Search in sources :

Example 31 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class UserEndpoint method createUser.

@POST
@Path("/")
@RestQuery(name = "createUser", description = "Create a new  user", returnDescription = "Location of the new ressource", restParameters = { @RestParameter(name = "username", description = "The username.", isRequired = true, type = STRING), @RestParameter(name = "password", description = "The password.", isRequired = true, type = STRING), @RestParameter(name = "name", description = "The name.", isRequired = false, type = STRING), @RestParameter(name = "email", description = "The email.", isRequired = false, type = STRING), @RestParameter(name = "roles", description = "The user roles as a json array, for example: [\"ROLE_USER\", \"ROLE_ADMIN\"]", isRequired = false, type = STRING) }, reponses = { @RestResponse(responseCode = SC_BAD_REQUEST, description = "Malformed request syntax."), @RestResponse(responseCode = SC_CREATED, description = "User has been created."), @RestResponse(responseCode = SC_CONFLICT, description = "An user with this username already exist."), @RestResponse(responseCode = SC_FORBIDDEN, description = "Not enough permissions to create a user with the admin role.") })
public Response createUser(@FormParam("username") String username, @FormParam("password") String password, @FormParam("name") String name, @FormParam("email") String email, @FormParam("roles") String roles) {
    if (jpaUserAndRoleProvider.loadUser(username) != null) {
        return Response.status(SC_CONFLICT).build();
    }
    try {
        Set<JpaRole> rolesSet = parseRoles(roles);
        /* Add new user */
        logger.debug("Updating user {}", username);
        JpaOrganization organization = (JpaOrganization) securityService.getOrganization();
        JpaUser user = new JpaUser(username, password, organization, name, email, jpaUserAndRoleProvider.getName(), true, rolesSet);
        try {
            jpaUserAndRoleProvider.addUser(user);
            return Response.created(uri(endpointBaseUrl, user.getUsername() + ".json")).build();
        } catch (UnauthorizedException ex) {
            logger.debug("Create user failed", ex);
            return Response.status(Response.Status.FORBIDDEN).build();
        }
    } catch (IllegalArgumentException e) {
        logger.debug("Request with malformed ROLE data: {}", roles);
        return Response.status(SC_BAD_REQUEST).build();
    }
}
Also used : JpaOrganization(org.opencastproject.security.impl.jpa.JpaOrganization) JpaRole(org.opencastproject.security.impl.jpa.JpaRole) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) JpaUser(org.opencastproject.security.impl.jpa.JpaUser) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) RestQuery(org.opencastproject.util.doc.rest.RestQuery)

Example 32 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class UserEndpoint method setUser.

@PUT
@Path("{username}.json")
@RestQuery(name = "updateUser", description = "Update an user", returnDescription = "Status ok", restParameters = { @RestParameter(name = "password", description = "The password.", isRequired = true, type = STRING), @RestParameter(name = "name", description = "The name.", isRequired = false, type = STRING), @RestParameter(name = "email", description = "The email.", isRequired = false, type = STRING), @RestParameter(name = "roles", description = "The user roles as a json array, for example: [\"ROLE_USER\", \"ROLE_ADMIN\"]", isRequired = false, type = STRING) }, pathParameters = @RestParameter(name = "username", description = "The username", isRequired = true, type = STRING), reponses = { @RestResponse(responseCode = SC_BAD_REQUEST, description = "Malformed request syntax."), @RestResponse(responseCode = SC_FORBIDDEN, description = "Not enough permissions to update a user with the admin role."), @RestResponse(responseCode = SC_OK, description = "User has been updated.") })
public Response setUser(@PathParam("username") String username, @FormParam("password") String password, @FormParam("name") String name, @FormParam("email") String email, @FormParam("roles") String roles) {
    try {
        User user = jpaUserAndRoleProvider.loadUser(username);
        if (user == null) {
            return createUser(username, password, name, email, roles);
        }
        Set<JpaRole> rolesSet = parseRoles(roles);
        logger.debug("Updating user {}", username);
        JpaOrganization organization = (JpaOrganization) securityService.getOrganization();
        jpaUserAndRoleProvider.updateUser(new JpaUser(username, password, organization, name, email, jpaUserAndRoleProvider.getName(), true, rolesSet));
        return Response.status(SC_OK).build();
    } catch (NotFoundException e) {
        logger.debug("User {} not found.", username);
        return Response.status(SC_NOT_FOUND).build();
    } catch (UnauthorizedException e) {
        logger.debug("Update user failed", e);
        return Response.status(Response.Status.FORBIDDEN).build();
    } catch (IllegalArgumentException e) {
        logger.debug("Request with malformed ROLE data: {}", roles);
        return Response.status(SC_BAD_REQUEST).build();
    }
}
Also used : User(org.opencastproject.security.api.User) JpaUser(org.opencastproject.security.impl.jpa.JpaUser) JaxbUser(org.opencastproject.security.api.JaxbUser) JpaOrganization(org.opencastproject.security.impl.jpa.JpaOrganization) JpaRole(org.opencastproject.security.impl.jpa.JpaRole) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) JpaUser(org.opencastproject.security.impl.jpa.JpaUser) Path(javax.ws.rs.Path) RestQuery(org.opencastproject.util.doc.rest.RestQuery) PUT(javax.ws.rs.PUT)

Example 33 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class UserEndpoint method parseRoles.

/**
 * Parse JSON roles array.
 *
 * @param roles
 *          String representation of JSON array containing roles
 */
private Set<JpaRole> parseRoles(String roles) throws IllegalArgumentException {
    JSONArray rolesArray = null;
    /* Try parsing JSON. Return Bad Request if malformed. */
    try {
        rolesArray = (JSONArray) JSONValue.parseWithException(StringUtils.isEmpty(roles) ? "[]" : roles);
    } catch (Exception e) {
        throw new IllegalArgumentException("Error parsing JSON array", e);
    }
    Set<JpaRole> rolesSet = new HashSet<JpaRole>();
    /* Add given roles */
    for (Object role : rolesArray) {
        try {
            rolesSet.add(new JpaRole((String) role, (JpaOrganization) securityService.getOrganization()));
        } catch (ClassCastException e) {
            throw new IllegalArgumentException("Error parsing array vales as String", e);
        }
    }
    return rolesSet;
}
Also used : JpaOrganization(org.opencastproject.security.impl.jpa.JpaOrganization) JSONArray(org.json.simple.JSONArray) JpaRole(org.opencastproject.security.impl.jpa.JpaRole) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) IOException(java.io.IOException) HashSet(java.util.HashSet)

Example 34 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class JpaUserProviderTest method testUsers.

@Test
public void testUsers() throws Exception {
    Set<JpaRole> authorities = new HashSet<JpaRole>();
    authorities.add(new JpaRole("ROLE_COOL_ONE", org1));
    JpaUser userOne = createUserWithRoles(org1, "user_test_1", "ROLE_COOL_ONE");
    JpaUser userTwo = createUserWithRoles(org1, "user2", "ROLE_CCOL_ONE");
    JpaUser userThree = createUserWithRoles(org1, "user3", "ROLE_COOL_ONE");
    JpaUser userFour = createUserWithRoles(org1, "user_test_4", "ROLE_COOL_ONE");
    provider.addUser(userOne);
    provider.addUser(userTwo);
    provider.addUser(userThree);
    provider.addUser(userFour);
    assertEquals("There should be two roles", 4, IteratorUtils.toList(provider.getUsers()).size());
}
Also used : JpaRole(org.opencastproject.security.impl.jpa.JpaRole) JpaUser(org.opencastproject.security.impl.jpa.JpaUser) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 35 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class JpaUserProviderTest method testFindRoles.

@Test
public void testFindRoles() throws UnauthorizedException {
    JpaRole astroRole = new JpaRole("ROLE_ASTRO_105_SPRING_2013_STUDENT", org1, "Astro role");
    provider.addRole(astroRole);
    JpaUser userOne = createUserWithRoles(org1, "user1", "ROLE_COOL_ONE", "ROLE_COOL_TWO");
    provider.addUser(userOne);
    // We expect findRoles() for this provider to return an empty set,
    // as it is not authoritative for roles that it persists.
    assertEquals(0, IteratorUtils.toList(provider.findRoles("%coOL%", Role.Target.ALL, 0, 0)).size());
    assertEquals(0, IteratorUtils.toList(provider.findRoles("%cOoL%", Role.Target.ALL, 0, 1)).size());
    assertEquals(0, IteratorUtils.toList(provider.findRoles("%oLe%", Role.Target.ALL, 0, 0)).size());
    assertEquals(0, IteratorUtils.toList(provider.findRoles("%olE%", Role.Target.ALL, 1, 2)).size());
}
Also used : JpaRole(org.opencastproject.security.impl.jpa.JpaRole) JpaUser(org.opencastproject.security.impl.jpa.JpaUser) Test(org.junit.Test)

Aggregations

JpaRole (org.opencastproject.security.impl.jpa.JpaRole)37 HashSet (java.util.HashSet)18 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)18 JpaUser (org.opencastproject.security.impl.jpa.JpaUser)18 Test (org.junit.Test)16 JpaOrganization (org.opencastproject.security.impl.jpa.JpaOrganization)14 JpaGroup (org.opencastproject.security.impl.jpa.JpaGroup)12 NotFoundException (org.opencastproject.util.NotFoundException)11 Role (org.opencastproject.security.api.Role)9 Path (javax.ws.rs.Path)6 RestQuery (org.opencastproject.util.doc.rest.RestQuery)6 EntityManager (javax.persistence.EntityManager)5 EntityTransaction (javax.persistence.EntityTransaction)4 Group (org.opencastproject.security.api.Group)4 SecurityService (org.opencastproject.security.api.SecurityService)4 User (org.opencastproject.security.api.User)4 Date (java.util.Date)3 POST (javax.ws.rs.POST)3 PUT (javax.ws.rs.PUT)3 JSONArray (org.json.simple.JSONArray)3