From d026eff570a3811bb9b5758ebb11d849e6c69c0e Mon Sep 17 00:00:00 2001
From: Opencast Docs Bot <cloud@opencast.org>
Date: Tue, 30 Jul 2024 20:35:48 +0000
Subject: [PATCH] Build of r/16.x from Tue Jul 30 20:35:48 UTC 2024

---
 r/16.x/admin/index.html         |   2 +-
 r/16.x/admin/sitemap.xml.gz     | Bin 127 -> 127 bytes
 r/16.x/commit                   |  71 +++++++++++++++++++++++++-------
 r/16.x/developer/index.html     |   2 +-
 r/16.x/developer/sitemap.xml.gz | Bin 127 -> 127 bytes
 5 files changed, 58 insertions(+), 17 deletions(-)

diff --git a/r/16.x/admin/index.html b/r/16.x/admin/index.html
index 640581a6a..65aea2a59 100644
--- a/r/16.x/admin/index.html
+++ b/r/16.x/admin/index.html
@@ -762,5 +762,5 @@ <h2 id="release-documentation">Release Documentation</h2>
 </html>
 <!--
 MkDocs version : 1.6.0
-Build Date UTC : 2024-07-27 10:55:14.611432+00:00
+Build Date UTC : 2024-07-30 20:35:37.980005+00:00
 -->
\ No newline at end of file
diff --git a/r/16.x/admin/sitemap.xml.gz b/r/16.x/admin/sitemap.xml.gz
index b4467e7d2426800bcccee843d56cadfa470dbd72..3320740418c6411261a5ff8653ac09971731c8f6 100644
GIT binary patch
delta 13
Ucmb=gXP58h;9$^QF_FCj02vGer2qf`

delta 13
Ucmb=gXP58h;ApT|GLgLk030&}EC2ui

diff --git a/r/16.x/commit b/r/16.x/commit
index be238b44e..b3a02163a 100644
--- a/r/16.x/commit
+++ b/r/16.x/commit
@@ -1,24 +1,65 @@
-commit bf955836f6004291031377321e9b0ad1971c78d9
+commit 669b060f59e4dc942b57ff2d188ce03cd2fa014a
 Author: Lars Kiesow <lkiesow@uos.de>
-Date:   Sat Jul 27 12:54:48 2024 +0200
+Date:   Tue Jul 30 22:35:13 2024 +0200
 
-    Update karaf version to 4.4.6 (#6006)
+    Properly handle ACL publication for non-admins (#6042)
     
-    This updates Karaf from version 4.4.4 to version 4.4.6 and updates the
-    following dependencies:
+    If a non-admin user tries to publish something, Opencast will try to get
+    the ACL for the media package intended for publication. During this
+    process, Opencast tries to evaluate the ACL and write it to the
+    database. Unfortunately, this process silently fails, causing an empty
+    ACL to be written into the database instead.
     
-    - commons-compress 1.26.1
-    - commons-lang3 3.14.0
-    - commons-logging 1.3.1
+    The search service then tries to publish to the search index. This
+    causes several files linked in the media package to be accessed for
+    which the ACL in the database is being evaluated. Since that is now an
+    empty ACL, the access check fails, meaning that the publication fails
+    halfway (event is in the database, but not in the index).
     
-    * [ ] have a concise title
-    * [ ] [close an accompanying
+    This patch allows Opencast to always access the access control list
+    linked in the media package, so that the correct ACL ends up in the
+    database, meaning the correct ACL will be used for the index checks.
+    
+    This fixes the overall problem and allows non-admin users to actually
+    publish events.
+    
+    This fixes #5333
+    This fixes #6040
+    
+    ---
+    
+    Easy way to test the problem is to run this in the Opencast git
+    repository:
+    ```
+    curl -i -u admin:opencast http://localhost:8080/user-utils/ \
+      -F username=test \
+      -F password=opencast \
+      -F 'roles=["ROLE_STUDIO"]'
+    
+    curl -i -f -u test:opencast http://localhost:8080/ingest/addMediaPackage/fast \
+      -F flavor=presenter/source \
+      -F BODY=@modules/inspection-service-ffmpeg/src/test/resources/segments_1.mp4 \
+      -F title=test \
+      -F identifier=test \
+      -F acl='{"acl": {"ace": [{"role": "ROLE_USER","action": "read"},{"role": "ROLE_USER","action": "write"}]}}'
+    ```
+    
+    ---
+    
+    We might want to check if this was broken prior to 16.x but since this
+    code has changed with the migration away from Solr, it would need a
+    different patch.
+    
+    ### Your pull request should…
+    
+    * [x] have a concise title
+    * [x] [close an accompanying
     issue](https://docs.opencast.org/develop/developer/#participate/development-process/#automatically-closing-issues-when-a-pr-is-merged)
     if one exists
-    * [ ] [be against the correct
+    * [x] [be against the correct
     branch](https://docs.opencast.org/develop/developer/development-process#acceptance-criteria-for-patches-in-different-versions)
-    * [ ] include migration scripts and documentation, if appropriate
-    * [ ] pass automated tests
-    * [ ] have a clean commit history
-    * [ ] [have proper commit messages (title and body) for all
+    * [x] include migration scripts and documentation, if appropriate
+    * [x] pass automated tests
+    * [x] have a clean commit history
+    * [x] [have proper commit messages (title and body) for all
     commits](https://medium.com/@steveamaza/e028865e5791)
diff --git a/r/16.x/developer/index.html b/r/16.x/developer/index.html
index 005c3bbca..82270a05d 100644
--- a/r/16.x/developer/index.html
+++ b/r/16.x/developer/index.html
@@ -424,5 +424,5 @@ <h1 id="opencast-development-guides">Opencast Development Guides</h1>
 </html>
 <!--
 MkDocs version : 1.6.0
-Build Date UTC : 2024-07-27 10:55:16.117529+00:00
+Build Date UTC : 2024-07-30 20:35:39.503275+00:00
 -->
\ No newline at end of file
diff --git a/r/16.x/developer/sitemap.xml.gz b/r/16.x/developer/sitemap.xml.gz
index b4467e7d2426800bcccee843d56cadfa470dbd72..3320740418c6411261a5ff8653ac09971731c8f6 100644
GIT binary patch
delta 13
Ucmb=gXP58h;9$^QF_FCj02vGer2qf`

delta 13
Ucmb=gXP58h;ApT|GLgLk030&}EC2ui