Example 6 with Group
use of cz.metacentrum.perun.core.api.Group in project perun by CESNET.
the class VosManagerImpl method getAdmins.
public List<User> getAdmins(PerunSession sess, Vo vo, Role role) throws InternalErrorException {
try {
Set<User> setOfAdmins = new HashSet<User>();
// direct admins
setOfAdmins.addAll(jdbc.query("select " + UsersManagerImpl.userMappingSelectQuery + " from authz join users on authz.user_id=users.id " + "where authz.vo_id=? and authz.role_id=(select id from roles where name=?)", UsersManagerImpl.USER_MAPPER, vo.getId(), role.getRoleName()));
// admins through a group
List<Group> listOfGroupAdmins = getAdminGroups(sess, vo, role);
for (Group group : listOfGroupAdmins) {
setOfAdmins.addAll(jdbc.query("select " + UsersManagerImpl.userMappingSelectQuery + " from users join members on users.id=members.user_id " + "join groups_members on groups_members.member_id=members.id where groups_members.group_id=?", UsersManagerImpl.USER_MAPPER, group.getId()));
}
return new ArrayList(setOfAdmins);
} catch (EmptyResultDataAccessException ex) {
return new ArrayList<User>();
} catch (RuntimeException ex) {
throw new InternalErrorException(ex);
}
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
User(cz.metacentrum.perun.core.api.User)
ArrayList(java.util.ArrayList)
EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
HashSet(java.util.HashSet)
Example 7 with Group
use of cz.metacentrum.perun.core.api.Group in project perun by CESNET.
the class GroupsManagerImpl method getGroupsByIds.
public List<Group> getGroupsByIds(PerunSession sess, List<Integer> groupsIds) throws InternalErrorException {
// If groupsIds are empty, we can immediately return empty result
if (groupsIds.size() == 0) {
return new ArrayList<Group>();
}
MapSqlParameterSource parameters = new MapSqlParameterSource();
parameters.addValue("ids", groupsIds);
try {
return this.namedParameterJdbcTemplate.query("select " + groupMappingSelectQuery + " from groups where groups.id in ( :ids )", parameters, GROUP_MAPPER);
} catch (EmptyResultDataAccessException ex) {
return new ArrayList<Group>();
} catch (RuntimeException ex) {
throw new InternalErrorException(ex);
}
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
MapSqlParameterSource(org.springframework.jdbc.core.namedparam.MapSqlParameterSource)
ArrayList(java.util.ArrayList)
EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
Example 8 with Group
use of cz.metacentrum.perun.core.api.Group in project perun by CESNET.
the class urn_perun_group_attribute_def_def_unixGID_namespace method checkAttributeValue.
public void checkAttributeValue(PerunSessionImpl sess, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
try {
String gidNamespace = attribute.getFriendlyNameParameter();
//Special behaviour if gid is null
if (attribute.getValue() == null) {
List<Facility> groupFacilities = new ArrayList<Facility>();
for (Resource r : sess.getPerunBl().getResourcesManagerBl().getAssignedResources(sess, group)) {
groupFacilities.add(sess.getPerunBl().getResourcesManagerBl().getFacility(sess, r));
}
Set<String> namespacesWhereGroupMustHaveGIDifItHaveUnixNameThere = sess.getPerunBl().getModulesUtilsBl().getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(sess, groupFacilities, attribute);
for (String namespace : namespacesWhereGroupMustHaveGIDifItHaveUnixNameThere) {
Attribute unixGroupName = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, group, A_G_unixGroupName_namespace + ":" + namespace);
if (unixGroupName.getValue() != null) {
throw new WrongAttributeValueException(attribute, group, "Group is propagated to the facility where it have set unix group name so it must have unix GID too.");
}
}
//Group is not propagated to any facility in this GID namespace or it doesn't have set unix name there so it doesn't need to have unix GID.
return;
}
//Special behaviour if gid is null
Integer attrValue = null;
if (attribute.getValue() == null) {
throw new WrongAttributeValueException(attribute, group, "Unix GID must be set");
} else {
attrValue = (Integer) attribute.getValue();
}
//check if gid is not already depleted
Attribute usedGids = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, gidNamespace, A_E_usedGids);
//null in value means there is no depleted or used gids
if (usedGids.getValue() != null) {
Map<String, String> usedGidsValue = (Map<String, String>) usedGids.getValue();
//Dx, where x is GID means depleted value for GID x
if (usedGidsValue.containsKey("D" + attrValue.toString())) {
throw new WrongReferenceAttributeValueException(attribute, usedGids, group, null, gidNamespace, null, "This GID is already depleted.");
}
}
//Check if gid GID is within allowed range
sess.getPerunBl().getModulesUtilsBl().checkIfGIDIsWithinRange(sess, attribute);
//Prepare lists for all groups and resources with same GID in the same namespace
List<Group> allGroupsWithSameGIDInSameNamespace = new ArrayList<Group>();
List<Resource> allResourcesWithSameGIDInSameNamespace = new ArrayList<Resource>();
//Prepare attributes for searching through groups and resources
Attribute groupGIDAttribute = attribute;
Attribute resourceGIDAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGID_namespace + ":" + gidNamespace));
resourceGIDAttribute.setValue(groupGIDAttribute.getValue());
//Fill lists of Groups and Resources by data
allGroupsWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupGIDAttribute));
allResourcesWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGIDAttribute));
//remove this group
allGroupsWithSameGIDInSameNamespace.remove(group);
//Prepare list of GroupName attributes of this group
List<Attribute> groupNamesOfGroup = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, group, A_G_unixGroupName_namespace + ":");
//Searching through groups
if (!allGroupsWithSameGIDInSameNamespace.isEmpty()) {
for (Group g : allGroupsWithSameGIDInSameNamespace) {
for (Attribute a : groupNamesOfGroup) {
int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, g, a);
if (compare > 0) {
//This is problem, there is the same attribute but have other value
throw new WrongReferenceAttributeValueException(attribute, a, "There is a group with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + g + " " + group);
}
//Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
}
}
}
//Searching through resources
if (!allResourcesWithSameGIDInSameNamespace.isEmpty()) {
for (Resource r : allResourcesWithSameGIDInSameNamespace) {
for (Attribute a : groupNamesOfGroup) {
//Prepare resource version of this group attribute
Attribute resourceGroupName = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGroupName_namespace + ":" + a.getFriendlyNameParameter()));
resourceGroupName.setValue(a.getValue());
int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, r, resourceGroupName);
if (compare > 0) {
//This is problem, there is the same attribute but have other value
throw new WrongReferenceAttributeValueException(attribute, a, "There is a resource with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + r + " " + group);
}
//Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
}
}
}
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Attribute(cz.metacentrum.perun.core.api.Attribute)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
ArrayList(java.util.ArrayList)
Resource(cz.metacentrum.perun.core.api.Resource)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
Facility(cz.metacentrum.perun.core.api.Facility)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 9 with Group
use of cz.metacentrum.perun.core.api.Group in project perun by CESNET.
the class urn_perun_group_attribute_def_def_unixGroupName_namespace method checkAttributeValue.
@Override
public void checkAttributeValue(PerunSessionImpl sess, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
//prepare namespace and groupName value variables
String groupName = null;
if (attribute.getValue() != null)
groupName = (String) attribute.getValue();
String groupNameNamespace = attribute.getFriendlyNameParameter();
if (groupName == null) {
// if this is group attribute, its ok
return;
}
//Check attribute regex
sess.getPerunBl().getModulesUtilsBl().checkAttributeRegex(attribute, "^[-._a-zA-Z0-9]+$");
//Check reserved unix group names
sess.getPerunBl().getModulesUtilsBl().checkReservedUnixGroupNames(attribute);
try {
//prepare attributes group and resource unixGroupName
Attribute groupUnixGroupName = attribute;
Attribute resourceUnixGroupName = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGroupName_namespace + ":" + groupNameNamespace));
resourceUnixGroupName.setValue(attribute.getValue());
//prepare lists of groups and resources with the same groupName value in the same namespace
List<Group> groupsWithSameGroupNameInTheSameNamespace = new ArrayList<Group>();
List<Resource> resourcesWithSameGroupNameInTheSameNamespace = new ArrayList<Resource>();
//Fill lists of groups and resources
groupsWithSameGroupNameInTheSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupUnixGroupName));
resourcesWithSameGroupNameInTheSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceUnixGroupName));
//If there is no group or resource with same GroupNameInTheSameNamespace, its ok
if (groupsWithSameGroupNameInTheSameNamespace.isEmpty() && resourcesWithSameGroupNameInTheSameNamespace.isEmpty())
return;
//First need to know that i have right to write any of duplicit groupName-namespace attribute
boolean haveRights = sess.getPerunBl().getModulesUtilsBl().haveRightToWriteAttributeInAnyGroupOrResource(sess, groupsWithSameGroupNameInTheSameNamespace, resourcesWithSameGroupNameInTheSameNamespace, groupUnixGroupName, resourceUnixGroupName);
if (!haveRights)
throw new WrongReferenceAttributeValueException(attribute, "This groupName is already used for other group or resource and user has no rights to use it.");
//Now if rights are ok, prepare lists of UnixGIDs attributes of this group (also equivalent resource GID)
List<Attribute> groupUnixGIDs = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, group, A_G_unixGID_namespace + ":");
List<Attribute> resourceVersionOfUnixGIDs = sess.getPerunBl().getModulesUtilsBl().getListOfResourceGIDsFromListOfGroupGIDs(sess, groupUnixGIDs);
//In list of duplicit groups looking for GID in same namespace but with different value, thats not correct
if (!groupsWithSameGroupNameInTheSameNamespace.isEmpty()) {
for (Group g : groupsWithSameGroupNameInTheSameNamespace) {
for (Attribute a : groupUnixGIDs) {
int compare;
compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, g, a);
if (compare > 0) {
throw new WrongReferenceAttributeValueException(attribute, a, "One of the group GIDs is from the same namespace like other group GID but with different values.");
}
}
}
}
//In list of duplicit resources looking for GID in same namespace but with different value, thats not correct
if (!resourcesWithSameGroupNameInTheSameNamespace.isEmpty()) {
for (Resource r : resourcesWithSameGroupNameInTheSameNamespace) {
for (Attribute a : resourceVersionOfUnixGIDs) {
int compare;
compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, r, a);
if (compare > 0) {
throw new WrongReferenceAttributeValueException(attribute, a, "One of the group GIDs is from the same namespace like other resource GIDs but with different values.");
}
}
}
}
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Attribute(cz.metacentrum.perun.core.api.Attribute)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
ArrayList(java.util.ArrayList)
Resource(cz.metacentrum.perun.core.api.Resource)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
Example 10 with Group
use of cz.metacentrum.perun.core.api.Group in project perun by CESNET.
the class urn_perun_group_resource_attribute_def_def_freeipaGroupName method checkAttributeValue.
@Override
public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
//prepare group name and check its format
String groupName = (String) attribute.getValue();
if (groupName == null) {
throw new WrongAttributeValueException(attribute, group, "Attribute cannot be null.");
}
Matcher match = pattern.matcher(groupName);
if (!match.matches()) {
throw new WrongAttributeValueException(attribute, group, "Bad format of attribute freeipaGroupName. It has to match pattern ^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$");
}
//Get facility for the resource
Facility facility = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
// Get all resources from the facility
List<Resource> facilityResources = sess.getPerunBl().getFacilitiesManagerBl().getAssignedResources(sess, facility);
//For each resource get all groups
for (Resource rs : facilityResources) {
List<Group> resourceGroups = sess.getPerunBl().getResourcesManagerBl().getAssignedGroups(sess, rs);
//Remove our group from list of groups
if (rs.getId() == resource.getId()) {
resourceGroups.remove(group);
}
//For all groups get name and check uniqueness
for (Group gr : resourceGroups) {
Attribute freeipaGroupNameAttribute = new Attribute();
try {
freeipaGroupNameAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, rs, gr, A_GR_freeipaGroupName);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute " + A_GR_freeipaGroupName + " does not exists for group " + gr + " and resource " + rs, ex);
}
if (freeipaGroupNameAttribute.getValue() != null) {
String name = (String) freeipaGroupNameAttribute.getValue();
if (name.toLowerCase().equals(groupName.toLowerCase())) {
throw new WrongAttributeValueException(attribute, group, "Attribute has to be unique within one facility (case insensitive).");
}
}
}
}
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Matcher(java.util.regex.Matcher)
Attribute(cz.metacentrum.perun.core.api.Attribute)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
Resource(cz.metacentrum.perun.core.api.Resource)
Facility(cz.metacentrum.perun.core.api.Facility)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
Aggregations
Group (cz.metacentrum.perun.core.api.Group)209
Test (org.junit.Test)128
AbstractPerunIntegrationTest (cz.metacentrum.perun.core.AbstractPerunIntegrationTest)124
RichGroup (cz.metacentrum.perun.core.api.RichGroup)56
Member (cz.metacentrum.perun.core.api.Member)55
Resource (cz.metacentrum.perun.core.api.Resource)49
Vo (cz.metacentrum.perun.core.api.Vo)48
User (cz.metacentrum.perun.core.api.User)46
ArrayList (java.util.ArrayList)42
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)36
ContactGroup (cz.metacentrum.perun.core.api.ContactGroup)35
Attribute (cz.metacentrum.perun.core.api.Attribute)34
RichUser (cz.metacentrum.perun.core.api.RichUser)26
Facility (cz.metacentrum.perun.core.api.Facility)24
ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)18
RichResource (cz.metacentrum.perun.core.api.RichResource)17
AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)15
PrivilegeException (cz.metacentrum.perun.core.api.exceptions.PrivilegeException)13
BanOnFacility (cz.metacentrum.perun.core.api.BanOnFacility)11
ExtSource (cz.metacentrum.perun.core.api.ExtSource)11
