Examples with ExtendMembershipException cz.metacentrum.perun.core.api.exceptions.ExtendMembershipException used on opensource projects

Example 1 with ExtendMembershipException

use of cz.metacentrum.perun.core.api.exceptions.ExtendMembershipException in project perun by CESNET.

the class JsonSerializerGWT method writePerunException.

@Override
public void writePerunException(PerunException pex) throws IOException {
    JsonGenerator gen = jsonFactory.createJsonGenerator(out, JsonEncoding.UTF8);
    if (pex == null) {
        throw new IllegalArgumentException("pex is null");
    } else {
        gen.writeStartObject();
        gen.writeStringField("errorId", pex.getErrorId());
        if (pex instanceof RpcException) {
            gen.writeStringField("type", ((RpcException) pex).getType());
            gen.writeStringField("errorInfo", ((RpcException) pex).getErrorInfo());
        } else {
            gen.writeStringField("type", pex.getClass().getSimpleName());
            gen.writeStringField("errorInfo", pex.getMessage());
        }
        // write reason param for this case
        if (pex instanceof ExtendMembershipException) {
            gen.writeStringField("reason", ((ExtendMembershipException) pex).getReason().toString());
        }
        gen.writeEndObject();
    }
    gen.close();
}

Example 2 with ExtendMembershipException

use of cz.metacentrum.perun.core.api.exceptions.ExtendMembershipException in project perun by CESNET.

the class GroupsManagerEntryIntegrationTest method extendGroupMembershipForMemberWithInsufficientLoa.

@Test
public void extendGroupMembershipForMemberWithInsufficientLoa() throws Exception {
    System.out.println(CLASS_NAME + "extendGroupMembershipForMemberWithInsufficientLoa");
    ExtSource es = perun.getExtSourcesManagerBl().createExtSource(sess, extSource, null);
    // set up member in group and vo
    Vo vo = setUpVo();
    Member member1 = setUpMemberWithDifferentParam(vo, 111);
    // set up group
    groupsManagerBl.createGroup(sess, vo, group);
    groupsManagerBl.addMember(sess, group, member1);
    // Set membershipExpirationRules attribute
    HashMap<String, String> extendMembershipRules = new LinkedHashMap<>();
    extendMembershipRules.put(AbstractMembershipExpirationRulesModule.membershipPeriodKeyName, "1.1.");
    extendMembershipRules.put(AbstractMembershipExpirationRulesModule.membershipDoNotExtendLoaKeyName, "0,1");
    Attribute extendMembershipRulesAttribute = new Attribute(attributesManager.getAttributeDefinition(sess, AttributesManager.NS_GROUP_ATTR_DEF + ":groupMembershipExpirationRules"));
    extendMembershipRulesAttribute.setValue(extendMembershipRules);
    attributesManager.setAttribute(sess, group, extendMembershipRulesAttribute);
    Attribute membershipExpirationAttribute = new Attribute(attributesManager.getAttributeDefinition(sess, AttributesManager.NS_MEMBER_GROUP_ATTR_DEF + ":groupMembershipExpiration"));
    LocalDate now = LocalDate.now();
    membershipExpirationAttribute.setValue(now.toString());
    attributesManager.setAttribute(sess, member1, group, membershipExpirationAttribute);
    // Set LOA 1 for member
    UserExtSource ues = new UserExtSource(es, "abc");
    ues.setLoa(1);
    User user = usersManagerBl.getUserByMember(sess, member1);
    usersManagerBl.addUserExtSource(sess, user, ues);
    // Try to extend membership
    try {
        groupsManagerBl.extendMembershipInGroup(sess, member1, group);
    } catch (ExtendMembershipException e) {
        assertEquals(e.getReason(), ExtendMembershipException.Reason.INSUFFICIENTLOAFOREXTENSION);
    }
    Attribute membershipAttribute = attributesManager.getAttribute(sess, member1, group, AttributesManager.NS_MEMBER_GROUP_ATTR_DEF + ":groupMembershipExpiration");
    assertNotNull("membership attribute must be set", membershipAttribute);
    assertEquals("membership attribute value must contains same value as before extension.", now.toString(), // Attribute cannot contain any value
    membershipAttribute.getValue());
}

Example 3 with ExtendMembershipException

use of cz.metacentrum.perun.core.api.exceptions.ExtendMembershipException in project perun by CESNET.

the class MembersManagerBlImpl method canBeMemberInternal.

/**
 * More info on https://wiki.metacentrum.cz/wiki/VO_managers%27s_manual
 *
 * Check if the user can apply for VO membership. VO restrictions doesn't apply to service users.
 *
 * @param sess sess
 * @param vo VO to apply for
 * @param user User applying for membership
 * @param loa level of assurance provided by user's external identity
 * @param throwExceptions TRUE = throw exceptions / FALSE = return false when user can't be member of VO
 * @return True if user can become member of VO / false or exception otherwise.
 *
 * @throws ExtendMembershipException When user can't be member of VO and throwExceptions is set to true
 * @throws InternalErrorException
 */
protected boolean canBeMemberInternal(PerunSession sess, Vo vo, User user, String loa, boolean throwExceptions) throws ExtendMembershipException {
    if (user != null && user.isServiceUser())
        return true;
    // Check if the VO has set membershipExpirationRules attribute
    LinkedHashMap<String, String> membershipExpirationRules;
    Attribute membershipExpirationRulesAttribute;
    try {
        membershipExpirationRulesAttribute = getPerunBl().getAttributesManagerBl().getAttribute(sess, vo, MembersManager.membershipExpirationRulesAttributeName);
        membershipExpirationRules = membershipExpirationRulesAttribute.valueAsMap();
        // If attribute was not filled, then silently exit
        if (membershipExpirationRules == null)
            return true;
    } catch (AttributeNotExistsException e) {
        // No rules set, so leave it as it is
        return true;
    } catch (WrongAttributeAssignmentException e) {
        throw new InternalErrorException("Shouldn't happen.");
    }
    // Which LOA we won't allow?
    if (membershipExpirationRules.get(AbstractMembershipExpirationRulesModule.membershipDoNotAllowLoaKeyName) != null) {
        if (loa == null) {
            // User doesn't have LOA defined and LOA is required for getting in, so do not allow membership.
            log.warn("User {} doesn't have LOA defined, but 'doNotAllowLoa' option is set for VO {}.", user, vo);
            if (throwExceptions) {
                throw new ExtendMembershipException(ExtendMembershipException.Reason.NOUSERLOA, "User " + user + " doesn't have LOA defined, but 'doNotExtendLoa' option is set for VO id " + vo.getId() + ".");
            } else {
                return false;
            }
        }
        String[] doNotAllowLoas = membershipExpirationRules.get(AbstractMembershipExpirationRulesModule.membershipDoNotAllowLoaKeyName).split(",");
        for (String doNotAllowLoa : doNotAllowLoas) {
            if (doNotAllowLoa.equals(loa)) {
                // User has LOA which is not allowed for getting in
                if (throwExceptions) {
                    throw new ExtendMembershipException(ExtendMembershipException.Reason.INSUFFICIENTLOA, "User " + user + " doesn't have required LOA for VO id " + vo.getId() + ".");
                } else {
                    return false;
                }
            }
        }
    }
    return true;
}

Example 4 with ExtendMembershipException

use of cz.metacentrum.perun.core.api.exceptions.ExtendMembershipException in project perun by CESNET.

the class MembersManagerBlImpl method createMember.

@Override
public Member createMember(PerunSession sess, Vo vo, ExtSource extSource, String login, List<Group> groups) throws WrongAttributeValueException, WrongReferenceAttributeValueException, AlreadyMemberException, ExtendMembershipException {
    // First of all get candidate from extSource directly
    Candidate candidate = null;
    try {
        if (extSource instanceof ExtSourceApi) {
            // get first subject, then create candidate
            Map<String, String> subject = ((ExtSourceSimpleApi) extSource).getSubjectByLogin(login);
            candidate = new Candidate(getPerunBl().getExtSourcesManagerBl().getCandidate(sess, subject, extSource, login));
        } else if (extSource instanceof ExtSourceSimpleApi) {
            // get candidates from external source by login
            candidate = new Candidate(getPerunBl().getExtSourcesManagerBl().getCandidate(sess, extSource, login));
        }
    } catch (CandidateNotExistsException | SubjectNotExistsException ex) {
        throw new InternalErrorException("Can't find candidate for login " + login + " in extSource " + extSource, ex);
    } catch (ExtSourceUnsupportedOperationException ex) {
        throw new InternalErrorException("Some operation is not allowed for extSource " + extSource, ex);
    } finally {
        if (extSource instanceof ExtSourceSimpleApi) {
            try {
                ((ExtSourceSimpleApi) extSource).close();
            } catch (ExtSourceUnsupportedOperationException e) {
            // silently skip
            } catch (Exception e) {
                log.error("Failed to close connection to extsource", e);
            }
        }
    }
    return this.createMember(sess, vo, candidate, groups);
}

Example 5 with ExtendMembershipException

use of cz.metacentrum.perun.core.api.exceptions.ExtendMembershipException in project perun by CESNET.

the class MembersManagerEntry method createMember.

@Override
public Member createMember(PerunSession sess, Vo vo, ExtSource extSource, String login, List<Group> groups) throws WrongAttributeValueException, WrongReferenceAttributeValueException, AlreadyMemberException, ExtendMembershipException, VoNotExistsException, ExtSourceNotExistsException, PrivilegeException, GroupNotExistsException {
    Utils.checkPerunSession(sess);
    getPerunBl().getVosManagerBl().checkVoExists(sess, vo);
    getPerunBl().getExtSourcesManagerBl().checkExtSourceExists(sess, extSource);
    // if any group is not from the vo, throw an exception
    if (groups != null) {
        for (Group group : groups) {
            perunBl.getGroupsManagerBl().checkGroupExists(sess, group);
            if (group.getVoId() != vo.getId())
                throw new InternalErrorException("Group " + group + " is not from the vo " + vo + " where user with login " + login + " from ExtSource " + extSource + " should be added.");
        }
    }
    // Authorization
    if (!AuthzResolver.authorizedInternal(sess, "createMember_Vo_ExtSource_String_List<Group>_policy", Arrays.asList(vo, extSource))) {
        // also group admin of all affected groups is ok
        if (groups != null && !groups.isEmpty()) {
            for (Group group : groups) {
                if (!AuthzResolver.authorizedInternal(sess, "createMember_Vo_ExtSource_String_List<Group>_policy", group)) {
                    throw new PrivilegeException(sess, "createMember - from login and extSource");
                }
            }
            // ExtSource has to be assigned to at least one of the groups
            boolean groupContainsExtSource = groups.stream().map(group -> getPerunBl().getExtSourcesManagerBl().getGroupExtSources(sess, group)).anyMatch(extSources -> extSources.contains(extSource));
            if (!groupContainsExtSource) {
                throw new PrivilegeException(sess, "createMember - from login and extSource");
            }
        } else {
            throw new PrivilegeException(sess, "createMember - from login and extSource");
        }
    }
    // we run async validation
    Member member = getMembersManagerBl().createMember(sess, vo, extSource, login, groups);
    getMembersManagerBl().validateMemberAsync(sess, member);
    return member;
}