Examples with JpaOrganization org.opencastproject.security.impl.jpa.JpaOrganization used on opensource projects

Example 21 with JpaOrganization

use of org.opencastproject.security.impl.jpa.JpaOrganization in project opencast by opencast.

the class JpaUserAndRoleProvider method updateUser.

/**
 * Updates a user to the persistence
 *
 * @param user
 *          the user to save
 * @throws NotFoundException
 * @throws org.opencastproject.security.api.UnauthorizedException
 *          if the current user is not allowed to update user with the given roles
 */
public User updateUser(JpaUser user) throws NotFoundException, UnauthorizedException {
    if (!UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, user.getRoles()))
        throw new UnauthorizedException("The user is not allowed to set the admin role on other users");
    JpaUser updateUser = UserDirectoryPersistenceUtil.findUser(user.getUsername(), user.getOrganization().getId(), emf);
    if (updateUser == null)
        throw new NotFoundException("User " + user.getUsername() + " not found.");
    logger.debug("updateUser({})", user.getUsername());
    if (!UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, updateUser.getRoles()))
        throw new UnauthorizedException("The user is not allowed to update an admin user");
    String encodedPassword = null;
    // only update Password if a value is set
    if (user.getPassword().isEmpty()) {
        JpaUser old = UserDirectoryPersistenceUtil.findUser(user.getUsername(), user.getOrganization().getId(), emf);
        encodedPassword = old.getPassword();
    } else {
        // Update an JPA user with an encoded password.
        encodedPassword = PasswordEncoder.encode(user.getPassword(), user.getUsername());
    }
    // Only save internal roles
    Set<JpaRole> roles = UserDirectoryPersistenceUtil.saveRoles(filterRoles(user.getRoles()), emf);
    JpaOrganization organization = UserDirectoryPersistenceUtil.saveOrganization((JpaOrganization) user.getOrganization(), emf);
    JpaUser updatedUser = UserDirectoryPersistenceUtil.saveUser(new JpaUser(user.getUsername(), encodedPassword, organization, user.getName(), user.getEmail(), user.getProvider(), true, roles), emf);
    cache.put(user.getUsername() + DELIMITER + organization.getId(), updatedUser);
    updateGroupMembership(user);
    return updatedUser;
}

Example 22 with JpaOrganization

use of org.opencastproject.security.impl.jpa.JpaOrganization in project opencast by opencast.

the class JpaGroupRoleProvider method updateGroup.

@PUT
@Path("{id}")
@RestQuery(name = "updateGroup", description = "Update a group", returnDescription = "Return the status codes", pathParameters = { @RestParameter(name = "id", description = "The group identifier", isRequired = true, type = Type.STRING) }, restParameters = { @RestParameter(name = "name", description = "The group name", isRequired = true, type = Type.STRING), @RestParameter(name = "description", description = "The group description", isRequired = false, type = Type.STRING), @RestParameter(name = "roles", description = "A comma seperated string of additional group roles", isRequired = false, type = Type.TEXT), @RestParameter(name = "users", description = "A comma seperated string of group members", isRequired = true, type = Type.TEXT) }, reponses = { @RestResponse(responseCode = SC_OK, description = "Group updated"), @RestResponse(responseCode = SC_FORBIDDEN, description = "Not enough permissions to update a group with the admin role."), @RestResponse(responseCode = SC_NOT_FOUND, description = "Group not found"), @RestResponse(responseCode = SC_BAD_REQUEST, description = "Name too long") })
public Response updateGroup(@PathParam("id") String groupId, @FormParam("name") String name, @FormParam("description") String description, @FormParam("roles") String roles, @FormParam("users") String users) throws NotFoundException {
    JpaOrganization organization = (JpaOrganization) securityService.getOrganization();
    JpaGroup group = UserDirectoryPersistenceUtil.findGroup(groupId, organization.getId(), emf);
    if (group == null)
        throw new NotFoundException();
    if (StringUtils.isNotBlank(name))
        group.setName(StringUtils.trim(name));
    if (StringUtils.isNotBlank(description))
        group.setDescription(StringUtils.trim(description));
    if (StringUtils.isNotBlank(roles)) {
        HashSet<JpaRole> roleSet = new HashSet<JpaRole>();
        for (String role : StringUtils.split(roles, ",")) {
            roleSet.add(new JpaRole(StringUtils.trim(role), organization));
        }
        group.setRoles(roleSet);
    } else {
        group.setRoles(new HashSet<JpaRole>());
    }
    if (users != null) {
        HashSet<String> members = new HashSet<String>();
        HashSet<String> invalidateUsers = new HashSet<String>();
        Set<String> groupMembers = group.getMembers();
        for (String member : StringUtils.split(users, ",")) {
            String newMember = StringUtils.trim(member);
            members.add(newMember);
            if (!groupMembers.contains(newMember)) {
                invalidateUsers.add(newMember);
            }
        }
        for (String member : groupMembers) {
            if (!members.contains(member)) {
                invalidateUsers.add(member);
            }
        }
        group.setMembers(members);
        // Invalidate cache entries for users who have been added or removed
        for (String member : invalidateUsers) {
            userDirectoryService.invalidate(member);
        }
    }
    try {
        addGroup(group);
    } catch (IllegalArgumentException e) {
        logger.warn(e.getMessage());
        return Response.status(Status.BAD_REQUEST).build();
    } catch (UnauthorizedException ex) {
        return Response.status(SC_FORBIDDEN).build();
    }
    return Response.ok().build();
}

Example 23 with JpaOrganization

use of org.opencastproject.security.impl.jpa.JpaOrganization in project opencast by opencast.

the class JpaGroupRoleProvider method addGroup.

/**
 * Adds or updates a group to the persistence.
 *
 * @param group
 *          the group to add
 */
public void addGroup(final JpaGroup group) throws UnauthorizedException {
    if (group != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, group.getRoles()))
        throw new UnauthorizedException("The user is not allowed to add or update a group with the admin role");
    Group existingGroup = loadGroup(group.getGroupId(), group.getOrganization().getId());
    if (existingGroup != null && !UserDirectoryUtils.isCurrentUserAuthorizedHandleRoles(securityService, existingGroup.getRoles()))
        throw new UnauthorizedException("The user is not allowed to update a group with the admin role");
    Set<JpaRole> roles = UserDirectoryPersistenceUtil.saveRoles(group.getRoles(), emf);
    JpaOrganization organization = UserDirectoryPersistenceUtil.saveOrganization(group.getOrganization(), emf);
    JpaGroup jpaGroup = new JpaGroup(group.getGroupId(), organization, group.getName(), group.getDescription(), roles, group.getMembers());
    // Then save the jpaGroup
    EntityManager em = null;
    EntityTransaction tx = null;
    try {
        em = emf.createEntityManager();
        tx = em.getTransaction();
        tx.begin();
        JpaGroup foundGroup = UserDirectoryPersistenceUtil.findGroup(jpaGroup.getGroupId(), jpaGroup.getOrganization().getId(), emf);
        if (foundGroup == null) {
            em.persist(jpaGroup);
        } else {
            foundGroup.setName(jpaGroup.getName());
            foundGroup.setDescription(jpaGroup.getDescription());
            foundGroup.setMembers(jpaGroup.getMembers());
            foundGroup.setRoles(roles);
            em.merge(foundGroup);
        }
        tx.commit();
        messageSender.sendObjectMessage(GroupItem.GROUP_QUEUE, MessageSender.DestinationType.Queue, GroupItem.update(JaxbGroup.fromGroup(jpaGroup)));
    } finally {
        if (tx.isActive()) {
            tx.rollback();
        }
        if (em != null)
            em.close();
    }
}

Example 24 with JpaOrganization

use of org.opencastproject.security.impl.jpa.JpaOrganization in project opencast by opencast.

the class UserDirectoryPersistenceUtil method findOrganization.

/**
 * Returns the persisted organization by the given organization
 *
 * @param organization
 *          the organization
 * @param emf
 *          the entity manager factory
 * @return the organization or <code>null</code> if not found
 */
public static JpaOrganization findOrganization(JpaOrganization organization, EntityManagerFactory emf) {
    EntityManager em = null;
    try {
        em = emf.createEntityManager();
        Query query = em.createNamedQuery("Organization.findById");
        query.setParameter("id", organization.getId());
        return (JpaOrganization) query.getSingleResult();
    } catch (NoResultException e) {
        return null;
    } finally {
        if (em != null)
            em.close();
    }
}

Example 25 with JpaOrganization

use of org.opencastproject.security.impl.jpa.JpaOrganization in project opencast by opencast.

the class UserEndpoint method createUser.

@POST
@Path("/")
@RestQuery(name = "createUser", description = "Create a new  user", returnDescription = "Location of the new ressource", restParameters = { @RestParameter(name = "username", description = "The username.", isRequired = true, type = STRING), @RestParameter(name = "password", description = "The password.", isRequired = true, type = STRING), @RestParameter(name = "name", description = "The name.", isRequired = false, type = STRING), @RestParameter(name = "email", description = "The email.", isRequired = false, type = STRING), @RestParameter(name = "roles", description = "The user roles as a json array, for example: [\"ROLE_USER\", \"ROLE_ADMIN\"]", isRequired = false, type = STRING) }, reponses = { @RestResponse(responseCode = SC_BAD_REQUEST, description = "Malformed request syntax."), @RestResponse(responseCode = SC_CREATED, description = "User has been created."), @RestResponse(responseCode = SC_CONFLICT, description = "An user with this username already exist."), @RestResponse(responseCode = SC_FORBIDDEN, description = "Not enough permissions to create a user with the admin role.") })
public Response createUser(@FormParam("username") String username, @FormParam("password") String password, @FormParam("name") String name, @FormParam("email") String email, @FormParam("roles") String roles) {
    if (jpaUserAndRoleProvider.loadUser(username) != null) {
        return Response.status(SC_CONFLICT).build();
    }
    try {
        Set<JpaRole> rolesSet = parseRoles(roles);
        /* Add new user */
        logger.debug("Updating user {}", username);
        JpaOrganization organization = (JpaOrganization) securityService.getOrganization();
        JpaUser user = new JpaUser(username, password, organization, name, email, jpaUserAndRoleProvider.getName(), true, rolesSet);
        try {
            jpaUserAndRoleProvider.addUser(user);
            return Response.created(uri(endpointBaseUrl, user.getUsername() + ".json")).build();
        } catch (UnauthorizedException ex) {
            logger.debug("Create user failed", ex);
            return Response.status(Response.Status.FORBIDDEN).build();
        }
    } catch (IllegalArgumentException e) {
        logger.debug("Request with malformed ROLE data: {}", roles);
        return Response.status(SC_BAD_REQUEST).build();
    }
}