View Javadoc
1   /*
2    * Licensed to The Apereo Foundation under one or more contributor license
3    * agreements. See the NOTICE file distributed with this work for additional
4    * information regarding copyright ownership.
5    *
6    *
7    * The Apereo Foundation licenses this file to you under the Educational
8    * Community License, Version 2.0 (the "License"); you may not use this file
9    * except in compliance with the License. You may obtain a copy of the License
10   * at:
11   *
12   *   http://opensource.org/licenses/ecl2.txt
13   *
14   * Unless required by applicable law or agreed to in writing, software
15   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
17   * License for the specific language governing permissions and limitations under
18   * the License.
19   *
20   */
21  
22  package org.opencastproject.graphql.command;
23  
24  import org.opencastproject.authorization.xacml.manager.api.AclService;
25  import org.opencastproject.authorization.xacml.manager.api.AclServiceFactory;
26  import org.opencastproject.elasticsearch.api.SearchIndexException;
27  import org.opencastproject.elasticsearch.index.ElasticsearchIndex;
28  import org.opencastproject.graphql.exception.GraphQLNotFoundException;
29  import org.opencastproject.graphql.exception.GraphQLRuntimeException;
30  import org.opencastproject.graphql.exception.GraphQLUnauthorizedException;
31  import org.opencastproject.graphql.execution.context.OpencastContext;
32  import org.opencastproject.graphql.execution.context.OpencastContextManager;
33  import org.opencastproject.graphql.series.GqlSeries;
34  import org.opencastproject.graphql.type.input.AccessControlListInput;
35  import org.opencastproject.graphql.util.GraphQLObjectMapper;
36  import org.opencastproject.security.api.AccessControlEntry;
37  import org.opencastproject.security.api.AccessControlList;
38  import org.opencastproject.security.api.SecurityService;
39  import org.opencastproject.security.api.UnauthorizedException;
40  import org.opencastproject.series.api.SeriesException;
41  import org.opencastproject.series.api.SeriesService;
42  import org.opencastproject.util.NotFoundException;
43  
44  public class UpdateSeriesAclCommand extends AbstractCommand<GqlSeries> {
45  
46    private final String seriesId;
47  
48    public UpdateSeriesAclCommand(final Builder builder) {
49      super(builder);
50      this.seriesId = builder.seriesId;
51    }
52  
53    @Override
54    public GqlSeries execute() {
55      OpencastContext context = OpencastContextManager.getCurrentContext();
56      final SeriesService seriesService = context.getService(SeriesService.class);
57  
58      final AccessControlListInput aclInput = GraphQLObjectMapper.newInstance()
59          .convertValue(environment.getArgument("acl"), AccessControlListInput.class);
60      if (aclInput != null) {
61        try {
62          AccessControlList acl = new AccessControlList();
63          for (var entry : aclInput.getEntries()) {
64            for (var action : entry.getAction()) {
65              acl.getEntries().add(new AccessControlEntry(entry.getRole(), action, true));
66            }
67          }
68  
69          if (aclInput.getManagedAclId() != null) {
70            AclService aclService = context.getService(AclServiceFactory.class)
71                .serviceFor(context.getService(SecurityService.class).getOrganization());
72            aclService.getAcl(aclInput.getManagedAclId())
73                .ifPresent(value -> acl.merge(value.getAcl()));
74          }
75          seriesService.updateAccessControl(seriesId, acl);
76        } catch (UnauthorizedException e) {
77          throw new GraphQLUnauthorizedException(e.getMessage());
78        } catch (NotFoundException e) {
79          throw new GraphQLNotFoundException(e.getMessage());
80        } catch (SeriesException e) {
81          throw new GraphQLRuntimeException(e);
82        }
83      }
84  
85      try {
86        ElasticsearchIndex index = context.getService(ElasticsearchIndex.class);
87        return new GqlSeries(
88            index.getSeries(seriesId, context.getOrganization().getId(), context.getUser()).get()
89        );
90      } catch (SearchIndexException e) {
91        throw new GraphQLRuntimeException(e);
92      }
93    }
94  
95    public static Builder create(String eventId) {
96      return new Builder(eventId);
97    }
98  
99    public static class Builder extends AbstractCommand.Builder<GqlSeries> {
100 
101     private final String seriesId;
102 
103     public Builder(String seriesId) {
104       this.seriesId = seriesId;
105     }
106 
107     @Override
108     public void validate() {
109       super.validate();
110       if (seriesId == null || seriesId.isEmpty()) {
111         throw new IllegalStateException("Series ID cannot be null or empty");
112       }
113     }
114 
115     @Override
116     public UpdateSeriesAclCommand build() {
117       validate();
118       return new UpdateSeriesAclCommand(this);
119     }
120   }
121 
122 }