Examples with User org.opencastproject.security.api.User used on opensource projects

Example 16 with User

use of org.opencastproject.security.api.User in project opencast by opencast.

the class SeriesServiceDatabaseImpl method getSeries.

/**
 * {@inheritDoc}
 *
 * @see org.opencastproject.series.impl.SeriesServiceDatabase#getSeries(java.lang.String)
 */
@Override
public DublinCoreCatalog getSeries(String seriesId) throws NotFoundException, SeriesServiceDatabaseException {
    EntityManager em = emf.createEntityManager();
    EntityTransaction tx = em.getTransaction();
    try {
        tx.begin();
        SeriesEntity entity = getSeriesEntity(seriesId, em);
        if (entity == null) {
            throw new NotFoundException("No series with id=" + seriesId + " exists");
        }
        // Ensure this user is allowed to read this series
        String accessControlXml = entity.getAccessControl();
        if (accessControlXml != null) {
            AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
            User currentUser = securityService.getUser();
            Organization currentOrg = securityService.getOrganization();
            // There are several reasons a user may need to load a series: to read content, to edit it, or add content
            if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.READ.toString()) && !AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.CONTRIBUTE.toString()) && !AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, Permissions.Action.WRITE.toString())) {
                throw new UnauthorizedException(currentUser + " is not authorized to see series " + seriesId);
            }
        }
        return dcService.load(IOUtils.toInputStream(entity.getDublinCoreXML(), "UTF-8"));
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not update series: {}", e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SeriesServiceDatabaseException(e);
    } finally {
        em.close();
    }
}

Example 17 with User

use of org.opencastproject.security.api.User in project opencast by opencast.

the class ServiceRegistryJpaImpl method createJob.

/**
 * Creates a job on a remote host.
 */
public Job createJob(String host, String serviceType, String operation, List<String> arguments, String payload, boolean dispatchable, Job parentJob, float jobLoad) throws ServiceRegistryException {
    if (StringUtils.isBlank(host)) {
        throw new IllegalArgumentException("Host can't be null");
    }
    if (StringUtils.isBlank(serviceType)) {
        throw new IllegalArgumentException("Service type can't be null");
    }
    if (StringUtils.isBlank(operation)) {
        throw new IllegalArgumentException("Operation can't be null");
    }
    EntityManager em = null;
    EntityTransaction tx = null;
    try {
        em = emf.createEntityManager();
        tx = em.getTransaction();
        tx.begin();
        ServiceRegistrationJpaImpl creatingService = getServiceRegistration(em, serviceType, host);
        if (creatingService == null) {
            throw new ServiceRegistryException("No service registration exists for type '" + serviceType + "' on host '" + host + "'");
        }
        if (creatingService.getHostRegistration().isMaintenanceMode()) {
            logger.warn("Creating a job from {}, which is currently in maintenance mode.", creatingService.getHost());
        } else if (!creatingService.getHostRegistration().isActive()) {
            logger.warn("Creating a job from {}, which is currently inactive.", creatingService.getHost());
        }
        User currentUser = securityService.getUser();
        Organization currentOrganization = securityService.getOrganization();
        JpaJob jpaJob = new JpaJob(currentUser, currentOrganization, creatingService, operation, arguments, payload, dispatchable, jobLoad);
        // Bind the given parent job to the new job
        if (parentJob != null) {
            // Get the JPA instance of the parent job
            JpaJob jpaParentJob;
            try {
                jpaParentJob = getJpaJob(parentJob.getId());
            } catch (NotFoundException e) {
                logger.error("{} not found in the persistence context", parentJob);
                throw new ServiceRegistryException(e);
            }
            jpaJob.setParentJob(jpaParentJob);
            // Get the JPA instance of the root job
            JpaJob jpaRootJob = jpaParentJob;
            if (parentJob.getRootJobId() != null) {
                try {
                    jpaRootJob = getJpaJob(parentJob.getRootJobId());
                } catch (NotFoundException e) {
                    logger.error("job with id {} not found in the persistence context", parentJob.getRootJobId());
                    throw new ServiceRegistryException(e);
                }
            }
            jpaJob.setRootJob(jpaRootJob);
        }
        // if this job is not dispatchable, it must be handled by the host that has created it
        if (dispatchable) {
            jpaJob.setStatus(Status.QUEUED);
        } else {
            jpaJob.setProcessorServiceRegistration(creatingService);
        }
        em.persist(jpaJob);
        tx.commit();
        setJobUri(jpaJob);
        Job job = jpaJob.toJob();
        return job;
    } catch (RollbackException e) {
        if (tx != null && tx.isActive()) {
            tx.rollback();
        }
        throw e;
    } finally {
        if (em != null)
            em.close();
    }
}

Example 18 with User

use of org.opencastproject.security.api.User in project opencast by opencast.

the class SearchServiceDatabaseImpl method getOrganizationId.

/**
 * {@inheritDoc}
 *
 * @see org.opencastproject.search.impl.persistence.SearchServiceDatabase#getOrganizationId(String)
 */
@Override
public String getOrganizationId(String mediaPackageId) throws NotFoundException, SearchServiceDatabaseException {
    EntityManager em = null;
    EntityTransaction tx = null;
    try {
        em = emf.createEntityManager();
        tx = em.getTransaction();
        tx.begin();
        SearchEntity searchEntity = getSearchEntity(mediaPackageId, em);
        if (searchEntity == null)
            throw new NotFoundException("No media package with id=" + mediaPackageId + " exists");
        // Ensure this user is allowed to read this media package
        String accessControlXml = searchEntity.getAccessControl();
        if (accessControlXml != null) {
            AccessControlList acl = AccessControlParser.parseAcl(accessControlXml);
            User currentUser = securityService.getUser();
            Organization currentOrg = securityService.getOrganization();
            if (!AccessControlUtil.isAuthorized(acl, currentUser, currentOrg, READ.toString()))
                throw new UnauthorizedException(currentUser + " is not authorized to read media package " + mediaPackageId);
        }
        return searchEntity.getOrganization();
    } catch (NotFoundException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Could not get deletion date {}: {}", mediaPackageId, e.getMessage());
        if (tx.isActive()) {
            tx.rollback();
        }
        throw new SearchServiceDatabaseException(e);
    } finally {
        if (em != null)
            em.close();
    }
}

Example 19 with User

use of org.opencastproject.security.api.User in project opencast by opencast.

the class SearchServiceImplTest method testDeleteMediaPackage.

/**
 * Test removal from the search index.
 */
@Test
public void testDeleteMediaPackage() throws Exception {
    MediaPackage mediaPackage = getMediaPackage("/manifest-simple.xml");
    // Make sure our mocked ACL has the read and write permission
    acl.getEntries().add(new AccessControlEntry(ROLE_STUDENT, READ.toString(), true));
    acl.getEntries().add(new AccessControlEntry(ROLE_STUDENT, WRITE.toString(), true));
    // Add the media package to the search index
    Job job = service.add(mediaPackage);
    JobBarrier barrier = new JobBarrier(null, serviceRegistry, 1000, job);
    barrier.waitForJobs();
    // Now take the role away from the user
    userResponder.setResponse(userWithoutPermissions);
    Map<String, Integer> servers = new HashMap<String, Integer>();
    servers.put("http://localhost", 8080);
    organizationResponder.setResponse(new JaxbOrganization(DefaultOrganization.DEFAULT_ORGANIZATION_ID, DefaultOrganization.DEFAULT_ORGANIZATION_NAME, servers, DefaultOrganization.DEFAULT_ORGANIZATION_ADMIN, DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, null));
    // Try to delete it
    job = service.delete(mediaPackage.getIdentifier().toString());
    barrier = new JobBarrier(null, serviceRegistry, 1000, job);
    barrier.waitForJobs();
    assertEquals("Job to delete mediapackage did not finish", Job.Status.FINISHED, job.getStatus());
    assertEquals("Unauthorized user was able to delete a mediapackage", Boolean.FALSE.toString(), job.getPayload());
    // Second try with a "fixed" roleset
    User adminUser = new JaxbUser("admin", "test", defaultOrganization, new JaxbRole(defaultOrganization.getAdminRole(), defaultOrganization));
    userResponder.setResponse(adminUser);
    Date deletedDate = new Date();
    job = service.delete(mediaPackage.getIdentifier().toString());
    barrier = new JobBarrier(null, serviceRegistry, 1000, job);
    barrier.waitForJobs();
    assertEquals("Unauthorized user was able to delete a mediapackage", Job.Status.FINISHED, job.getStatus());
    // Now go back to the original security service and user
    userResponder.setResponse(defaultUser);
    organizationResponder.setResponse(defaultOrganization);
    SearchQuery q = new SearchQuery();
    q.includeEpisodes(true);
    q.includeSeries(false);
    q.withId("10.0000/1");
    assertEquals(0, service.getByQuery(q).size());
    // Clear the ID requirement
    q.withId(null);
    assertEquals(0, service.getByQuery(q).size());
    q = new SearchQuery();
    q.withDeletedSince(deletedDate);
    assertEquals(1, service.getByQuery(q).size());
}

Example 20 with User

use of org.opencastproject.security.api.User in project opencast by opencast.

the class SeriesServiceSolrTest method testAccessControlManagmentRewrite.

@Test
public void testAccessControlManagmentRewrite() throws Exception {
    // sample access control list
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    User user = new JaxbUser("anonymous", "test", new DefaultOrganization(), new JaxbRole("ROLE_ANONYMOUS", new DefaultOrganization()));
    EasyMock.expect(securityService.getOrganization()).andReturn(new DefaultOrganization()).anyTimes();
    EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
    EasyMock.replay(securityService);
    // deactivate the default index created in setUp()
    index.deactivate();
    // create a new index with the security service anonymous user
    index = new SeriesServiceSolrIndex();
    index.solrRoot = PathSupport.concat("target", Long.toString(System.currentTimeMillis()));
    dcService = new DublinCoreCatalogService();
    index.setDublinCoreService(dcService);
    index.setSecurityService(securityService);
    index.activate(null);
    AccessControlList accessControlList = new AccessControlList();
    List<AccessControlEntry> acl = accessControlList.getEntries();
    acl.add(new AccessControlEntry("ROLE_ANONYMOUS", Permissions.Action.READ.toString(), true));
    index.updateIndex(testCatalog);
    String seriesID = testCatalog.getFirst(DublinCore.PROPERTY_IDENTIFIER);
    index.updateSecurityPolicy(seriesID, accessControlList);
    SeriesQuery q = new SeriesQuery();
    DublinCoreCatalogList result = index.search(q);
    Assert.assertTrue("Only one anomymous series", result.size() == 1);
    index.updateSecurityPolicy(seriesID, new AccessControlList());
    q = new SeriesQuery();
    result = index.search(q);
    Assert.assertTrue("No anomymous series", result.size() == 0);
}