Examples with AllUserExtSourcesDeletedForUser cz.metacentrum.perun.audit.events.UserManagerEvents.AllUserExtSourcesDeletedForUser used on opensource projects

Example 1 with AllUserExtSourcesDeletedForUser

use of cz.metacentrum.perun.audit.events.UserManagerEvents.AllUserExtSourcesDeletedForUser in project perun by CESNET.

the class UsersManagerBlImpl method deleteUser.

private void deleteUser(PerunSession sess, User user, boolean forceDelete, boolean anonymizeInstead) throws RelationExistsException, MemberAlreadyRemovedException, UserAlreadyRemovedException, SpecificUserAlreadyRemovedException, AnonymizationNotSupportedException {
    List<Member> members = getPerunBl().getMembersManagerBl().getMembersByUser(sess, user);
    if (members != null && (members.size() > 0)) {
        if (forceDelete) {
            for (Member member : members) {
                getPerunBl().getMembersManagerBl().deleteMember(sess, member);
            }
        } else {
            throw new RelationExistsException("Members exist");
        }
    }
    if (getPerunBl().getSecurityTeamsManagerBl().isUserBlacklisted(sess, user) && forceDelete) {
        getPerunBl().getSecurityTeamsManagerBl().removeUserFromAllBlacklists(sess, user);
    } else if (getPerunBl().getSecurityTeamsManagerBl().isUserBlacklisted(sess, user) && !forceDelete) {
        throw new RelationExistsException("User is blacklisted by some security team. Deletion would cause loss of this information.");
    }
    // First delete all associated external sources to the user
    removeAllUserExtSources(sess, user);
    getPerunBl().getAuditer().log(sess, new AllUserExtSourcesDeletedForUser(user));
    // delete all authorships of users publications
    getUsersManagerImpl().removeAllAuthorships(sess, user);
    // delete all mailchange request related to user
    getUsersManagerImpl().removeAllPreferredEmailChangeRequests(sess, user);
    // delete all pwdreset request related to user
    getUsersManagerImpl().removeAllPasswordResetRequests(sess, user);
    // get all reserved logins of user
    List<Pair<String, String>> logins = getUsersManagerImpl().getUsersReservedLogins(user);
    // delete them from KDC
    for (Pair<String, String> login : logins) {
        try {
            // !! left = namespace / right = login
            this.deletePassword(sess, login.getRight(), login.getLeft());
        } catch (LoginNotExistsException e) {
        // OK - User hasn't assigned any password with this login
        } catch (InvalidLoginException e) {
            throw new InternalErrorException("We are deleting login of user, but its syntax is not allowed by namespace configuration.", e);
        } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException e) {
            if (forceDelete) {
                log.error("Error during deletion of an account at {} for user {} with login {}.", login.getLeft(), user, login.getRight());
            } else {
                throw new RelationExistsException("Error during deletion of an account at " + login.getLeft() + " for user " + user + " with login " + login.getRight() + ".");
            }
        }
    }
    // delete them from DB
    getUsersManagerImpl().deleteUsersReservedLogins(user);
    // Remove all possible passwords associated with logins (stored in attributes)
    for (Attribute loginAttribute : getPerunBl().getAttributesManagerBl().getLogins(sess, user)) {
        try {
            this.deletePassword(sess, (String) loginAttribute.getValue(), loginAttribute.getFriendlyNameParameter());
        } catch (LoginNotExistsException e) {
        // OK - User hasn't assigned any password with this login
        } catch (InvalidLoginException e) {
            throw new InternalErrorException("We are deleting login of user, but its syntax is not allowed by namespace configuration.", e);
        } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException e) {
            if (forceDelete) {
                log.error("Error during deletion of the account at {} for user {} with login {}.", loginAttribute.getFriendlyNameParameter(), user, loginAttribute.getValue());
            } else {
                throw new RelationExistsException("Error during deletion of the account at " + loginAttribute.getFriendlyNameParameter() + " for user " + user + " with login " + loginAttribute.getValue() + ".");
            }
        }
    }
    // Delete, keep or anonymize assigned attributes
    try {
        // User-Facilities one
        getPerunBl().getAttributesManagerBl().removeAllUserFacilityAttributes(sess, user);
        // Users one
        if (anonymizeInstead) {
            List<String> attributesToAnonymize = BeansUtils.getCoreConfig().getAttributesToAnonymize();
            List<String> attributesToKeep = BeansUtils.getCoreConfig().getAttributesToKeep();
            List<Attribute> userAttributes = getPerunBl().getAttributesManagerBl().getAttributes(sess, user);
            for (Attribute attribute : userAttributes) {
                // Skip core and virtual attributes
                if (getPerunBl().getAttributesManagerBl().isCoreAttribute(sess, attribute) || getPerunBl().getAttributesManagerBl().isVirtAttribute(sess, attribute)) {
                    continue;
                }
                // Skip attributes configured to keep untouched
                if (attributesToKeep.contains(attribute.getName()) || // Attributes like 'login-namespace:mu' are configured as 'login-namespace:*'
                (!attribute.getFriendlyNameParameter().isEmpty() && attributesToKeep.contains(attribute.getNamespace() + ":" + attribute.getBaseFriendlyName() + ":*"))) {
                    continue;
                }
                // Anonymize configured attributes
                if (attributesToAnonymize.contains(attribute.getName()) || (!attribute.getFriendlyNameParameter().isEmpty() && attributesToAnonymize.contains(attribute.getNamespace() + ":" + attribute.getBaseFriendlyName() + ":*"))) {
                    Attribute anonymized = getPerunBl().getAttributesManagerBl().getAnonymizedValue(sess, user, attribute);
                    getPerunBl().getAttributesManagerBl().setAttribute(sess, user, anonymized);
                } else {
                    // Delete remaining attributes
                    getPerunBl().getAttributesManagerBl().removeAttribute(sess, user, attribute);
                }
            }
        } else {
            getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, user);
        }
    } catch (WrongAttributeValueException | WrongReferenceAttributeValueException | WrongAttributeAssignmentException ex) {
        // All members are deleted => there are no required attributes => all attributes can be removed
        throw new ConsistencyErrorException(ex);
    }
    // Remove user authz
    AuthzResolverBlImpl.removeAllUserAuthz(sess, user);
    // delete even inactive links
    usersManagerImpl.deleteSponsorLinks(sess, user);
    // Remove all users bans
    List<BanOnFacility> bansOnFacility = getPerunBl().getFacilitiesManagerBl().getBansForUser(sess, user.getId());
    for (BanOnFacility banOnFacility : bansOnFacility) {
        try {
            getPerunBl().getFacilitiesManagerBl().removeBan(sess, banOnFacility.getId());
        } catch (BanNotExistsException ex) {
        // it is ok, we just want to remove it anyway
        }
    }
    // Remove all sponsored user authz of his owners
    if (user.isSponsoredUser())
        AuthzResolverBlImpl.removeAllSponsoredUserAuthz(sess, user);
    if (anonymizeInstead) {
        getUsersManagerImpl().anonymizeUser(sess, user);
        // delete all users applications and submitted data, this is needed only when 'anonymizeInstead'
        // because applications are deleted on cascade when user's row is deleted in DB
        getUsersManagerImpl().deleteUsersApplications(user);
    } else {
        // Finally delete the user
        getUsersManagerImpl().deleteUser(sess, user);
        getPerunBl().getAuditer().log(sess, new UserDeleted(user));
    }
}