Build of r/16.x from Tue Jul 30 20:35:48 UTC 2024

r/16.x/admin/index.html

@@ -762,5 +762,5 @@ <h2 id="release-documentation">Release Documentation</h2>
 </html>
 <!--
 MkDocs version : 1.6.0
-Build Date UTC : 2024-07-27 10:55:14.611432+00:00
+Build Date UTC : 2024-07-30 20:35:37.980005+00:00
 -->

r/16.x/commit

@@ -1,24 +1,65 @@
-commit bf955836f6004291031377321e9b0ad1971c78d9
+commit 669b060f59e4dc942b57ff2d188ce03cd2fa014a
 Author: Lars Kiesow <[email protected]>
-Date:   Sat Jul 27 12:54:48 2024 +0200
+Date:   Tue Jul 30 22:35:13 2024 +0200
 
-    Update karaf version to 4.4.6 (#6006)
+    Properly handle ACL publication for non-admins (#6042)
 
-    This updates Karaf from version 4.4.4 to version 4.4.6 and updates the
-    following dependencies:
+    If a non-admin user tries to publish something, Opencast will try to get
+    the ACL for the media package intended for publication. During this
+    process, Opencast tries to evaluate the ACL and write it to the
+    database. Unfortunately, this process silently fails, causing an empty
+    ACL to be written into the database instead.
 
-    - commons-compress 1.26.1
-    - commons-lang3 3.14.0
-    - commons-logging 1.3.1
+    The search service then tries to publish to the search index. This
+    causes several files linked in the media package to be accessed for
+    which the ACL in the database is being evaluated. Since that is now an
+    empty ACL, the access check fails, meaning that the publication fails
+    halfway (event is in the database, but not in the index).
 
-    * [ ] have a concise title
-    * [ ] [close an accompanying
+    This patch allows Opencast to always access the access control list
+    linked in the media package, so that the correct ACL ends up in the
+    database, meaning the correct ACL will be used for the index checks.
+
+    This fixes the overall problem and allows non-admin users to actually
+    publish events.
+
+    This fixes #5333
+    This fixes #6040
+
+    ---
+
+    Easy way to test the problem is to run this in the Opencast git
+    repository:
+    ```
+    curl -i -u admin:opencast http://localhost:8080/user-utils/ \
+      -F username=test \
+      -F password=opencast \
+      -F 'roles=["ROLE_STUDIO"]'
+
+    curl -i -f -u test:opencast http://localhost:8080/ingest/addMediaPackage/fast \
+      -F flavor=presenter/source \
+      -F BODY=@modules/inspection-service-ffmpeg/src/test/resources/segments_1.mp4 \
+      -F title=test \
+      -F identifier=test \
+      -F acl='{"acl": {"ace": [{"role": "ROLE_USER","action": "read"},{"role": "ROLE_USER","action": "write"}]}}'
+    ```
+
+    ---
+
+    We might want to check if this was broken prior to 16.x but since this
+    code has changed with the migration away from Solr, it would need a
+    different patch.
+
+    ### Your pull request should…
+
+    * [x] have a concise title
+    * [x] [close an accompanying
     issue](https://docs.opencast.org/develop/developer/#participate/development-process/#automatically-closing-issues-when-a-pr-is-merged)
     if one exists
-    * [ ] [be against the correct
+    * [x] [be against the correct
     branch](https://docs.opencast.org/develop/developer/development-process#acceptance-criteria-for-patches-in-different-versions)
-    * [ ] include migration scripts and documentation, if appropriate
-    * [ ] pass automated tests
-    * [ ] have a clean commit history
-    * [ ] [have proper commit messages (title and body) for all
+    * [x] include migration scripts and documentation, if appropriate
+    * [x] pass automated tests
+    * [x] have a clean commit history
+    * [x] [have proper commit messages (title and body) for all
     commits](https://medium.com/@steveamaza/e028865e5791)

r/16.x/developer/index.html

@@ -424,5 +424,5 @@ <h1 id="opencast-development-guides">Opencast Development Guides</h1>
 </html>
 <!--
 MkDocs version : 1.6.0
-Build Date UTC : 2024-07-27 10:55:16.117529+00:00
+Build Date UTC : 2024-07-30 20:35:39.503275+00:00
 -->