Examples with AttributeDefinition cz.metacentrum.perun.core.api.AttributeDefinition used on opensource projects

Example 1 with AttributeDefinition

use of cz.metacentrum.perun.core.api.AttributeDefinition in project perun by CESNET.

the class AttributesManagerEntry method checkAttributeValue.

public void checkAttributeValue(PerunSession sess, Group group, Attribute attribute) throws PrivilegeException, InternalErrorException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException, AttributeNotExistsException, GroupNotExistsException {
    Utils.checkPerunSession(sess);
    getAttributesManagerBl().checkAttributeExists(sess, attribute);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    //Choose to which attributes has the principal access
    if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attribute), group, null))
        throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attribute));
    getAttributesManagerBl().checkAttributeValue(sess, group, attribute);
}

Example 2 with AttributeDefinition

use of cz.metacentrum.perun.core.api.AttributeDefinition in project perun by CESNET.

the class AttributesManagerEntry method checkAttributesValue.

public void checkAttributesValue(PerunSession sess, Resource resource, Group group, List<Attribute> attributes, boolean workWithGroupAttribute) throws PrivilegeException, InternalErrorException, AttributeNotExistsException, ResourceNotExistsException, GroupNotExistsException, WrongAttributeAssignmentException, WrongAttributeValueException, GroupResourceMismatchException, WrongReferenceAttributeValueException {
    Utils.checkPerunSession(sess);
    getAttributesManagerBl().checkAttributesExists(sess, attributes);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    if (!getPerunBl().getGroupsManagerBl().getVo(sess, group).equals(getPerunBl().getResourcesManagerBl().getVo(sess, resource))) {
        throw new GroupResourceMismatchException("group and resource are not in the same VO");
    }
    //Choose to which attributes has the principal access
    for (Attribute attr : attributes) {
        if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_GROUP_RESOURCE_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), resource, group))
                throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_GROUP_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), group, null))
                throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
        }
    }
    getAttributesManagerBl().checkAttributesValue(sess, resource, group, attributes, workWithGroupAttribute);
}

Example 3 with AttributeDefinition

use of cz.metacentrum.perun.core.api.AttributeDefinition in project perun by CESNET.

the class AttributesManagerEntry method checkAttributesValue.

@Override
public void checkAttributesValue(PerunSession sess, Member member, Group group, List<Attribute> attributes, boolean workWithUserAttributes) throws PrivilegeException, InternalErrorException, ResourceNotExistsException, MemberNotExistsException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException, AttributeNotExistsException, GroupNotExistsException {
    Utils.checkPerunSession(sess);
    getAttributesManagerBl().checkAttributesExists(sess, attributes);
    getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    //Choose to which attributes has the principal access
    for (Attribute attr : attributes) {
        if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_MEMBER_GROUP_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), member, group))
                throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_USER_ATTR)) {
            User user = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), user, null))
                throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_MEMBER_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), member, null))
                throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
        } else {
            throw new WrongAttributeAssignmentException("There is some attribute which is not type of any possible choice.");
        }
    }
    getAttributesManagerBl().checkAttributesValue(sess, member, group, attributes, workWithUserAttributes);
}

Example 4 with AttributeDefinition

use of cz.metacentrum.perun.core.api.AttributeDefinition in project perun by CESNET.

the class AttributesManagerEntry method checkAttributesValue.

public void checkAttributesValue(PerunSession sess, Vo vo, List<Attribute> attributes) throws PrivilegeException, InternalErrorException, VoNotExistsException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException, AttributeNotExistsException {
    Utils.checkPerunSession(sess);
    getAttributesManagerBl().checkAttributesExists(sess, attributes);
    getPerunBl().getVosManagerBl().checkVoExists(sess, vo);
    //Choose to which attributes has the principal access
    for (Attribute attr : attributes) {
        if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), vo, null))
            throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
    }
    getAttributesManagerBl().checkAttributesValue(sess, vo, attributes);
}

Example 5 with AttributeDefinition

use of cz.metacentrum.perun.core.api.AttributeDefinition in project perun by CESNET.

the class AttributesManagerEntry method removeAttributes.

@Override
public void removeAttributes(PerunSession sess, Member member, Group group, List<? extends AttributeDefinition> attributes) throws InternalErrorException, PrivilegeException, AttributeNotExistsException, MemberNotExistsException, GroupNotExistsException, WrongAttributeAssignmentException, WrongAttributeValueException, WrongReferenceAttributeValueException {
    Utils.checkPerunSession(sess);
    getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    getAttributesManagerBl().checkAttributesExists(sess, attributes);
    //Choose to which attributes has the principal access
    for (AttributeDefinition attrDef : attributes) {
        if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrDef, member, group))
            throw new PrivilegeException("Principal has no access to remove attribute = " + attrDef);
    }
    getAttributesManagerBl().removeAttributes(sess, member, group, attributes);
}