Examples with PrivilegeException cz.metacentrum.perun.core.api.exceptions.PrivilegeException used on opensource projects

Example 1 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class ServicesManagerEntry method addDestination.

public Destination addDestination(PerunSession sess, Service service, Facility facility, Destination destination) throws InternalErrorException, PrivilegeException, ServiceNotExistsException, FacilityNotExistsException, DestinationAlreadyAssignedException, WrongPatternException {
    Utils.checkPerunSession(sess);
    Utils.checkDestinationType(destination);
    getPerunBl().getFacilitiesManagerBl().checkFacilityExists(sess, facility);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facility)) {
        throw new PrivilegeException(sess, "addDestination");
    }
    //prepare lists of facilities
    List<Facility> facilitiesByHostname = new ArrayList<Facility>();
    List<Facility> facilitiesByDestination = new ArrayList<Facility>();
    if (destination.getType().equals(Destination.DESTINATIONHOSTTYPE) || destination.getType().equals(Destination.DESTINATIONUSERHOSTTYPE) || destination.getType().equals(Destination.DESTINATIONUSERHOSTPORTTYPE)) {
        facilitiesByHostname = getPerunBl().getFacilitiesManagerBl().getFacilitiesByHostName(sess, destination.getHostNameFromDestination());
        if (facilitiesByHostname.isEmpty())
            facilitiesByDestination = getPerunBl().getFacilitiesManagerBl().getFacilitiesByDestination(sess, destination.getHostNameFromDestination());
        if (!facilitiesByHostname.isEmpty()) {
            boolean hasRight = false;
            for (Facility facilityByHostname : facilitiesByHostname) {
                if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByHostname)) {
                    hasRight = true;
                    break;
                }
            }
            if (!hasRight)
                throw new PrivilegeException("You have no right to add this destination.");
        }
        if (!facilitiesByDestination.isEmpty()) {
            boolean hasRight = false;
            for (Facility facilityByDestination : facilitiesByDestination) {
                if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByDestination)) {
                    hasRight = true;
                    break;
                }
            }
            if (!hasRight)
                throw new PrivilegeException("You have no right to add this destination.");
        }
    }
    getServicesManagerBl().checkServiceExists(sess, service);
    getPerunBl().getFacilitiesManagerBl().checkFacilityExists(sess, facility);
    Utils.notNull(destination, "destination");
    Utils.notNull(destination.getDestination(), "destination.destination");
    Utils.notNull(destination.getType(), "destination.type");
    return getServicesManagerBl().addDestination(sess, service, facility, destination);
}

Example 2 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class ServicesManagerEntry method addDestinationsDefinedByHostsOnFacility.

@Override
public List<Destination> addDestinationsDefinedByHostsOnFacility(PerunSession perunSession, List<Service> services, Facility facility) throws PrivilegeException, InternalErrorException, ServiceNotExistsException, FacilityNotExistsException {
    Utils.checkPerunSession(perunSession);
    Utils.notNull(services, "services");
    // Auhtorization
    if (!AuthzResolver.isAuthorized(perunSession, Role.FACILITYADMIN, facility)) {
        throw new PrivilegeException(perunSession, "addDestinationsDefinedByHostsOnFacility");
    }
    for (Service s : services) {
        getServicesManagerBl().checkServiceExists(perunSession, s);
    }
    getPerunBl().getFacilitiesManagerBl().checkFacilityExists(perunSession, facility);
    return getServicesManagerBl().addDestinationsDefinedByHostsOnFacility(perunSession, services, facility);
}

Example 3 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class VosManagerEntry method getVoByShortName.

public Vo getVoByShortName(PerunSession sess, String shortName) throws VoNotExistsException, InternalErrorException, PrivilegeException {
    Utils.notNull(shortName, "shortName");
    Utils.notNull(sess, "sess");
    Vo vo = vosManagerBl.getVoByShortName(sess, shortName);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, vo) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.TOPGROUPCREATOR, vo) && !AuthzResolver.isAuthorized(sess, Role.ENGINE)) {
        throw new PrivilegeException(sess, "getVoByShortName");
    }
    return vo;
}

Example 4 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class GroupsManagerEntry method createGroup.

public Group createGroup(PerunSession sess, Vo vo, Group group) throws GroupExistsException, PrivilegeException, InternalErrorException, VoNotExistsException {
    Utils.checkPerunSession(sess);
    Utils.notNull(group, "group");
    Utils.notNull(group.getName(), "group.name");
    if (!group.getName().matches(GroupsManager.GROUP_SHORT_NAME_REGEXP)) {
        throw new InternalErrorException(new IllegalArgumentException("Wrong group name, group name must matches " + GroupsManager.GROUP_SHORT_NAME_REGEXP));
    }
    if (group.getParentGroupId() != null)
        throw new InternalErrorException("Top-level groups can't have parentGroupId set!");
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.TOPGROUPCREATOR, vo)) {
        throw new PrivilegeException(sess, "createGroup");
    }
    getPerunBl().getVosManagerBl().checkVoExists(sess, vo);
    Group createdGroup = getGroupsManagerBl().createGroup(sess, vo, group);
    //Refresh authz
    AuthzResolver.refreshAuthz(sess);
    return createdGroup;
}

Example 5 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class MembersManagerEntry method createMember.

public Member createMember(PerunSession sess, Vo vo, Candidate candidate, List<Group> groups) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, AlreadyMemberException, VoNotExistsException, PrivilegeException, ExtendMembershipException, GroupNotExistsException, GroupOperationsException {
    Utils.checkPerunSession(sess);
    // if any group is not from the vo, throw an exception
    if (groups != null) {
        for (Group group : groups) {
            perunBl.getGroupsManagerBl().checkGroupExists(sess, group);
            if (group.getVoId() != vo.getId())
                throw new InternalErrorException("Group " + group + " is not from the vo " + vo + " where candidate " + candidate + " should be added.");
        }
    }
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
        throw new PrivilegeException(sess, "createMember - from candidate");
    }
    Utils.notNull(candidate, "candidate");
    getPerunBl().getVosManagerBl().checkVoExists(sess, vo);
    return getMembersManagerBl().createMember(sess, vo, candidate, groups);
}