Examples with RoleManagementRulesNotExistsException cz.metacentrum.perun.core.api.exceptions.RoleManagementRulesNotExistsException used on opensource projects

Example 1 with RoleManagementRulesNotExistsException

use of cz.metacentrum.perun.core.api.exceptions.RoleManagementRulesNotExistsException in project perun by CESNET.

the class AuthzResolver method unsetRole.

/**
 * Unset role for group and <b>one</b> complementary object
 *
 * If some complementary object is wrong for the role, throw an exception.
 * For role "PERUNADMIN" ignore complementary object.
 *
 * @param sess perun session
 * @param authorizedGroup the group for unsetting role
 * @param role role of user in a session
 * @param complementaryObject object for which role will be unset
 */
public static void unsetRole(PerunSession sess, Group authorizedGroup, PerunBean complementaryObject, String role) throws PrivilegeException, GroupNotExistsException, GroupNotAdminException, RoleCannotBeManagedException {
    Utils.notNull(role, "role");
    if (!roleExists(role)) {
        throw new InternalErrorException("Role: " + role + " does not exists.");
    }
    ((PerunBl) sess.getPerun()).getGroupsManagerBl().checkGroupExists(sess, authorizedGroup);
    try {
        if (!authorizedToManageRole(sess, complementaryObject, role)) {
            throw new PrivilegeException("You are not privileged to use the method unsetRole.");
        }
    } catch (RoleManagementRulesNotExistsException e) {
        throw new InternalErrorException("Management rules not exist for the role " + role, e);
    }
    AuthzResolverBlImpl.unsetRole(sess, authorizedGroup, complementaryObject, role);
}

Example 2 with RoleManagementRulesNotExistsException

use of cz.metacentrum.perun.core.api.exceptions.RoleManagementRulesNotExistsException in project perun by CESNET.

the class AuthzResolver method getRichAdmins.

/**
 * Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.
 *
 * If <b>onlyDirectAdmins</b> is <b>true</b>, return only direct users of the complementary object for role with specific attributes.
 * If <b>allUserAttributes</b> is <b>true</b>, do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes.
 *
 * @param sess perun session
 * @param complementaryObject for which we will get administrator
 * @param specificAttributes list of specified attributes which are needed in object richUser
 * @param role expected role to filter managers by
 * @param onlyDirectAdmins if true, get only direct user administrators (if false, get both direct and indirect)
 * @param allUserAttributes if true, get all possible user attributes and ignore list of specificAttributes (if false, get only specific attributes)
 *
 * @return list of richUser administrators for complementary object and role with specified attributes.
 */
public static List<RichUser> getRichAdmins(PerunSession sess, PerunBean complementaryObject, List<String> specificAttributes, String role, boolean onlyDirectAdmins, boolean allUserAttributes) throws PrivilegeException, RoleCannotBeManagedException {
    Utils.checkPerunSession(sess);
    Utils.notNull(role, "role");
    Utils.notNull(complementaryObject, "complementaryObject");
    if (!roleExists(role)) {
        throw new InternalErrorException("Role: " + role + " does not exists.");
    }
    // Authorization
    try {
        if (!authorizedToReadRole(sess, complementaryObject, role)) {
            throw new PrivilegeException("You are not privileged to use the method getRichAdmins.");
        }
    } catch (RoleManagementRulesNotExistsException e) {
        throw new InternalErrorException("Management rules not exist for the role " + role, e);
    }
    return AuthzResolverBlImpl.getRichAdmins(sess, complementaryObject, specificAttributes, role, onlyDirectAdmins, allUserAttributes);
}

Example 3 with RoleManagementRulesNotExistsException

use of cz.metacentrum.perun.core.api.exceptions.RoleManagementRulesNotExistsException in project perun by CESNET.

the class AuthzResolver method unsetRole.

/**
 * Unset role for user and <b>one</b> complementary object.
 *
 * If complementary object is wrong for the role, throw an exception.
 * For role "PERUNADMIN" ignore complementary object.
 *
 * @param sess perun session
 * @param user the user for unsetting role
 * @param role role of user in a session
 * @param complementaryObject object for which role will be unset
 */
public static void unsetRole(PerunSession sess, User user, PerunBean complementaryObject, String role) throws PrivilegeException, UserNotExistsException, UserNotAdminException, RoleCannotBeManagedException {
    Utils.notNull(role, "role");
    if (!roleExists(role)) {
        throw new InternalErrorException("Role: " + role + " does not exists.");
    }
    ((PerunBl) sess.getPerun()).getUsersManagerBl().checkUserExists(sess, user);
    try {
        if (!authorizedToManageRole(sess, complementaryObject, role)) {
            throw new PrivilegeException("You are not privileged to use the method unsetRole.");
        }
    } catch (RoleManagementRulesNotExistsException e) {
        throw new InternalErrorException("Management rules not exist for the role " + role, e);
    }
    AuthzResolverBlImpl.unsetRole(sess, user, complementaryObject, role);
}

Example 4 with RoleManagementRulesNotExistsException

use of cz.metacentrum.perun.core.api.exceptions.RoleManagementRulesNotExistsException in project perun by CESNET.

the class AuthzResolver method getAdminGroups.

/**
 * Get all authorizedGroups for complementary object and role.
 *
 * @param sess perun session
 * @param complementaryObject for which we will get administrator groups
 * @param role expected role to filter authorizedGroups by
 *
 * @return list of authorizedGroups for complementary object and role
 */
public static List<Group> getAdminGroups(PerunSession sess, PerunBean complementaryObject, String role) throws PrivilegeException, RoleCannotBeManagedException {
    Utils.checkPerunSession(sess);
    Utils.notNull(role, "role");
    Utils.notNull(complementaryObject, "complementaryObject");
    if (!roleExists(role)) {
        throw new InternalErrorException("Role: " + role + " does not exists.");
    }
    // Authorization
    try {
        if (!authorizedToReadRole(sess, complementaryObject, role)) {
            throw new PrivilegeException("You are not privileged to use the method getAdminGroups.");
        }
    } catch (RoleManagementRulesNotExistsException e) {
        throw new InternalErrorException("Management rules not exist for the role " + role, e);
    }
    return AuthzResolverBlImpl.getAdminGroups(complementaryObject, role);
}

Example 5 with RoleManagementRulesNotExistsException

use of cz.metacentrum.perun.core.api.exceptions.RoleManagementRulesNotExistsException in project perun by CESNET.

the class AuthzResolver method setRole.

/**
 * Set role for authorizedGroup and <b>one</b> complementary object.
 *
 * If complementary object is wrong for the role, throw an exception.
 * For role "PERUNADMIN" ignore complementary object.
 *
 * @param sess perun session
 * @param authorizedGroup the group for setting role
 * @param role role of user in a session
 * @param complementaryObject object for which role will be set
 */
public static void setRole(PerunSession sess, Group authorizedGroup, PerunBean complementaryObject, String role) throws PrivilegeException, GroupNotExistsException, AlreadyAdminException, RoleCannotBeManagedException {
    Utils.notNull(role, "role");
    if (!roleExists(role)) {
        throw new InternalErrorException("Role: " + role + " does not exists.");
    }
    ((PerunBl) sess.getPerun()).getGroupsManagerBl().checkGroupExists(sess, authorizedGroup);
    try {
        if (!authorizedToManageRole(sess, complementaryObject, role)) {
            throw new PrivilegeException("You are not privileged to use the method setRole.");
        }
    } catch (RoleManagementRulesNotExistsException e) {
        throw new InternalErrorException("Management rules not exist for the role " + role, e);
    }
    AuthzResolverBlImpl.setRole(sess, authorizedGroup, complementaryObject, role);
}