Package org.opencastproject.security.api

Interface AuthorizationService

All Known Implementing Classes:
XACMLAuthorizationService
public interface AuthorizationService
Provides generation and interpretation of policy documents in media packages

  • Method Details

    • hasPermission

      boolean hasPermission(MediaPackage mp, String action)
      Determines whether the current user can take the specified action on the media package.
      Parameters:
      mp - the media package
      action - the action (e.g. read, modify, delete)
      Returns:
      whether the current user has the correct privileges to take this action

    • hasPermission

      boolean hasPermission(AccessControlList acl, String action)
      Determines whether the current user can take the specified action given the access control list. This is not restricted to access control lists in media packages, but works regardless of which entity the access control list belongs to.
      Parameters:
      acl - the access control list
      action - the action (e.g. read, modify, delete)
      Returns:
      whether the current user has the correct privileges to take this action

    • getActiveAcl

      Tuple<AccessControlList,AclScope> getActiveAcl(MediaPackage mp)
      Gets the active access control list associated with the given media package, as specified by its XACML attachments. XACML attachments are evaluated in the following order:
      1. Use episode XACML attachment if present
      2. Use series XACML attachment if present
      3. Use non-specific XACML attachment if present. Note that the usage of this is deprecated!
      4. Use the global default ACL
      Note that this is identical to calling getAcl(MediaPackage, AclScope) with scope set to AclScope.Series.
      Parameters:
      mp - the media package
      Returns:
      the active access control list as well as the scope identifying the source of the access rules (episode, series, …).

    • getAcl

      Tuple<AccessControlList,AclScope> getAcl(MediaPackage mp, AclScope scope)
      Gets the access control list for a given scope associated with the given media package, as specified by its XACML attachments. XACML attachments are evaluated in the following order:
      1. Use episode XACML attachment if present. This applies only if scope is set to AclScope.Episode
      2. Use series XACML attachment if present. This applies only if scope is set to AclScope.Episode or AclScope.Series
      3. Use non-specific XACML attachment if present. Note that the usage of this is deprecated!
      4. Use the global default ACL
      Parameters:
      mp - the media package
      scope - the acl scope
      Returns:
      the access control list as well as the scope identifying the source of the access rules (episode, series, …) for the given media package and scope.

    • setAcl

      Tuple<MediaPackage,Attachment> setAcl(MediaPackage mp, AclScope scope, AccessControlList acl) throws MediaPackageException
      Attaches the provided policies to a media package as a XACML attachment, replacing any previous policy element of the same scope.
      Parameters:
      mp - the media package
      scope - scope of the ACL
      acl - the tuples of roles to actions
      Returns:
      the mutated (!) media package with attached XACML policy and the XACML attachment
      Throws:
      MediaPackageException

    • removeAcl

      MediaPackage removeAcl(MediaPackage mp, AclScope scope)
      Remove the XACML of the given scope.
      Parameters:
      mp - the media package
      scope - scope of the ACL
      Returns:
      the mutated (!) media package with removed XACML policy