Examples with RelationExistsException cz.metacentrum.perun.core.api.exceptions.RelationExistsException used on opensource projects

Example 11 with RelationExistsException

use of cz.metacentrum.perun.core.api.exceptions.RelationExistsException in project perun by CESNET.

the class GroupsManagerBlImpl method removeFormerGroupsWhileSynchronization.

/**
 * remove groups which are not listed in extSource anymore
 *
 * If some problem occurs, add groupToRemove to skippedGroups and skip it.
 *
 * Method is used by group structure synchronization.
 *
 * @param sess
 * @param baseGroup from which we will be removing groups
 * @param groupsToRemove list of groups to be removed from baseGroup
 *
 * @return list of ids already removed groups
 * @throws InternalErrorException if some internal error occurs
 */
private List<Integer> removeFormerGroupsWhileSynchronization(PerunSession sess, Group baseGroup, List<Group> groupsToRemove, List<String> skippedGroups) {
    List<Integer> removedGroups = new ArrayList<>();
    groupsToRemove.sort(reverseOrder(comparingInt(g -> g.getName().length())));
    for (Group groupToRemove : groupsToRemove) {
        try {
            groupToRemove = moveSubGroupsUnderBaseGroup(sess, groupToRemove, baseGroup);
            deleteGroup(sess, groupToRemove, true);
            removedGroups.add(groupToRemove.getId());
            log.info("Group structure synchronization {}: Group id {} removed.", baseGroup, groupToRemove.getId());
        } catch (RelationExistsException e) {
            log.warn("Can't remove group {} from baseGroup {} due to group relation exists exception {}.", groupToRemove, e);
            skippedGroups.add("GroupEntry:[" + groupToRemove + "] was skipped because group relation exists: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        } catch (GroupAlreadyRemovedException | GroupAlreadyRemovedFromResourceException e) {
            log.debug("Group {} was removed from group {} before removing process. Skip this group.", groupToRemove, baseGroup);
        } catch (GroupNotExistsException e) {
            log.warn("Can't remove group {} from baseGroup {} due to group not exists exception {}.", groupToRemove, e);
            skippedGroups.add("GroupEntry:[" + groupToRemove + "] was skipped because group does not exists: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        } catch (GroupRelationDoesNotExist e) {
            log.warn("Can't remove group {} from baseGroup {} due to group relation does not exists exception {}.", groupToRemove, e);
            skippedGroups.add("GroupEntry:[" + groupToRemove + "] was skipped because group relation does not exists: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        } catch (GroupRelationCannotBeRemoved e) {
            log.warn("Can't remove group {} from baseGroup {} due to group relation cannot be removed exception {}.", groupToRemove, e);
            skippedGroups.add("GroupEntry:[" + groupToRemove + "] was skipped because group relation cannot be removed: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        } catch (GroupMoveNotAllowedException e) {
            log.warn("Can't remove group {} from baseGroup {} due to group move not allowed exception {}.", groupToRemove, e);
            skippedGroups.add("GroupEntry:[" + groupToRemove + "] was skipped because group move is not allowed: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        } catch (WrongAttributeValueException e) {
            log.warn("Can't remove group {} from baseGroup {} due to wrong attribute value exception {}.", groupToRemove, e);
            skippedGroups.add("GroupEntry:[" + groupToRemove + "] was skipped because wrong attribute value: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        } catch (WrongReferenceAttributeValueException e) {
            log.warn("Can't remove group {} from baseGroup {} due to wrong reference attribute value exception {}.", groupToRemove, e);
            skippedGroups.add("GroupEntry:[" + groupToRemove + "] was skipped because wrong reference attribute value: Exception: " + e.getName() + " => " + e.getMessage() + "]");
        }
    }
    return removedGroups;
}

Example 12 with RelationExistsException

use of cz.metacentrum.perun.core.api.exceptions.RelationExistsException in project perun by CESNET.

the class GroupsManagerBlImpl method deleteAnyGroup.

/**
 * If forceDelete is false, delete only group which has no subgroup and no member.
 * If forceDelete is true, delete group with all subgroups and members.
 *
 * @param sess
 * @param group
 * @param forceDelete if false, delete only empty group without subgroups. If true, delete group including subgroups and members.
 * @throws InternalErrorException
 * @throws RelationExistsException Raise only if forceDelete is false and the group has any subgroup or member.
 * @throws GroupAlreadyRemovedException if there are 0 rows affected by deleting from DB
 */
private void deleteAnyGroup(PerunSession sess, Group group, boolean forceDelete) throws RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupNotExistsException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved {
    Vo vo = this.getVo(sess, group);
    if (getGroupsManagerImpl().getSubGroupsCount(sess, group) > 0) {
        if (!forceDelete)
            throw new RelationExistsException("Group group=" + group + " contains subgroups");
        // get subgroups of this group
        List<Group> subGroups = getSubGroups(sess, group);
        for (Group subGroup : subGroups) {
            deleteAnyGroup(sess, subGroup, true);
        }
    }
    if ((this.getGroupMembersCount(sess, group) > 0) && !forceDelete) {
        throw new RelationExistsException("Group group=" + group + " contains members");
    }
    List<AssignedResource> assignedResources = getPerunBl().getResourcesManagerBl().getResourceAssignments(sess, group, List.of());
    try {
        for (AssignedResource assignedResource : assignedResources) {
            if (assignedResource.getSourceGroupId() == null) {
                getPerunBl().getResourcesManagerBl().removeGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource());
            } else {
                getPerunBl().getResourcesManagerBl().removeAutomaticGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource(), assignedResource.getSourceGroupId());
            }
        }
        // remove group's attributes
        getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, group);
    } catch (GroupNotDefinedOnResourceException ex) {
        throw new ConsistencyErrorException(ex);
    } catch (AttributeValueException ex) {
        throw new ConsistencyErrorException("All resources was removed from this group, so no attributes should remain assigned.", ex);
    }
    // delete all Groups reserved logins from KDC
    List<Integer> list = getGroupsManagerImpl().getGroupApplicationIds(sess, group);
    for (Integer appId : list) {
        // for each application
        for (Pair<String, String> login : getGroupsManagerImpl().getApplicationReservedLogins(appId)) {
            // for all reserved logins - delete them in ext. system (e.g. KDC)
            try {
                // left = namespace / right = login
                getPerunBl().getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
            } catch (LoginNotExistsException ex) {
                log.error("Login: {} not exists in namespace: {} while deleting passwords.", login.getRight(), login.getLeft());
            } catch (InvalidLoginException e) {
                throw new InternalErrorException("We are deleting reserved login from group applications, but its syntax is not allowed by namespace configuration.", e);
            } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException ex) {
                throw new InternalErrorException("Failed to delete reserved login " + login.getRight() + " from KDC.", ex);
            }
        }
    }
    // delete all Groups reserved logins from DB
    getGroupsManagerImpl().deleteGroupReservedLogins(sess, group);
    // remove all assigned ExtSources to this group
    List<ExtSource> assignedSources = getPerunBl().getExtSourcesManagerBl().getGroupExtSources(sess, group);
    for (ExtSource source : assignedSources) {
        try {
            getPerunBl().getExtSourcesManagerBl().removeExtSource(sess, group, source);
        } catch (ExtSourceNotAssignedException | ExtSourceAlreadyRemovedException ex) {
            // Just log this, because if method can't remove it, it is probably not assigned now
            log.warn("Try to remove not existing extSource {} from group {} when deleting group.", source, group);
        }
    }
    // 1. remove all relations with group g as an operand group.
    // this removes all relations that depend on this group
    List<Integer> relations = groupsManagerImpl.getResultGroupsIds(sess, group.getId());
    for (Integer groupId : relations) {
        removeGroupUnion(sess, groupsManagerImpl.getGroupById(sess, groupId), group, true);
    }
    // 2. remove all relations with group as a result group
    // We can remove relations without recalculation (@see removeRelationMembers)
    // because all dependencies of group were deleted in step 1.
    groupsManagerImpl.removeResultGroupRelations(sess, group);
    // Group applications, submitted data and app_form are deleted on cascade with "deleteGroup()"
    List<Member> membersFromDeletedGroup = getGroupMembers(sess, group);
    // delete all member-group attributes
    for (Member member : membersFromDeletedGroup) {
        try {
            perunBl.getAttributesManagerBl().removeAllAttributes(sess, member, group);
        } catch (AttributeValueException ex) {
            throw new ConsistencyErrorException("All members were removed from this group. So all member-group attribute values can be removed.", ex);
        } catch (MemberGroupMismatchException e) {
            throw new InternalErrorException("Member we tried to remove all member-group attributes doesn't come from the same VO as group", e);
        }
    }
    // remove admin roles of group
    List<Facility> facilitiesWhereGroupIsAdmin = getGroupsManagerImpl().getFacilitiesWhereGroupIsAdmin(sess, group);
    for (Facility facility : facilitiesWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, facility, Role.FACILITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, facility, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Group> groupsWhereGroupIsAdmin = getGroupsManagerImpl().getGroupsWhereGroupIsAdmin(sess, group);
    for (Group group1 : groupsWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, group1, Role.GROUPADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of group {} due to group not admin exception {}.", group, group1, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Resource> resourcesWhereGroupIsAdmin = getGroupsManagerImpl().getResourcesWhereGroupIsAdmin(sess, group);
    for (Resource resource : resourcesWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, resource, Role.RESOURCEADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Resource> resourcesWhereGroupIsResourceSelfService = getGroupsManagerImpl().getResourcesWhereGroupIsResourceSelfService(sess, group);
    for (Resource resource : resourcesWhereGroupIsResourceSelfService) {
        try {
            perunBl.getResourcesManagerBl().removeResourceSelfServiceGroup(sess, resource, group);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
        }
    }
    List<SecurityTeam> securityTeamsWhereGroupIsAdmin = getGroupsManagerImpl().getSecurityTeamsWhereGroupIsAdmin(sess, group);
    for (SecurityTeam securityTeam : securityTeamsWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, securityTeam, Role.SECURITYADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of security team {} due to group not admin exception {}.", group, securityTeam, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<Vo> vosWhereGroupIsAdmin = getGroupsManagerImpl().getVosWhereGroupIsAdmin(sess, group);
    for (Vo vo1 : vosWhereGroupIsAdmin) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, group, vo1, Role.VOADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, vo1, e);
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // remove admins of this group
    List<Group> adminGroups = getGroupsManagerImpl().getGroupAdmins(sess, group);
    for (Group adminGroup : adminGroups) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminGroup, group, Role.GROUPADMIN);
        } catch (GroupNotAdminException e) {
            log.warn("When trying to unsetRole GroupAdmin for group {} in the group {} the exception was thrown {}", adminGroup, group, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    List<User> adminUsers = getGroupsManagerImpl().getAdmins(sess, group);
    for (User adminUser : adminUsers) {
        try {
            AuthzResolverBlImpl.unsetRole(sess, adminUser, group, Role.GROUPADMIN);
        } catch (UserNotAdminException e) {
            log.warn("When trying to unsetRole GroupAdmin for user {} in the group {} the exception was thrown {}", adminUser, group, e);
        // skip and log as warning
        } catch (RoleCannotBeManagedException e) {
            throw new InternalErrorException(e);
        }
    }
    // Deletes also all direct and indirect members of the group
    getGroupsManagerImpl().deleteGroup(sess, vo, group);
    logTotallyRemovedMembers(sess, group.getParentGroupId(), membersFromDeletedGroup);
    getPerunBl().getAuditer().log(sess, new GroupDeleted(group));
}

Example 13 with RelationExistsException

use of cz.metacentrum.perun.core.api.exceptions.RelationExistsException in project perun by CESNET.

the class ServicesManagerBlImpl method deleteService.

/*
	 * Tables with reference to service:
	 *   - service_required_attrs
	 *   - service_denials
	 *   - resource_services
	 *   - facility_service_destinations
	 *   - service_service_packages
	 *   - tasks
	 *   - authz
	 */
@Override
public void deleteService(PerunSession perunSession, Service service, boolean forceFlag) throws RelationExistsException, ServiceAlreadyRemovedException {
    List<Resource> assignedResources = this.getAssignedResources(perunSession, service);
    if (forceFlag) {
        // Remove all denials for this service
        getServicesManagerImpl().unblockService(service.getId());
        // Remove from assigned resources
        ResourcesManagerBl resourcesManager = getPerunBl().getResourcesManagerBl();
        for (Resource resource : assignedResources) {
            try {
                resourcesManager.removeService(perunSession, resource, service);
                // Remove from facility_service_destinations
                Facility facility = getPerunBl().getFacilitiesManagerBl().getFacilityById(perunSession, resource.getFacilityId());
                removeAllDestinations(perunSession, service, facility);
            } catch (ServiceNotAssignedException | FacilityNotExistsException e) {
                // should not happen
                throw new InternalErrorException("Error removing service", e);
            }
        }
        // Remove from service packages
        getServicesManagerImpl().removeServiceFromAllServicesPackages(perunSession, service);
        // Remove all related tasks
        getPerunBl().getTasksManagerBl().removeAllTasksForService(perunSession, service);
    } else {
        if (assignedResources.size() > 0) {
            throw new RelationExistsException("Service is defined on some resource");
        }
    }
    getServicesManagerImpl().removeAllRequiredAttributes(perunSession, service);
    getServicesManagerImpl().deleteService(perunSession, service);
    getPerunBl().getAuditer().log(perunSession, new ServiceDeleted(service));
}

Example 14 with RelationExistsException

use of cz.metacentrum.perun.core.api.exceptions.RelationExistsException in project perun by CESNET.

the class ServicesManagerBlImpl method removeDestination.

@Override
public void removeDestination(PerunSession sess, Service service, Facility facility, Destination destination) throws DestinationAlreadyRemovedException {
    if (!getServicesManagerImpl().destinationExists(sess, destination)) {
        try {
            // Try to get the destination without id
            destination = getServicesManagerImpl().getDestination(sess, destination.getDestination(), destination.getType());
        } catch (DestinationNotExistsException ex) {
            throw new DestinationAlreadyRemovedException(destination);
        }
    }
    getServicesManagerImpl().removeDestination(sess, service, facility, destination);
    // remove destination from destination table if it is not used anymore
    try {
        this.deleteDestination(sess, destination);
    } catch (RelationExistsException ex) {
    // destination is used by some services and facilities, dont delete it
    }
    getPerunBl().getAuditer().log(sess, new DestinationRemovedFromService(destination, service, facility));
}

Example 15 with RelationExistsException

use of cz.metacentrum.perun.core.api.exceptions.RelationExistsException in project perun by CESNET.

the class UsersManagerBlImpl method deleteUser.

private void deleteUser(PerunSession sess, User user, boolean forceDelete, boolean anonymizeInstead) throws RelationExistsException, MemberAlreadyRemovedException, UserAlreadyRemovedException, SpecificUserAlreadyRemovedException, AnonymizationNotSupportedException {
    List<Member> members = getPerunBl().getMembersManagerBl().getMembersByUser(sess, user);
    if (members != null && (members.size() > 0)) {
        if (forceDelete) {
            for (Member member : members) {
                getPerunBl().getMembersManagerBl().deleteMember(sess, member);
            }
        } else {
            throw new RelationExistsException("Members exist");
        }
    }
    if (getPerunBl().getSecurityTeamsManagerBl().isUserBlacklisted(sess, user) && forceDelete) {
        getPerunBl().getSecurityTeamsManagerBl().removeUserFromAllBlacklists(sess, user);
    } else if (getPerunBl().getSecurityTeamsManagerBl().isUserBlacklisted(sess, user) && !forceDelete) {
        throw new RelationExistsException("User is blacklisted by some security team. Deletion would cause loss of this information.");
    }
    // First delete all associated external sources to the user
    removeAllUserExtSources(sess, user);
    getPerunBl().getAuditer().log(sess, new AllUserExtSourcesDeletedForUser(user));
    // delete all authorships of users publications
    getUsersManagerImpl().removeAllAuthorships(sess, user);
    // delete all mailchange request related to user
    getUsersManagerImpl().removeAllPreferredEmailChangeRequests(sess, user);
    // delete all pwdreset request related to user
    getUsersManagerImpl().removeAllPasswordResetRequests(sess, user);
    // get all reserved logins of user
    List<Pair<String, String>> logins = getUsersManagerImpl().getUsersReservedLogins(user);
    // delete them from KDC
    for (Pair<String, String> login : logins) {
        try {
            // !! left = namespace / right = login
            this.deletePassword(sess, login.getRight(), login.getLeft());
        } catch (LoginNotExistsException e) {
        // OK - User hasn't assigned any password with this login
        } catch (InvalidLoginException e) {
            throw new InternalErrorException("We are deleting login of user, but its syntax is not allowed by namespace configuration.", e);
        } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException e) {
            if (forceDelete) {
                log.error("Error during deletion of an account at {} for user {} with login {}.", login.getLeft(), user, login.getRight());
            } else {
                throw new RelationExistsException("Error during deletion of an account at " + login.getLeft() + " for user " + user + " with login " + login.getRight() + ".");
            }
        }
    }
    // delete them from DB
    getUsersManagerImpl().deleteUsersReservedLogins(user);
    // Remove all possible passwords associated with logins (stored in attributes)
    for (Attribute loginAttribute : getPerunBl().getAttributesManagerBl().getLogins(sess, user)) {
        try {
            this.deletePassword(sess, (String) loginAttribute.getValue(), loginAttribute.getFriendlyNameParameter());
        } catch (LoginNotExistsException e) {
        // OK - User hasn't assigned any password with this login
        } catch (InvalidLoginException e) {
            throw new InternalErrorException("We are deleting login of user, but its syntax is not allowed by namespace configuration.", e);
        } catch (PasswordDeletionFailedException | PasswordOperationTimeoutException e) {
            if (forceDelete) {
                log.error("Error during deletion of the account at {} for user {} with login {}.", loginAttribute.getFriendlyNameParameter(), user, loginAttribute.getValue());
            } else {
                throw new RelationExistsException("Error during deletion of the account at " + loginAttribute.getFriendlyNameParameter() + " for user " + user + " with login " + loginAttribute.getValue() + ".");
            }
        }
    }
    // Delete, keep or anonymize assigned attributes
    try {
        // User-Facilities one
        getPerunBl().getAttributesManagerBl().removeAllUserFacilityAttributes(sess, user);
        // Users one
        if (anonymizeInstead) {
            List<String> attributesToAnonymize = BeansUtils.getCoreConfig().getAttributesToAnonymize();
            List<String> attributesToKeep = BeansUtils.getCoreConfig().getAttributesToKeep();
            List<Attribute> userAttributes = getPerunBl().getAttributesManagerBl().getAttributes(sess, user);
            for (Attribute attribute : userAttributes) {
                // Skip core and virtual attributes
                if (getPerunBl().getAttributesManagerBl().isCoreAttribute(sess, attribute) || getPerunBl().getAttributesManagerBl().isVirtAttribute(sess, attribute)) {
                    continue;
                }
                // Skip attributes configured to keep untouched
                if (attributesToKeep.contains(attribute.getName()) || // Attributes like 'login-namespace:mu' are configured as 'login-namespace:*'
                (!attribute.getFriendlyNameParameter().isEmpty() && attributesToKeep.contains(attribute.getNamespace() + ":" + attribute.getBaseFriendlyName() + ":*"))) {
                    continue;
                }
                // Anonymize configured attributes
                if (attributesToAnonymize.contains(attribute.getName()) || (!attribute.getFriendlyNameParameter().isEmpty() && attributesToAnonymize.contains(attribute.getNamespace() + ":" + attribute.getBaseFriendlyName() + ":*"))) {
                    Attribute anonymized = getPerunBl().getAttributesManagerBl().getAnonymizedValue(sess, user, attribute);
                    getPerunBl().getAttributesManagerBl().setAttribute(sess, user, anonymized);
                } else {
                    // Delete remaining attributes
                    getPerunBl().getAttributesManagerBl().removeAttribute(sess, user, attribute);
                }
            }
        } else {
            getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, user);
        }
    } catch (WrongAttributeValueException | WrongReferenceAttributeValueException | WrongAttributeAssignmentException ex) {
        // All members are deleted => there are no required attributes => all attributes can be removed
        throw new ConsistencyErrorException(ex);
    }
    // Remove user authz
    AuthzResolverBlImpl.removeAllUserAuthz(sess, user);
    // delete even inactive links
    usersManagerImpl.deleteSponsorLinks(sess, user);
    // Remove all users bans
    List<BanOnFacility> bansOnFacility = getPerunBl().getFacilitiesManagerBl().getBansForUser(sess, user.getId());
    for (BanOnFacility banOnFacility : bansOnFacility) {
        try {
            getPerunBl().getFacilitiesManagerBl().removeBan(sess, banOnFacility.getId());
        } catch (BanNotExistsException ex) {
        // it is ok, we just want to remove it anyway
        }
    }
    // Remove all sponsored user authz of his owners
    if (user.isSponsoredUser())
        AuthzResolverBlImpl.removeAllSponsoredUserAuthz(sess, user);
    if (anonymizeInstead) {
        getUsersManagerImpl().anonymizeUser(sess, user);
        // delete all users applications and submitted data, this is needed only when 'anonymizeInstead'
        // because applications are deleted on cascade when user's row is deleted in DB
        getUsersManagerImpl().deleteUsersApplications(user);
    } else {
        // Finally delete the user
        getUsersManagerImpl().deleteUser(sess, user);
        getPerunBl().getAuditer().log(sess, new UserDeleted(user));
    }
}