Example 11 with PrivilegeException
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class FacilitiesManagerEntry method removeBan.
public void removeBan(PerunSession sess, int userId, int facilityId) throws InternalErrorException, BanNotExistsException, PrivilegeException {
Utils.checkPerunSession(sess);
BanOnFacility ban = this.getFacilitiesManagerBl().getBan(sess, userId, facilityId);
Facility facility = new Facility();
facility.setId(ban.getId());
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facility)) {
throw new PrivilegeException(sess, "removeBan");
}
getFacilitiesManagerBl().removeBan(sess, userId, facilityId);
}
Also used :
BanOnFacility(cz.metacentrum.perun.core.api.BanOnFacility)
PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException)
BanOnFacility(cz.metacentrum.perun.core.api.BanOnFacility)
Facility(cz.metacentrum.perun.core.api.Facility)
RichFacility(cz.metacentrum.perun.core.api.RichFacility)
Example 12 with PrivilegeException
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class ConsolidatorManagerImpl method checkForSimilarUsers.
@Override
public List<Identity> checkForSimilarUsers(PerunSession sess, int appId) throws PerunException {
String email = "";
String name = "";
List<RichUser> result = new ArrayList<RichUser>();
List<String> attrNames = new ArrayList<String>();
attrNames.add("urn:perun:user:attribute-def:def:preferredMail");
attrNames.add("urn:perun:user:attribute-def:def:organization");
Application app = registrarManager.getApplicationById(registrarSession, appId);
if (app.getGroup() == null) {
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo())) {
if (sess.getPerunPrincipal().getUser() != null) {
// check if application to find similar users by belongs to user
if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
throw new PrivilegeException("checkForSimilarUsers");
} else {
if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
throw new PrivilegeException("checkForSimilarUsers");
}
}
} else {
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo()) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, app.getGroup())) {
if (sess.getPerunPrincipal().getUser() != null) {
// check if application to find similar users by belongs to user
if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
throw new PrivilegeException("checkForSimilarUsers");
} else {
if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
throw new PrivilegeException("checkForSimilarUsers");
}
}
}
// only for initial VO applications if user==null
if (app.getType().equals(Application.AppType.INITIAL) && app.getGroup() == null && app.getUser() == null) {
try {
User u = perun.getUsersManager().getUserByExtSourceNameAndExtLogin(registrarSession, app.getExtSourceName(), app.getCreatedBy());
if (u != null) {
// do not show error message in GUI by returning an empty array.
return convertToIdentities(result);
}
} catch (Exception ex) {
// we don't care, let's try to search by name
}
List<ApplicationFormItemData> data = registrarManager.getApplicationDataById(sess, appId);
// search by email, which should be unique (check is more precise)
for (ApplicationFormItemData item : data) {
if ("urn:perun:user:attribute-def:def:preferredMail".equals(item.getFormItem().getPerunDestinationAttribute())) {
email = item.getValue();
}
if (email != null && !email.isEmpty())
break;
}
List<RichUser> users = (email != null && !email.isEmpty()) ? perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames) : new ArrayList<RichUser>();
if (users != null && !users.isEmpty()) {
// found by preferredMail
return convertToIdentities(users);
}
// search by different mail
// clear previous value
email = "";
for (ApplicationFormItemData item : data) {
if ("urn:perun:member:attribute-def:def:mail".equals(item.getFormItem().getPerunDestinationAttribute())) {
email = item.getValue();
}
if (email != null && !email.isEmpty())
break;
}
users = (email != null && !email.isEmpty()) ? perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames) : new ArrayList<RichUser>();
if (users != null && !users.isEmpty()) {
// found by member mail
return convertToIdentities(users);
}
for (ApplicationFormItemData item : data) {
if (RegistrarManagerImpl.URN_USER_DISPLAY_NAME.equals(item.getFormItem().getPerunDestinationAttribute())) {
name = item.getValue();
// use parsed name to drop mistakes on IDP side
try {
if (name != null && !name.isEmpty()) {
Map<String, String> nameMap = Utils.parseCommonName(name);
// drop name titles to spread search
String newName = "";
if (nameMap.get("firstName") != null && !nameMap.get("firstName").isEmpty()) {
newName += nameMap.get("firstName") + " ";
}
if (nameMap.get("lastName") != null && !nameMap.get("lastName").isEmpty()) {
newName += nameMap.get("lastName");
}
// fill parsed name instead of input
if (newName != null && !newName.isEmpty()) {
name = newName;
}
}
} catch (Exception ex) {
log.error("[REGISTRAR] Unable to parse new user's display/common name when searching for similar users. Exception: {}", ex);
}
if (name != null && !name.isEmpty())
break;
}
}
users = (name != null && !name.isEmpty()) ? perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames) : new ArrayList<RichUser>();
if (users != null && !users.isEmpty()) {
// found by member display name
return convertToIdentities(users);
}
// continue to search by last name
// clear previous value
name = "";
for (ApplicationFormItemData item : data) {
if (RegistrarManagerImpl.URN_USER_LAST_NAME.equals(item.getFormItem().getPerunDestinationAttribute())) {
name = item.getValue();
if (name != null && !name.isEmpty())
break;
}
}
if (name != null && !name.isEmpty()) {
// what was found by name
return convertToIdentities(perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames));
} else {
// not found by name
return convertToIdentities(result);
}
} else {
// not found, since not proper type of application to check users for
return convertToIdentities(result);
}
}
Also used :
ApplicationFormItemData(cz.metacentrum.perun.registrar.model.ApplicationFormItemData)
ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)
PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException)
PerunException(cz.metacentrum.perun.core.api.exceptions.PerunException)
EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException)
PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException)
Application(cz.metacentrum.perun.registrar.model.Application)
Example 13 with PrivilegeException
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class FacilitiesManagerEntry method addHost.
public Host addHost(PerunSession sess, Host host, Facility facility) throws InternalErrorException, FacilityNotExistsException, PrivilegeException {
Utils.checkPerunSession(sess);
getFacilitiesManagerBl().checkFacilityExists(sess, facility);
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facility)) {
throw new PrivilegeException(sess, "addHost");
}
Utils.notNull(host, "hosts");
List<Facility> facilitiesByHostname = getFacilitiesManagerBl().getFacilitiesByHostName(sess, host.getHostname());
List<Facility> facilitiesByDestination = getFacilitiesManagerBl().getFacilitiesByDestination(sess, host.getHostname());
if (facilitiesByHostname.isEmpty() && facilitiesByDestination.isEmpty()) {
return getFacilitiesManagerBl().addHost(sess, host, facility);
}
if (!facilitiesByHostname.isEmpty()) {
boolean hasRight = false;
for (Facility facilityByHostname : facilitiesByHostname) {
if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByHostname)) {
hasRight = true;
break;
}
}
if (hasRight)
return getFacilitiesManagerBl().addHost(sess, host, facility);
}
if (!facilitiesByDestination.isEmpty()) {
boolean hasRight = false;
for (Facility facilityByDestination : facilitiesByDestination) {
if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByDestination)) {
hasRight = true;
break;
}
}
if (hasRight)
return getFacilitiesManagerBl().addHost(sess, host, facility);
}
throw new PrivilegeException(sess, "You can't add host " + host + ", because you don't have privileges to use this hostName");
}
Also used :
PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException)
BanOnFacility(cz.metacentrum.perun.core.api.BanOnFacility)
Facility(cz.metacentrum.perun.core.api.Facility)
RichFacility(cz.metacentrum.perun.core.api.RichFacility)
Example 14 with PrivilegeException
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class FacilitiesManagerEntry method updateBan.
public BanOnFacility updateBan(PerunSession sess, BanOnFacility banOnFacility) throws InternalErrorException, PrivilegeException, FacilityNotExistsException, UserNotExistsException, BanNotExistsException {
Utils.checkPerunSession(sess);
this.getFacilitiesManagerBl().checkBanExists(sess, banOnFacility.getId());
Facility facility = this.getFacilitiesManagerBl().getFacilityById(sess, banOnFacility.getFacilityId());
User user = getPerunBl().getUsersManagerBl().getUserById(sess, banOnFacility.getUserId());
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facility)) {
throw new PrivilegeException(sess, "updateBan");
}
banOnFacility = getFacilitiesManagerBl().updateBan(sess, banOnFacility);
return banOnFacility;
}
Also used :
User(cz.metacentrum.perun.core.api.User)
RichUser(cz.metacentrum.perun.core.api.RichUser)
PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException)
BanOnFacility(cz.metacentrum.perun.core.api.BanOnFacility)
Facility(cz.metacentrum.perun.core.api.Facility)
RichFacility(cz.metacentrum.perun.core.api.RichFacility)
Example 15 with PrivilegeException
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class GroupsManagerEntry method getMemberGroups.
public List<Group> getMemberGroups(PerunSession sess, Member member) throws InternalErrorException, PrivilegeException, MemberNotExistsException {
Utils.checkPerunSession(sess);
getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
Vo vo = getPerunBl().getMembersManagerBl().getMemberVo(sess, member);
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, vo) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.SELF, member)) {
throw new PrivilegeException(sess, "getMemberGroups for " + member);
}
return getGroupsManagerBl().getMemberGroups(sess, member);
}
Also used :
PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException)
Vo(cz.metacentrum.perun.core.api.Vo)
Aggregations
PrivilegeException (cz.metacentrum.perun.core.api.exceptions.PrivilegeException)66
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)22
Facility (cz.metacentrum.perun.core.api.Facility)18
BanOnFacility (cz.metacentrum.perun.core.api.BanOnFacility)13
Group (cz.metacentrum.perun.core.api.Group)13
RichFacility (cz.metacentrum.perun.core.api.RichFacility)13
Vo (cz.metacentrum.perun.core.api.Vo)8
RichGroup (cz.metacentrum.perun.core.api.RichGroup)7
ArrayList (java.util.ArrayList)7
User (cz.metacentrum.perun.core.api.User)6
Service (cz.metacentrum.perun.core.api.Service)5
FacilityNotExistsException (cz.metacentrum.perun.core.api.exceptions.FacilityNotExistsException)5
ServiceNotExistsException (cz.metacentrum.perun.core.api.exceptions.ServiceNotExistsException)5
Member (cz.metacentrum.perun.core.api.Member)4
RichMember (cz.metacentrum.perun.core.api.RichMember)4
IllegalArgumentException (cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException)4
ExecService (cz.metacentrum.perun.taskslib.model.ExecService)4
Task (cz.metacentrum.perun.taskslib.model.Task)4
RichUser (cz.metacentrum.perun.core.api.RichUser)3
WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)3
