Examples with UnauthorizedException org.opencastproject.security.api.UnauthorizedException used on opensource projects

Example 76 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class SeriesServiceDatabaseImpl method storeSeries.

/*
   * (non-Javadoc)
   *
   * @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeries(org.opencastproject.metadata.dublincore.
   * DublinCoreCatalog)
   */
@Override
public DublinCoreCatalog storeSeries(DublinCoreCatalog dc) throws SeriesServiceDatabaseException, UnauthorizedException {
    if (dc == null) {
        throw new SeriesServiceDatabaseException("Invalid value for Dublin core catalog: null");
    }
    String seriesId = dc.getFirst(DublinCore.PROPERTY_IDENTIFIER);
    String seriesXML;
    try {
        seriesXML = serializeDublinCore(dc);
    } catch (Exception e1) {
        logger.error("Could not serialize Dublin Core: {}", e1);
        throw new SeriesServiceDatabaseException(e1);
    }
    EntityManager em = emf.createEntityManager();
    EntityTransaction tx = em.getTransaction();
    DublinCoreCatalog newSeries = null;
    try {
        tx.begin();
        SeriesEntity entity = getSeriesEntity(seriesId, em);
        if (entity == null) {
            // no series stored, create new entity
            entity = new SeriesEntity();
            entity.setOrganization(securityService.getOrganization().getId());
            entity.setSeriesId(seriesId);
            entity.setSeries(seriesXML);
            em.persist(entity);
            newSeries = dc;
        } else {
            // Ensure this user is allowed to update this series
            String accessControlXml = entity.getAccessControl();
            if (accessControlXml != null) {
                AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
                User currentUser = securityService.getUser();
                Organization currentOrg = securityService.getOrganization();
                if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
                    throw new UnauthorizedException(currentUser + " is not authorized to update series " + seriesId);
                }
            }
            entity.setSeries(seriesXML);
            em.merge(entity);
        }
        tx.commit();
        return newSeries;
    } catch (Exception e) {
        logger.error("Could not update series: {}", e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SeriesServiceDatabaseException(e);
    } finally {
        em.close();
    }
}

Example 77 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class SeriesServiceDatabaseImpl method storeSeriesAccessControl.

/*
   * (non-Javadoc)
   *
   * @see org.opencastproject.series.impl.SeriesServiceDatabase#storeSeriesAccessControl(java.lang.String,
   * org.opencastproject.security.api.AccessControlList)
   */
@Override
public boolean storeSeriesAccessControl(String seriesId, AccessControlList accessControl) throws NotFoundException, SeriesServiceDatabaseException {
    if (accessControl == null) {
        logger.error("Access control parameter is <null> for series '{}'", seriesId);
        throw new IllegalArgumentException("Argument for updating ACL for series " + seriesId + " is null");
    }
    String serializedAC;
    try {
        serializedAC = AccessControlParser.toXml(accessControl);
    } catch (Exception e) {
        logger.error("Could not serialize access control parameter: {}", e.getMessage());
        throw new SeriesServiceDatabaseException(e);
    }
    EntityManager em = emf.createEntityManager();
    EntityTransaction tx = em.getTransaction();
    boolean updated = false;
    try {
        tx.begin();
        SeriesEntity entity = getSeriesEntity(seriesId, em);
        if (entity == null) {
            throw new NotFoundException("Series with ID " + seriesId + " does not exist.");
        }
        if (entity.getAccessControl() != null) {
            // Ensure this user is allowed to update this series
            String accessControlXml = entity.getAccessControl();
            if (accessControlXml != null) {
                AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
                User currentUser = securityService.getUser();
                Organization currentOrg = securityService.getOrganization();
                if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
                    throw new UnauthorizedException(currentUser + " is not authorized to update ACLs on series " + seriesId);
                }
            }
            updated = true;
        }
        entity.setAccessControl(serializedAC);
        em.merge(entity);
        tx.commit();
        return updated;
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not update series: {}", e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SeriesServiceDatabaseException(e);
    } finally {
        em.close();
    }
}

Example 78 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class SeriesServiceRemoteImpl method updateSeries.

@Override
public DublinCoreCatalog updateSeries(DublinCoreCatalog dc) throws SeriesException, UnauthorizedException {
    String seriesId = dc.getFirst(DublinCore.PROPERTY_IDENTIFIER);
    HttpPost post = new HttpPost("/");
    try {
        List<BasicNameValuePair> params = new ArrayList<>();
        params.add(new BasicNameValuePair("series", dc.toXmlString()));
        post.setEntity(new UrlEncodedFormEntity(params));
    } catch (Exception e) {
        throw new SeriesException("Unable to assemble a remote series request for updating series " + seriesId, e);
    }
    HttpResponse response = getResponse(post, SC_NO_CONTENT, SC_CREATED, SC_UNAUTHORIZED);
    try {
        if (response != null) {
            int statusCode = response.getStatusLine().getStatusCode();
            if (SC_NO_CONTENT == statusCode) {
                logger.info("Successfully updated series {} in the series service", seriesId);
                return null;
            } else if (SC_UNAUTHORIZED == statusCode) {
                throw new UnauthorizedException("Not authorized to update series " + seriesId);
            } else if (SC_CREATED == statusCode) {
                DublinCoreCatalog catalogImpl = DublinCores.read(response.getEntity().getContent());
                logger.info("Successfully created series {} in the series service", seriesId);
                return catalogImpl;
            }
        }
    } catch (UnauthorizedException e) {
        throw e;
    } catch (Exception e) {
        throw new SeriesException("Unable to update series " + seriesId + " using the remote series services: " + e);
    } finally {
        closeConnection(response);
    }
    throw new SeriesException("Unable to update series " + seriesId + " using the remote series services");
}

Example 79 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class SeriesServiceRemoteImpl method deleteSeries.

@Override
public void deleteSeries(String seriesID) throws SeriesException, NotFoundException, UnauthorizedException {
    HttpDelete del = new HttpDelete(seriesID);
    HttpResponse response = getResponse(del, SC_OK, SC_NOT_FOUND, SC_UNAUTHORIZED);
    try {
        if (response != null) {
            int statusCode = response.getStatusLine().getStatusCode();
            if (SC_NOT_FOUND == statusCode) {
                throw new NotFoundException("Series not found: " + seriesID);
            } else if (SC_UNAUTHORIZED == statusCode) {
                throw new UnauthorizedException("Not authorized to delete series " + seriesID);
            } else if (SC_OK == statusCode) {
                logger.info("Successfully deleted {} from the remote series index", seriesID);
                return;
            }
        }
    } finally {
        closeConnection(response);
    }
    throw new SeriesException("Unable to remove " + seriesID + " from a remote series index");
}

Example 80 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class SeriesServiceRemoteImpl method getSeries.

@Override
public DublinCoreCatalog getSeries(String seriesID) throws SeriesException, NotFoundException, UnauthorizedException {
    HttpGet get = new HttpGet(seriesID + ".xml");
    HttpResponse response = getResponse(get, SC_OK, SC_NOT_FOUND, SC_UNAUTHORIZED);
    try {
        if (response != null) {
            if (SC_NOT_FOUND == response.getStatusLine().getStatusCode()) {
                throw new NotFoundException("Series " + seriesID + " not found in remote series index!");
            } else if (SC_UNAUTHORIZED == response.getStatusLine().getStatusCode()) {
                throw new UnauthorizedException("Not authorized to get series " + seriesID);
            } else {
                DublinCoreCatalog dublinCoreCatalog = DublinCores.read(response.getEntity().getContent());
                logger.debug("Successfully received series {} from the remote series index", seriesID);
                return dublinCoreCatalog;
            }
        }
    } catch (UnauthorizedException e) {
        throw e;
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        throw new SeriesException("Unable to parse series from remote series index: " + e);
    } finally {
        closeConnection(response);
    }
    throw new SeriesException("Unable to get series from remote series index");
}