use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method setAttributes.
@Override
public void setAttributes(PerunSession sess, Member member, Group group, List<Attribute> attributes, boolean workWithUserAttributes) throws PrivilegeException, GroupNotExistsException, InternalErrorException, MemberNotExistsException, AttributeNotExistsException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException, UserNotExistsException {
Utils.checkPerunSession(sess);
getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
for (Attribute attribute : attributes) {
attribute = this.perunBl.getAttributesManagerBl().convertEmptyStringIntoNullInAttrValue(attribute);
attribute = this.perunBl.getAttributesManagerBl().convertBooleanFalseIntoNullInAttrValue(attribute);
}
getAttributesManagerBl().checkAttributesExists(sess, attributes);
//Choose to which attributes has the principal access
for (Attribute attr : attributes) {
if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_MEMBER_GROUP_ATTR)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), member, group))
throw new PrivilegeException("Principal has no access to set attribute = " + new AttributeDefinition(attr));
} else if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_MEMBER_ATTR_DEF)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), member, null))
throw new PrivilegeException("Principal has no access to set attribute = " + new AttributeDefinition(attr));
} else if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_USER_ATTR)) {
User u = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), u, null))
throw new PrivilegeException("Principal has no access to set attribute = " + new AttributeDefinition(attr));
} else {
throw new WrongAttributeAssignmentException("One of setting attribute has not correct type : " + new AttributeDefinition(attr));
}
}
getAttributesManagerBl().setAttributes(sess, member, group, attributes, workWithUserAttributes);
}
use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method removeAllAttributes.
public void removeAllAttributes(PerunSession sess, User user) throws InternalErrorException, PrivilegeException, UserNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException {
Utils.checkPerunSession(sess);
getPerunBl().getUsersManagerBl().checkUserExists(sess, user);
//Choose if principal has access to remove all attributes
List<Attribute> allAttributes = getPerunBl().getAttributesManagerBl().getAttributes(sess, user);
for (Attribute attr : allAttributes) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attr, user, null))
throw new PrivilegeException("Principal has no access to remove attribute = " + new AttributeDefinition(attr));
}
getAttributesManagerBl().removeAllAttributes(sess, user);
}
use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method removeAllAttributes.
public void removeAllAttributes(PerunSession sess, UserExtSource ues) throws InternalErrorException, PrivilegeException, UserExtSourceNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException {
Utils.checkPerunSession(sess);
getPerunBl().getUsersManagerBl().checkUserExtSourceExists(sess, ues);
//Choose if principal has access to remove all attributes
List<Attribute> allAttributes = getPerunBl().getAttributesManagerBl().getAttributes(sess, ues);
for (Attribute attr : allAttributes) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attr, ues, null))
throw new PrivilegeException("Principal has no access to remove attribute = " + new AttributeDefinition(attr));
}
getAttributesManagerBl().removeAllAttributes(sess, ues);
}
use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method getRequiredAttributes.
public List<Attribute> getRequiredAttributes(PerunSession sess, Service service, Member member, Group group) throws PrivilegeException, InternalErrorException, ServiceNotExistsException, MemberNotExistsException, GroupNotExistsException, WrongAttributeAssignmentException {
Utils.checkPerunSession(sess);
getPerunBl().getServicesManagerBl().checkServiceExists(sess, service);
getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
List<Attribute> attributes = getAttributesManagerBl().getRequiredAttributes(sess, service, member, group);
Iterator<Attribute> attrIter = attributes.iterator();
//Choose to which attributes has the principal access
while (attrIter.hasNext()) {
Attribute attrNext = attrIter.next();
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, member, group))
attrIter.remove();
else
attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, member, group));
}
return attributes;
}
use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method getAttribute.
public Attribute getAttribute(PerunSession sess, Resource resource, Group group, String attributeName) throws PrivilegeException, InternalErrorException, AttributeNotExistsException, ResourceNotExistsException, GroupNotExistsException, WrongAttributeAssignmentException, GroupResourceMismatchException {
Utils.checkPerunSession(sess);
Utils.notNull(attributeName, "attributeName");
getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
if (!getPerunBl().getGroupsManagerBl().getVo(sess, group).equals(getPerunBl().getResourcesManagerBl().getVo(sess, resource))) {
throw new GroupResourceMismatchException("group and resource are not in the same VO");
}
Attribute attr = getAttributesManagerBl().getAttribute(sess, resource, group, attributeName);
//Choose to which attributes has the principal access
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attr, resource, group))
throw new PrivilegeException("Principal has no access to get attribute = " + new AttributeDefinition(attr));
else
attr.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attr, resource, group));
return attr;
}
Aggregations