Examples with UnauthorizedException org.opencastproject.security.api.UnauthorizedException used on opensource projects

Example 91 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class JpaUserAndRoleProvider method deleteUser.

/**
 * Delete the given user
 *
 * @param username
 *          the name of the user to delete
 * @param orgId
 *          the organization id
 * @throws NotFoundException
 *          if the requested user is not exist
 * @throws org.opencastproject.security.api.UnauthorizedException
 *          if you havn't permissions to delete an admin user (only admins may do that)
 * @throws Exception
 */
public void deleteUser(String username, String orgId) throws NotFoundException, UnauthorizedException, Exception {
    User user = loadUser(username, orgId);
    if (user != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, user.getRoles()))
        throw new UnauthorizedException("The user is not allowed to delete an admin user");
    // Remove the user's group membership
    groupRoleProvider.updateGroupMembershipFromRoles(username, orgId, new ArrayList<String>());
    // Remove the user
    UserDirectoryPersistenceUtil.deleteUser(username, orgId, emf);
    cache.invalidate(username + DELIMITER + orgId);
}

Example 92 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class JpaGroupRoleProvider method removeGroup.

private void removeGroup(String groupId, String orgId) throws NotFoundException, UnauthorizedException, Exception {
    Group group = loadGroup(groupId, orgId);
    if (group != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, group.getRoles()))
        throw new UnauthorizedException("The user is not allowed to delete a group with the admin role");
    UserDirectoryPersistenceUtil.removeGroup(groupId, orgId, emf);
    messageSender.sendObjectMessage(GroupItem.GROUP_QUEUE, MessageSender.DestinationType.Queue, GroupItem.delete(groupId));
}

Example 93 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class JpaGroupRoleProvider method updateGroup.

@PUT
@Path("{id}")
@RestQuery(name = "updateGroup", description = "Update a group", returnDescription = "Return the status codes", pathParameters = { @RestParameter(name = "id", description = "The group identifier", isRequired = true, type = Type.STRING) }, restParameters = { @RestParameter(name = "name", description = "The group name", isRequired = true, type = Type.STRING), @RestParameter(name = "description", description = "The group description", isRequired = false, type = Type.STRING), @RestParameter(name = "roles", description = "A comma seperated string of additional group roles", isRequired = false, type = Type.TEXT), @RestParameter(name = "users", description = "A comma seperated string of group members", isRequired = true, type = Type.TEXT) }, reponses = { @RestResponse(responseCode = SC_OK, description = "Group updated"), @RestResponse(responseCode = SC_FORBIDDEN, description = "Not enough permissions to update a group with the admin role."), @RestResponse(responseCode = SC_NOT_FOUND, description = "Group not found"), @RestResponse(responseCode = SC_BAD_REQUEST, description = "Name too long") })
public Response updateGroup(@PathParam("id") String groupId, @FormParam("name") String name, @FormParam("description") String description, @FormParam("roles") String roles, @FormParam("users") String users) throws NotFoundException {
    JpaOrganization organization = (JpaOrganization) securityService.getOrganization();
    JpaGroup group = UserDirectoryPersistenceUtil.findGroup(groupId, organization.getId(), emf);
    if (group == null)
        throw new NotFoundException();
    if (StringUtils.isNotBlank(name))
        group.setName(StringUtils.trim(name));
    if (StringUtils.isNotBlank(description))
        group.setDescription(StringUtils.trim(description));
    if (StringUtils.isNotBlank(roles)) {
        HashSet<JpaRole> roleSet = new HashSet<JpaRole>();
        for (String role : StringUtils.split(roles, ",")) {
            roleSet.add(new JpaRole(StringUtils.trim(role), organization));
        }
        group.setRoles(roleSet);
    } else {
        group.setRoles(new HashSet<JpaRole>());
    }
    if (users != null) {
        HashSet<String> members = new HashSet<String>();
        HashSet<String> invalidateUsers = new HashSet<String>();
        Set<String> groupMembers = group.getMembers();
        for (String member : StringUtils.split(users, ",")) {
            String newMember = StringUtils.trim(member);
            members.add(newMember);
            if (!groupMembers.contains(newMember)) {
                invalidateUsers.add(newMember);
            }
        }
        for (String member : groupMembers) {
            if (!members.contains(member)) {
                invalidateUsers.add(member);
            }
        }
        group.setMembers(members);
        // Invalidate cache entries for users who have been added or removed
        for (String member : invalidateUsers) {
            userDirectoryService.invalidate(member);
        }
    }
    try {
        addGroup(group);
    } catch (IllegalArgumentException e) {
        logger.warn(e.getMessage());
        return Response.status(Status.BAD_REQUEST).build();
    } catch (UnauthorizedException ex) {
        return Response.status(SC_FORBIDDEN).build();
    }
    return Response.ok().build();
}

Example 94 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class JpaGroupRoleProvider method addGroup.

/**
 * Adds or updates a group to the persistence.
 *
 * @param group
 *          the group to add
 */
public void addGroup(final JpaGroup group) throws UnauthorizedException {
    if (group != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, group.getRoles()))
        throw new UnauthorizedException("The user is not allowed to add or update a group with the admin role");
    Group existingGroup = loadGroup(group.getGroupId(), group.getOrganization().getId());
    if (existingGroup != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, existingGroup.getRoles()))
        throw new UnauthorizedException("The user is not allowed to update a group with the admin role");
    Set<JpaRole> roles = UserDirectoryPersistenceUtil.saveRoles(group.getRoles(), emf);
    JpaOrganization organization = UserDirectoryPersistenceUtil.saveOrganization(group.getOrganization(), emf);
    JpaGroup jpaGroup = new JpaGroup(group.getGroupId(), organization, group.getName(), group.getDescription(), roles, group.getMembers());
    // Then save the jpaGroup
    EntityManager em = null;
    EntityTransaction tx = null;
    try {
        em = emf.createEntityManager();
        tx = em.getTransaction();
        tx.begin();
        JpaGroup foundGroup = UserDirectoryPersistenceUtil.findGroup(jpaGroup.getGroupId(), jpaGroup.getOrganization().getId(), emf);
        if (foundGroup == null) {
            em.persist(jpaGroup);
        } else {
            foundGroup.setName(jpaGroup.getName());
            foundGroup.setDescription(jpaGroup.getDescription());
            foundGroup.setMembers(jpaGroup.getMembers());
            foundGroup.setRoles(roles);
            em.merge(foundGroup);
        }
        tx.commit();
        messageSender.sendObjectMessage(GroupItem.GROUP_QUEUE, MessageSender.DestinationType.Queue, GroupItem.update(JaxbGroup.fromGroup(jpaGroup)));
    } finally {
        if (tx.isActive()) {
            tx.rollback();
        }
        if (em != null)
            em.close();
    }
}

Example 95 with UnauthorizedException

use of org.opencastproject.security.api.UnauthorizedException in project opencast by opencast.

the class JpaGroupRoleProviderTest method testRemoveGroupNotAllowedAsNonAdminUser.

@Test
public void testRemoveGroupNotAllowedAsNonAdminUser() throws UnauthorizedException {
    JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", Collections.set(new JpaRole(SecurityConstants.GLOBAL_ADMIN_ROLE, org1)));
    try {
        provider.addGroup(group);
        Group loadGroup = provider.loadGroup(group.getGroupId(), group.getOrganization().getId());
        assertNotNull(loadGroup);
        assertEquals(group.getGroupId(), loadGroup.getGroupId());
    } catch (Exception e) {
        fail("The group should be added");
    }
    JpaUser user = new JpaUser("user", "pass1", org1, "User", "user@localhost", "opencast", true, Collections.set(new JpaRole("ROLE_USER", org1)));
    // Set the security sevice
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
    EasyMock.expect(securityService.getOrganization()).andReturn(org1).anyTimes();
    EasyMock.replay(securityService);
    provider.setSecurityService(securityService);
    Response removeGroupResponse = provider.removeGroup(group.getGroupId());
    assertNotNull(removeGroupResponse);
    assertEquals(HttpStatus.SC_FORBIDDEN, removeGroupResponse.getStatus());
}