Examples with PrivilegeException cz.metacentrum.perun.core.api.exceptions.PrivilegeException used on opensource projects

Example 6 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class MembersManagerEntry method createMember.

public Member createMember(PerunSession sess, Vo vo, ExtSource extSource, String login, List<Group> groups) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, AlreadyMemberException, ExtendMembershipException, VoNotExistsException, ExtSourceNotExistsException, PrivilegeException, GroupNotExistsException, GroupOperationsException {
    Utils.checkPerunSession(sess);
    getPerunBl().getVosManagerBl().checkVoExists(sess, vo);
    getPerunBl().getExtSourcesManagerBl().checkExtSourceExists(sess, extSource);
    // if any group is not from the vo, throw an exception
    if (groups != null) {
        for (Group group : groups) {
            perunBl.getGroupsManagerBl().checkGroupExists(sess, group);
            if (group.getVoId() != vo.getId())
                throw new InternalErrorException("Group " + group + " is not from the vo " + vo + " where user with login " + login + " from ExtSource " + extSource + " should be added.");
        }
    }
    // Authorization for vo admin and perun admin automatic
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
        //also group admin of all affected groups is ok
        if (groups != null && !groups.isEmpty()) {
            boolean groupAdminOfAllGroups = true;
            boolean authorizedToExtSource = false;
            for (Group group : groups) {
                //User in session has to be GroupAdmin of all affected groups
                if (!AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
                    groupAdminOfAllGroups = false;
                    break;
                }
                //User in session has to have at least one right to work with the ExtSource
                List<ExtSource> groupExtSources = getPerunBl().getExtSourcesManagerBl().getGroupExtSources(sess, group);
                if (groupExtSources.contains(extSource))
                    authorizedToExtSource = true;
            }
            if (!groupAdminOfAllGroups || !authorizedToExtSource) {
                throw new PrivilegeException(sess, "createMember - from login and extSource -- authorized to extSource=" + authorizedToExtSource + " and groupAdmin in all groups=" + groupAdminOfAllGroups);
            }
        } else {
            throw new PrivilegeException(sess, "createMember - from login and extSource");
        }
    }
    // we run async validation
    Member member = getMembersManagerBl().createMember(sess, vo, extSource, login, groups);
    getMembersManagerBl().validateMemberAsync(sess, member);
    return member;
}

Example 7 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class VosManagerEntry method getVoById.

public Vo getVoById(PerunSession sess, int id) throws VoNotExistsException, InternalErrorException, PrivilegeException {
    Utils.notNull(sess, "sess");
    Vo vo = vosManagerBl.getVoById(sess, id);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, vo) && !AuthzResolver.isAuthorized(sess, Role.ENGINE) && !AuthzResolver.isAuthorized(sess, Role.RPC) && !AuthzResolver.isAuthorized(sess, Role.SELF)) {
        throw new PrivilegeException(sess, "getVoById");
    }
    return vo;
}

Example 8 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class MembersManagerEntry method getMemberById.

public Member getMemberById(PerunSession sess, int id) throws InternalErrorException, MemberNotExistsException, PrivilegeException {
    Utils.checkPerunSession(sess);
    Member member = getMembersManagerBl().getMemberById(sess, id);
    //  Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, member) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, member) && !AuthzResolver.isAuthorized(sess, Role.RPC)) {
        throw new PrivilegeException(sess, "getMemberById");
    }
    return member;
}

Example 9 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class MembersManagerEntry method createSpecificMember.

public Member createSpecificMember(PerunSession sess, Vo vo, Candidate candidate, List<User> specificUserOwners, SpecificUserType specificUserType, List<Group> groups) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, AlreadyMemberException, VoNotExistsException, PrivilegeException, UserNotExistsException, ExtendMembershipException, GroupNotExistsException, GroupOperationsException {
    Utils.checkPerunSession(sess);
    Utils.notNull(specificUserType, "specificUserType");
    //normal type is not allowed when creating specific member
    if (specificUserType.equals(SpecificUserType.NORMAL))
        throw new InternalErrorException("Type of specific user must be defined.");
    // if any group is not from the vo, throw an exception
    if (groups != null) {
        for (Group group : groups) {
            perunBl.getGroupsManagerBl().checkGroupExists(sess, group);
            if (group.getVoId() != vo.getId())
                throw new InternalErrorException("Group " + group + " is not from the vo " + vo + " where candidate " + candidate + " should be added.");
        }
    }
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
        throw new PrivilegeException(sess, "createSpecificMember (Specific User) - from candidate");
    }
    Utils.notNull(candidate, "candidate");
    getPerunBl().getVosManagerBl().checkVoExists(sess, vo);
    if (specificUserOwners.isEmpty())
        throw new InternalErrorException("List of specificUserOwners of " + candidate + " can't be empty.");
    for (User u : specificUserOwners) {
        getPerunBl().getUsersManagerBl().checkUserExists(sess, u);
    }
    return getMembersManagerBl().createSpecificMember(sess, vo, candidate, specificUserOwners, specificUserType, groups);
}

Example 10 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class MembersManagerEntry method createMember.

public Member createMember(PerunSession sess, Vo vo, User user, List<Group> groups) throws InternalErrorException, AlreadyMemberException, WrongAttributeValueException, WrongReferenceAttributeValueException, VoNotExistsException, UserNotExistsException, PrivilegeException, ExtendMembershipException, GroupNotExistsException, GroupOperationsException {
    Utils.checkPerunSession(sess);
    getPerunBl().getUsersManagerBl().checkUserExists(sess, user);
    getPerunBl().getVosManagerBl().checkVoExists(sess, vo);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
        throw new PrivilegeException(sess, "createMember - from user");
    }
    // if any group is not from the vo, throw an exception
    if (groups != null) {
        for (Group group : groups) {
            perunBl.getGroupsManagerBl().checkGroupExists(sess, group);
            if (group.getVoId() != vo.getId())
                throw new InternalErrorException("Group " + group + " is not from the vo " + vo + " where user " + user + " should be added.");
        }
    }
    return getMembersManagerBl().createMember(sess, vo, user, groups);
}