Examples with GroupRelationNotAllowed cz.metacentrum.perun.core.api.exceptions.GroupRelationNotAllowed used on opensource projects

Example 1 with GroupRelationNotAllowed

use of cz.metacentrum.perun.core.api.exceptions.GroupRelationNotAllowed in project perun by CESNET.

the class GroupsManagerBlImpl method createGroupUnion.

@Override
public Group createGroupUnion(PerunSession sess, Group resultGroup, Group operandGroup, boolean parentFlag) throws WrongReferenceAttributeValueException, WrongAttributeValueException, GroupNotExistsException, GroupRelationAlreadyExists, GroupRelationNotAllowed {
    // allow inclusion of members group, since we want to delegate privileges on assigning all vo members to some service for group manager.
    if (resultGroup.getName().equals(VosManager.MEMBERS_GROUP)) {
        throw new GroupRelationNotAllowed("Union cannot be created when result group " + resultGroup + " is members group.");
    }
    // check if both groups are from same VO
    if (resultGroup.getVoId() != operandGroup.getVoId()) {
        throw new GroupRelationNotAllowed("Union cannot be created on groups: " + resultGroup + ", " + operandGroup + ". They are not from the same VO.");
    }
    // check if result group is the same as operand group
    if (resultGroup.getId() == operandGroup.getId()) {
        throw new GroupRelationNotAllowed("Result group " + resultGroup + " cannot be the same as operand group " + operandGroup);
    }
    // check if there is already a record of these two groups
    if (this.groupsManagerImpl.isRelationBetweenGroups(resultGroup, operandGroup)) {
        throw new GroupRelationAlreadyExists("There is already a relation defined between result group " + resultGroup + " and operand group " + operandGroup + " or they are in direct hierarchical structure.");
    }
    // looking for situation where result group is predecessor of operand group (by name) but not a parent of it (which is ok)
    if (!parentFlag && operandGroup.getName().startsWith(resultGroup.getName() + ":")) {
        throw new GroupRelationNotAllowed("There is an indirect relationship between result group " + resultGroup + " and operand group " + operandGroup);
    }
    // check cycle between groups
    if (checkGroupsCycle(sess, resultGroup.getId(), operandGroup.getId())) {
        throw new GroupRelationNotAllowed("Union between result group " + resultGroup + " and operand group " + operandGroup + " would create group cycle.");
    }
    // save group relation
    groupsManagerImpl.saveGroupRelation(sess, resultGroup, operandGroup, parentFlag);
    List<Member> affectedMembers = getGroupMembers(sess, operandGroup);
    Map<Integer, Map<Integer, MemberGroupStatus>> previousStatuses = getPreviousStatuses(sess, operandGroup, affectedMembers);
    // do the operation logic
    try {
        addRelationMembers(sess, resultGroup, affectedMembers, operandGroup.getId());
    } catch (AlreadyMemberException ex) {
        throw new ConsistencyErrorException("AlreadyMemberException caused by DB inconsistency.", ex);
    }
    // calculate new member-group statuses
    for (Member member : affectedMembers) {
        recalculateMemberGroupStatusRecursively(sess, member, operandGroup, previousStatuses);
    }
    return resultGroup;
}

Example 2 with GroupRelationNotAllowed

use of cz.metacentrum.perun.core.api.exceptions.GroupRelationNotAllowed in project perun by CESNET.

the class GroupsManagerBlImpl method addMissingGroupsWhileSynchronization.

/**
 * Add missing groups under base group in Perun
 *
 * If some problem occurs, add candidateGroup to skippedGroups and skip it.
 *
 * Method is used by group structure synchronization.
 *
 * @param sess
 * @param baseGroup under which we will be synchronizing groups
 * @param candidateGroupsToAdd list of new groups (candidateGroups)
 * @param loginAttributeDefinition attribute definition for login of group
 * @param skippedGroups groups to be skipped because of any expected problem
 *
 * @throws InternalErrorException if some internal error occurs
 */
private void addMissingGroupsWhileSynchronization(PerunSession sess, Group baseGroup, List<CandidateGroup> candidateGroupsToAdd, AttributeDefinition loginAttributeDefinition, List<String> skippedGroups, List<String> mergeAttributes) {
    Map<CandidateGroup, Group> groupsToUpdate = new HashMap<>();
    // create all groups under base group first
    for (CandidateGroup candidateGroup : candidateGroupsToAdd) {
        try {
            // create group
            Group createdGroup = createGroup(sess, baseGroup, candidateGroup.asGroup());
            groupsToUpdate.put(candidateGroup, createdGroup);
            log.info("Group structure synchronization under base group {}: New Group id {} created during synchronization.", baseGroup, createdGroup.getId());
            // set login for group
            String login = candidateGroup.getLogin();
            if (login == null)
                throw new InternalErrorException("Login of candidate group " + candidateGroup + " can't be null!");
            Attribute loginAttribute = new Attribute(loginAttributeDefinition);
            loginAttribute.setValue(login);
            getPerunBl().getAttributesManagerBl().setAttribute(sess, createdGroup, loginAttribute);
        } catch (GroupExistsException e) {
            log.warn("Group {} was added to group structure {} before adding process. Skip this group.", candidateGroup, baseGroup);
            skippedGroups.add("GroupEntry:[" + candidateGroup + "] was skipped because it was added to group structure before adding process: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        } catch (GroupRelationNotAllowed e) {
            log.warn("Can't create group from candidate group {} due to group relation not allowed exception {}.", candidateGroup, e);
            skippedGroups.add("GroupEntry:[" + candidateGroup + "] was skipped because group relation was not allowed: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        } catch (GroupRelationAlreadyExists e) {
            log.warn("Can't create group from candidate group {} due to group relation already exists exception {}.", candidateGroup, e);
            skippedGroups.add("GroupEntry:[" + candidateGroup + "] was skipped because group relation already exists: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        } catch (WrongAttributeAssignmentException ex) {
            // this means wrong setting of login attribute
            throw new InternalErrorException(ex);
        } catch (WrongAttributeValueException | WrongReferenceAttributeValueException ex) {
            throw new InternalErrorException("Group login can't be set because of wrong value!", ex);
        }
    }
    // update newly added groups cause the hierarchy could be incorrect
    // no need to send list of removed parent groups here, because it is no need to resolve it for new groups at all
    updateExistingGroupsWhileSynchronization(sess, baseGroup, groupsToUpdate, Collections.emptyList(), loginAttributeDefinition, skippedGroups, mergeAttributes);
}