Examples with GroupResourceMismatchException cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException used on opensource projects

Example 16 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class urn_perun_group_resource_attribute_def_def_systemUnixGroupName method checkAttributeSemantics.

@Override
public void checkAttributeSemantics(PerunSessionImpl sess, Group group, Resource resource, Attribute attribute) throws WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
    String groupName = attribute.valueAsString();
    Attribute isSystemGroup;
    if (groupName == null) {
        try {
            isSystemGroup = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, group, A_GR_systemIsUnixGroup);
        } catch (AttributeNotExistsException ex) {
            throw new ConsistencyErrorException("Not exist Attribute " + A_GR_systemIsUnixGroup + " for group " + group, ex);
        } catch (GroupResourceMismatchException ex) {
            throw new InternalErrorException(ex);
        }
        if (isSystemGroup.getValue() != null && isSystemGroup.valueAsInteger() == 1) {
            throw new WrongReferenceAttributeValueException(attribute, isSystemGroup, group, resource, "Attribute cant be null if " + group + " on " + resource + " is system unix group.");
        }
        return;
    }
    // Get facility for the resource
    Facility facility = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
    // List of pairs (group and resource) which has the attribute with the value
    List<Pair<Group, Resource>> listGroupPairsResource = sess.getPerunBl().getGroupsManagerBl().getGroupResourcePairsByAttribute(sess, attribute);
    // Searching through all pairs and if is not checking group/resource/attribute, then try for being on the same facility, if yes then throw exception but only if these groups have not the same GID too.
    for (Pair<Group, Resource> p : listGroupPairsResource) {
        if (!p.getLeft().equals(group) || !p.getRight().equals(resource)) {
            Facility facilityForTest = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, p.getRight());
            Attribute group1GID;
            Attribute group2GID;
            try {
                group1GID = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, group, A_GR_systemUnixGID);
            } catch (AttributeNotExistsException ex) {
                throw new ConsistencyErrorException("Attribute " + A_GR_systemUnixGID + " not exists for group " + group + " and resource " + resource, ex);
            } catch (GroupResourceMismatchException ex) {
                throw new InternalErrorException(ex);
            }
            try {
                group2GID = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, p.getRight(), p.getLeft(), A_GR_systemUnixGID);
            } catch (AttributeNotExistsException ex) {
                throw new ConsistencyErrorException("Attribute " + A_GR_systemUnixGID + " not exists for group " + p.getLeft() + " and resource " + p.getRight(), ex);
            } catch (GroupResourceMismatchException ex) {
                throw new InternalErrorException(ex);
            }
            if (facilityForTest.equals(facility) && (group1GID.getValue() != null ? (!group1GID.getValue().equals(group2GID.getValue())) : group2GID != null)) {
                throw new WrongReferenceAttributeValueException(attribute, attribute, group, resource, "Group name " + groupName + "is already used by another group-resource and these have not the same GID and GroupName.  " + p.getLeft() + " " + p.getRight());
            }
        }
    }
}

Example 17 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class GenDataProviderImpl method loadGroupsAttributes.

@Override
public void loadGroupsAttributes(Resource resource, List<Group> groups) {
    groupResourceAttrs = new HashMap<>();
    lastLoadedResource = resource;
    for (Group group : groups) {
        try {
            // FIXME - attributes could be loaded at once to get a better performance
            groupResourceAttrs.put(group, sess.getPerunBl().getAttributesManagerBl().getRequiredAttributes(sess, service, resource, group));
        } catch (GroupResourceMismatchException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Group> notYetProcessedGroups = new ArrayList<>(groups);
    notYetProcessedGroups.removeAll(processedGroups);
    processedGroups.addAll(notYetProcessedGroups);
    groupAttrs.putAll(sess.getPerunBl().getAttributesManagerBl().getRequiredAttributesForGroups(sess, service, notYetProcessedGroups));
}

Example 18 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class GroupsManagerBlImpl method autoassignMovedTree.

/**
 * Checks, if moved group and subgroups should be automatically assigned to any group
 * @param sess
 * @param destinationGroup
 * @param movingGroup
 * @throws WrongReferenceAttributeValueException
 * @throws WrongAttributeValueException
 */
private void autoassignMovedTree(PerunSession sess, Group destinationGroup, Group movingGroup) throws WrongReferenceAttributeValueException, WrongAttributeValueException {
    List<AssignedResource> resourcesToAutoassign = perunBl.getResourcesManagerBl().getResourceAssignments(sess, destinationGroup, List.of()).stream().filter(AssignedResource::isAutoAssignSubgroups).collect(toList());
    for (AssignedResource resourceToAutoassign : resourcesToAutoassign) {
        Group sourceGroup;
        try {
            sourceGroup = resourceToAutoassign.getSourceGroupId() == null ? destinationGroup : this.getGroupById(sess, resourceToAutoassign.getSourceGroupId());
        } catch (GroupNotExistsException e) {
            throw new ConsistencyErrorException(e);
        }
        List<Group> groupsToAutoAssign = perunBl.getGroupsManagerBl().getAllSubGroups(sess, movingGroup);
        groupsToAutoAssign.add(movingGroup);
        for (Group groupToAutoassign : groupsToAutoAssign) {
            try {
                perunBl.getResourcesManagerBl().assignAutomaticGroupToResource(sess, sourceGroup, groupToAutoassign, resourceToAutoassign.getEnrichedResource().getResource());
            } catch (GroupAlreadyAssignedException e) {
            // skip
            } catch (GroupResourceMismatchException e) {
                log.error("Could not autoassign group " + groupToAutoassign + " to resource " + resourceToAutoassign, e);
            }
        }
    }
}

Example 19 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class AttributesManagerEntry method getRequiredAttributes.

@Override
public List<Attribute> getRequiredAttributes(PerunSession sess, Service service, Resource resource, Group group) throws ServiceNotExistsException, ResourceNotExistsException, GroupNotExistsException, GroupResourceMismatchException {
    Utils.checkPerunSession(sess);
    getPerunBl().getServicesManagerBl().checkServiceExists(sess, service);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    if (!getPerunBl().getGroupsManagerBl().getVo(sess, group).equals(getPerunBl().getResourcesManagerBl().getVo(sess, resource))) {
        throw new GroupResourceMismatchException("group and resource are not in the same VO");
    }
    List<Attribute> attributes = getAttributesManagerBl().getRequiredAttributes(sess, service, resource, group);
    Iterator<Attribute> attrIter = attributes.iterator();
    // Choose to which attributes has the principal access
    while (attrIter.hasNext()) {
        Attribute attrNext = attrIter.next();
        if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, group, resource))
            attrIter.remove();
        else
            attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, group, resource));
    }
    return attributes;
}

Example 20 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class AttributesManagerEntry method checkAttributesSyntax.

public void checkAttributesSyntax(PerunSession sess, Resource resource, Group group, List<Attribute> attributes, boolean workWithGroupAttribute) throws PrivilegeException, AttributeNotExistsException, ResourceNotExistsException, GroupNotExistsException, WrongAttributeAssignmentException, WrongAttributeValueException, GroupResourceMismatchException {
    Utils.checkPerunSession(sess);
    getAttributesManagerBl().checkAttributesExists(sess, attributes);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    if (!getPerunBl().getGroupsManagerBl().getVo(sess, group).equals(getPerunBl().getResourcesManagerBl().getVo(sess, resource))) {
        throw new GroupResourceMismatchException("group and resource are not in the same VO");
    }
    // Choose to which attributes has the principal access
    for (Attribute attr : attributes) {
        if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_GROUP_RESOURCE_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), group, resource))
                throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attr, NS_GROUP_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attr), group))
                throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attr));
        }
    }
    getAttributesManagerBl().checkAttributesSyntax(sess, resource, group, attributes, workWithGroupAttribute);
}