Example 1 with UserNotAdminException
use of cz.metacentrum.perun.core.api.exceptions.UserNotAdminException in project perun by CESNET.
the class VosManagerBlImpl method removeAdmin.
public void removeAdmin(PerunSession sess, Vo vo, User user) throws InternalErrorException, UserNotAdminException {
List<User> adminsOfVo = this.getAdmins(sess, vo);
if (!adminsOfVo.contains(user))
throw new UserNotAdminException(user);
AuthzResolverBlImpl.unsetRole(sess, user, vo, Role.VOADMIN);
log.debug("User [{}] deleted like administrator from VO [{}]", user, vo);
}
Also used :
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
RichUser(cz.metacentrum.perun.core.api.RichUser)
User(cz.metacentrum.perun.core.api.User)
Example 2 with UserNotAdminException
use of cz.metacentrum.perun.core.api.exceptions.UserNotAdminException in project perun by CESNET.
the class SecurityTeamsManagerBlImpl method deleteSecurityTeam.
@Override
public void deleteSecurityTeam(PerunSession sess, SecurityTeam securityTeam, boolean forceDelete) throws SecurityTeamNotExistsException, RelationExistsException {
// remove admins of this securityTeam
List<Group> adminGroups = getSecurityTeamsManagerImpl().getAdminGroups(sess, securityTeam);
for (Group adminGroup : adminGroups) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminGroup, securityTeam, Role.SECURITYADMIN);
} catch (GroupNotAdminException e) {
log.warn("When trying to unsetRole SecurityAdmin for group {} in the securityTeam {} the exception was thrown {}", adminGroup, securityTeam, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<User> adminUsers = getSecurityTeamsManagerImpl().getAdmins(sess, securityTeam);
for (User adminUser : adminUsers) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminUser, securityTeam, Role.SECURITYADMIN);
} catch (UserNotAdminException e) {
log.warn("When trying to unsetRole SecurityAdmin for user {} in the securityTeam {} the exception was thrown {}", adminUser, securityTeam, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// remove all users from blacklist, which were blacklisted by this security team.
List<User> blacklist = getSecurityTeamsManagerImpl().getBlacklist(sess, Collections.singletonList(securityTeam));
if (!blacklist.isEmpty() && !forceDelete) {
throw new RelationExistsException("SecurityTeam has blacklisted users.");
}
for (User blacklistedUser : blacklist) {
// calling BL will make auditer message about user to appear.
getPerunBl().getSecurityTeamsManagerBl().removeUserFromBlacklist(sess, securityTeam, blacklistedUser);
}
// remove security team from all facilities
List<Facility> facilities = getPerunBl().getFacilitiesManagerBl().getAssignedFacilities(sess, securityTeam);
if (!facilities.isEmpty() && !forceDelete) {
throw new RelationExistsException("SecurityTeam is assigned to some facilities.");
}
for (Facility facility : facilities) {
// calling BL will make auditer message about facility to appear.
getPerunBl().getFacilitiesManagerBl().removeSecurityTeam(sess, facility, securityTeam);
}
getSecurityTeamsManagerImpl().deleteSecurityTeam(sess, securityTeam);
getPerunBl().getAuditer().log(sess, new SecurityTeamDeleted(securityTeam));
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
User(cz.metacentrum.perun.core.api.User)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
SecurityTeamDeleted(cz.metacentrum.perun.audit.events.SecurityTeamsManagerEvents.SecurityTeamDeleted)
GroupNotAdminException(cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)
RoleCannotBeManagedException(cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
Facility(cz.metacentrum.perun.core.api.Facility)
Example 3 with UserNotAdminException
use of cz.metacentrum.perun.core.api.exceptions.UserNotAdminException in project perun by CESNET.
the class VosManagerBlImpl method deleteVo.
@Override
public void deleteVo(PerunSession sess, Vo vo, boolean forceDelete) {
log.debug("Deleting vo {}", vo);
try {
// remove admins of this vo
List<Group> adminGroups = getVosManagerImpl().getAdminGroups(sess, vo);
for (Group adminGroup : adminGroups) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminGroup, vo, Role.VOADMIN);
} catch (GroupNotAdminException e) {
log.warn("When trying to unsetRole VoAdmin for group {} in the vo {} the exception was thrown {}", adminGroup, vo, e);
// skip and log as warning
}
}
List<User> adminUsers = getVosManagerImpl().getAdmins(sess, vo);
for (User adminUser : adminUsers) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminUser, vo, Role.VOADMIN);
} catch (UserNotAdminException e) {
log.warn("When trying to unsetRole VoAdmin for user {} in the vo {} the exception was thrown {}", adminUser, vo, e);
// skip and log as warning
}
}
List<Member> members = getPerunBl().getMembersManagerBl().getMembers(sess, vo);
log.debug("Deleting vo {} members", vo);
// Check if there are some members left
if (members != null && members.size() > 0) {
if (forceDelete) {
getPerunBl().getMembersManagerBl().deleteAllMembers(sess, vo);
} else
throw new RelationExistsException("Vo vo=" + vo + " contains members");
}
log.debug("Removing vo {} resources and theirs attributes", vo);
// Delete resources
List<Resource> resources = getPerunBl().getResourcesManagerBl().getResources(sess, vo);
if ((resources.size() == 0) || forceDelete) {
for (Resource resource : resources) {
getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, resource);
// Remove binding between service and resource
List<Service> services = getPerunBl().getResourcesManagerBl().getAssignedServices(sess, resource);
for (Service service : services) {
getPerunBl().getResourcesManagerBl().removeService(sess, resource, service);
}
getPerunBl().getResourcesManagerBl().deleteResource(sess, resource);
}
} else {
throw new RelationExistsException("Vo vo=" + vo + " contains resources");
}
log.debug("Removing vo {} groups", vo);
// Delete all groups
List<Group> groups = getPerunBl().getGroupsManagerBl().getGroups(sess, vo);
if (groups.size() != 1) {
if (groups.size() < 1)
throw new ConsistencyErrorException("'members' group is missing");
if (forceDelete) {
getPerunBl().getGroupsManagerBl().deleteAllGroups(sess, vo);
} else {
throw new RelationExistsException("Vo vo=" + vo + " contains groups");
}
}
// Finally delete binding between Vo and external source
List<ExtSource> ess = getPerunBl().getExtSourcesManagerBl().getVoExtSources(sess, vo);
log.debug("Deleting {} external sources binded to the vo {}", ess.size(), vo);
for (ExtSource es : ess) {
getPerunBl().getExtSourcesManagerBl().removeExtSource(sess, vo, es);
}
// Delete members group
log.debug("Removing an administrators' group from the vo {}", vo);
getPerunBl().getGroupsManagerBl().deleteMembersGroup(sess, vo);
// delete all VO reserved logins from KDC
List<Integer> list = getVosManagerImpl().getVoApplicationIds(sess, vo);
for (Integer appId : list) {
// for each application
for (Pair<String, String> login : getVosManagerImpl().getApplicationReservedLogins(appId)) {
// for all reserved logins - delete them in ext. system (e.g. KDC)
try {
// !!! left = namespace / right = login !!!
getPerunBl().getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
} catch (LoginNotExistsException ex) {
log.error("Login: {} not exists in namespace {} while deleting passwords", login.getRight(), login.getLeft());
}
}
}
// delete all VO reserved logins from DB
getVosManagerImpl().deleteVoReservedLogins(sess, vo);
// VO applications, submitted data and app_form are deleted on cascade with "deleteVo()"
// Delete VO attributes
getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, vo);
// Delete all Vo tags (for resources in Vo)
getPerunBl().getResourcesManagerBl().deleteAllResourcesTagsForVo(sess, vo);
} catch (Exception ex) {
throw new InternalErrorException(ex);
}
// Finally delete the VO
Vo deletedVo = getVosManagerImpl().deleteVo(sess, vo);
getPerunBl().getAuditer().log(sess, new VoDeleted(deletedVo));
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
VoDeleted(cz.metacentrum.perun.audit.events.VoManagerEvents.VoDeleted)
User(cz.metacentrum.perun.core.api.User)
RichUser(cz.metacentrum.perun.core.api.RichUser)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
Vo(cz.metacentrum.perun.core.api.Vo)
BanOnVo(cz.metacentrum.perun.core.api.BanOnVo)
Member(cz.metacentrum.perun.core.api.Member)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
Resource(cz.metacentrum.perun.core.api.Resource)
Service(cz.metacentrum.perun.core.api.Service)
GroupNotAdminException(cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
MemberNotExistsException(cz.metacentrum.perun.core.api.exceptions.MemberNotExistsException)
GroupExistsException(cz.metacentrum.perun.core.api.exceptions.GroupExistsException)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
CandidateNotExistsException(cz.metacentrum.perun.core.api.exceptions.CandidateNotExistsException)
VoExistsException(cz.metacentrum.perun.core.api.exceptions.VoExistsException)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
RoleCannotBeManagedException(cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)
MemberNotSponsoredException(cz.metacentrum.perun.core.api.exceptions.MemberNotSponsoredException)
AlreadySponsorException(cz.metacentrum.perun.core.api.exceptions.AlreadySponsorException)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
GroupNotAdminException(cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)
ExtSourceUnsupportedOperationException(cz.metacentrum.perun.core.api.exceptions.ExtSourceUnsupportedOperationException)
NotGroupMemberException(cz.metacentrum.perun.core.api.exceptions.NotGroupMemberException)
AlreadyAdminException(cz.metacentrum.perun.core.api.exceptions.AlreadyAdminException)
UserNotInRoleException(cz.metacentrum.perun.core.api.exceptions.UserNotInRoleException)
BanNotExistsException(cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)
VoNotExistsException(cz.metacentrum.perun.core.api.exceptions.VoNotExistsException)
UserNotExistsException(cz.metacentrum.perun.core.api.exceptions.UserNotExistsException)
PerunException(cz.metacentrum.perun.core.api.exceptions.PerunException)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
ExtSource(cz.metacentrum.perun.core.api.ExtSource)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
Example 4 with UserNotAdminException
use of cz.metacentrum.perun.core.api.exceptions.UserNotAdminException in project perun by CESNET.
the class FacilitiesManagerBlImpl method deleteFacility.
@Override
public void deleteFacility(PerunSession sess, Facility facility, Boolean force) throws RelationExistsException, FacilityAlreadyRemovedException, HostAlreadyRemovedException, ResourceAlreadyRemovedException, GroupAlreadyRemovedFromResourceException {
if (force) {
List<Resource> resources = this.getAssignedResources(sess, facility);
for (Resource resource : resources) {
getPerunBl().getResourcesManagerBl().deleteResource(sess, resource);
}
List<Task> tasks = perunBl.getTasksManagerBl().listAllTasksForFacility(sess, facility.getId());
for (Task task : tasks) {
perunBl.getTasksManagerBl().deleteTaskResults(sess, task.getId());
perunBl.getTasksManagerBl().removeTask(sess, task.getId());
}
} else {
if (getFacilitiesManagerImpl().getAssignedResources(sess, facility).size() > 0) {
throw new RelationExistsException("Facility is still used as a resource");
}
}
// remove admins of this facility
List<Group> adminGroups = getFacilitiesManagerImpl().getAdminGroups(sess, facility);
for (Group adminGroup : adminGroups) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminGroup, facility, Role.FACILITYADMIN);
} catch (GroupNotAdminException e) {
log.warn("When trying to unsetRole FacilityAdmin for group {} in the facility {} the exception was thrown {}", adminGroup, facility, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<User> adminUsers = getFacilitiesManagerImpl().getAdmins(sess, facility);
for (User adminUser : adminUsers) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminUser, facility, Role.FACILITYADMIN);
} catch (UserNotAdminException e) {
log.warn("When trying to unsetRole FacilityAdmin for user {} in the facility {} the exception was thrown {}", adminUser, facility, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// remove hosts
List<Host> hosts = this.getHosts(sess, facility);
for (Host host : hosts) {
this.removeHost(sess, host, facility);
}
// remove destinations
getPerunBl().getServicesManagerBl().removeAllDestinations(sess, facility);
// remove assigned security teams
List<SecurityTeam> teams = getAssignedSecurityTeams(sess, facility);
for (SecurityTeam team : teams) {
removeSecurityTeam(sess, facility, team);
}
// remove associated attributes
try {
getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, facility);
} catch (WrongAttributeValueException | WrongReferenceAttributeValueException e) {
throw new InternalErrorException(e);
}
// Remove all facility bans
List<BanOnFacility> bansOnFacility = this.getBansForFacility(sess, facility.getId());
for (BanOnFacility banOnFacility : bansOnFacility) {
try {
this.removeBan(sess, banOnFacility.getId());
} catch (BanNotExistsException ex) {
// it is ok, we just want to remove it anyway
}
}
// Remove all service denials
getFacilitiesManagerImpl().removeAllServiceDenials(facility.getId());
// delete facility
getFacilitiesManagerImpl().deleteFacilityOwners(sess, facility);
getFacilitiesManagerImpl().deleteFacility(sess, facility);
getPerunBl().getAuditer().log(sess, new FacilityDeleted(facility));
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
RichGroup(cz.metacentrum.perun.core.api.RichGroup)
Task(cz.metacentrum.perun.taskslib.model.Task)
User(cz.metacentrum.perun.core.api.User)
RichUser(cz.metacentrum.perun.core.api.RichUser)
Resource(cz.metacentrum.perun.core.api.Resource)
RichResource(cz.metacentrum.perun.core.api.RichResource)
FacilityDeleted(cz.metacentrum.perun.audit.events.FacilityManagerEvents.FacilityDeleted)
GroupNotAdminException(cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)
Host(cz.metacentrum.perun.core.api.Host)
SecurityTeam(cz.metacentrum.perun.core.api.SecurityTeam)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
BanOnFacility(cz.metacentrum.perun.core.api.BanOnFacility)
RoleCannotBeManagedException(cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
BanNotExistsException(cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)
Example 5 with UserNotAdminException
use of cz.metacentrum.perun.core.api.exceptions.UserNotAdminException in project perun by CESNET.
the class GroupsManagerBlImpl method deleteAnyGroup.
/**
* If forceDelete is false, delete only group which has no subgroup and no member.
* If forceDelete is true, delete group with all subgroups and members.
*
* @param sess
* @param group
* @param forceDelete if false, delete only empty group without subgroups. If true, delete group including subgroups and members.
* @throws InternalErrorException
* @throws RelationExistsException Raise only if forceDelete is false and the group has any subgroup or member.
* @throws GroupAlreadyRemovedException if there are 0 rows affected by deleting from DB
*/
private void deleteAnyGroup(PerunSession sess, Group group, boolean forceDelete) throws RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupNotExistsException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved {
Vo vo = this.getVo(sess, group);
if (getGroupsManagerImpl().getSubGroupsCount(sess, group) > 0) {
if (!forceDelete)
throw new RelationExistsException("Group group=" + group + " contains subgroups");
// get subgroups of this group
List<Group> subGroups = getSubGroups(sess, group);
for (Group subGroup : subGroups) {
deleteAnyGroup(sess, subGroup, true);
}
}
if ((this.getGroupMembersCount(sess, group) > 0) && !forceDelete) {
throw new RelationExistsException("Group group=" + group + " contains members");
}
List<AssignedResource> assignedResources = getPerunBl().getResourcesManagerBl().getResourceAssignments(sess, group, List.of());
try {
for (AssignedResource assignedResource : assignedResources) {
if (assignedResource.getSourceGroupId() == null) {
getPerunBl().getResourcesManagerBl().removeGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource());
} else {
getPerunBl().getResourcesManagerBl().removeAutomaticGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource(), assignedResource.getSourceGroupId());
}
}
// remove group's attributes
getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, group);
} catch (GroupNotDefinedOnResourceException ex) {
throw new ConsistencyErrorException(ex);
} catch (AttributeValueException ex) {
throw new ConsistencyErrorException("All resources was removed from this group, so no attributes should remain assigned.", ex);
}
// delete all Groups reserved logins from KDC
List<Integer> list = getGroupsManagerImpl().getGroupApplicationIds(sess, group);
for (Integer appId : list) {
// for each application
for (Pair<String, String> login : getGroupsManagerImpl().getApplicationReservedLogins(appId)) {
// for all reserved logins - delete them in ext. system (e.g. KDC)
try {
// left = namespace / right = login
getPerunBl().getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
} catch (LoginNotExistsException ex) {
log.error("Login: {} not exists in namespace: {} while deleting passwords.", login.getRight(), login.getLeft());
} catch (InvalidLoginException e) {
throw new InternalErrorException("We are deleting reserved login from group applications, but its syntax is not allowed by namespace configuration.", e);
} catch (PasswordDeletionFailedException | PasswordOperationTimeoutException ex) {
throw new InternalErrorException("Failed to delete reserved login " + login.getRight() + " from KDC.", ex);
}
}
}
// delete all Groups reserved logins from DB
getGroupsManagerImpl().deleteGroupReservedLogins(sess, group);
// remove all assigned ExtSources to this group
List<ExtSource> assignedSources = getPerunBl().getExtSourcesManagerBl().getGroupExtSources(sess, group);
for (ExtSource source : assignedSources) {
try {
getPerunBl().getExtSourcesManagerBl().removeExtSource(sess, group, source);
} catch (ExtSourceNotAssignedException | ExtSourceAlreadyRemovedException ex) {
// Just log this, because if method can't remove it, it is probably not assigned now
log.warn("Try to remove not existing extSource {} from group {} when deleting group.", source, group);
}
}
// 1. remove all relations with group g as an operand group.
// this removes all relations that depend on this group
List<Integer> relations = groupsManagerImpl.getResultGroupsIds(sess, group.getId());
for (Integer groupId : relations) {
removeGroupUnion(sess, groupsManagerImpl.getGroupById(sess, groupId), group, true);
}
// 2. remove all relations with group as a result group
// We can remove relations without recalculation (@see removeRelationMembers)
// because all dependencies of group were deleted in step 1.
groupsManagerImpl.removeResultGroupRelations(sess, group);
// Group applications, submitted data and app_form are deleted on cascade with "deleteGroup()"
List<Member> membersFromDeletedGroup = getGroupMembers(sess, group);
// delete all member-group attributes
for (Member member : membersFromDeletedGroup) {
try {
perunBl.getAttributesManagerBl().removeAllAttributes(sess, member, group);
} catch (AttributeValueException ex) {
throw new ConsistencyErrorException("All members were removed from this group. So all member-group attribute values can be removed.", ex);
} catch (MemberGroupMismatchException e) {
throw new InternalErrorException("Member we tried to remove all member-group attributes doesn't come from the same VO as group", e);
}
}
// remove admin roles of group
List<Facility> facilitiesWhereGroupIsAdmin = getGroupsManagerImpl().getFacilitiesWhereGroupIsAdmin(sess, group);
for (Facility facility : facilitiesWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, facility, Role.FACILITYADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, facility, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Group> groupsWhereGroupIsAdmin = getGroupsManagerImpl().getGroupsWhereGroupIsAdmin(sess, group);
for (Group group1 : groupsWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, group1, Role.GROUPADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of group {} due to group not admin exception {}.", group, group1, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Resource> resourcesWhereGroupIsAdmin = getGroupsManagerImpl().getResourcesWhereGroupIsAdmin(sess, group);
for (Resource resource : resourcesWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, resource, Role.RESOURCEADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Resource> resourcesWhereGroupIsResourceSelfService = getGroupsManagerImpl().getResourcesWhereGroupIsResourceSelfService(sess, group);
for (Resource resource : resourcesWhereGroupIsResourceSelfService) {
try {
perunBl.getResourcesManagerBl().removeResourceSelfServiceGroup(sess, resource, group);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
}
}
List<SecurityTeam> securityTeamsWhereGroupIsAdmin = getGroupsManagerImpl().getSecurityTeamsWhereGroupIsAdmin(sess, group);
for (SecurityTeam securityTeam : securityTeamsWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, securityTeam, Role.SECURITYADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of security team {} due to group not admin exception {}.", group, securityTeam, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Vo> vosWhereGroupIsAdmin = getGroupsManagerImpl().getVosWhereGroupIsAdmin(sess, group);
for (Vo vo1 : vosWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, vo1, Role.VOADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, vo1, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// remove admins of this group
List<Group> adminGroups = getGroupsManagerImpl().getGroupAdmins(sess, group);
for (Group adminGroup : adminGroups) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminGroup, group, Role.GROUPADMIN);
} catch (GroupNotAdminException e) {
log.warn("When trying to unsetRole GroupAdmin for group {} in the group {} the exception was thrown {}", adminGroup, group, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<User> adminUsers = getGroupsManagerImpl().getAdmins(sess, group);
for (User adminUser : adminUsers) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminUser, group, Role.GROUPADMIN);
} catch (UserNotAdminException e) {
log.warn("When trying to unsetRole GroupAdmin for user {} in the group {} the exception was thrown {}", adminUser, group, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// Deletes also all direct and indirect members of the group
getGroupsManagerImpl().deleteGroup(sess, vo, group);
logTotallyRemovedMembers(sess, group.getParentGroupId(), membersFromDeletedGroup);
getPerunBl().getAuditer().log(sess, new GroupDeleted(group));
}
Also used :
ExtSourceAlreadyRemovedException(cz.metacentrum.perun.core.api.exceptions.ExtSourceAlreadyRemovedException)
EnrichedGroup(cz.metacentrum.perun.core.api.EnrichedGroup)
IndirectMemberRemovedFromGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.IndirectMemberRemovedFromGroup)
CandidateGroup(cz.metacentrum.perun.core.api.CandidateGroup)
RichGroup(cz.metacentrum.perun.core.api.RichGroup)
MemberExpiredInGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.MemberExpiredInGroup)
MemberValidatedInGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.MemberValidatedInGroup)
DirectMemberRemovedFromGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.DirectMemberRemovedFromGroup)
Group(cz.metacentrum.perun.core.api.Group)
DirectMemberAddedToGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.DirectMemberAddedToGroup)
IndirectMemberAddedToGroup(cz.metacentrum.perun.audit.events.GroupManagerEvents.IndirectMemberAddedToGroup)
MemberGroupMismatchException(cz.metacentrum.perun.core.api.exceptions.MemberGroupMismatchException)
User(cz.metacentrum.perun.core.api.User)
RichUser(cz.metacentrum.perun.core.api.RichUser)
AttributeValueException(cz.metacentrum.perun.core.api.exceptions.AttributeValueException)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
GroupNotDefinedOnResourceException(cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException)
Vo(cz.metacentrum.perun.core.api.Vo)
GroupCreatedInVo(cz.metacentrum.perun.audit.events.GroupManagerEvents.GroupCreatedInVo)
GroupDeleted(cz.metacentrum.perun.audit.events.GroupManagerEvents.GroupDeleted)
ExtSourceNotAssignedException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotAssignedException)
RichMember(cz.metacentrum.perun.core.api.RichMember)
Member(cz.metacentrum.perun.core.api.Member)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
LoginNotExistsException(cz.metacentrum.perun.core.api.exceptions.LoginNotExistsException)
AssignedResource(cz.metacentrum.perun.core.api.AssignedResource)
Resource(cz.metacentrum.perun.core.api.Resource)
GroupNotAdminException(cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)
SecurityTeam(cz.metacentrum.perun.core.api.SecurityTeam)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
AssignedResource(cz.metacentrum.perun.core.api.AssignedResource)
PasswordOperationTimeoutException(cz.metacentrum.perun.core.api.exceptions.PasswordOperationTimeoutException)
RelationExistsException(cz.metacentrum.perun.core.api.exceptions.RelationExistsException)
InvalidLoginException(cz.metacentrum.perun.core.api.exceptions.InvalidLoginException)
PasswordDeletionFailedException(cz.metacentrum.perun.core.api.exceptions.PasswordDeletionFailedException)
RichUserExtSource(cz.metacentrum.perun.core.api.RichUserExtSource)
ExtSource(cz.metacentrum.perun.core.api.ExtSource)
UserExtSource(cz.metacentrum.perun.core.api.UserExtSource)
Facility(cz.metacentrum.perun.core.api.Facility)
RoleCannotBeManagedException(cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)
Aggregations
User (cz.metacentrum.perun.core.api.User)7
UserNotAdminException (cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)7
RichUser (cz.metacentrum.perun.core.api.RichUser)6
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)6
Group (cz.metacentrum.perun.core.api.Group)5
GroupNotAdminException (cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)5
RoleCannotBeManagedException (cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)5
RelationExistsException (cz.metacentrum.perun.core.api.exceptions.RelationExistsException)4
Facility (cz.metacentrum.perun.core.api.Facility)3
Resource (cz.metacentrum.perun.core.api.Resource)3
Vo (cz.metacentrum.perun.core.api.Vo)3
BanNotExistsException (cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)3
ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)3
WrongAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)3
WrongReferenceAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)3
RichGroup (cz.metacentrum.perun.core.api.RichGroup)2
SecurityTeam (cz.metacentrum.perun.core.api.SecurityTeam)2
AttributeValueException (cz.metacentrum.perun.core.api.exceptions.AttributeValueException)2
GroupNotDefinedOnResourceException (cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException)2
FacilityDeleted (cz.metacentrum.perun.audit.events.FacilityManagerEvents.FacilityDeleted)1
