Examples with Role org.opencastproject.security.api.Role used on opensource projects

Example 21 with Role

use of org.opencastproject.security.api.Role in project opencast by opencast.

the class UsersEndpoint method updateUser.

@PUT
@Path("{username}.json")
@RestQuery(name = "updateUser", description = "Update an user", returnDescription = "Status ok", restParameters = { @RestParameter(description = "The password.", isRequired = false, name = "password", type = STRING), @RestParameter(description = "The name.", isRequired = false, name = "name", type = STRING), @RestParameter(description = "The email.", isRequired = false, name = "email", type = STRING), @RestParameter(name = "roles", type = STRING, isRequired = false, description = "The user roles as a json array") }, pathParameters = @RestParameter(name = "username", type = STRING, isRequired = true, description = "The username"), reponses = { @RestResponse(responseCode = SC_OK, description = "User has been updated."), @RestResponse(responseCode = SC_FORBIDDEN, description = "Not enough permissions to update a user with admin role."), @RestResponse(responseCode = SC_NOT_FOUND, description = "User not found.") })
public Response updateUser(@PathParam("username") String username, @FormParam("password") String password, @FormParam("name") String name, @FormParam("email") String email, @FormParam("roles") String roles) throws NotFoundException {
    User user = jpaUserAndRoleProvider.loadUser(username);
    if (user == null) {
        throw new NotFoundException("User " + username + " does not exist.");
    }
    JpaOrganization organization = (JpaOrganization) securityService.getOrganization();
    Set<JpaRole> rolesSet = new HashSet<>();
    Option<JSONArray> rolesArray = Option.none();
    if (StringUtils.isNotBlank(roles)) {
        rolesArray = Option.some((JSONArray) JSONValue.parse(roles));
    }
    if (rolesArray.isSome()) {
        // Add the roles given
        for (Object roleObj : rolesArray.get()) {
            JSONObject role = (JSONObject) roleObj;
            String rolename = (String) role.get("id");
            Role.Type roletype = Role.Type.valueOf((String) role.get("type"));
            rolesSet.add(new JpaRole(rolename, organization, null, roletype));
        }
    } else {
        // Or the use the one from the user if no one is given
        for (Role role : user.getRoles()) {
            rolesSet.add(new JpaRole(role.getName(), organization, role.getDescription(), role.getType()));
        }
    }
    try {
        jpaUserAndRoleProvider.updateUser(new JpaUser(username, password, organization, name, email, jpaUserAndRoleProvider.getName(), true, rolesSet));
        userDirectoryService.invalidate(username);
        return Response.status(SC_OK).build();
    } catch (UnauthorizedException ex) {
        return Response.status(Response.Status.FORBIDDEN).build();
    }
}

Example 22 with Role

use of org.opencastproject.security.api.Role in project opencast by opencast.

the class BaseEndpoint method getUserRoles.

@GET
@Path("info/me/roles")
@Produces({ "application/json", "application/v1.0.0+json" })
@RestQuery(name = "getuserroles", description = "Returns current user's roles.", returnDescription = "", reponses = { @RestResponse(description = "The set of roles is returned.", responseCode = HttpServletResponse.SC_OK) })
public Response getUserRoles() {
    final User user = securityService.getUser();
    List<JValue> roles = new ArrayList<>();
    for (final Role role : user.getRoles()) {
        roles.add(v(role.getName()));
    }
    return RestUtil.R.ok(MediaType.APPLICATION_JSON_TYPE, serializer.toJson(arr(roles)));
}

Example 23 with Role

use of org.opencastproject.security.api.Role in project opencast by opencast.

the class AuthenticationSuccessHandler method onAuthenticationSuccess.

/**
 * {@inheritDoc}
 *
 * @see org.springframework.security.web.authentication.AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.HttpServletRequest,
 *      javax.servlet.http.HttpServletResponse, org.springframework.security.core.Authentication)
 */
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
    /* If the user originally attempted to access a specific URI other than /, but was forwarded to the login page,
     * redirect the user back to that initial URI. But only if the request target was a user interface any not some kind
     * of data. */
    HttpSession session = request.getSession();
    String initialRequestUri = (String) session.getAttribute(INITIAL_REQUEST_PATH);
    session.removeAttribute(INITIAL_REQUEST_PATH);
    if (initialRequestUri != null && initialRequestUri.toLowerCase().contains(".htm")) {
        response.sendRedirect(initialRequestUri);
        return;
    }
    // If there are no configured welcome pages, send the user to /
    if (welcomePages == null || welcomePages.isEmpty()) {
        response.sendRedirect(ROOT);
        return;
    }
    // Look for a welcome page for one of this user's roles
    User currentUser = securityService.getUser();
    for (Role role : currentUser.getRoles()) {
        if (welcomePages.containsKey(role.getName())) {
            response.sendRedirect(welcomePages.get(role.getName()));
            return;
        }
    }
    // None of the user's roles are in the welcome pages map, so try the wildcard. If that's not present, redirect to /
    response.sendRedirect(welcomePages.getOrDefault(WILDCARD, ROOT));
}

Example 24 with Role

use of org.opencastproject.security.api.Role in project opencast by opencast.

the class UsersEndpoint method createUser.

@POST
@Path("/")
@RestQuery(name = "createUser", description = "Create a new  user", returnDescription = "The location of the new ressource", restParameters = { @RestParameter(description = "The username.", isRequired = true, name = "username", type = STRING), @RestParameter(description = "The password.", isRequired = true, name = "password", type = STRING), @RestParameter(description = "The name.", isRequired = false, name = "name", type = STRING), @RestParameter(description = "The email.", isRequired = false, name = "email", type = STRING), @RestParameter(name = "roles", type = STRING, isRequired = false, description = "The user roles as a json array") }, reponses = { @RestResponse(responseCode = SC_CREATED, description = "User has been created."), @RestResponse(responseCode = SC_FORBIDDEN, description = "Not enough permissions to create a user with a admin role."), @RestResponse(responseCode = SC_CONFLICT, description = "An user with this username already exist.") })
public Response createUser(@FormParam("username") String username, @FormParam("password") String password, @FormParam("name") String name, @FormParam("email") String email, @FormParam("roles") String roles) throws NotFoundException {
    if (StringUtils.isBlank(username))
        return RestUtil.R.badRequest("No username set");
    if (StringUtils.isBlank(password))
        return RestUtil.R.badRequest("No password set");
    User existingUser = jpaUserAndRoleProvider.loadUser(username);
    if (existingUser != null) {
        return Response.status(SC_CONFLICT).build();
    }
    JpaOrganization organization = (JpaOrganization) securityService.getOrganization();
    Option<JSONArray> rolesArray = Option.none();
    if (StringUtils.isNotBlank(roles)) {
        rolesArray = Option.option((JSONArray) JSONValue.parse(roles));
    }
    Set<JpaRole> rolesSet = new HashSet<>();
    // Add the roles given
    if (rolesArray.isSome()) {
        // Add the roles given
        for (Object role : rolesArray.get()) {
            JSONObject roleAsJson = (JSONObject) role;
            Role.Type roletype = Role.Type.valueOf((String) roleAsJson.get("type"));
            rolesSet.add(new JpaRole(roleAsJson.get("id").toString(), organization, null, roletype));
        }
    } else {
        rolesSet.add(new JpaRole(organization.getAnonymousRole(), organization));
    }
    JpaUser user = new JpaUser(username, password, organization, name, email, jpaUserAndRoleProvider.getName(), true, rolesSet);
    try {
        jpaUserAndRoleProvider.addUser(user);
        return Response.created(uri(endpointBaseUrl, user.getUsername() + ".json")).build();
    } catch (UnauthorizedException e) {
        return Response.status(Response.Status.FORBIDDEN).build();
    }
}

Example 25 with Role

use of org.opencastproject.security.api.Role in project opencast by opencast.

the class CaptureAgentStateServiceImpl method getKnownAgents.

/**
 * {@inheritDoc}
 *
 * @see org.opencastproject.capture.admin.api.CaptureAgentStateService#getKnownAgents()
 */
@Override
public Map<String, Agent> getKnownAgents() {
    agentCache.cleanUp();
    EntityManager em = null;
    User user = securityService.getUser();
    Organization org = securityService.getOrganization();
    String orgAdmin = org.getAdminRole();
    Set<Role> roles = user.getRoles();
    try {
        em = emf.createEntityManager();
        Query q = em.createNamedQuery("Agent.byOrganization");
        q.setParameter("org", securityService.getOrganization().getId());
        // Filter the results in memory if this user is not an administrator
        List<AgentImpl> agents = q.getResultList();
        if (!user.hasRole(SecurityConstants.GLOBAL_ADMIN_ROLE) && !user.hasRole(orgAdmin)) {
            for (Iterator<AgentImpl> iter = agents.iterator(); iter.hasNext(); ) {
                AgentImpl agent = iter.next();
                Set<String> schedulerRoles = agent.getSchedulerRoles();
                // coarse-grained web layer security
                if (schedulerRoles == null || schedulerRoles.isEmpty()) {
                    continue;
                }
                boolean hasSchedulerRole = false;
                for (Role role : roles) {
                    if (schedulerRoles.contains(role.getName())) {
                        hasSchedulerRole = true;
                        break;
                    }
                }
                if (!hasSchedulerRole) {
                    iter.remove();
                }
            }
        }
        // Build the map that the API defines as agent name->agent
        Map<String, Agent> map = new TreeMap<>();
        for (AgentImpl agent : agents) {
            map.put(agent.getName(), updateCachedLastHeardFrom(agent, org.getId()));
        }
        return map;
    } finally {
        if (em != null)
            em.close();
    }
}