Example 1 with SecurityTeamDeleted
use of cz.metacentrum.perun.audit.events.SecurityTeamsManagerEvents.SecurityTeamDeleted in project perun by CESNET.
the class SecurityTeamsManagerBlImpl method deleteSecurityTeam.
@Override
public void deleteSecurityTeam(PerunSession sess, SecurityTeam securityTeam, boolean forceDelete) throws SecurityTeamNotExistsException, RelationExistsException {
// remove admins of this securityTeam
List<Group> adminGroups = getSecurityTeamsManagerImpl().getAdminGroups(sess, securityTeam);
for (Group adminGroup : adminGroups) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminGroup, securityTeam, Role.SECURITYADMIN);
} catch (GroupNotAdminException e) {
log.warn("When trying to unsetRole SecurityAdmin for group {} in the securityTeam {} the exception was thrown {}", adminGroup, securityTeam, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<User> adminUsers = getSecurityTeamsManagerImpl().getAdmins(sess, securityTeam);
for (User adminUser : adminUsers) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminUser, securityTeam, Role.SECURITYADMIN);
} catch (UserNotAdminException e) {
log.warn("When trying to unsetRole SecurityAdmin for user {} in the securityTeam {} the exception was thrown {}", adminUser, securityTeam, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// remove all users from blacklist, which were blacklisted by this security team.
List<User> blacklist = getSecurityTeamsManagerImpl().getBlacklist(sess, Collections.singletonList(securityTeam));
if (!blacklist.isEmpty() && !forceDelete) {
throw new RelationExistsException("SecurityTeam has blacklisted users.");
}
for (User blacklistedUser : blacklist) {
// calling BL will make auditer message about user to appear.
getPerunBl().getSecurityTeamsManagerBl().removeUserFromBlacklist(sess, securityTeam, blacklistedUser);
}
// remove security team from all facilities
List<Facility> facilities = getPerunBl().getFacilitiesManagerBl().getAssignedFacilities(sess, securityTeam);
if (!facilities.isEmpty() && !forceDelete) {
throw new RelationExistsException("SecurityTeam is assigned to some facilities.");
}
for (Facility facility : facilities) {
// calling BL will make auditer message about facility to appear.
getPerunBl().getFacilitiesManagerBl().removeSecurityTeam(sess, facility, securityTeam);
}
getSecurityTeamsManagerImpl().deleteSecurityTeam(sess, securityTeam);
getPerunBl().getAuditer().log(sess, new SecurityTeamDeleted(securityTeam));
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
User(cz.metacentrum.perun.core.api.User)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
SecurityTeamDeleted(cz.metacentrum.perun.audit.events.SecurityTeamsManagerEvents.SecurityTeamDeleted)
GroupNotAdminException(cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)
RoleCannotBeManagedException(cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
Facility(cz.metacentrum.perun.core.api.Facility)
Aggregations
SecurityTeamDeleted (cz.metacentrum.perun.audit.events.SecurityTeamsManagerEvents.SecurityTeamDeleted)1
Facility (cz.metacentrum.perun.core.api.Facility)1
Group (cz.metacentrum.perun.core.api.Group)1
User (cz.metacentrum.perun.core.api.User)1
GroupNotAdminException (cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)1
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)1
RelationExistsException (cz.metacentrum.perun.core.api.exceptions.RelationExistsException)1
RoleCannotBeManagedException (cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)1
UserNotAdminException (cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)1
