Add correct custom roles to index for role-based-event-access

Instead of adding some default roles and calling it a day, actually add roles based on the original ACL.
lkiesow · Mar 4, 2024 · 42375e9 · 42375e9
1 parent ddfdc2c
commit 42375e9
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/...et-manager-impl/src/main/java/org/opencastproject/assetmanager/impl/AssetManagerImpl.java b/...et-manager-impl/src/main/java/org/opencastproject/assetmanager/impl/AssetManagerImpl.java
@@ -1647,10 +1647,16 @@ private Event updateAclInEvent(Event event, MediaPackage mp, String eventId) {
     if (episodeIdRole) {
       // Add custom roles to the ACL
       // This allows users with a role of the form ROLE_EPISODE_<ID>_<ACTION> to access the event through the index
-      AccessControlEntry entry1 = new AccessControlEntry("ROLE_EPISODE_" + eventId + "_READ", "read", true);
-      AccessControlEntry entry2 = new AccessControlEntry("ROLE_EPISODE_" + eventId + "_WRITE", "read", true);
-      AccessControlEntry entry3 = new AccessControlEntry("ROLE_EPISODE_" + eventId + "_WRITE", "write", true);
-      AccessControlList customRoles = new AccessControlList(entry1, entry2, entry3);
+      List<AccessControlEntry> customEntries = new ArrayList<>();
+      for (AccessControlEntry entry : acl.getEntries()) {
+        customEntries.add(new AccessControlEntry("ROLE_EPISODE_" + eventId + "_" + entry.getAction().toUpperCase(),
+            entry.getAction(), true));
+        // If write access, grant read access as well
+        if ("write".equals(entry.getAction())) {
+          customEntries.add(new AccessControlEntry("ROLE_EPISODE_" + eventId + "_" + "READ", "read", true));
+        }
+      }
+      AccessControlList customRoles = new AccessControlList(customEntries);
       acl = customRoles.merge(acl);
     }