Examples with GroupResourceMismatchException cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException used on opensource projects

Example 31 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class AttributesManagerEntry method getResourceRequiredAttributes.

@Override
public List<Attribute> getResourceRequiredAttributes(PerunSession sess, Resource resourceToGetServicesFrom, Resource resource, Group group, boolean workWithGroupAttributes) throws ResourceNotExistsException, GroupNotExistsException, GroupResourceMismatchException {
    Utils.checkPerunSession(sess);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resourceToGetServicesFrom);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    if (group.getVoId() != resource.getVoId()) {
        throw new GroupResourceMismatchException("Group and resource are not in the same VO.");
    }
    List<Attribute> attributes = getAttributesManagerBl().getResourceRequiredAttributes(sess, resourceToGetServicesFrom, resource, group, workWithGroupAttributes);
    Iterator<Attribute> attrIter = attributes.iterator();
    // Choose to which attributes has the principal access
    while (attrIter.hasNext()) {
        Attribute attrNext = attrIter.next();
        if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_GROUP_RESOURCE_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, group, resource))
                attrIter.remove();
            else
                attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, group, resource));
        } else if (getAttributesManagerBl().isFromNamespace(sess, attrNext, NS_GROUP_ATTR)) {
            if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attrNext, group))
                attrIter.remove();
            else
                attrNext.setWritable(AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attrNext, group));
        } else {
            throw new ConsistencyErrorException("There is some attribute which is not of expected type (group or group_resource).");
        }
    }
    return attributes;
}

Example 32 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class AttributesManagerEntry method checkAttributeSemantics.

@Override
public void checkAttributeSemantics(PerunSession sess, Resource resource, Group group, Attribute attribute) throws PrivilegeException, AttributeNotExistsException, GroupNotExistsException, ResourceNotExistsException, GroupResourceMismatchException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException {
    Utils.checkPerunSession(sess);
    getAttributesManagerBl().checkAttributeExists(sess, attribute);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    if (!getPerunBl().getGroupsManagerBl().getVo(sess, group).equals(getPerunBl().getResourcesManagerBl().getVo(sess, resource))) {
        throw new GroupResourceMismatchException("group and resource are not in the same VO");
    }
    // Choose to which attributes has the principal access
    if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attribute), group, resource))
        throw new PrivilegeException("Principal has no access to check attribute = " + new AttributeDefinition(attribute));
    getAttributesManagerBl().checkAttributeSemantics(sess, resource, group, attribute);
}

Example 33 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class AttributesManagerBlImpl method checkGroupIsFromTheSameVoLikeResource.

/**
 * Check if group is assigned on resource. If not, throw WrongAttributeAssignment Exception
 */
@Override
public void checkGroupIsFromTheSameVoLikeResource(PerunSession sess, Group group, Resource resource) throws GroupResourceMismatchException {
    Utils.notNull(sess, "sess");
    Utils.notNull(group, "group");
    Utils.notNull(resource, "resource");
    if (group.getVoId() != resource.getVoId())
        throw new GroupResourceMismatchException("Group is not from the same vo like Resource: " + group + " " + resource);
}

Example 34 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class AttributesManagerEntry method fillAttributes.

@Override
public List<Attribute> fillAttributes(PerunSession sess, Resource resource, Group group, List<Attribute> attributes) throws ResourceNotExistsException, GroupNotExistsException, AttributeNotExistsException, WrongAttributeAssignmentException, GroupResourceMismatchException {
    Utils.checkPerunSession(sess);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    getAttributesManagerBl().checkAttributesExists(sess, attributes);
    if (!getPerunBl().getGroupsManagerBl().getVo(sess, group).equals(getPerunBl().getResourcesManagerBl().getVo(sess, resource))) {
        throw new GroupResourceMismatchException("group and resource are not in the same VO");
    }
    // Choose to which attributes has the principal access
    List<Attribute> listOfAttributes = getAttributesManagerBl().fillAttributes(sess, resource, group, attributes);
    Iterator<Attribute> attrIter = listOfAttributes.iterator();
    while (attrIter.hasNext()) {
        Attribute attrNext = attrIter.next();
        if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, new AttributeDefinition(attrNext), group, resource))
            attrIter.remove();
        else
            attrNext.setWritable(true);
    }
    return listOfAttributes;
}

Example 35 with GroupResourceMismatchException

use of cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException in project perun by CESNET.

the class AttributesManagerEntry method removeAllAttributes.

@Override
public void removeAllAttributes(PerunSession sess, Resource resource, Group group) throws PrivilegeException, ResourceNotExistsException, GroupNotExistsException, GroupResourceMismatchException, WrongAttributeValueException, WrongReferenceAttributeValueException {
    Utils.checkPerunSession(sess);
    getPerunBl().getResourcesManagerBl().checkResourceExists(sess, resource);
    getPerunBl().getGroupsManagerBl().checkGroupExists(sess, group);
    if (!getPerunBl().getGroupsManagerBl().getVo(sess, group).equals(getPerunBl().getResourcesManagerBl().getVo(sess, resource))) {
        throw new GroupResourceMismatchException("group and resource are not in the same VO");
    }
    // Choose if principal has access to remove all attributes
    List<Attribute> allAttributes = getPerunBl().getAttributesManagerBl().getAttributes(sess, resource, group);
    for (Attribute attr : allAttributes) {
        if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.WRITE, attr, group, resource))
            throw new PrivilegeException("Principal has no access to remove attribute = " + new AttributeDefinition(attr));
    }
    getAttributesManagerBl().removeAllAttributes(sess, resource, group);
}