Examples with AttributeValueException cz.metacentrum.perun.core.api.exceptions.AttributeValueException used on opensource projects

Example 1 with AttributeValueException

use of cz.metacentrum.perun.core.api.exceptions.AttributeValueException in project perun by CESNET.

the class GroupsManagerBlImpl method deleteAnyGroup.

/**
 * If forceDelete is false, delete only group which has no subgroup and no member.
 * If forceDelete is true, delete group with all subgroups and members.
 *
 * @param sess
 * @param group
 * @param forceDelete if false, delete only empty group without subgroups. If true, delete group including subgroups and members.
 * @throws InternalErrorException
 * @throws RelationExistsException Raise only if forceDelete is false and the group has any subgroup or member.
 * @throws GroupAlreadyRemovedException if there are 0 rows affected by deleting from DB
 */
private void deleteAnyGroup(PerunSession sess, Group group, boolean forceDelete) throws RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupNotExistsException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved {
    Vo vo = this.getVo(sess, group);
    if (getGroupsManagerImpl().getSubGroupsCount(sess, group) > 0) {
        if (!forceDelete)
            throw new RelationExistsException("Group group=" + group + " contains subgroups");
        // get subgroups of this group
        List<Group> subGroups = getSubGroups(sess, group);
        for (Group subGroup : subGroups) {
            deleteAnyGroup(sess, subGroup, true);
        }
    }
    if ((this.getGroupMembersCount(sess, group) > 0) && !forceDelete) {
        throw new RelationExistsException("Group group=" + group + " contains members");
    }
    List<AssignedResource> assignedResources = getPerunBl().getResourcesManagerBl().getResourceAssignments(sess, group, List.of());
    try {
        for (AssignedResource assignedResource : assignedResources) {
            if (assignedResource.getSourceGroupId() == null) {
                getPerunBl().getResourcesManagerBl().removeGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource());
            } else {
                getPerunBl().getResourcesManagerBl().removeAutomaticGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource(), assignedResource.getSourceGroupId());
            }
        }
        // remove group's attributes
        getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, group);
    } catch (GroupNotDefinedOnResourceException ex) {
        throw new ConsistencyErrorException(ex);
    } catch (AttributeValueException ex) {
        throw new ConsistencyErrorException("All resources was removed from this group, so no attributes should remain assigned.", ex);
    }
    // delete all Groups reserved logins from KDC
    List<Integer> list = getGroupsManagerImpl().getGroupApplicationIds(sess, group);
    for (Integer appId : list) {
        // for each application
        for (Pair<String, String> login : getGroupsManagerImpl().getApplicationReservedLogins(appId)) {
            // for all reserved logins - delete them in ext. system (e.g. KDC)
            try {
                // left = namespace / right = login
                getPerunBl().getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
            } catch (LoginNotExistsException ex) {
                log.error("Login: {} not exists in namespace: {} while deleting passwords.", login.getRight(), login.getLeft());
            } catch (InvalidLoginException e) {
                throw new InternalErrorException("We are deleting reserved login from group applications, but its syntax is not allowed by namespace configuration.", e);
            } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException ex) {
                throw new InternalErrorException("Failed to delete reserved login " + login.getRight() + " from KDC.", ex);
            }
        }
    }
    // delete all Groups reserved logins from DB
    getGroupsManagerImpl().deleteGroupReservedLogins(sess, group);
    // remove all assigned ExtSources to this group
    List<ExtSource> assignedSources = getPerunBl().getExtSourcesManagerBl().getGroupExtSources(sess, group);
    for (ExtSource source : assignedSources) {
        try {
            getPerunBl().getExtSourcesManagerBl().removeExtSource(sess, group, source);
        } catch (ExtSourceNotAssignedException | ExtSourceAlreadyRemovedException ex) {
            // Just log this, because if method can't remove it, it is probably not assigned now
            log.warn("Try to remove not existing extSource {} from group {} when deleting group.", source, group);
        }
    }
    // 1. remove all relations with group g as an operand group.
    // this removes all relations that depend on this group
    List<Integer> relations = groupsManagerImpl.getResultGroupsIds(sess, group.getId());
    for (Integer groupId : relations) {
        removeGroupUnion(sess, groupsManagerImpl.getGroupById(sess, groupId), group, true);
    }
    // 2. remove all relations with group as a result group
    // We can remove relations without recalculation (@see removeRelationMembers)
    // because all dependencies of group were deleted in step 1.
    groupsManagerImpl.removeResultGroupRelations(sess, group);
    // Group applications, submitted data and app_form are deleted on cascade with "deleteGroup()"
    List<Member> membersFromDeletedGroup = getGroupMembers(sess, group);
    // delete all member-group attributes
    for (Member member : membersFromDeletedGroup) {
        try {
            perunBl.getAttributesManagerBl().removeAllAttributes(sess, member, group);
        } catch (AttributeValueException ex) {
            throw new ConsistencyErrorException("All members were removed from this group. So all member-group attribute values can be removed.", ex);
        } catch (MemberGroupMismatchException e) {
            throw new InternalErrorException("Member we tried to remove all member-group attributes doesn't come from the same VO as group", e);
        }
    }
    // remove admin roles of group
    List<Facility> facilitiesWhereGroupIsAdmin = getGroupsManagerImpl().getFacilitiesWhereGroupIsAdmin(sess, group);
    for (Facility facility : facilitiesWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, facility, Role.FACILITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, facility, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Group> groupsWhereGroupIsAdmin = getGroupsManagerImpl().getGroupsWhereGroupIsAdmin(sess, group);
    for (Group group1 : groupsWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, group1, Role.GROUPADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of group {} due to group not admin exception {}.", group, group1, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Resource> resourcesWhereGroupIsAdmin = getGroupsManagerImpl().getResourcesWhereGroupIsAdmin(sess, group);
    for (Resource resource : resourcesWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, resource, Role.RESOURCEADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Resource> resourcesWhereGroupIsResourceSelfService = getGroupsManagerImpl().getResourcesWhereGroupIsResourceSelfService(sess, group);
    for (Resource resource : resourcesWhereGroupIsResourceSelfService) {
        try {
            perunBl.getResourcesManagerBl().removeResourceSelfServiceGroup(sess, resource, group);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
        }
    }
    List<SecurityTeam> securityTeamsWhereGroupIsAdmin = getGroupsManagerImpl().getSecurityTeamsWhereGroupIsAdmin(sess, group);
    for (SecurityTeam securityTeam : securityTeamsWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, securityTeam, Role.SECURITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of security team {} due to group not admin exception {}.", group, securityTeam, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Vo> vosWhereGroupIsAdmin = getGroupsManagerImpl().getVosWhereGroupIsAdmin(sess, group);
    for (Vo vo1 : vosWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, vo1, Role.VOADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, vo1, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // remove admins of this group
    List<Group> adminGroups = getGroupsManagerImpl().getGroupAdmins(sess, group);
    for (Group adminGroup : adminGroups) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminGroup, group, Role.GROUPADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("When trying to unsetRole GroupAdmin for group {} in the group {} the exception was thrown {}", adminGroup, group, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<User> adminUsers = getGroupsManagerImpl().getAdmins(sess, group);
    for (User adminUser : adminUsers) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminUser, group, Role.GROUPADMIN);
        } catch (UserNotAdminException e) {
            log.warn("When trying to unsetRole GroupAdmin for user {} in the group {} the exception was thrown {}", adminUser, group, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // Deletes also all direct and indirect members of the group
    getGroupsManagerImpl().deleteGroup(sess, vo, group);
    logTotallyRemovedMembers(sess, group.getParentGroupId(), membersFromDeletedGroup);
    getPerunBl().getAuditer().log(sess, new GroupDeleted(group));
}

Example 2 with AttributeValueException

use of cz.metacentrum.perun.core.api.exceptions.AttributeValueException in project perun by CESNET.

the class GroupsManagerBlImpl method updateMemberAttribute.

/**
 * Update value of member attribute based on value of candidate.
 *
 * @param sess perun session
 * @param group group being synchronized
 * @param candidate candidate from whom we get attribute values
 * @param memberToUpdate member to update
 * @param attributeDefinition attribute being updated
 * @param mergeMemberAttributesList list of member attributes to be merged and not overwritten
 */
private void updateMemberAttribute(PerunSession sess, Group group, Candidate candidate, RichMember memberToUpdate, AttributeDefinition attributeDefinition, List<String> mergeMemberAttributesList) {
    for (Attribute memberAttribute : memberToUpdate.getMemberAttributes()) {
        if (memberAttribute.getName().equals(attributeDefinition.getName())) {
            Object subjectAttributeValue = getPerunBl().getAttributesManagerBl().stringToAttributeValue(candidate.getAttributes().get(attributeDefinition.getName()), memberAttribute.getType());
            if (subjectAttributeValue != null && !Objects.equals(memberAttribute.getValue(), subjectAttributeValue)) {
                log.trace("Group synchronization {}: value of the attribute {} for memberId {} changed. Original value {}, new value {}.", group, memberAttribute, memberToUpdate.getId(), memberAttribute.getValue(), subjectAttributeValue);
                memberAttribute.setValue(subjectAttributeValue);
                try {
                    // Choose set or merge by extSource attribute mergeMemberAttributes (if contains this one)
                    if (mergeMemberAttributesList != null && mergeMemberAttributesList.contains(memberAttribute.getName())) {
                        getPerunBl().getAttributesManagerBl().mergeAttributeValueInNestedTransaction(sess, memberToUpdate, memberAttribute);
                    } else {
                        getPerunBl().getAttributesManagerBl().setAttributeInNestedTransaction(sess, memberToUpdate, memberAttribute);
                    }
                } catch (AttributeValueException e) {
                    // There is a problem with attribute value, so set INVALID status for the member
                    getPerunBl().getMembersManagerBl().invalidateMember(sess, memberToUpdate);
                } catch (WrongAttributeAssignmentException e) {
                    throw new ConsistencyErrorException(e);
                }
            }
            // we found it, no need to continue in cycle
            break;
        }
    }
}

Example 3 with AttributeValueException

use of cz.metacentrum.perun.core.api.exceptions.AttributeValueException in project perun by CESNET.

the class GroupsManagerBlImpl method addMissingMemberWhileSynchronization.

/**
 * Get new candidate and add him to the Group.
 *
 * If Candidate can't be added to Group, skip him and add this information to skippedMembers list.
 *
 * When creating new member from Candidate, if user already exists, merge his attributes,
 * if attribute exists in list of overwriteUserAttributesList, update it instead of merging.
 *
 * This method runs in separate transaction.
 *
 * @param sess perun session
 * @param group to be synchronized
 * @param candidate new member (candidate)
 * @param overwriteUserAttributesList list of attributes to be updated for user if found
 * @param mergeMemberAttributesList list of attributes to be merged for member if found
 * @param skippedMembers list of not successfully synchronized members
 */
public void addMissingMemberWhileSynchronization(PerunSession sess, Group group, Candidate candidate, List<String> overwriteUserAttributesList, List<String> mergeMemberAttributesList, List<String> skippedMembers) {
    Member member;
    try {
        // Check if the member is already in the VO (just not in the group)
        member = getPerunBl().getMembersManagerBl().getMemberByUserExtSources(sess, getPerunBl().getGroupsManagerBl().getVo(sess, group), candidate.getUserExtSources());
        // member exists - update attributes
        RichMember memberToUpdate = getPerunBl().getMembersManagerBl().getRichMember(sess, member);
        updateExistingMemberWhileSynchronization(sess, group, candidate, memberToUpdate, overwriteUserAttributesList, mergeMemberAttributesList, new ArrayList<>());
    } catch (MemberNotExistsException e) {
        try {
            // We have new member (candidate), so create him using synchronous createMember (and overwrite chosen user attributes)
            member = getPerunBl().getMembersManagerBl().createMemberSync(sess, getPerunBl().getGroupsManagerBl().getVo(sess, group), candidate, null, overwriteUserAttributesList);
            log.info("Group synchronization {}: New member id {} created during synchronization.", group, member.getId());
        } catch (AlreadyMemberException e1) {
            // Check if the member is already in the VO (just not in the group)
            try {
                member = getPerunBl().getMembersManagerBl().getMemberByUserExtSources(sess, getPerunBl().getGroupsManagerBl().getVo(sess, group), candidate.getUserExtSources());
                // member exists - update attribute
                RichMember memberToUpdate = getPerunBl().getMembersManagerBl().getRichMember(sess, member);
                updateExistingMemberWhileSynchronization(sess, group, candidate, memberToUpdate, overwriteUserAttributesList, mergeMemberAttributesList, new ArrayList<>());
            } catch (Exception e2) {
                // Something is still wrong, thrown consistency exception
                throw new ConsistencyErrorException("Trying to add existing member (it is not possible to get him by userExtSource even if is also not possible to create him in DB)!");
            }
        } catch (AttributeValueException e1) {
            log.warn("Can't create member from candidate {} due to attribute value exception {}.", candidate, e1);
            skippedMembers.add("MemberEntry:[" + candidate + "] was skipped because there was problem when createing member from candidate: Exception: " + e1.getName() + " => '" + e1.getMessage() + "'");
            return;
        } catch (ExtendMembershipException e1) {
            log.warn("Can't create member from candidate {} due to membership expiration exception {}.", candidate, e1);
            skippedMembers.add("MemberEntry:[" + candidate + "] was skipped because membership expiration: Exception: " + e1.getName() + " => " + e1.getMessage() + "]");
            return;
        }
    }
    try {
        // Add the member to the group
        if (!group.getName().equals(VosManager.MEMBERS_GROUP)) {
            // Do not add members to the generic members group
            try {
                getPerunBl().getGroupsManagerBl().addMember(sess, group, member);
            } catch (GroupNotExistsException ex) {
                // Shouldn't happen, group should always exist
                throw new ConsistencyErrorException(ex);
            }
        }
        log.info("Group synchronization {}: New member id {} added.", group, member.getId());
    } catch (AlreadyMemberException e) {
        // This part is ok, it means someone add member before synchronization ends, log it and skip this member
        log.debug("Member {} was added to group {} before adding process. Skip this member.", member, group);
        return;
    } catch (AttributeValueException e) {
        // There is a problem with attribute value, so set INVALID status of the member
        getPerunBl().getMembersManagerBl().invalidateMember(sess, member);
    }
    // Try to validate member
    updateMemberStatus(sess, member);
}

Example 4 with AttributeValueException

use of cz.metacentrum.perun.core.api.exceptions.AttributeValueException in project perun by CESNET.

the class GroupsManagerBlImpl method updateUserAttribute.

/**
 * Update value of user attribute based on value of candidate.
 *
 * @param sess perun session
 * @param group group being synchronized
 * @param candidate candidate from whom we get attribute values
 * @param memberToUpdate member to update
 * @param attributeDefinition attribute being updated
 * @param overwriteUserAttributesList list of user attributes to be overwritten and not merged
 */
private void updateUserAttribute(PerunSession sess, Group group, Candidate candidate, RichMember memberToUpdate, AttributeDefinition attributeDefinition, List<String> overwriteUserAttributesList) {
    for (Attribute userAttribute : memberToUpdate.getUserAttributes()) {
        if (userAttribute.getName().equals(attributeDefinition.getName())) {
            Object subjectAttributeValue = getPerunBl().getAttributesManagerBl().stringToAttributeValue(candidate.getAttributes().get(attributeDefinition.getName()), userAttribute.getType());
            if (!Objects.equals(userAttribute.getValue(), subjectAttributeValue)) {
                log.trace("Group synchronization {}: value of the attribute {} for memberId {} changed. Original value {}, new value {}.", group, userAttribute, memberToUpdate.getId(), userAttribute.getValue(), subjectAttributeValue);
                userAttribute.setValue(subjectAttributeValue);
                try {
                    // Choose set or merge by extSource attribute overwriteUserAttributes (if contains this one)
                    if (overwriteUserAttributesList != null && overwriteUserAttributesList.contains(userAttribute.getName())) {
                        getPerunBl().getAttributesManagerBl().setAttributeInNestedTransaction(sess, memberToUpdate.getUser(), userAttribute);
                    } else {
                        getPerunBl().getAttributesManagerBl().mergeAttributeValueInNestedTransaction(sess, memberToUpdate.getUser(), userAttribute);
                    }
                } catch (AttributeValueException e) {
                    // There is a problem with attribute value, so set INVALID status for the member
                    getPerunBl().getMembersManagerBl().invalidateMember(sess, memberToUpdate);
                } catch (WrongAttributeAssignmentException e) {
                    throw new ConsistencyErrorException(e);
                }
            }
            // we found it, no need to continue in cycle
            break;
        }
    }
}

Example 5 with AttributeValueException

use of cz.metacentrum.perun.core.api.exceptions.AttributeValueException in project perun by CESNET.

the class MembersManagerBlImpl method deleteMember.

@Override
public void deleteMember(PerunSession sess, Member member) throws MemberAlreadyRemovedException {
    Vo vo = this.getMemberVo(sess, member);
    // Remove member from all groups
    List<Group> memberGroups = getPerunBl().getGroupsManagerBl().getMemberDirectGroups(sess, member);
    for (Group group : memberGroups) {
        // Member must be removed from the members group using separate method
        if (group.getName().equals(VosManager.MEMBERS_GROUP))
            continue;
        try {
            getPerunBl().getGroupsManagerBl().removeMember(sess, group, member);
        } catch (NotGroupMemberException e) {
            throw new ConsistencyErrorException("getMemberGroups return group where the member is not member", e);
        } catch (GroupNotExistsException e) {
            throw new ConsistencyErrorException(e);
        }
    }
    // Remove member from the VO members group
    try {
        Group g = getPerunBl().getGroupsManagerBl().getGroupByName(sess, vo, VosManager.MEMBERS_GROUP);
        try {
            getPerunBl().getGroupsManagerBl().removeMemberFromMembersOrAdministratorsGroup(sess, g, member);
        } catch (NotGroupMemberException e) {
            throw new ConsistencyErrorException("Member is not in the \"members\" group." + member + "  " + g, e);
        } catch (WrongAttributeValueException | WrongReferenceAttributeValueException e) {
            throw new InternalErrorException(e);
        }
    } catch (GroupNotExistsException e) {
        throw new InternalErrorException(e);
    }
    // Remove member's  attributes (namespaces: member and resource-member)
    try {
        getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, member);
        List<Resource> resources = getPerunBl().getResourcesManagerBl().getResources(sess, vo);
        for (Resource resource : resources) {
            getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, member, resource);
        }
    } catch (AttributeValueException ex) {
        throw new ConsistencyErrorException("Member is removed from all groups. There are no required attribute for this member. Member's attributes can be removed without problem.", ex);
    } catch (MemberResourceMismatchException ex) {
        throw new InternalErrorException(ex);
    }
    removeAllMemberBans(sess, member);
    // Remove possible links to member's sponsors
    membersManagerImpl.deleteSponsorLinks(sess, member);
    membersManagerImpl.rejectAllMemberOpenApplications(sess, member);
    // Remove member from the DB
    getMembersManagerImpl().deleteMember(sess, member);
    getPerunBl().getAuditer().log(sess, new MemberDeleted(member));
}