use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method setAttributes.
public void setAttributes(PerunSession sess, Facility facility, List<Attribute> attributes) throws PrivilegeException, InternalErrorException, FacilityNotExistsException, AttributeNotExistsException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException {
Utils.checkPerunSession(sess);
getPerunBl().getFacilitiesManagerBl().checkFacilityExists(sess, facility);
for (Attribute attribute : attributes) {
attribute = this.perunBl.getAttributesManagerBl().convertEmptyStringIntoNullInAttrValue(attribute);
attribute = this.perunBl.getAttributesManagerBl().convertBooleanFalseIntoNullInAttrValue(attribute);
}
getAttributesManagerBl().checkAttributesExists(sess, attributes);
//Choose to which attributes has the principal access
for (Attribute attr : attributes) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), facility, null))
throw new PrivilegeException("Principal has no access to set attribute = " + new AttributeDefinition(attr));
}
getAttributesManagerBl().setAttributes(sess, facility, attributes);
}
use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method fillAttribute.
public Attribute fillAttribute(PerunSession sess, Group group, Attribute attribute) throws PrivilegeException, InternalErrorException, GroupNotExistsException, AttributeNotExistsException, WrongAttributeAssignmentException {
Utils.checkPerunSession(sess);
getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
getAttributesManagerBl().checkAttributeExists(sess, attribute);
//Choose to which attributes has the principal access
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attribute), group, null))
throw new PrivilegeException("Principal has no access to fill attribute = " + new AttributeDefinition(attribute));
Attribute attr = getAttributesManagerBl().fillAttribute(sess, group, attribute);
attr.setWritable(true);
return attr;
}
use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method getRequiredAttributes.
public List<Attribute> getRequiredAttributes(PerunSession sess, Service service, Resource resource, Group group, boolean workWithGroupAttributes) throws PrivilegeException, InternalErrorException, ServiceNotExistsException, ResourceNotExistsException, GroupNotExistsException, WrongAttributeAssignmentException {
Utils.checkPerunSession(sess);
getPerunBl().getServicesManagerBl().checkServiceExists(sess, service);
getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
List<Attribute> attributes = getAttributesManagerBl().getRequiredAttributes(sess, service, resource, group, workWithGroupAttributes);
Iterator<Attribute> attrIter = attributes.iterator();
//Choose to which attributes has the principal access
while (attrIter.hasNext()) {
Attribute attrNext = attrIter.next();
if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_GROUP_RESOURCE_ATTR)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, resource, group))
attrIter.remove();
else
attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, resource, group));
} else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_GROUP_ATTR)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, group, null))
attrIter.remove();
else
attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, group, null));
} else {
throw new ConsistencyErrorException("There is some attribute which is not type of any possible choice.");
}
}
return attributes;
}
use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method getAttributes.
public List<Attribute> getAttributes(PerunSession sess, Facility facility) throws PrivilegeException, FacilityNotExistsException, InternalErrorException {
Utils.checkPerunSession(sess);
getPerunBl().getFacilitiesManagerBl().checkFacilityExists(sess, facility);
List<Attribute> attributes = getAttributesManagerBl().getAttributes(sess, facility);
Iterator<Attribute> attrIter = attributes.iterator();
//Choose to which attributes has the principal access
while (attrIter.hasNext()) {
Attribute attrNext = attrIter.next();
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, new AttributeDefinition(attrNext), facility, null))
attrIter.remove();
else
attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, facility, null));
}
return attributes;
}
use of cz.metacentrum.perun.core.api.Attribute in project perun by CESNET.
the class AttributesManagerEntry method checkAttributesValue.
public void checkAttributesValue(PerunSession sess, Resource resource, Group group, List<Attribute> attributes, boolean workWithGroupAttribute) throws PrivilegeException, InternalErrorException, AttributeNotExistsException, ResourceNotExistsException, GroupNotExistsException, WrongAttributeAssignmentException, WrongAttributeValueException, GroupResourceMismatchException, WrongReferenceAttributeValueException {
Utils.checkPerunSession(sess);
getAttributesManagerBl().checkAttributesExists(sess, attributes);
getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
if (!getPerunBl().getGroupsManagerBl().getVo(sess, group).equals(getPerunBl().getResourcesManagerBl().getVo(sess, resource))) {
throw new GroupResourceMismatchException("group and resource are not in the same VO");
}
//Choose to which attributes has the principal access
for (Attribute attr : attributes) {
if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_GROUP_RESOURCE_ATTR)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), resource, group))
throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
} else if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_GROUP_ATTR)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), group, null))
throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
}
}
getAttributesManagerBl().checkAttributesValue(sess, resource, group, attributes, workWithGroupAttribute);
}
Aggregations