Search in sources :

Example 16 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class GroupsManagerEntry method getMemberGroupsByAttribute.

public List<Group> getMemberGroupsByAttribute(PerunSession sess, Member member, Attribute attribute) throws WrongAttributeAssignmentException, PrivilegeException, InternalErrorException, VoNotExistsException, MemberNotExistsException, AttributeNotExistsException {
    Utils.checkPerunSession(sess);
    getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
    getPerunBl().getAttributesManagerBl().checkAttributeExists(sess, new AttributeDefinition(attribute));
    Vo vo = getPerunBl().getMembersManagerBl().getMemberVo(sess, member);
    //Only group attributes are allowed
    if (!this.getPerunBl().getAttributesManagerBl().isFromNamespace(sess, attribute, AttributesManagerEntry.NS_GROUP_ATTR)) {
        throw new WrongAttributeAssignmentException(attribute);
    }
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, vo) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.SELF, member)) {
        throw new PrivilegeException(sess, "getMemberGroupsByAttribute for " + member);
    }
    List<Group> groups = this.groupsManagerBl.getMemberGroupsByAttribute(sess, member, attribute);
    //If actor has no right to read attribute for group, throw exception
    for (Group group : groups) {
        if (!AuthzResolver.isAuthorizedForAttribute(sess, ActionType.READ, attribute, group, null)) {
            throw new PrivilegeException(sess, "Actor hasn't right to read attribute for a group.");
        }
    }
    return groups;
}
Also used : Group(cz.metacentrum.perun.core.api.Group) RichGroup(cz.metacentrum.perun.core.api.RichGroup) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) AttributeDefinition(cz.metacentrum.perun.core.api.AttributeDefinition) Vo(cz.metacentrum.perun.core.api.Vo)

Example 17 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class GroupsManagerEntry method updateGroup.

public Group updateGroup(PerunSession sess, Group group) throws GroupNotExistsException, InternalErrorException, PrivilegeException {
    Utils.checkPerunSession(sess);
    getGroupsManagerBl().checkGroupExists(sess, group);
    Utils.notNull(group, "group");
    Utils.notNull(group.getName(), "group.name");
    if (!group.getShortName().matches(GroupsManager.GROUP_SHORT_NAME_REGEXP)) {
        throw new InternalErrorException(new IllegalArgumentException("Wrong group shortName, group shortName must matches " + GroupsManager.GROUP_SHORT_NAME_REGEXP));
    }
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
        throw new PrivilegeException(sess, "updateGroup");
    }
    return getGroupsManagerBl().updateGroup(sess, group);
}
Also used : PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) IllegalArgumentException(cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException)

Example 18 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class GroupsManagerEntry method removeMember.

public void removeMember(PerunSession sess, Group group, Member member) throws InternalErrorException, MemberNotExistsException, NotGroupMemberException, PrivilegeException, GroupNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException, GroupOperationsException {
    Utils.checkPerunSession(sess);
    getGroupsManagerBl().checkGroupExists(sess, group);
    getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, group) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
        throw new PrivilegeException(sess, "removeMember");
    }
    // Check if the group is externally synchronized
    Attribute attrSynchronizeEnabled = getPerunBl().getAttributesManagerBl().getAttribute(sess, group, GROUPSYNCHROENABLED_ATTRNAME);
    if (Objects.equals("true", (String) attrSynchronizeEnabled.getValue())) {
        throw new ExternallyManagedException("Removing of member is not allowed. Group is externally managed.");
    }
    getGroupsManagerBl().removeMember(sess, group, member);
}
Also used : ExternallyManagedException(cz.metacentrum.perun.core.api.exceptions.ExternallyManagedException) Attribute(cz.metacentrum.perun.core.api.Attribute) PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException)

Example 19 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class GroupsManagerEntry method getAllMemberGroups.

public List<Group> getAllMemberGroups(PerunSession sess, Member member) throws InternalErrorException, PrivilegeException, MemberNotExistsException {
    Utils.checkPerunSession(sess);
    getPerunBl().getMembersManagerBl().checkMemberExists(sess, member);
    Vo vo = getPerunBl().getMembersManagerBl().getMemberVo(sess, member);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, vo) && !AuthzResolver.isAuthorized(sess, Role.SELF, member)) {
        throw new PrivilegeException(sess, "getAllMemberGroups for " + member);
    }
    return getGroupsManagerBl().getAllMemberGroups(sess, member);
}
Also used : PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) Vo(cz.metacentrum.perun.core.api.Vo)

Example 20 with PrivilegeException

use of cz.metacentrum.perun.core.api.exceptions.PrivilegeException in project perun by CESNET.

the class GroupsManagerEntry method getVo.

public Vo getVo(PerunSession sess, Group group) throws InternalErrorException, GroupNotExistsException, PrivilegeException {
    Utils.checkPerunSession(sess);
    getGroupsManagerBl().checkGroupExists(sess, group);
    Vo vo = getGroupsManagerBl().getVo(sess, group);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.VOOBSERVER, vo) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
        throw new PrivilegeException(sess, "getVo");
    }
    return vo;
}
Also used : PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) Vo(cz.metacentrum.perun.core.api.Vo)

Aggregations

PrivilegeException (cz.metacentrum.perun.core.api.exceptions.PrivilegeException)66 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)22 Facility (cz.metacentrum.perun.core.api.Facility)18 BanOnFacility (cz.metacentrum.perun.core.api.BanOnFacility)13 Group (cz.metacentrum.perun.core.api.Group)13 RichFacility (cz.metacentrum.perun.core.api.RichFacility)13 Vo (cz.metacentrum.perun.core.api.Vo)8 RichGroup (cz.metacentrum.perun.core.api.RichGroup)7 ArrayList (java.util.ArrayList)7 User (cz.metacentrum.perun.core.api.User)6 Service (cz.metacentrum.perun.core.api.Service)5 FacilityNotExistsException (cz.metacentrum.perun.core.api.exceptions.FacilityNotExistsException)5 ServiceNotExistsException (cz.metacentrum.perun.core.api.exceptions.ServiceNotExistsException)5 Member (cz.metacentrum.perun.core.api.Member)4 RichMember (cz.metacentrum.perun.core.api.RichMember)4 IllegalArgumentException (cz.metacentrum.perun.core.api.exceptions.IllegalArgumentException)4 ExecService (cz.metacentrum.perun.taskslib.model.ExecService)4 Task (cz.metacentrum.perun.taskslib.model.Task)4 RichUser (cz.metacentrum.perun.core.api.RichUser)3 WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)3