use of org.opencastproject.security.api.Role in project opencast by opencast.
the class UsersEndpoint method updateUser.
@PUT
@Path("{username}.json")
@RestQuery(name = "updateUser", description = "Update an user", returnDescription = "Status ok", restParameters = { @RestParameter(description = "The password.", isRequired = false, name = "password", type = STRING), @RestParameter(description = "The name.", isRequired = false, name = "name", type = STRING), @RestParameter(description = "The email.", isRequired = false, name = "email", type = STRING), @RestParameter(name = "roles", type = STRING, isRequired = false, description = "The user roles as a json array") }, pathParameters = @RestParameter(name = "username", type = STRING, isRequired = true, description = "The username"), reponses = { @RestResponse(responseCode = SC_OK, description = "User has been updated."), @RestResponse(responseCode = SC_FORBIDDEN, description = "Not enough permissions to update a user with admin role."), @RestResponse(responseCode = SC_NOT_FOUND, description = "User not found.") })
public Response updateUser(@PathParam("username") String username, @FormParam("password") String password, @FormParam("name") String name, @FormParam("email") String email, @FormParam("roles") String roles) throws NotFoundException {
User user = jpaUserAndRoleProvider.loadUser(username);
if (user == null) {
throw new NotFoundException("User " + username + " does not exist.");
}
JpaOrganization organization = (JpaOrganization) securityService.getOrganization();
Set<JpaRole> rolesSet = new HashSet<>();
Option<JSONArray> rolesArray = Option.none();
if (StringUtils.isNotBlank(roles)) {
rolesArray = Option.some((JSONArray) JSONValue.parse(roles));
}
if (rolesArray.isSome()) {
// Add the roles given
for (Object roleObj : rolesArray.get()) {
JSONObject role = (JSONObject) roleObj;
String rolename = (String) role.get("id");
Role.Type roletype = Role.Type.valueOf((String) role.get("type"));
rolesSet.add(new JpaRole(rolename, organization, null, roletype));
}
} else {
// Or the use the one from the user if no one is given
for (Role role : user.getRoles()) {
rolesSet.add(new JpaRole(role.getName(), organization, role.getDescription(), role.getType()));
}
}
try {
jpaUserAndRoleProvider.updateUser(new JpaUser(username, password, organization, name, email, jpaUserAndRoleProvider.getName(), true, rolesSet));
userDirectoryService.invalidate(username);
return Response.status(SC_OK).build();
} catch (UnauthorizedException ex) {
return Response.status(Response.Status.FORBIDDEN).build();
}
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class BaseEndpoint method getUserRoles.
@GET
@Path("info/me/roles")
@Produces({ "application/json", "application/v1.0.0+json" })
@RestQuery(name = "getuserroles", description = "Returns current user's roles.", returnDescription = "", reponses = { @RestResponse(description = "The set of roles is returned.", responseCode = HttpServletResponse.SC_OK) })
public Response getUserRoles() {
final User user = securityService.getUser();
List<JValue> roles = new ArrayList<>();
for (final Role role : user.getRoles()) {
roles.add(v(role.getName()));
}
return RestUtil.R.ok(MediaType.APPLICATION_JSON_TYPE, serializer.toJson(arr(roles)));
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class AuthenticationSuccessHandler method onAuthenticationSuccess.
/**
* {@inheritDoc}
*
* @see org.springframework.security.web.authentication.AuthenticationSuccessHandler#onAuthenticationSuccess(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse, org.springframework.security.core.Authentication)
*/
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
/* If the user originally attempted to access a specific URI other than /, but was forwarded to the login page,
* redirect the user back to that initial URI. But only if the request target was a user interface any not some kind
* of data. */
HttpSession session = request.getSession();
String initialRequestUri = (String) session.getAttribute(INITIAL_REQUEST_PATH);
session.removeAttribute(INITIAL_REQUEST_PATH);
if (initialRequestUri != null && initialRequestUri.toLowerCase().contains(".htm")) {
response.sendRedirect(initialRequestUri);
return;
}
// If there are no configured welcome pages, send the user to /
if (welcomePages == null || welcomePages.isEmpty()) {
response.sendRedirect(ROOT);
return;
}
// Look for a welcome page for one of this user's roles
User currentUser = securityService.getUser();
for (Role role : currentUser.getRoles()) {
if (welcomePages.containsKey(role.getName())) {
response.sendRedirect(welcomePages.get(role.getName()));
return;
}
}
// None of the user's roles are in the welcome pages map, so try the wildcard. If that's not present, redirect to /
response.sendRedirect(welcomePages.getOrDefault(WILDCARD, ROOT));
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class UsersEndpoint method createUser.
@POST
@Path("/")
@RestQuery(name = "createUser", description = "Create a new user", returnDescription = "The location of the new ressource", restParameters = { @RestParameter(description = "The username.", isRequired = true, name = "username", type = STRING), @RestParameter(description = "The password.", isRequired = true, name = "password", type = STRING), @RestParameter(description = "The name.", isRequired = false, name = "name", type = STRING), @RestParameter(description = "The email.", isRequired = false, name = "email", type = STRING), @RestParameter(name = "roles", type = STRING, isRequired = false, description = "The user roles as a json array") }, reponses = { @RestResponse(responseCode = SC_CREATED, description = "User has been created."), @RestResponse(responseCode = SC_FORBIDDEN, description = "Not enough permissions to create a user with a admin role."), @RestResponse(responseCode = SC_CONFLICT, description = "An user with this username already exist.") })
public Response createUser(@FormParam("username") String username, @FormParam("password") String password, @FormParam("name") String name, @FormParam("email") String email, @FormParam("roles") String roles) throws NotFoundException {
if (StringUtils.isBlank(username))
return RestUtil.R.badRequest("No username set");
if (StringUtils.isBlank(password))
return RestUtil.R.badRequest("No password set");
User existingUser = jpaUserAndRoleProvider.loadUser(username);
if (existingUser != null) {
return Response.status(SC_CONFLICT).build();
}
JpaOrganization organization = (JpaOrganization) securityService.getOrganization();
Option<JSONArray> rolesArray = Option.none();
if (StringUtils.isNotBlank(roles)) {
rolesArray = Option.option((JSONArray) JSONValue.parse(roles));
}
Set<JpaRole> rolesSet = new HashSet<>();
// Add the roles given
if (rolesArray.isSome()) {
// Add the roles given
for (Object role : rolesArray.get()) {
JSONObject roleAsJson = (JSONObject) role;
Role.Type roletype = Role.Type.valueOf((String) roleAsJson.get("type"));
rolesSet.add(new JpaRole(roleAsJson.get("id").toString(), organization, null, roletype));
}
} else {
rolesSet.add(new JpaRole(organization.getAnonymousRole(), organization));
}
JpaUser user = new JpaUser(username, password, organization, name, email, jpaUserAndRoleProvider.getName(), true, rolesSet);
try {
jpaUserAndRoleProvider.addUser(user);
return Response.created(uri(endpointBaseUrl, user.getUsername() + ".json")).build();
} catch (UnauthorizedException e) {
return Response.status(Response.Status.FORBIDDEN).build();
}
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class CaptureAgentStateServiceImpl method getKnownAgents.
/**
* {@inheritDoc}
*
* @see org.opencastproject.capture.admin.api.CaptureAgentStateService#getKnownAgents()
*/
@Override
public Map<String, Agent> getKnownAgents() {
agentCache.cleanUp();
EntityManager em = null;
User user = securityService.getUser();
Organization org = securityService.getOrganization();
String orgAdmin = org.getAdminRole();
Set<Role> roles = user.getRoles();
try {
em = emf.createEntityManager();
Query q = em.createNamedQuery("Agent.byOrganization");
q.setParameter("org", securityService.getOrganization().getId());
// Filter the results in memory if this user is not an administrator
List<AgentImpl> agents = q.getResultList();
if (!user.hasRole(SecurityConstants.GLOBAL_ADMIN_ROLE) && !user.hasRole(orgAdmin)) {
for (Iterator<AgentImpl> iter = agents.iterator(); iter.hasNext(); ) {
AgentImpl agent = iter.next();
Set<String> schedulerRoles = agent.getSchedulerRoles();
// coarse-grained web layer security
if (schedulerRoles == null || schedulerRoles.isEmpty()) {
continue;
}
boolean hasSchedulerRole = false;
for (Role role : roles) {
if (schedulerRoles.contains(role.getName())) {
hasSchedulerRole = true;
break;
}
}
if (!hasSchedulerRole) {
iter.remove();
}
}
}
// Build the map that the API defines as agent name->agent
Map<String, Agent> map = new TreeMap<>();
for (AgentImpl agent : agents) {
map.put(agent.getName(), updateCachedLastHeardFrom(agent, org.getId()));
}
return map;
} finally {
if (em != null)
em.close();
}
}
Aggregations