use of cz.metacentrum.perun.core.api.exceptions.RoleNotSupportedException in project perun by CESNET.
the class AuthzResolver method getAdminGroups.
/**
* Get all authorizedGroups for complementary object and role.
*
* @param sess perun session
* @param complementaryObjectId id of object for which we will get richUser administrators
* @param complementaryObjectName name of object for which we will get richUser administrators
* @param role expected role to filter authorizedGroups by (perunadmin | voadmin | groupadmin | self | facilityadmin | voobserver | topgroupcreator)
*
* @return list of authorizedGroups for complementary object and role
*
* @throws InternalErrorException
* @throws UserNotExistsException
* @throws PrivilegeException
* @throws GroupNotExistsException
* @throws VoNotExistsException
* @throws FacilityNotExistsException
* @throws RoleNotSupportedException
* @throws PerunBeanNotSupportedException
*/
public static List<Group> getAdminGroups(PerunSession sess, int complementaryObjectId, String complementaryObjectName, Role role) throws InternalErrorException, UserNotExistsException, PrivilegeException, GroupNotExistsException, VoNotExistsException, FacilityNotExistsException, RoleNotSupportedException, PerunBeanNotSupportedException {
Utils.checkPerunSession(sess);
Utils.notNull(role, "role");
Utils.notNull(complementaryObjectName, "complementaryObjectName");
List<Group> authorizedGroups;
//Try to get complementary Object
if (complementaryObjectName.equals("Group")) {
if (!role.equals(Role.GROUPADMIN))
throw new RoleNotSupportedException("Not supported other role than group manager for object Group.");
Group group = ((PerunBl) sess.getPerun()).getGroupsManagerBl().getGroupById(sess, complementaryObjectId);
authorizedGroups = sess.getPerun().getGroupsManager().getAdminGroups(sess, group);
} else if (complementaryObjectName.equals("Vo")) {
Vo vo = ((PerunBl) sess.getPerun()).getVosManagerBl().getVoById(sess, complementaryObjectId);
authorizedGroups = sess.getPerun().getVosManager().getAdminGroups(sess, vo, role);
} else if (complementaryObjectName.equals("Facility")) {
if (!role.equals(Role.FACILITYADMIN))
throw new RoleNotSupportedException("Not supported other role than facility manager for object Facility.");
Facility facility = ((PerunBl) sess.getPerun()).getFacilitiesManagerBl().getFacilityById(sess, complementaryObjectId);
authorizedGroups = sess.getPerun().getFacilitiesManager().getAdminGroups(sess, facility);
} else {
throw new PerunBeanNotSupportedException("Only Vo, Group and Facility are supported complementary names.");
}
return authorizedGroups;
}
use of cz.metacentrum.perun.core.api.exceptions.RoleNotSupportedException in project perun by CESNET.
the class AuthzResolver method getRichAdmins.
/**
* Get all richUser administrators for complementary object and role with specified attributes.
*
* If <b>onlyDirectAdmins</b> is <b>true</b>, return only direct users of the complementary object for role with specific attributes.
* If <b>allUserAttributes</b> is <b>true</b>, do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes.
*
* @param sess perun session
* @param complementaryObjectId id of object for which we will get richUser administrators
* @param complementaryObjectName name of object for which we will get richUser administrators
* @param specificAttributes list of specified attributes which are needed in object richUser
* @param role expected role to filter managers by
* @param onlyDirectAdmins if true, get only direct user administrators (if false, get both direct and indirect)
* @param allUserAttributes if true, get all possible user attributes and ignore list of specificAttributes (if false, get only specific attributes)
*
* @return list of richUser administrators for complementary object and role with specified attributes.
*
* @throws InternalErrorException
* @throws PrivilegeException
* @throws GroupNotExistsException
* @throws VoNotExistsException
* @throws FacilityNotExistsException
* @throws RoleNotSupportedException
* @throws PerunBeanNotSupportedException
* @throws UserNotExistsException
*/
public static List<RichUser> getRichAdmins(PerunSession sess, int complementaryObjectId, String complementaryObjectName, List<String> specificAttributes, Role role, boolean onlyDirectAdmins, boolean allUserAttributes) throws InternalErrorException, PrivilegeException, GroupNotExistsException, VoNotExistsException, FacilityNotExistsException, RoleNotSupportedException, PerunBeanNotSupportedException, UserNotExistsException {
Utils.checkPerunSession(sess);
Utils.notNull(role, "role");
Utils.notNull(complementaryObjectName, "complementaryObjectName");
if (!allUserAttributes)
Utils.notNull(specificAttributes, "specificAttributes");
List<RichUser> richUsers;
//Try to get complementary Object
if (complementaryObjectName.equals("Group")) {
if (!role.equals(Role.GROUPADMIN))
throw new RoleNotSupportedException("Not supported other role than group manager for object Group.");
Group group = ((PerunBl) sess.getPerun()).getGroupsManagerBl().getGroupById(sess, complementaryObjectId);
richUsers = sess.getPerun().getGroupsManager().getRichAdmins(sess, group, specificAttributes, allUserAttributes, onlyDirectAdmins);
} else if (complementaryObjectName.equals("Vo")) {
Vo vo = ((PerunBl) sess.getPerun()).getVosManagerBl().getVoById(sess, complementaryObjectId);
richUsers = sess.getPerun().getVosManager().getRichAdmins(sess, vo, role, specificAttributes, allUserAttributes, onlyDirectAdmins);
} else if (complementaryObjectName.equals("Facility")) {
if (!role.equals(Role.FACILITYADMIN))
throw new RoleNotSupportedException("Not supported other role than facility manager for object Facility.");
Facility facility = ((PerunBl) sess.getPerun()).getFacilitiesManagerBl().getFacilityById(sess, complementaryObjectId);
richUsers = sess.getPerun().getFacilitiesManager().getRichAdmins(sess, facility, specificAttributes, allUserAttributes, onlyDirectAdmins);
} else {
throw new PerunBeanNotSupportedException("Only Vo, Group and Facility are supported complementary names.");
}
return richUsers;
}
use of cz.metacentrum.perun.core.api.exceptions.RoleNotSupportedException in project perun by CESNET.
the class AttributesManagerEntry method setAttributeRights.
@Override
public void setAttributeRights(PerunSession sess, List<AttributeRights> rights) throws PrivilegeException, AttributeNotExistsException, RoleNotSupportedException {
Utils.checkPerunSession(sess);
// so as we can check, if the attributes exist
for (AttributeRights attributeright : rights) {
if (!AuthzResolver.roleExists(attributeright.getRole())) {
throw new RoleNotSupportedException("Role: " + attributeright.getRole() + " does not exists.", attributeright.getRole());
}
getAttributeDefinitionById(sess, attributeright.getAttributeId());
}
// Authorization
if (!AuthzResolver.authorizedInternal(sess, "setAttributeRights_List<AttributeRights>_policy")) {
throw new PrivilegeException("setAttributeRights");
}
getAttributesManagerBl().setAttributeRights(sess, rights);
}
use of cz.metacentrum.perun.core.api.exceptions.RoleNotSupportedException in project perun by CESNET.
the class AttributesManagerEntry method setAttributePolicyCollections.
@Override
public void setAttributePolicyCollections(PerunSession sess, List<AttributePolicyCollection> policyCollections) throws PrivilegeException, AttributeNotExistsException, RoleNotSupportedException {
Utils.checkPerunSession(sess);
// check validity of roles, existence of attributes
for (AttributePolicyCollection apc : policyCollections) {
for (AttributePolicy ap : apc.getPolicies()) {
if (!AuthzResolver.roleExists(ap.getRole())) {
throw new RoleNotSupportedException("Role: " + ap.getRole() + " does not exists.", ap.getRole());
}
getAttributeDefinitionById(sess, apc.getAttributeId());
}
}
// Authorization
if (!AuthzResolver.authorizedInternal(sess, "setAttributePolicyCollections_List<AttributePolicyCollection>_int_policy")) {
throw new PrivilegeException("setAttributePolicyCollections");
}
getAttributesManagerBl().setAttributePolicyCollections(sess, policyCollections);
}
Aggregations