Search in sources :

Example 36 with Attribute

use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.

the class AttributesManagerEntry method setAttributes.

@Override
public void setAttributes(PerunSession sess, Member member, Group group, List<Attribute> attributes, boolean workWithUserAttributes) throws PrivilegeException, GroupNotExistsException, InternalErrorException, MemberNotExistsException, AttributeNotExistsException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException, UserNotExistsException {
    Utils.checkPerunSession(sess);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
    for (Attribute attribute : attributes) {
        attribute = this.perunBl.getAttributesManagerBl().convertEmptyStringIntoNullInAttrValue(attribute);
        attribute = this.perunBl.getAttributesManagerBl().convertBooleanFalseIntoNullInAttrValue(attribute);
    }
    getAttributesManagerBl().checkAttributesExists(sess, attributes);
    //Choose to which attributes has the principal access
    for (Attribute attr : attributes) {
        if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_MEMBER_GROUP_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), member, group))
                throw new PrivilegeException("Principal has no access to set attribute = " + new AttributeDefinition(attr));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_MEMBER_ATTR_DEF)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), member, null))
                throw new PrivilegeException("Principal has no access to set attribute = " + new AttributeDefinition(attr));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_USER_ATTR)) {
            User u = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), u, null))
                throw new PrivilegeException("Principal has no access to set attribute = " + new AttributeDefinition(attr));
        } else {
            throw new WrongAttributeAssignmentException("One of setting attribute has not correct type : " + new AttributeDefinition(attr));
        }
    }
    getAttributesManagerBl().setAttributes(sess, member, group, attributes, workWithUserAttributes);
}
Also used : User(cz.metacentrum.perun.core.api.User) Attribute(cz.metacentrum.perun.core.api.Attribute) AttributeDefinition(cz.metacentrum.perun.core.api.AttributeDefinition)

Example 37 with Attribute

use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.

the class AttributesManagerEntry method removeAllAttributes.

public void removeAllAttributes(PerunSession sess, User user) throws InternalErrorException, PrivilegeException, UserNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException {
    Utils.checkPerunSession(sess);
    getPerunBl().getUsersManagerBl().checkUserExists(sess, user);
    //Choose if principal has access to remove all attributes
    List<Attribute> allAttributes = getPerunBl().getAttributesManagerBl().getAttributes(sess, user);
    for (Attribute attr : allAttributes) {
        if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attr, user, null))
            throw new PrivilegeException("Principal has no access to remove attribute = " + new AttributeDefinition(attr));
    }
    getAttributesManagerBl().removeAllAttributes(sess, user);
}
Also used : Attribute(cz.metacentrum.perun.core.api.Attribute) AttributeDefinition(cz.metacentrum.perun.core.api.AttributeDefinition)

Example 38 with Attribute

use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.

the class AttributesManagerEntry method removeAllAttributes.

public void removeAllAttributes(PerunSession sess, UserExtSource ues) throws InternalErrorException, PrivilegeException, UserExtSourceNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException {
    Utils.checkPerunSession(sess);
    getPerunBl().getUsersManagerBl().checkUserExtSourceExists(sess, ues);
    //Choose if principal has access to remove all attributes
    List<Attribute> allAttributes = getPerunBl().getAttributesManagerBl().getAttributes(sess, ues);
    for (Attribute attr : allAttributes) {
        if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attr, ues, null))
            throw new PrivilegeException("Principal has no access to remove attribute = " + new AttributeDefinition(attr));
    }
    getAttributesManagerBl().removeAllAttributes(sess, ues);
}
Also used : Attribute(cz.metacentrum.perun.core.api.Attribute) AttributeDefinition(cz.metacentrum.perun.core.api.AttributeDefinition)

Example 39 with Attribute

use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.

the class AttributesManagerEntry method getRequiredAttributes.

public List<Attribute> getRequiredAttributes(PerunSession sess, Service service, Member member, Group group) throws PrivilegeException, InternalErrorException, ServiceNotExistsException, MemberNotExistsException, GroupNotExistsException, WrongAttributeAssignmentException {
    Utils.checkPerunSession(sess);
    getPerunBl().getServicesManagerBl().checkServiceExists(sess, service);
    getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    List<Attribute> attributes = getAttributesManagerBl().getRequiredAttributes(sess, service, member, group);
    Iterator<Attribute> attrIter = attributes.iterator();
    //Choose to which attributes has the principal access
    while (attrIter.hasNext()) {
        Attribute attrNext = attrIter.next();
        if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, member, group))
            attrIter.remove();
        else
            attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, member, group));
    }
    return attributes;
}
Also used : Attribute(cz.metacentrum.perun.core.api.Attribute)

Example 40 with Attribute

use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.

the class AttributesManagerEntry method getAttribute.

public Attribute getAttribute(PerunSession sess, Resource resource, Group group, String attributeName) throws PrivilegeException, InternalErrorException, AttributeNotExistsException, ResourceNotExistsException, GroupNotExistsException, WrongAttributeAssignmentException, GroupResourceMismatchException {
    Utils.checkPerunSession(sess);
    Utils.notNull(attributeName, "attributeName");
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    if (!getPerunBl().getGroupsManagerBl().getVo(sess, group).equals(getPerunBl().getResourcesManagerBl().getVo(sess, resource))) {
        throw new GroupResourceMismatchException("group and resource are not in the same VO");
    }
    Attribute attr = getAttributesManagerBl().getAttribute(sess, resource, group, attributeName);
    //Choose to which attributes has the principal access
    if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attr, resource, group))
        throw new PrivilegeException("Principal has no access to get attribute = " + new AttributeDefinition(attr));
    else
        attr.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attr, resource, group));
    return attr;
}
Also used : Attribute(cz.metacentrum.perun.core.api.Attribute) AttributeDefinition(cz.metacentrum.perun.core.api.AttributeDefinition)

Aggregations

Attribute (cz.metacentrum.perun.core.api.Attribute)668 RichAttribute (cz.metacentrum.perun.core.api.RichAttribute)240 Test (org.junit.Test)178 AttributeDefinition (cz.metacentrum.perun.core.api.AttributeDefinition)157 ArrayList (java.util.ArrayList)150 AbstractPerunIntegrationTest (cz.metacentrum.perun.core.AbstractPerunIntegrationTest)134 User (cz.metacentrum.perun.core.api.User)131 AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)121 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)121 ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)110 WrongReferenceAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)102 WrongAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)101 WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)96 Resource (cz.metacentrum.perun.core.api.Resource)82 Facility (cz.metacentrum.perun.core.api.Facility)79 Group (cz.metacentrum.perun.core.api.Group)34 PerunSession (cz.metacentrum.perun.core.api.PerunSession)33 LinkedHashMap (java.util.LinkedHashMap)24 PerunSessionImpl (cz.metacentrum.perun.core.impl.PerunSessionImpl)22 Vo (cz.metacentrum.perun.core.api.Vo)21