Search in sources :

Example 91 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class AttributesManagerBlImpl method setAttributes.

public void setAttributes(PerunSession sess, Resource resource, Member member, List<Attribute> attributes, boolean workWithUserAttributes) throws InternalErrorException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException {
    // clasification of attributes to attributes to remove and attributes to set
    List<Attribute> attributesToRemove = new ArrayList<Attribute>();
    List<Attribute> attributesToSet = new ArrayList<Attribute>();
    for (Attribute attribute : attributes) {
        if (attribute.getValue() == null) {
            attributesToRemove.add(attribute);
        } else {
            attributesToSet.add(attribute);
        }
    }
    removeAttributes(sess, resource, member, attributesToRemove, workWithUserAttributes);
    //fist we have to store attributes into DB because checkAttributesValue can be preformed only on stored attributes.
    if (!workWithUserAttributes) {
        long timer = Utils.startTimer();
        for (Attribute attribute : attributesToSet) {
            //skip core attributes
            if (!getAttributesManagerImpl().isCoreAttribute(sess, attribute)) {
                setAttributeWithoutCheck(sess, resource, member, attribute, false);
            }
        }
        log.debug("addMember timer: setAttributes (for(Attribute attribute : attributes)) [{}].", Utils.getRunningTime(timer));
    } else {
        long timer = Utils.startTimer();
        Facility facility = getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
        User user = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
        log.debug("addMember timer: getFacility and User [{}].", Utils.getRunningTime(timer));
        for (Attribute attribute : attributesToSet) {
            boolean changed = false;
            //skip core attributes
            if (!getAttributesManagerImpl().isCoreAttribute(sess, attribute)) {
                if (getAttributesManagerImpl().isFromNamespace(sess, attribute, AttributesManager.NS_MEMBER_RESOURCE_ATTR)) {
                    timer = Utils.startTimer();
                    changed = setAttributeWithoutCheck(sess, resource, member, attribute, false);
                    if (changed) {
                        log.debug("addMember timer: setAttribute rm [{}] [{}].", attribute, Utils.getRunningTime(timer));
                    }
                } else if (getAttributesManagerImpl().isFromNamespace(sess, attribute, AttributesManager.NS_USER_FACILITY_ATTR)) {
                    timer = Utils.startTimer();
                    changed = setAttributeWithoutCheck(sess, facility, user, attribute);
                    if (changed) {
                        log.debug("addMember timer: setAttribute uf [{}] [{}].", attribute, Utils.getRunningTime(timer));
                    }
                } else if (getAttributesManagerImpl().isFromNamespace(sess, attribute, AttributesManager.NS_USER_ATTR)) {
                    timer = Utils.startTimer();
                    changed = setAttributeWithoutCheck(sess, user, attribute);
                    if (changed) {
                        log.debug("addMember timer: setAttribute u [{}] [{}].", attribute, Utils.getRunningTime(timer));
                    }
                } else if (getAttributesManagerImpl().isFromNamespace(sess, attribute, AttributesManager.NS_MEMBER_ATTR)) {
                    timer = Utils.startTimer();
                    changed = setAttributeWithoutCheck(sess, member, attribute);
                    if (changed) {
                        log.debug("addMember timer: setAttribute m [{}] [{}].", attribute, Utils.getRunningTime(timer));
                    }
                } else {
                    throw new WrongAttributeAssignmentException(attribute);
                }
            }
        }
    }
    //if checkAttributesValue fails it causes rollback so no attribute will be stored
    checkAttributesValue(sess, resource, member, attributesToSet, workWithUserAttributes);
    this.checkAttributesDependencies(sess, resource, member, attributesToSet, workWithUserAttributes);
}
Also used : User(cz.metacentrum.perun.core.api.User) Attribute(cz.metacentrum.perun.core.api.Attribute) RichAttribute(cz.metacentrum.perun.core.api.RichAttribute) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) ArrayList(java.util.ArrayList) Facility(cz.metacentrum.perun.core.api.Facility)

Example 92 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class AttributesManagerEntry method fillAttributes.

public List<Attribute> fillAttributes(PerunSession sess, Resource resource, Member member, List<Attribute> attributes, boolean workWithUserAttributes) throws PrivilegeException, InternalErrorException, ResourceNotExistsException, MemberNotExistsException, AttributeNotExistsException, WrongAttributeAssignmentException {
    Utils.checkPerunSession(sess);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
    getAttributesManagerBl().checkAttributesExists(sess, attributes);
    //Choose to which attributes has the principal access
    List<Attribute> listOfAttributes = getAttributesManagerBl().fillAttributes(sess, resource, member, attributes, workWithUserAttributes);
    Iterator<Attribute> attrIter = listOfAttributes.iterator();
    while (attrIter.hasNext()) {
        Attribute attrNext = attrIter.next();
        if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_MEMBER_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attrNext), member, null))
                attrIter.remove();
            else
                attrNext.setWritable(true);
        } else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_MEMBER_RESOURCE_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attrNext), resource, member))
                attrIter.remove();
            else
                attrNext.setWritable(true);
        } else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_USER_ATTR)) {
            User u = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attrNext), u, null))
                attrIter.remove();
            else
                attrNext.setWritable(true);
        } else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_USER_FACILITY_ATTR)) {
            User u = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
            Facility f = getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attrNext), u, f))
                attrIter.remove();
            else
                attrNext.setWritable(true);
        } else {
            throw new ConsistencyErrorException("There is some attribute which is not type of any possible choice.");
        }
    }
    return listOfAttributes;
}
Also used : User(cz.metacentrum.perun.core.api.User) Attribute(cz.metacentrum.perun.core.api.Attribute) AttributeDefinition(cz.metacentrum.perun.core.api.AttributeDefinition) Facility(cz.metacentrum.perun.core.api.Facility)

Example 93 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class AttributesManagerEntry method getAttributes.

public List<Attribute> getAttributes(PerunSession sess, Resource resource, Member member, boolean workWithUserAttributes) throws PrivilegeException, ResourceNotExistsException, InternalErrorException, MemberNotExistsException, WrongAttributeAssignmentException {
    Utils.checkPerunSession(sess);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
    List<Attribute> attributes = getAttributesManagerBl().getAttributes(sess, resource, member, workWithUserAttributes);
    Iterator<Attribute> attrIter = attributes.iterator();
    //Choose to which attributes has the principal access
    while (attrIter.hasNext()) {
        Attribute attrNext = attrIter.next();
        if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_MEMBER_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, member, null))
                attrIter.remove();
            else
                attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, member, null));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_USER_ATTR)) {
            User user = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, user, null))
                attrIter.remove();
            else
                attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, user, null));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_USER_FACILITY_ATTR)) {
            User user = getPerunBl().getUsersManagerBl().getUserByMember(sess, member);
            Facility facility = getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, facility, user))
                attrIter.remove();
            else
                attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, facility, user));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_MEMBER_RESOURCE_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, resource, member))
                attrIter.remove();
            else
                attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, resource, member));
        } else {
            throw new ConsistencyErrorException("One of getting attributes is not correct type : " + attrNext);
        }
    }
    return attributes;
}
Also used : User(cz.metacentrum.perun.core.api.User) Attribute(cz.metacentrum.perun.core.api.Attribute) Facility(cz.metacentrum.perun.core.api.Facility)

Example 94 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class VosManagerBlImpl method getVosByPerunBean.

public List<Vo> getVosByPerunBean(PerunSession sess, PerunBean perunBean) throws InternalErrorException, VoNotExistsException {
    List<Vo> vos = new ArrayList<Vo>();
    //All possible useful objects
    Vo vo = null;
    Facility facility = null;
    Group group = null;
    Member member = null;
    User user = null;
    Host host = null;
    Resource resource = null;
    if (perunBean != null) {
        if (perunBean instanceof Vo)
            vo = (Vo) perunBean;
        else if (perunBean instanceof Facility)
            facility = (Facility) perunBean;
        else if (perunBean instanceof Group)
            group = (Group) perunBean;
        else if (perunBean instanceof Member)
            member = (Member) perunBean;
        else if (perunBean instanceof User)
            user = (User) perunBean;
        else if (perunBean instanceof Host)
            host = (Host) perunBean;
        else if (perunBean instanceof Resource)
            resource = (Resource) perunBean;
        else {
            throw new InternalErrorException("There is unrecognized object in primaryHolder of aidingAttr.");
        }
    } else {
        throw new InternalErrorException("Aiding attribtue must have primaryHolder which is not null.");
    }
    if (group != null) {
        vos.add(getPerunBl().getVosManagerBl().getVoById(sess, group.getVoId()));
    } else if (member != null) {
        vos.add(getPerunBl().getMembersManagerBl().getMemberVo(sess, member));
    } else if (resource != null) {
        vos.add(getPerunBl().getVosManagerBl().getVoById(sess, resource.getVoId()));
    } else if (user != null) {
        vos.addAll(getPerunBl().getUsersManagerBl().getVosWhereUserIsMember(sess, user));
    } else if (host != null) {
        facility = getPerunBl().getFacilitiesManagerBl().getFacilityForHost(sess, host);
        vos.addAll(getPerunBl().getFacilitiesManagerBl().getAllowedVos(sess, facility));
    } else if (facility != null) {
        vos.addAll(getPerunBl().getFacilitiesManagerBl().getAllowedVos(sess, facility));
    } else if (vo != null) {
        vos.add(vo);
    }
    vos = new ArrayList<Vo>(new HashSet<Vo>(vos));
    return vos;
}
Also used : Group(cz.metacentrum.perun.core.api.Group) RichUser(cz.metacentrum.perun.core.api.RichUser) User(cz.metacentrum.perun.core.api.User) ArrayList(java.util.ArrayList) Resource(cz.metacentrum.perun.core.api.Resource) Vo(cz.metacentrum.perun.core.api.Vo) Host(cz.metacentrum.perun.core.api.Host) Facility(cz.metacentrum.perun.core.api.Facility) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) Member(cz.metacentrum.perun.core.api.Member) HashSet(java.util.HashSet)

Example 95 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class urn_perun_group_attribute_def_def_unixGID_namespace method fillAttribute.

public Attribute fillAttribute(PerunSessionImpl sess, Group group, AttributeDefinition attributeDefinition) throws InternalErrorException, WrongAttributeAssignmentException {
    Attribute attribute = new Attribute(attributeDefinition);
    String gidNamespace = attribute.getFriendlyNameParameter();
    //First check if generating is needed (if fill make a sense)
    //Get All Facilities from group
    Set<Facility> facilitiesOfGroup = new HashSet<Facility>();
    List<Resource> resourcesOfGroup = sess.getPerunBl().getResourcesManagerBl().getAssignedResources(sess, group);
    for (Resource r : resourcesOfGroup) {
        facilitiesOfGroup.add(sess.getPerunBl().getResourcesManagerBl().getFacility(sess, r));
    }
    //Prepare list of gid namespaces of all facilities which have the same groupName namespace like this unixGroupName namespace
    Set<String> groupNameNamespaces;
    try {
        groupNameNamespaces = sess.getPerunBl().getModulesUtilsBl().getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(sess, new ArrayList<Facility>(facilitiesOfGroup), attribute);
    } catch (WrongReferenceAttributeValueException ex) {
        //TODO: need to add WrongAttributeAssignmentException to header of modules methods
        throw new InternalErrorException(ex);
    }
    //If this group has GroupName-namespace attribute with notNull value in any namespace from groupNameNamespaces, continue, else return attribute with null value
    try {
        if (!sess.getPerunBl().getModulesUtilsBl().isGroupUnixGIDNamespaceFillable(sess, group, attribute))
            return attribute;
    } catch (WrongReferenceAttributeValueException ex) {
        throw new ConsistencyErrorException(ex);
    }
    //After check I get all GroupNames of this group (for any namespaces)
    List<Attribute> groupNamesOfGroup = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, group, A_G_unixGroupName_namespace + ":");
    //If there exist some groupName of this group
    if (!groupNamesOfGroup.isEmpty()) {
        //Get All Groups and Resources with some same GroupName in the same Namespace
        Set<Group> groupsWithSameGroupNameInSameNamespace = new HashSet<Group>();
        Set<Resource> resourcesWithSameGroupNameInSameNamespace = new HashSet<Resource>();
        for (Attribute attr : groupNamesOfGroup) {
            Attribute groupNameOfResource;
            try {
                groupNameOfResource = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGroupName_namespace + ":" + attr.getFriendlyNameParameter()));
            } catch (AttributeNotExistsException ex) {
                throw new ConsistencyErrorException("AttributeDefinition for resource_def_unixGroupName-namespace:" + attr.getFriendlyNameParameter() + " must exists", ex);
            }
            groupNameOfResource.setValue(attr.getValue());
            //Get all resources and groups with some GroupName same with same Namespace
            groupsWithSameGroupNameInSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, attr));
            resourcesWithSameGroupNameInSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, groupNameOfResource));
        }
        //Prepare variable for commonGID
        Integer commonGID = null;
        //Test if exists common GID for this group and other groups and resources
        commonGID = sess.getPerunBl().getModulesUtilsBl().getCommonGIDOfGroupsWithSameNameInSameNamespace(sess, new ArrayList(groupsWithSameGroupNameInSameNamespace), gidNamespace, commonGID);
        commonGID = sess.getPerunBl().getModulesUtilsBl().getCommonGIDOfResourcesWithSameNameInSameNamespace(sess, new ArrayList(resourcesWithSameGroupNameInSameNamespace), gidNamespace, commonGID);
        //If commonGID exists, set it
        if (commonGID != null) {
            attribute.setValue(commonGID);
            return attribute;
        }
    }
    //If commonGID not exists, try to set new one
    try {
        Integer freeGID = sess.getPerunBl().getModulesUtilsBl().getFreeGID(sess, attribute);
        if (freeGID == null) {
            //free GID not found
            log.warn("Free unix gid not found for group:[" + group + "] in unix group namespace " + gidNamespace);
        } else if (freeGID > 0 || freeGID < 0) {
            //free GID found
            attribute.setValue(freeGID);
        }
        return attribute;
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException(ex);
    }
}
Also used : Group(cz.metacentrum.perun.core.api.Group) ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) Attribute(cz.metacentrum.perun.core.api.Attribute) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) Resource(cz.metacentrum.perun.core.api.Resource) ArrayList(java.util.ArrayList) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) Facility(cz.metacentrum.perun.core.api.Facility) HashSet(java.util.HashSet)

Aggregations

Facility (cz.metacentrum.perun.core.api.Facility)188 Test (org.junit.Test)95 User (cz.metacentrum.perun.core.api.User)81 Attribute (cz.metacentrum.perun.core.api.Attribute)75 AbstractPerunIntegrationTest (cz.metacentrum.perun.core.AbstractPerunIntegrationTest)61 Resource (cz.metacentrum.perun.core.api.Resource)52 BanOnFacility (cz.metacentrum.perun.core.api.BanOnFacility)51 ArrayList (java.util.ArrayList)48 Group (cz.metacentrum.perun.core.api.Group)24 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)23 Member (cz.metacentrum.perun.core.api.Member)22 PerunSession (cz.metacentrum.perun.core.api.PerunSession)20 RichFacility (cz.metacentrum.perun.core.api.RichFacility)20 Host (cz.metacentrum.perun.core.api.Host)19 PrivilegeException (cz.metacentrum.perun.core.api.exceptions.PrivilegeException)18 AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)17 RichUser (cz.metacentrum.perun.core.api.RichUser)16 WrongAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)15 WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)14 Vo (cz.metacentrum.perun.core.api.Vo)13