use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class GroupsManagerEntry method getMemberGroupsByAttribute.
public List<Group> getMemberGroupsByAttribute(PerunSession sess, Member member, Attribute attribute) throws WrongAttributeAssignmentException, PrivilegeException, InternalErrorException, VoNotExistsException, MemberNotExistsException, AttributeNotExistsException {
Utils.checkPerunSession(sess);
getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
getPerunBl().getAttributesManagerBl().checkAttributeExists(sess, new AttributeDefinition(attribute));
Vo vo = getPerunBl().getMembersManagerBl().getMemberVo(sess, member);
//Only group attributes are allowed
if (!this.getPerunBl().getAttributesManagerBl().isFromNamespace(sess, attribute, AttributesManagerEntry.NS_GROUP_ATTR)) {
throw new WrongAttributeAssignmentException(attribute);
}
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, vo) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.SELF, member)) {
throw new PrivilegeException(sess, "getMemberGroupsByAttribute for " + member);
}
List<Group> groups = this.groupsManagerBl.getMemberGroupsByAttribute(sess, member, attribute);
//If actor has no right to read attribute for group, throw exception
for (Group group : groups) {
if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attribute, group, null)) {
throw new PrivilegeException(sess, "Actor hasn't right to read attribute for a group.");
}
}
return groups;
}
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class GroupsManagerEntry method updateGroup.
public Group updateGroup(PerunSession sess, Group group) throws GroupNotExistsException, InternalErrorException, PrivilegeException {
Utils.checkPerunSession(sess);
getGroupsManagerBl().checkGroupExists(sess, group);
Utils.notNull(group, "group");
Utils.notNull(group.getName(), "group.name");
if (!group.getShortName().matches(GroupsManager.GROUP_SHORT_NAME_REGEXP)) {
throw new InternalErrorException(new IllegalArgumentException("Wrong group shortName, group shortName must matches " + GroupsManager.GROUP_SHORT_NAME_REGEXP));
}
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
throw new PrivilegeException(sess, "updateGroup");
}
return getGroupsManagerBl().updateGroup(sess, group);
}
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class GroupsManagerEntry method removeMember.
public void removeMember(PerunSession sess, Group group, Member member) throws InternalErrorException, MemberNotExistsException, NotGroupMemberException, PrivilegeException, GroupNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException, GroupOperationsException {
Utils.checkPerunSession(sess);
getGroupsManagerBl().checkGroupExists(sess, group);
getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
throw new PrivilegeException(sess, "removeMember");
}
// Check if the group is externally synchronized
Attribute attrSynchronizeEnabled = getPerunBl().getAttributesManagerBl().getAttribute(sess, group, GROUPSYNCHROENABLED_ATTRNAME);
if (Objects.equals("true", (String) attrSynchronizeEnabled.getValue())) {
throw new ExternallyManagedException("Removing of member is not allowed. Group is externally managed.");
}
getGroupsManagerBl().removeMember(sess, group, member);
}
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class GroupsManagerEntry method getAllMemberGroups.
public List<Group> getAllMemberGroups(PerunSession sess, Member member) throws InternalErrorException, PrivilegeException, MemberNotExistsException {
Utils.checkPerunSession(sess);
getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
Vo vo = getPerunBl().getMembersManagerBl().getMemberVo(sess, member);
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, vo) && !AuthzResolver.isAuthorized(sess, Role.SELF, member)) {
throw new PrivilegeException(sess, "getAllMemberGroups for " + member);
}
return getGroupsManagerBl().getAllMemberGroups(sess, member);
}
use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.
the class GroupsManagerEntry method getVo.
public Vo getVo(PerunSession sess, Group group) throws InternalErrorException, GroupNotExistsException, PrivilegeException {
Utils.checkPerunSession(sess);
getGroupsManagerBl().checkGroupExists(sess, group);
Vo vo = getGroupsManagerBl().getVo(sess, group);
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, vo) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
throw new PrivilegeException(sess, "getVo");
}
return vo;
}
Aggregations