Could not retrieve property 'theme' of series

[Ferran C]

Hello everyone,

We have created a user who can only view the events, edit the metadata, access the editor and publish a video from the editor. We have created the user with the following roles:

    "ROLE_UI_NAV_SYSTEMS_VIEW",
    "ROLE_API",
    "ROLE_UI_EVENTS_DETAILS_METADATA_VIEW",
    "ROLE_UI_SERVERS_VIEW",
    "ROLE_API_SERIES_VIEW",
    "ROLE_API_SERIES_METADATA_VIEW",
    "ROLE_API_SERIES_PROPERTIES_VIEW",
    "ROLE_API_SERIES_ACL_VIEW",
    "ROLE_UI_EVENTS_COUNTERS_VIEW",
    "ROLE_ADMIN_UI",
    "ROLE_UI_EVENTS_DETAILS_METADATA_EDIT",
    "ROLE_UI_EVENTS_DETAILS_VIEW",
    "ROLE_UI_EVENTS_DETAILS_COMMENTS_VIEW",
    "ROLE_UI_EVENTS_EDITOR_VIEW",
    "ROLE_UI_EVENTS_VIEW",
    "ROLE_UI_EVENTS_EDITOR_EDIT",
    "ROLE_UI_SERVICES_VIEW",
    "ROLE_UI_NAV",
    "ROLE_UI_JOBS_VIEW",
    "ROLE_UI_NAV_RECORDINGS_VIEW"

The problem is that we get errors during the workflow execution:

2023-05-18T12:02:05,272 | ERROR | (SeriesServiceDatabaseImpl:500) - Could not retrieve property 'theme' of series '5bf07757-59b6-4154-a217-21689b7c53ba'
org.opencastproject.security.api.UnauthorizedException: streaming:mh_default_org:opencast is not authorized to see series 5bf07757-59b6-4154-a217-21689b7c53ba properties
at org.opencastproject.series.impl.persistence.SeriesServiceDatabaseImpl.lambda$getSeriesProperty$7(SeriesServiceDatabaseImpl.java:488) ~[?:?]
at org.opencastproject.db.DBSessionImpl.execTxChecked(DBSessionImpl.java:152) ~[!/:?]
at org.opencastproject.db.DBSessionImpl.execTxChecked(DBSessionImpl.java:120) ~[!/:?]
at org.opencastproject.series.impl.persistence.SeriesServiceDatabaseImpl.getSeriesProperty(SeriesServiceDatabaseImpl.java:481) [!/:?]
at org.opencastproject.series.impl.SeriesServiceImpl.getSeriesProperty(SeriesServiceImpl.java:363) [!/:?]
at org.opencastproject.workflow.handler.themes.ThemeWorkflowOperationHandler.start(ThemeWorkflowOperationHandler.java:201) [!/:?]
at org.opencastproject.workflow.impl.WorkflowOperationWorker.start(WorkflowOperationWorker.java:212) [!/:?]
at org.opencastproject.workflow.impl.WorkflowOperationWorker.execute(WorkflowOperationWorker.java:117) [!/:?]
at org.opencastproject.workflow.impl.WorkflowServiceImpl.runWorkflowOperation(WorkflowServiceImpl.java:722) [!/:?]
at org.opencastproject.workflow.impl.WorkflowServiceImpl.process(WorkflowServiceImpl.java:1740) [!/:?]
at org.opencastproject.workflow.impl.WorkflowServiceImpl$JobRunner.call(WorkflowServiceImpl.java:2101) [!/:?]
at org.opencastproject.workflow.impl.WorkflowServiceImpl$JobRunner.call(WorkflowServiceImpl.java:2067) [!/:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
2023-05-18T12:02:05,274 | ERROR | (WorkflowOperationWorker:140) - Workflow operation 'operation:'theme, state:'FAILED'' failed
org.opencastproject.workflow.api.WorkflowOperationException: org.opencastproject.series.api.SeriesException: Failed to get series property for series with series id '5bf07757-59b6-4154-a217-21689b7c53ba' and property name 'theme'
at org.opencastproject.workflow.handler.themes.ThemeWorkflowOperationHandler.start(ThemeWorkflowOperationHandler.java:312) ~[?:?]
at org.opencastproject.workflow.impl.WorkflowOperationWorker.start(WorkflowOperationWorker.java:212) ~[!/:?]
at org.opencastproject.workflow.impl.WorkflowOperationWorker.execute(WorkflowOperationWorker.java:117) [!/:?]
at org.opencastproject.workflow.impl.WorkflowServiceImpl.runWorkflowOperation(WorkflowServiceImpl.java:722) [!/:?]
at org.opencastproject.workflow.impl.WorkflowServiceImpl.process(WorkflowServiceImpl.java:1740) [!/:?]
at org.opencastproject.workflow.impl.WorkflowServiceImpl$JobRunner.call(WorkflowServiceImpl.java:2101) [!/:?]
at org.opencastproject.workflow.impl.WorkflowServiceImpl$JobRunner.call(WorkflowServiceImpl.java:2067) [!/:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: org.opencastproject.series.api.SeriesException: Failed to get series property for series with series id '5bf07757-59b6-4154-a217-21689b7c53ba' and property name 'theme'
at org.opencastproject.series.impl.SeriesServiceImpl.getSeriesProperty(SeriesServiceImpl.java:370) ~[?:?]
at org.opencastproject.workflow.handler.themes.ThemeWorkflowOperationHandler.start(ThemeWorkflowOperationHandler.java:201) ~[?:?]
... 10 more
Caused by: org.opencastproject.series.impl.SeriesServiceDatabaseException: org.opencastproject.security.api.UnauthorizedException: streaming:mh_default_org:opencast is not authorized to see series 5bf07757-59b6-4154-a217-21689b7c53ba properties
at org.opencastproject.series.impl.persistence.SeriesServiceDatabaseImpl.getSeriesProperty(SeriesServiceDatabaseImpl.java:501) ~[?:?]
at org.opencastproject.series.impl.SeriesServiceImpl.getSeriesProperty(SeriesServiceImpl.java:363) ~[?:?]
at org.opencastproject.workflow.handler.themes.ThemeWorkflowOperationHandler.start(ThemeWorkflowOperationHandler.java:201) ~[?:?]
... 10 more
Caused by: org.opencastproject.security.api.UnauthorizedException: streaming:mh_default_org:opencast is not authorized to see series 5bf07757-59b6-4154-a217-21689b7c53ba properties
at org.opencastproject.series.impl.persistence.SeriesServiceDatabaseImpl.lambda$getSeriesProperty$7(SeriesServiceDatabaseImpl.java:488) ~[?:?]
at org.opencastproject.db.DBSessionImpl.execTxChecked(DBSessionImpl.java:152) ~[!/:?]
at org.opencastproject.db.DBSessionImpl.execTxChecked(DBSessionImpl.java:120) ~[!/:?]
at org.opencastproject.series.impl.persistence.SeriesServiceDatabaseImpl.getSeriesProperty(SeriesServiceDatabaseImpl.java:481) ~[?:?]
at org.opencastproject.series.impl.SeriesServiceImpl.getSeriesProperty(SeriesServiceImpl.java:363) ~[?:?]
at org.opencastproject.workflow.handler.themes.ThemeWorkflowOperationHandler.start(ThemeWorkflowOperationHandler.java:201) ~[?:?]
... 10 more


We understand that with the ROLE_API_SERIES_PROPERTIES_VIEW you can obtain the theme ID, but you can't get the theme properties.

Is there a role that allows us to get the properties of the theme? Or are we missing some necessary role?

Our goal is that the user has only the necessary permissions to be able to execute a workflow from the video editor.

Best regards, Ferran.

[Dietmar Zenker]

Hi Ferran,

there are several theme-related roles - have you tried to assign them to your restricted user?

Greetings,

Dietmar

[Ferran C]

Hello Dietmar.

Thank you very much for the help.

UI permissions don't help us because we don't want the new user to be able to see the themes from the UI. We want the user to be able to access the information on the topics. But it seems that with the API permissions you can't access it either.

The problem is that the theme was created by the Administrator user, so the new user did not have access.

As a partial solution, we have created another topic and another series from the new user, and we generate the events of that user with the new series. In this way, the new user can access the theme information and encode it after editing.

This solution does not seem the most appropriate, because we would like many events use the same series.

Best regards, Ferran.

[Dietmar Zenker]

Hello Ferran,

what about the role "ROLE_UI_SERIES_DETAILS_THEMES_EDIT"?

Another approach would be to add necessary roles to the URL patterns in /security/mh_default_org.xml.

For instance, access to

    <sec:intercept-url pattern="/admin-ng/series/new/themes" method="GET" access="ROLE_ADMIN, ROLE_UI_SERIES_DETAILS_THEMES_EDIT" />

could be allowed for ROLE_API_SERIES_PROPERTIES_VIEW.

Greetings,

Dietmar