use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class FacilitiesManagerEntry method addHosts.
public List<Host> addHosts(PerunSession sess, List<Host> hosts, Facility facility) throws FacilityNotExistsException, InternalErrorException, PrivilegeException, HostExistsException {
Utils.checkPerunSession(sess);
getFacilitiesManagerBl().checkFacilityExists(sess, facility);
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facility)) {
throw new PrivilegeException(sess, "addHosts");
}
Utils.notNull(hosts, "hosts");
for (Host host : hosts) {
List<Facility> facilitiesByHostname = getFacilitiesManagerBl().getFacilitiesByHostName(sess, host.getHostname());
List<Facility> facilitiesByDestination = getFacilitiesManagerBl().getFacilitiesByDestination(sess, host.getHostname());
if (facilitiesByHostname.isEmpty() && facilitiesByDestination.isEmpty()) {
continue;
}
if (!facilitiesByHostname.isEmpty()) {
boolean hasRight = false;
for (Facility facilityByHostname : facilitiesByHostname) {
if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByHostname)) {
hasRight = true;
break;
}
}
if (hasRight)
continue;
}
if (!facilitiesByDestination.isEmpty()) {
boolean hasRight = false;
for (Facility facilityByDestination : facilitiesByDestination) {
if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByDestination)) {
hasRight = true;
break;
}
}
if (hasRight)
continue;
}
throw new PrivilegeException(sess, "You can't add host " + host + ", because you don't have privileges to use this hostName");
}
return getFacilitiesManagerBl().addHosts(sess, hosts, facility);
}
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class FacilitiesManagerEntry method removeFacilityContacts.
@Override
public void removeFacilityContacts(PerunSession sess, List<ContactGroup> contactGroupsToRemove) throws InternalErrorException, PrivilegeException, FacilityNotExistsException, UserNotExistsException, OwnerNotExistsException, GroupNotExistsException {
Utils.checkPerunSession(sess);
this.checkFacilityContactsEntitiesExist(sess, contactGroupsToRemove);
Iterator<ContactGroup> iter = contactGroupsToRemove.iterator();
while (iter.hasNext()) {
ContactGroup contactGroupToRemove = iter.next();
if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, contactGroupToRemove.getFacility())) {
throw new PrivilegeException(sess, "removeFacilityContacts");
}
}
this.getFacilitiesManagerBl().removeFacilityContacts(sess, contactGroupsToRemove);
}
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class GroupsManagerEntry method getGroupById.
public Group getGroupById(PerunSession sess, int id) throws GroupNotExistsException, InternalErrorException, PrivilegeException {
Utils.checkPerunSession(sess);
Group group = getGroupsManagerBl().getGroupById(sess, id);
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, group) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.RPC)) {
throw new PrivilegeException(sess, "getGroupById");
}
return group;
}
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class GroupsManagerEntry method getRichGroupByIdWithAttributesByNames.
public RichGroup getRichGroupByIdWithAttributesByNames(PerunSession sess, int groupId, List<String> attrNames) throws InternalErrorException, GroupNotExistsException, VoNotExistsException, PrivilegeException {
Utils.checkPerunSession(sess);
Group group = groupsManagerBl.getGroupById(sess, groupId);
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, group) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
throw new PrivilegeException(sess, "getRichGroupByIdWithAttributesByNames");
}
return getGroupsManagerBl().filterOnlyAllowedAttributes(sess, getGroupsManagerBl().getRichGroupByIdWithAttributesByNames(sess, groupId, attrNames));
}
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class GroupsManagerEntry method createGroup.
public Group createGroup(PerunSession sess, Group parentGroup, Group group) throws GroupNotExistsException, GroupExistsException, PrivilegeException, InternalErrorException, GroupOperationsException, GroupRelationNotAllowed, GroupRelationAlreadyExists {
Utils.checkPerunSession(sess);
getGroupsManagerBl().checkGroupExists(sess, parentGroup);
Utils.notNull(group, "group");
Utils.notNull(group.getName(), "group.name");
if (!group.getName().matches(GroupsManager.GROUP_SHORT_NAME_REGEXP)) {
throw new InternalErrorException(new IllegalArgumentException("Wrong group name, group name must matches " + GroupsManager.GROUP_SHORT_NAME_REGEXP));
}
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, parentGroup) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, parentGroup)) {
throw new PrivilegeException(sess, "createGroup - subGroup");
}
Group createdGroup = getGroupsManagerBl().createGroup(sess, parentGroup, group);
//Refresh authz
AuthzResolver.refreshAuthz(sess);
return createdGroup;
}
Aggregations