use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class AttributesManagerBlImpl method setAttributes.
public void setAttributes(PerunSession sess, Resource resource, Member member, List<Attribute> attributes, boolean workWithUserAttributes) throws InternalErrorException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException {
// clasification of attributes to attributes to remove and attributes to set
List<Attribute> attributesToRemove = new ArrayList<Attribute>();
List<Attribute> attributesToSet = new ArrayList<Attribute>();
for (Attribute attribute : attributes) {
if (attribute.getValue() == null) {
attributesToRemove.add(attribute);
} else {
attributesToSet.add(attribute);
}
}
removeAttributes(sess, resource, member, attributesToRemove, workWithUserAttributes);
//fist we have to store attributes into DB because checkAttributesValue can be preformed only on stored attributes.
if (!workWithUserAttributes) {
long timer = Utils.startTimer();
for (Attribute attribute : attributesToSet) {
//skip core attributes
if (!getAttributesManagerImpl().isCoreAttribute(sess, attribute)) {
setAttributeWithoutCheck(sess, resource, member, attribute, false);
}
}
log.debug("addMember timer: setAttributes (for(Attribute attribute : attributes)) [{}].", Utils.getRunningTime(timer));
} else {
long timer = Utils.startTimer();
Facility facility = getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
User user = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
log.debug("addMember timer: getFacility and User [{}].", Utils.getRunningTime(timer));
for (Attribute attribute : attributesToSet) {
boolean changed = false;
//skip core attributes
if (!getAttributesManagerImpl().isCoreAttribute(sess, attribute)) {
if (getAttributesManagerImpl().isFromNamespace(sess, attribute, AttributesManager.NS_MEMBER_RESOURCE_ATTR)) {
timer = Utils.startTimer();
changed = setAttributeWithoutCheck(sess, resource, member, attribute, false);
if (changed) {
log.debug("addMember timer: setAttribute rm [{}] [{}].", attribute, Utils.getRunningTime(timer));
}
} else if (getAttributesManagerImpl().isFromNamespace(sess, attribute, AttributesManager.NS_USER_FACILITY_ATTR)) {
timer = Utils.startTimer();
changed = setAttributeWithoutCheck(sess, facility, user, attribute);
if (changed) {
log.debug("addMember timer: setAttribute uf [{}] [{}].", attribute, Utils.getRunningTime(timer));
}
} else if (getAttributesManagerImpl().isFromNamespace(sess, attribute, AttributesManager.NS_USER_ATTR)) {
timer = Utils.startTimer();
changed = setAttributeWithoutCheck(sess, user, attribute);
if (changed) {
log.debug("addMember timer: setAttribute u [{}] [{}].", attribute, Utils.getRunningTime(timer));
}
} else if (getAttributesManagerImpl().isFromNamespace(sess, attribute, AttributesManager.NS_MEMBER_ATTR)) {
timer = Utils.startTimer();
changed = setAttributeWithoutCheck(sess, member, attribute);
if (changed) {
log.debug("addMember timer: setAttribute m [{}] [{}].", attribute, Utils.getRunningTime(timer));
}
} else {
throw new WrongAttributeAssignmentException(attribute);
}
}
}
}
//if checkAttributesValue fails it causes rollback so no attribute will be stored
checkAttributesValue(sess, resource, member, attributesToSet, workWithUserAttributes);
this.checkAttributesDependencies(sess, resource, member, attributesToSet, workWithUserAttributes);
}
use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class AttributesManagerEntry method fillAttributes.
public List<Attribute> fillAttributes(PerunSession sess, Resource resource, Member member, List<Attribute> attributes, boolean workWithUserAttributes) throws PrivilegeException, InternalErrorException, ResourceNotExistsException, MemberNotExistsException, AttributeNotExistsException, WrongAttributeAssignmentException {
Utils.checkPerunSession(sess);
getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
getAttributesManagerBl().checkAttributesExists(sess, attributes);
//Choose to which attributes has the principal access
List<Attribute> listOfAttributes = getAttributesManagerBl().fillAttributes(sess, resource, member, attributes, workWithUserAttributes);
Iterator<Attribute> attrIter = listOfAttributes.iterator();
while (attrIter.hasNext()) {
Attribute attrNext = attrIter.next();
if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_MEMBER_ATTR)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attrNext), member, null))
attrIter.remove();
else
attrNext.setWritable(true);
} else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_MEMBER_RESOURCE_ATTR)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attrNext), resource, member))
attrIter.remove();
else
attrNext.setWritable(true);
} else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_USER_ATTR)) {
User u = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attrNext), u, null))
attrIter.remove();
else
attrNext.setWritable(true);
} else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_USER_FACILITY_ATTR)) {
User u = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
Facility f = getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attrNext), u, f))
attrIter.remove();
else
attrNext.setWritable(true);
} else {
throw new ConsistencyErrorException("There is some attribute which is not type of any possible choice.");
}
}
return listOfAttributes;
}
use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class AttributesManagerEntry method getAttributes.
public List<Attribute> getAttributes(PerunSession sess, Resource resource, Member member, boolean workWithUserAttributes) throws PrivilegeException, ResourceNotExistsException, InternalErrorException, MemberNotExistsException, WrongAttributeAssignmentException {
Utils.checkPerunSession(sess);
getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
List<Attribute> attributes = getAttributesManagerBl().getAttributes(sess, resource, member, workWithUserAttributes);
Iterator<Attribute> attrIter = attributes.iterator();
//Choose to which attributes has the principal access
while (attrIter.hasNext()) {
Attribute attrNext = attrIter.next();
if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_MEMBER_ATTR)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, member, null))
attrIter.remove();
else
attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, member, null));
} else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_USER_ATTR)) {
User user = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, user, null))
attrIter.remove();
else
attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, user, null));
} else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_USER_FACILITY_ATTR)) {
User user = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
Facility facility = getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, facility, user))
attrIter.remove();
else
attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, facility, user));
} else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_MEMBER_RESOURCE_ATTR)) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, resource, member))
attrIter.remove();
else
attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, resource, member));
} else {
throw new ConsistencyErrorException("One of getting attributes is not correct type : " + attrNext);
}
}
return attributes;
}
use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class VosManagerBlImpl method getVosByPerunBean.
public List<Vo> getVosByPerunBean(PerunSession sess, PerunBean perunBean) throws InternalErrorException, VoNotExistsException {
List<Vo> vos = new ArrayList<Vo>();
//All possible useful objects
Vo vo = null;
Facility facility = null;
Group group = null;
Member member = null;
User user = null;
Host host = null;
Resource resource = null;
if (perunBean != null) {
if (perunBean instanceof Vo)
vo = (Vo) perunBean;
else if (perunBean instanceof Facility)
facility = (Facility) perunBean;
else if (perunBean instanceof Group)
group = (Group) perunBean;
else if (perunBean instanceof Member)
member = (Member) perunBean;
else if (perunBean instanceof User)
user = (User) perunBean;
else if (perunBean instanceof Host)
host = (Host) perunBean;
else if (perunBean instanceof Resource)
resource = (Resource) perunBean;
else {
throw new InternalErrorException("There is unrecognized object in primaryHolder of aidingAttr.");
}
} else {
throw new InternalErrorException("Aiding attribtue must have primaryHolder which is not null.");
}
if (group != null) {
vos.add(getPerunBl().getVosManagerBl().getVoById(sess, group.getVoId()));
} else if (member != null) {
vos.add(getPerunBl().getMembersManagerBl().getMemberVo(sess, member));
} else if (resource != null) {
vos.add(getPerunBl().getVosManagerBl().getVoById(sess, resource.getVoId()));
} else if (user != null) {
vos.addAll(getPerunBl().getUsersManagerBl().getVosWhereUserIsMember(sess, user));
} else if (host != null) {
facility = getPerunBl().getFacilitiesManagerBl().getFacilityForHost(sess, host);
vos.addAll(getPerunBl().getFacilitiesManagerBl().getAllowedVos(sess, facility));
} else if (facility != null) {
vos.addAll(getPerunBl().getFacilitiesManagerBl().getAllowedVos(sess, facility));
} else if (vo != null) {
vos.add(vo);
}
vos = new ArrayList<Vo>(new HashSet<Vo>(vos));
return vos;
}
use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class urn_perun_group_attribute_def_def_unixGID_namespace method fillAttribute.
public Attribute fillAttribute(PerunSessionImpl sess, Group group, AttributeDefinition attributeDefinition) throws InternalErrorException, WrongAttributeAssignmentException {
Attribute attribute = new Attribute(attributeDefinition);
String gidNamespace = attribute.getFriendlyNameParameter();
//First check if generating is needed (if fill make a sense)
//Get All Facilities from group
Set<Facility> facilitiesOfGroup = new HashSet<Facility>();
List<Resource> resourcesOfGroup = sess.getPerunBl().getResourcesManagerBl().getAssignedResources(sess, group);
for (Resource r : resourcesOfGroup) {
facilitiesOfGroup.add(sess.getPerunBl().getResourcesManagerBl().getFacility(sess, r));
}
//Prepare list of gid namespaces of all facilities which have the same groupName namespace like this unixGroupName namespace
Set<String> groupNameNamespaces;
try {
groupNameNamespaces = sess.getPerunBl().getModulesUtilsBl().getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(sess, new ArrayList<Facility>(facilitiesOfGroup), attribute);
} catch (WrongReferenceAttributeValueException ex) {
//TODO: need to add WrongAttributeAssignmentException to header of modules methods
throw new InternalErrorException(ex);
}
//If this group has GroupName-namespace attribute with notNull value in any namespace from groupNameNamespaces, continue, else return attribute with null value
try {
if (!sess.getPerunBl().getModulesUtilsBl().isGroupUnixGIDNamespaceFillable(sess, group, attribute))
return attribute;
} catch (WrongReferenceAttributeValueException ex) {
throw new ConsistencyErrorException(ex);
}
//After check I get all GroupNames of this group (for any namespaces)
List<Attribute> groupNamesOfGroup = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, group, A_G_unixGroupName_namespace + ":");
//If there exist some groupName of this group
if (!groupNamesOfGroup.isEmpty()) {
//Get All Groups and Resources with some same GroupName in the same Namespace
Set<Group> groupsWithSameGroupNameInSameNamespace = new HashSet<Group>();
Set<Resource> resourcesWithSameGroupNameInSameNamespace = new HashSet<Resource>();
for (Attribute attr : groupNamesOfGroup) {
Attribute groupNameOfResource;
try {
groupNameOfResource = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGroupName_namespace + ":" + attr.getFriendlyNameParameter()));
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("AttributeDefinition for resource_def_unixGroupName-namespace:" + attr.getFriendlyNameParameter() + " must exists", ex);
}
groupNameOfResource.setValue(attr.getValue());
//Get all resources and groups with some GroupName same with same Namespace
groupsWithSameGroupNameInSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, attr));
resourcesWithSameGroupNameInSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, groupNameOfResource));
}
//Prepare variable for commonGID
Integer commonGID = null;
//Test if exists common GID for this group and other groups and resources
commonGID = sess.getPerunBl().getModulesUtilsBl().getCommonGIDOfGroupsWithSameNameInSameNamespace(sess, new ArrayList(groupsWithSameGroupNameInSameNamespace), gidNamespace, commonGID);
commonGID = sess.getPerunBl().getModulesUtilsBl().getCommonGIDOfResourcesWithSameNameInSameNamespace(sess, new ArrayList(resourcesWithSameGroupNameInSameNamespace), gidNamespace, commonGID);
//If commonGID exists, set it
if (commonGID != null) {
attribute.setValue(commonGID);
return attribute;
}
}
//If commonGID not exists, try to set new one
try {
Integer freeGID = sess.getPerunBl().getModulesUtilsBl().getFreeGID(sess, attribute);
if (freeGID == null) {
//free GID not found
log.warn("Free unix gid not found for group:[" + group + "] in unix group namespace " + gidNamespace);
} else if (freeGID > 0 || freeGID < 0) {
//free GID found
attribute.setValue(freeGID);
}
return attribute;
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
}
Aggregations