")");
}
}
if (!q.isIncludeEpisodes()) {
if (sb.length() > 0)
sb.append(" AND ");
sb.append("-" + Schema.OC_MEDIATYPE + ":" + SearchResultItemType.AudioVisual);
}
if (!q.isIncludeSeries()) {
if (sb.length() > 0)
sb.append(" AND ");
sb.append("-" + Schema.OC_MEDIATYPE + ":" + SearchResultItemType.Series);
}
if (q.getDeletedDate() == null) {
if (sb.length() > 0)
sb.append(" AND ");
sb.append("-" + Schema.OC_DELETED + ":[* TO *]");
}
SolrQuery query = new SolrQuery(sb.toString());
if (q.getLimit() > 0) {
query.setRows(q.getLimit());
} else {
query.setRows(Integer.MAX_VALUE);
}
if (q.getOffset() > 0)
query.setStart(q.getOffset());
if (q.getSort() != null) {
ORDER order = q.isSortAscending() ? ORDER.asc : ORDER.desc;
query.addSortField(getSortField(q.getSort()), order);
}
if (!SearchQuery.Sort.DATE_CREATED.equals(q.getSort())) {
query.addSortField(getSortField(SearchQuery.Sort.DATE_CREATED), ORDER.desc);
}
query.setFields("* score");
return query;
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class RuntimeInfo method getMyInfo.
@GET
@Path("me.json")
@Produces(MediaType.APPLICATION_JSON)
@RestQuery(name = "me", description = "Information about the curent user", reponses = { @RestResponse(description = "Returns information about the current user", responseCode = HttpServletResponse.SC_OK) }, returnDescription = "")
@SuppressWarnings("unchecked")
public String getMyInfo() {
JSONObject json = new JSONObject();
User user = securityService.getUser();
JSONObject jsonUser = new JSONObject();
jsonUser.put("username", user.getUsername());
jsonUser.put("name", user.getName());
jsonUser.put("email", user.getEmail());
jsonUser.put("provider", user.getProvider());
json.put("user", jsonUser);
if (userIdRoleProvider != null)
json.put("userRole", UserIdRoleProvider.getUserIdRole(user.getUsername()));
// Add the current user's roles
JSONArray roles = new JSONArray();
for (Role role : user.getRoles()) {
roles.add(role.getName());
}
json.put("roles", roles);
// Add the current user's organizational information
Organization org = securityService.getOrganization();
JSONObject jsonOrg = new JSONObject();
jsonOrg.put("id", org.getId());
jsonOrg.put("name", org.getName());
jsonOrg.put("adminRole", org.getAdminRole());
jsonOrg.put("anonymousRole", org.getAnonymousRole());
// and organization properties
JSONObject orgProps = new JSONObject();
jsonOrg.put("properties", orgProps);
for (Entry<String, String> entry : org.getProperties().entrySet()) {
orgProps.put(entry.getKey(), entry.getValue());
}
json.put("org", jsonOrg);
return json.toJSONString();
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class WorkflowServiceSolrIndex method appendSolrAuthFragment.
protected void appendSolrAuthFragment(StringBuilder sb, String action) throws WorkflowDatabaseException {
User user = securityService.getUser();
if (!user.hasRole(GLOBAL_ADMIN_ROLE) && !user.hasRole(user.getOrganization().getAdminRole())) {
sb.append(" AND ").append(ORG_KEY).append(":").append(escapeQueryChars(securityService.getOrganization().getId()));
Set<Role> roles = user.getRoles();
if (roles.size() > 0) {
sb.append(" AND (").append(WORKFLOW_CREATOR_KEY).append(":").append(escapeQueryChars(user.getUsername()));
for (Role role : roles) {
sb.append(" OR ");
sb.append(ACL_KEY_PREFIX).append(action).append(":").append(escapeQueryChars(role.getName()));
}
sb.append(")");
}
}
}
Aggregations