Examples with RoleCannotBeManagedException cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException used on opensource projects

Example 1 with RoleCannotBeManagedException

use of cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException in project perun by CESNET.

the class FacilitiesManagerBlImpl method createFacility.

@Override
public Facility createFacility(PerunSession sess, Facility facility) throws FacilityExistsException {
    // check facility name, it can contain only a-zA-Z.0-9_-
    if (!facility.getName().matches("^[ a-zA-Z.0-9_-]+$")) {
        throw new IllegalArgumentException("Wrong facility name, facility name can contain only a-Z0-9.-_ and space characters");
    }
    // check if facility have uniq name
    try {
        this.getFacilityByName(sess, facility.getName());
        throw new FacilityExistsException(facility);
    } catch (FacilityNotExistsException ex) {
    /* OK */
    }
    // create facility
    facility = getFacilitiesManagerImpl().createFacility(sess, facility);
    getPerunBl().getAuditer().log(sess, new FacilityCreated(facility));
    // set creator as Facility manager
    if (sess.getPerunPrincipal().getUser() != null) {
        try {
            AuthzResolverBlImpl.setRole(sess, sess.getPerunPrincipal().getUser(), facility, Role.FACILITYADMIN);
        } catch (AlreadyAdminException ex) {
            throw new ConsistencyErrorException("Add manager to newly created Facility failed because there is particular manager already assigned", ex);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    } else {
        log.warn("Can't set Facility manager during creating of the Facility. User from perunSession is null. {} {}", facility, sess);
    }
    return facility;
}

Example 2 with RoleCannotBeManagedException

use of cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException in project perun by CESNET.

the class SecurityTeamsManagerBlImpl method deleteSecurityTeam.

@Override
public void deleteSecurityTeam(PerunSession sess, SecurityTeam securityTeam, boolean forceDelete) throws SecurityTeamNotExistsException, RelationExistsException {
    // remove admins of this securityTeam
    List<Group> adminGroups = getSecurityTeamsManagerImpl().getAdminGroups(sess, securityTeam);
    for (Group adminGroup : adminGroups) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminGroup, securityTeam, Role.SECURITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("When trying to unsetRole SecurityAdmin for group {} in the securityTeam {} the exception was thrown {}", adminGroup, securityTeam, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<User> adminUsers = getSecurityTeamsManagerImpl().getAdmins(sess, securityTeam);
    for (User adminUser : adminUsers) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminUser, securityTeam, Role.SECURITYADMIN);
        } catch (UserNotAdminException e) {
            log.warn("When trying to unsetRole SecurityAdmin for user {} in the securityTeam {} the exception was thrown {}", adminUser, securityTeam, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // remove all users from blacklist, which were blacklisted by this security team.
    List<User> blacklist = getSecurityTeamsManagerImpl().getBlacklist(sess, Collections.singletonList(securityTeam));
    if (!blacklist.isEmpty() && !forceDelete) {
        throw new RelationExistsException("SecurityTeam has blacklisted users.");
    }
    for (User blacklistedUser : blacklist) {
        // calling BL will make auditer message about user to appear.
        getPerunBl().getSecurityTeamsManagerBl().removeUserFromBlacklist(sess, securityTeam, blacklistedUser);
    }
    // remove security team from all facilities
    List<Facility> facilities = getPerunBl().getFacilitiesManagerBl().getAssignedFacilities(sess, securityTeam);
    if (!facilities.isEmpty() && !forceDelete) {
        throw new RelationExistsException("SecurityTeam is assigned to some facilities.");
    }
    for (Facility facility : facilities) {
        // calling BL will make auditer message about facility to appear.
        getPerunBl().getFacilitiesManagerBl().removeSecurityTeam(sess, facility, securityTeam);
    }
    getSecurityTeamsManagerImpl().deleteSecurityTeam(sess, securityTeam);
    getPerunBl().getAuditer().log(sess, new SecurityTeamDeleted(securityTeam));
}

Example 3 with RoleCannotBeManagedException

use of cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException in project perun by CESNET.

the class GroupsManagerBlImpl method createGroup.

@Override
public Group createGroup(PerunSession sess, Vo vo, Group group) throws GroupExistsException {
    if (group.getParentGroupId() != null)
        throw new InternalErrorException("Top-level groups can't have parentGroupId set!");
    group = getGroupsManagerImpl().createGroup(sess, vo, group);
    getPerunBl().getAuditer().log(sess, new GroupCreatedInVo(group, vo));
    group.setVoId(vo.getId());
    // set creator as group admin unless he already have authz right on the group (he is VO admin or this is "members" group of VO)
    User user = sess.getPerunPrincipal().getUser();
    if (user != null) {
        // user can be null in tests
        if (!sess.getPerunPrincipal().getRoles().hasRole(Role.PERUNADMIN) && !sess.getPerunPrincipal().getRoles().hasRole(Role.VOADMIN, vo) && !VosManager.MEMBERS_GROUP.equals(group.getName())) {
            try {
                AuthzResolverBlImpl.setRole(sess, user, group, Role.GROUPADMIN);
            } catch (AlreadyAdminException e) {
                throw new ConsistencyErrorException("Newly created group already have an admin.", e);
            } catch (RoleCannotBeManagedException e) {
                throw new InternalErrorException(e);
            }
        }
    }
    return group;
}

Example 4 with RoleCannotBeManagedException

use of cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException in project perun by CESNET.

the class VosManagerBlImpl method createVo.

@Override
public Vo createVo(PerunSession sess, Vo vo) throws VoExistsException {
    // Create entries in the DB and Grouper
    vo = getVosManagerImpl().createVo(sess, vo);
    getPerunBl().getAuditer().log(sess, new VoCreated(vo));
    User user = sess.getPerunPrincipal().getUser();
    // set creator as VO manager
    if (user != null) {
        try {
            AuthzResolverBlImpl.setRole(sess, user, vo, Role.VOADMIN);
            log.debug("User {} added like administrator to VO {}", user, vo);
        } catch (AlreadyAdminException ex) {
            throw new ConsistencyErrorException("Add manager to newly created VO failed because there is a particular manager already assigned", ex);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    } else {
        log.error("Can't set VO manager during creating of the VO. User from perunSession is null. {} {}", vo, sess);
    }
    try {
        // Create group containing VO members
        Group members = new Group(VosManager.MEMBERS_GROUP, VosManager.MEMBERS_GROUP_DESCRIPTION + " for VO " + vo.getName());
        getPerunBl().getGroupsManagerBl().createGroup(sess, vo, members);
        log.debug("Members group created, vo '{}'", vo);
    } catch (GroupExistsException e) {
        throw new ConsistencyErrorException("Group already exists", e);
    }
    // create empty application form
    getVosManagerImpl().createApplicationForm(sess, vo);
    log.info("Vo {} created", vo);
    return vo;
}

Example 5 with RoleCannotBeManagedException

use of cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException in project perun by CESNET.

the class FacilitiesManagerBlImpl method deleteFacility.

@Override
public void deleteFacility(PerunSession sess, Facility facility, Boolean force) throws RelationExistsException, FacilityAlreadyRemovedException, HostAlreadyRemovedException, ResourceAlreadyRemovedException, GroupAlreadyRemovedFromResourceException {
    if (force) {
        List<Resource> resources = this.getAssignedResources(sess, facility);
        for (Resource resource : resources) {
            getPerunBl().getResourcesManagerBl().deleteResource(sess, resource);
        }
        List<Task> tasks = perunBl.getTasksManagerBl().listAllTasksForFacility(sess, facility.getId());
        for (Task task : tasks) {
            perunBl.getTasksManagerBl().deleteTaskResults(sess, task.getId());
            perunBl.getTasksManagerBl().removeTask(sess, task.getId());
        }
    } else {
        if (getFacilitiesManagerImpl().getAssignedResources(sess, facility).size() > 0) {
            throw new RelationExistsException("Facility is still used as a resource");
        }
    }
    // remove admins of this facility
    List<Group> adminGroups = getFacilitiesManagerImpl().getAdminGroups(sess, facility);
    for (Group adminGroup : adminGroups) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminGroup, facility, Role.FACILITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("When trying to unsetRole FacilityAdmin for group {} in the facility {} the exception was thrown {}", adminGroup, facility, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<User> adminUsers = getFacilitiesManagerImpl().getAdmins(sess, facility);
    for (User adminUser : adminUsers) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminUser, facility, Role.FACILITYADMIN);
        } catch (UserNotAdminException e) {
            log.warn("When trying to unsetRole FacilityAdmin for user {} in the facility {} the exception was thrown {}", adminUser, facility, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // remove hosts
    List<Host> hosts = this.getHosts(sess, facility);
    for (Host host : hosts) {
        this.removeHost(sess, host, facility);
    }
    // remove destinations
    getPerunBl().getServicesManagerBl().removeAllDestinations(sess, facility);
    // remove assigned security teams
    List<SecurityTeam> teams = getAssignedSecurityTeams(sess, facility);
    for (SecurityTeam team : teams) {
        removeSecurityTeam(sess, facility, team);
    }
    // remove associated attributes
    try {
        getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, facility);
    } catch (WrongAttributeValueException | WrongReferenceAttributeValueException e) {
        throw new InternalErrorException(e);
    }
    // Remove all facility bans
    List<BanOnFacility> bansOnFacility = this.getBansForFacility(sess, facility.getId());
    for (BanOnFacility banOnFacility : bansOnFacility) {
        try {
            this.removeBan(sess, banOnFacility.getId());
        } catch (BanNotExistsException ex) {
        // it is ok, we just want to remove it anyway
        }
    }
    // Remove all service denials
    getFacilitiesManagerImpl().removeAllServiceDenials(facility.getId());
    // delete facility
    getFacilitiesManagerImpl().deleteFacilityOwners(sess, facility);
    getFacilitiesManagerImpl().deleteFacility(sess, facility);
    getPerunBl().getAuditer().log(sess, new FacilityDeleted(facility));
}