Search in sources :

Example 56 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class FacilitiesManagerEntry method addHosts.

public List<Host> addHosts(PerunSession sess, List<Host> hosts, Facility facility) throws FacilityNotExistsException, InternalErrorException, PrivilegeException, HostExistsException {
    Utils.checkPerunSession(sess);
    getFacilitiesManagerBl().checkFacilityExists(sess, facility);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facility)) {
        throw new PrivilegeException(sess, "addHosts");
    }
    Utils.notNull(hosts, "hosts");
    for (Host host : hosts) {
        List<Facility> facilitiesByHostname = getFacilitiesManagerBl().getFacilitiesByHostName(sess, host.getHostname());
        List<Facility> facilitiesByDestination = getFacilitiesManagerBl().getFacilitiesByDestination(sess, host.getHostname());
        if (facilitiesByHostname.isEmpty() && facilitiesByDestination.isEmpty()) {
            continue;
        }
        if (!facilitiesByHostname.isEmpty()) {
            boolean hasRight = false;
            for (Facility facilityByHostname : facilitiesByHostname) {
                if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByHostname)) {
                    hasRight = true;
                    break;
                }
            }
            if (hasRight)
                continue;
        }
        if (!facilitiesByDestination.isEmpty()) {
            boolean hasRight = false;
            for (Facility facilityByDestination : facilitiesByDestination) {
                if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByDestination)) {
                    hasRight = true;
                    break;
                }
            }
            if (hasRight)
                continue;
        }
        throw new PrivilegeException(sess, "You can't add host " + host + ", because you don't have privileges to use this hostName");
    }
    return getFacilitiesManagerBl().addHosts(sess, hosts, facility);
}
Also used : PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) Host(cz.metacentrum.perun.core.api.Host) BanOnFacility(cz.metacentrum.perun.core.api.BanOnFacility) Facility(cz.metacentrum.perun.core.api.Facility) RichFacility(cz.metacentrum.perun.core.api.RichFacility)

Example 57 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class FacilitiesManagerEntry method removeFacilityContacts.

@Override
public void removeFacilityContacts(PerunSession sess, List<ContactGroup> contactGroupsToRemove) throws InternalErrorException, PrivilegeException, FacilityNotExistsException, UserNotExistsException, OwnerNotExistsException, GroupNotExistsException {
    Utils.checkPerunSession(sess);
    this.checkFacilityContactsEntitiesExist(sess, contactGroupsToRemove);
    Iterator<ContactGroup> iter = contactGroupsToRemove.iterator();
    while (iter.hasNext()) {
        ContactGroup contactGroupToRemove = iter.next();
        if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, contactGroupToRemove.getFacility())) {
            throw new PrivilegeException(sess, "removeFacilityContacts");
        }
    }
    this.getFacilitiesManagerBl().removeFacilityContacts(sess, contactGroupsToRemove);
}
Also used : PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) ContactGroup(cz.metacentrum.perun.core.api.ContactGroup)

Example 58 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class GroupsManagerEntry method getGroupById.

public Group getGroupById(PerunSession sess, int id) throws GroupNotExistsException, InternalErrorException, PrivilegeException {
    Utils.checkPerunSession(sess);
    Group group = getGroupsManagerBl().getGroupById(sess, id);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, group) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.RPC)) {
        throw new PrivilegeException(sess, "getGroupById");
    }
    return group;
}
Also used : Group(cz.metacentrum.perun.core.api.Group) RichGroup(cz.metacentrum.perun.core.api.RichGroup) PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException)

Example 59 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class GroupsManagerEntry method getRichGroupByIdWithAttributesByNames.

public RichGroup getRichGroupByIdWithAttributesByNames(PerunSession sess, int groupId, List<String> attrNames) throws InternalErrorException, GroupNotExistsException, VoNotExistsException, PrivilegeException {
    Utils.checkPerunSession(sess);
    Group group = groupsManagerBl.getGroupById(sess, groupId);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, group) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
        throw new PrivilegeException(sess, "getRichGroupByIdWithAttributesByNames");
    }
    return getGroupsManagerBl().filterOnlyAllowedAttributes(sess, getGroupsManagerBl().getRichGroupByIdWithAttributesByNames(sess, groupId, attrNames));
}
Also used : Group(cz.metacentrum.perun.core.api.Group) RichGroup(cz.metacentrum.perun.core.api.RichGroup) PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException)

Example 60 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class GroupsManagerEntry method createGroup.

public Group createGroup(PerunSession sess, Group parentGroup, Group group) throws GroupNotExistsException, GroupExistsException, PrivilegeException, InternalErrorException, GroupOperationsException, GroupRelationNotAllowed, GroupRelationAlreadyExists {
    Utils.checkPerunSession(sess);
    getGroupsManagerBl().checkGroupExists(sess, parentGroup);
    Utils.notNull(group, "group");
    Utils.notNull(group.getName(), "group.name");
    if (!group.getName().matches(GroupsManager.GROUP_SHORT_NAME_REGEXP)) {
        throw new InternalErrorException(new IllegalArgumentException("Wrong group name, group name must matches " + GroupsManager.GROUP_SHORT_NAME_REGEXP));
    }
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, parentGroup) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, parentGroup)) {
        throw new PrivilegeException(sess, "createGroup - subGroup");
    }
    Group createdGroup = getGroupsManagerBl().createGroup(sess, parentGroup, group);
    //Refresh authz
    AuthzResolver.refreshAuthz(sess);
    return createdGroup;
}
Also used : Group(cz.metacentrum.perun.core.api.Group) RichGroup(cz.metacentrum.perun.core.api.RichGroup) PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) IllegalArgumentException(cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException)

Aggregations

PrivilegeException (cz.metacentrum.perun.core.api.exceptions.PrivilegeException)66 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)22 Facility (cz.metacentrum.perun.core.api.Facility)18 BanOnFacility (cz.metacentrum.perun.core.api.BanOnFacility)13 Group (cz.metacentrum.perun.core.api.Group)13 RichFacility (cz.metacentrum.perun.core.api.RichFacility)13 Vo (cz.metacentrum.perun.core.api.Vo)8 RichGroup (cz.metacentrum.perun.core.api.RichGroup)7 ArrayList (java.util.ArrayList)7 User (cz.metacentrum.perun.core.api.User)6 Service (cz.metacentrum.perun.core.api.Service)5 FacilityNotExistsException (cz.metacentrum.perun.core.api.exceptions.FacilityNotExistsException)5 ServiceNotExistsException (cz.metacentrum.perun.core.api.exceptions.ServiceNotExistsException)5 Member (cz.metacentrum.perun.core.api.Member)4 RichMember (cz.metacentrum.perun.core.api.RichMember)4 IllegalArgumentException (cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException)4 ExecService (cz.metacentrum.perun.taskslib.model.ExecService)4 Task (cz.metacentrum.perun.taskslib.model.Task)4 RichUser (cz.metacentrum.perun.core.api.RichUser)3 WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)3