use of org.opencastproject.security.api.Role in project opencast by opencast.
the class SakaiUserProviderInstance method findRoles.
@Override
public Iterator<Role> findRoles(String query, Role.Target target, int offset, int limit) {
// We search for SITEID, SITEID_Learner, SITEID_Instructor
logger.debug("findRoles(query=" + query + " offset=" + offset + " limit=" + limit + ")");
// Don't return roles for users or groups
if (target == Role.Target.USER) {
return Collections.emptyIterator();
}
boolean exact = true;
boolean ltirole = false;
if (query.endsWith("%")) {
exact = false;
query = query.substring(0, query.length() - 1);
}
if (query.isEmpty()) {
return Collections.emptyIterator();
}
// Verify that role name ends with LTI_LEARNER_ROLE or LTI_INSTRUCTOR_ROLE
if (exact && !query.endsWith("_" + LTI_LEARNER_ROLE) && !query.endsWith("_" + LTI_INSTRUCTOR_ROLE)) {
return Collections.emptyIterator();
}
String sakaiSite = null;
if (query.endsWith("_" + LTI_LEARNER_ROLE)) {
sakaiSite = query.substring(0, query.lastIndexOf("_" + LTI_LEARNER_ROLE));
ltirole = true;
} else if (query.endsWith("_" + LTI_INSTRUCTOR_ROLE)) {
sakaiSite = query.substring(0, query.lastIndexOf("_" + LTI_INSTRUCTOR_ROLE));
ltirole = true;
}
if (!ltirole) {
sakaiSite = query;
}
if (!verifySakaiSite(sakaiSite)) {
return Collections.emptyIterator();
}
// Roles list
List<Role> roles = new LinkedList<Role>();
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
if (ltirole) {
// Query is for a Site ID and an LTI role (Instructor/Learner)
roles.add(new JaxbRole(query, jaxbOrganization, "Sakai Site Role", Role.Type.EXTERNAL));
} else {
// Site ID - return both roles
roles.add(new JaxbRole(sakaiSite + "_" + LTI_INSTRUCTOR_ROLE, jaxbOrganization, "Sakai Site Instructor Role", Role.Type.EXTERNAL));
roles.add(new JaxbRole(sakaiSite + "_" + LTI_LEARNER_ROLE, jaxbOrganization, "Sakai Site Learner Role", Role.Type.EXTERNAL));
}
return roles.iterator();
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class JpaGroupRoleProviderTest method testRolesForUser.
@Test
public void testRolesForUser() throws UnauthorizedException {
Set<JpaRole> authorities = new HashSet<JpaRole>();
authorities.add(new JpaRole("ROLE_ASTRO_101_SPRING_2011_STUDENT", org1));
authorities.add(new JpaRole("ROLE_ASTRO_109_SPRING_2012_STUDENT", org1));
Set<String> members = new HashSet<String>();
members.add("admin");
JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", authorities, members);
provider.addGroup(group);
authorities.clear();
authorities.add(new JpaRole("ROLE_ASTRO_122_SPRING_2011_STUDENT", org1));
authorities.add(new JpaRole("ROLE_ASTRO_124_SPRING_2012_STUDENT", org1));
JpaGroup group2 = new JpaGroup("test2", org1, "Test2", "Test 2 group", authorities, members);
provider.addGroup(group2);
authorities.clear();
authorities.add(new JpaRole("ROLE_ASTRO_134_SPRING_2011_STUDENT", org2));
authorities.add(new JpaRole("ROLE_ASTRO_144_SPRING_2012_STUDENT", org2));
JpaGroup group3 = new JpaGroup("test2", org2, "Test2", "Test 2 group", authorities, members);
provider.addGroup(group3);
List<Role> rolesForUser = provider.getRolesForUser("admin");
Assert.assertEquals("There should be four roles", 6, rolesForUser.size());
rolesForUser.contains(new JpaRole(group.getRole(), org1));
rolesForUser.contains(new JpaRole(group2.getRole(), org1));
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class JpaGroupRoleProviderTest method testFindRoles.
@Test
public void testFindRoles() throws UnauthorizedException {
// findRoles() should return a role per group, not the included roles for each group
Set<JpaRole> authorities = new HashSet<JpaRole>();
authorities.add(new JpaRole("ROLE_ASTRO_101_SPRING_2011_STUDENT", org1));
authorities.add(new JpaRole("ROLE_ASTRO_109_SPRING_2012_STUDENT", org1));
Set<String> members = new HashSet<String>();
members.add("admin");
JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", authorities, members);
provider.addGroup(group);
Role role = provider.findRoles("%test%", Role.Target.ALL, 0, 0).next();
Assert.assertEquals("ROLE_GROUP_TEST", role.getName());
authorities.clear();
authorities.add(new JpaRole("ROLE_ASTRO_122_SPRING_2011_STUDENT", org1));
authorities.add(new JpaRole("ROLE_ASTRO_124_SPRING_2012_STUDENT", org1));
JpaGroup group2 = new JpaGroup("test2", org1, "Test2", "Test 2 group", authorities, members);
provider.addGroup(group2);
authorities = new HashSet<JpaRole>();
authorities.add(new JpaRole("ROLE_ASTRO_134_SPRING_2011_STUDENT", org2));
authorities.add(new JpaRole("ROLE_ASTRO_144_SPRING_2012_STUDENT", org2));
JpaGroup group3 = new JpaGroup("test2", org2, "Test2", "Test 2 group", authorities, members);
provider.addGroup(group3);
Assert.assertEquals(0, IteratorUtils.toList(provider.findRoles("%PrIn%", Role.Target.ALL, 0, 0)).size());
Assert.assertEquals(0, IteratorUtils.toList(provider.findRoles("%PrIn%", Role.Target.ALL, 0, 1)).size());
Assert.assertEquals(2, IteratorUtils.toList(provider.findRoles("%test%", Role.Target.ALL, 0, 2)).size());
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class UserAndRoleDirectoryServiceImplTest method testUserMerge.
@Test
public void testUserMerge() throws Exception {
User mergedUser = directory.loadUser(userName);
Set<Role> roles = mergedUser.getRoles();
assertTrue(roles.contains(role1));
assertTrue(roles.contains(role2));
assertTrue(roles.contains(role3));
assertNotNull(mergedUser.getPassword());
assertEquals(org.getId(), mergedUser.getOrganization().getId());
assertEquals(userName, mergedUser.getUsername());
assertEquals("matterhorn,test", mergedUser.getProvider());
assertTrue(mergedUser.isManageable());
assertTrue(((JaxbUser) mergedUser).isManageable());
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class UserDirectoryUtils method isCurrentUserAuthorizedHandleRoles.
/**
* Return false if the current user hasn't an admin role and the roles list contain same role, true otherwise
*
* @param securityService the SecurityService
* @param roles roles list to test
* @return true if the roles list doesn't contain an admin role
* or if the current user is allowed to create, update or delete users or groups with the given roles
*/
public static boolean isCurrentUserAuthorizedHandleRoles(SecurityService securityService, Set<Role> roles) {
User user = securityService.getUser();
if (user == null)
return false;
Organization org = user.getOrganization();
for (Role role : roles) {
if (StringUtils.equals(SecurityConstants.GLOBAL_ADMIN_ROLE, role.getName()))
return user.hasRole(SecurityConstants.GLOBAL_ADMIN_ROLE);
if (org != null && StringUtils.equals(org.getAdminRole(), role.getName()))
return user.hasRole(SecurityConstants.GLOBAL_ADMIN_ROLE) || user.hasRole(org.getAdminRole());
}
return true;
}
Aggregations