Example 6 with UserNotAdminException
use of cz.metacentrum.perun.core.api.exceptions.UserNotAdminException in project perun by CESNET.
the class UsersManagerBlImpl method removeSpecificUserOwner.
@Override
public void removeSpecificUserOwner(PerunSession sess, User user, User specificUser, boolean forceDelete) throws RelationNotExistsException, SpecificUserOwnerAlreadyRemovedException {
if (specificUser.isServiceUser() && specificUser.isSponsoredUser())
throw new InternalErrorException("We don't support specific and sponsored users together yet.");
if (specificUser.getMajorSpecificType().equals(SpecificUserType.NORMAL))
throw new InternalErrorException("Incorrect type of specification for specific user!" + specificUser);
if (user.getMajorSpecificType().equals(SpecificUserType.SERVICE))
throw new InternalErrorException("Service user can`t own another account (service or guest)!" + user);
List<User> specificUserOwners = this.getUsersBySpecificUser(sess, specificUser);
if (!specificUserOwners.remove(user))
throw new RelationNotExistsException("User is not the active owner of the specificUser.");
if (!getUsersManagerImpl().specificUserOwnershipExists(sess, user, specificUser)) {
throw new RelationNotExistsException("User has no relationship to specificUser.");
}
try {
// refresh authz for sponsors
if (specificUser.isSponsoredUser())
AuthzResolverBlImpl.removeSpecificUserOwner(sess, specificUser, user);
// refresh authz for service user owners
if (specificUser.isServiceUser() && sess.getPerunPrincipal() != null) {
if (user.getId() == sess.getPerunPrincipal().getUserId()) {
AuthzResolverBlImpl.refreshAuthz(sess);
}
}
} catch (UserNotAdminException ex) {
throw new InternalErrorException("Can't remove role of sponsor for user " + user + " and sponsored user " + specificUser);
}
if (forceDelete) {
// getPerunBl().getAuditer().log(sess, "{} ownership was removed for specificUser {}.", user, specificUser);
getPerunBl().getAuditer().log(sess, new OwnershipRemovedForSpecificUser(user, specificUser));
getUsersManagerImpl().removeSpecificUserOwner(sess, user, specificUser);
} else {
getPerunBl().getAuditer().log(sess, new OwnershipDisabledForSpecificUser(user, specificUser));
getUsersManagerImpl().disableOwnership(sess, user, specificUser);
}
}
Also used :
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
RelationNotExistsException(cz.metacentrum.perun.core.api.exceptions.RelationNotExistsException)
OwnershipRemovedForSpecificUser(cz.metacentrum.perun.audit.events.UserManagerEvents.OwnershipRemovedForSpecificUser)
User(cz.metacentrum.perun.core.api.User)
OwnershipEnabledForSpecificUser(cz.metacentrum.perun.audit.events.UserManagerEvents.OwnershipEnabledForSpecificUser)
UserAddedToOwnersOfSpecificUser(cz.metacentrum.perun.audit.events.UserManagerEvents.UserAddedToOwnersOfSpecificUser)
UserExtSourceRemovedFromUser(cz.metacentrum.perun.audit.events.UserManagerEvents.UserExtSourceRemovedFromUser)
RichUser(cz.metacentrum.perun.core.api.RichUser)
OwnershipDisabledForSpecificUser(cz.metacentrum.perun.audit.events.UserManagerEvents.OwnershipDisabledForSpecificUser)
UserExtSourceAddedToUser(cz.metacentrum.perun.audit.events.UserManagerEvents.UserExtSourceAddedToUser)
AllUserExtSourcesDeletedForUser(cz.metacentrum.perun.audit.events.UserManagerEvents.AllUserExtSourcesDeletedForUser)
OwnershipRemovedForSpecificUser(cz.metacentrum.perun.audit.events.UserManagerEvents.OwnershipRemovedForSpecificUser)
OwnershipDisabledForSpecificUser(cz.metacentrum.perun.audit.events.UserManagerEvents.OwnershipDisabledForSpecificUser)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
Example 7 with UserNotAdminException
use of cz.metacentrum.perun.core.api.exceptions.UserNotAdminException in project perun by CESNET.
the class ResourcesManagerBlImpl method deleteResource.
@Override
public void deleteResource(PerunSession sess, Resource resource) throws ResourceAlreadyRemovedException, GroupAlreadyRemovedFromResourceException {
// Get facility for audit messages
Facility facility = this.getFacility(sess, resource);
// remove admins of this resource
List<Group> adminGroups = getResourcesManagerImpl().getAdminGroups(sess, resource);
for (Group adminGroup : adminGroups) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminGroup, resource, Role.RESOURCEADMIN);
} catch (GroupNotAdminException e) {
log.warn("When trying to unsetRole ResourceAdmin for group {} in the resource {} the exception was thrown {}", adminGroup, resource, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<User> adminUsers = getResourcesManagerImpl().getAdmins(sess, resource);
for (User adminUser : adminUsers) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminUser, resource, Role.RESOURCEADMIN);
} catch (UserNotAdminException e) {
log.warn("When trying to unsetRole ResourceAdmin for user {} in the resource {} the exception was thrown {}", adminUser, resource, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// Remove binding between resource and service
List<Service> services = getAssignedServices(sess, resource);
for (Service service : services) {
try {
this.removeService(sess, resource, service);
} catch (ServiceNotAssignedException e) {
throw new ConsistencyErrorException(e);
}
}
List<AssignedGroup> assignedGroups = getGroupAssignments(sess, resource, List.of());
for (AssignedGroup assignedGroup : assignedGroups) {
if (assignedGroup.getSourceGroupId() == null) {
try {
removeGroupFromResource(sess, assignedGroup.getEnrichedGroup().getGroup(), resource);
} catch (GroupNotDefinedOnResourceException ex) {
throw new GroupAlreadyRemovedFromResourceException(ex);
}
}
}
// Remove attr values for the resource
try {
perunBl.getAttributesManagerBl().removeAllAttributes(sess, resource);
} catch (AttributeValueException ex) {
throw new ConsistencyErrorException("All services are removed from this resource. There is no required attribute. So all attribtes for this resource can be removed withou problem.", ex);
}
// Remove group-resource attr values for all group and resource
try {
this.perunBl.getAttributesManagerBl().removeAllGroupResourceAttributes(sess, resource);
} catch (WrongAttributeValueException | GroupResourceMismatchException | WrongReferenceAttributeValueException ex) {
throw new InternalErrorException(ex);
}
// Remove all resources tags
this.removeAllResourcesTagFromResource(sess, resource);
// Remove all resource bans
List<BanOnResource> bansOnResource = this.getBansForResource(sess, resource.getId());
for (BanOnResource banOnResource : bansOnResource) {
try {
this.removeBan(sess, banOnResource.getId());
} catch (BanNotExistsException ex) {
// it is ok, we just want to remove it anyway
}
}
// Because resource will be tottaly deleted, we can also delete all member-resource attributes
this.perunBl.getAttributesManagerBl().removeAllMemberResourceAttributes(sess, resource);
// Get the resource VO
Vo vo = this.getVo(sess, resource);
getResourcesManagerImpl().deleteResource(sess, vo, resource);
getPerunBl().getAuditer().log(sess, new ResourceDeleted(resource, facility));
}
Also used :
AssignedGroup(cz.metacentrum.perun.core.api.AssignedGroup)
Group(cz.metacentrum.perun.core.api.Group)
ResourceSelfServiceAddedForGroup(cz.metacentrum.perun.audit.events.ResourceManagerEvents.ResourceSelfServiceAddedForGroup)
ResourceSelfServiceRemovedForGroup(cz.metacentrum.perun.audit.events.ResourceManagerEvents.ResourceSelfServiceRemovedForGroup)
User(cz.metacentrum.perun.core.api.User)
RichUser(cz.metacentrum.perun.core.api.RichUser)
ResourceSelfServiceRemovedForUser(cz.metacentrum.perun.audit.events.ResourceManagerEvents.ResourceSelfServiceRemovedForUser)
AttributeValueException(cz.metacentrum.perun.core.api.exceptions.AttributeValueException)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
GroupResourceMismatchException(cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException)
UserNotAdminException(cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
GroupNotDefinedOnResourceException(cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException)
Vo(cz.metacentrum.perun.core.api.Vo)
ResourceDeleted(cz.metacentrum.perun.audit.events.ResourceManagerEvents.ResourceDeleted)
ServiceNotAssignedException(cz.metacentrum.perun.core.api.exceptions.ServiceNotAssignedException)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Service(cz.metacentrum.perun.core.api.Service)
GroupNotAdminException(cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
BanOnResource(cz.metacentrum.perun.core.api.BanOnResource)
Facility(cz.metacentrum.perun.core.api.Facility)
RoleCannotBeManagedException(cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)
GroupAlreadyRemovedFromResourceException(cz.metacentrum.perun.core.api.exceptions.GroupAlreadyRemovedFromResourceException)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
AssignedGroup(cz.metacentrum.perun.core.api.AssignedGroup)
BanNotExistsException(cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)
Aggregations
User (cz.metacentrum.perun.core.api.User)7
UserNotAdminException (cz.metacentrum.perun.core.api.exceptions.UserNotAdminException)7
RichUser (cz.metacentrum.perun.core.api.RichUser)6
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)6
Group (cz.metacentrum.perun.core.api.Group)5
GroupNotAdminException (cz.metacentrum.perun.core.api.exceptions.GroupNotAdminException)5
RoleCannotBeManagedException (cz.metacentrum.perun.core.api.exceptions.RoleCannotBeManagedException)5
RelationExistsException (cz.metacentrum.perun.core.api.exceptions.RelationExistsException)4
Facility (cz.metacentrum.perun.core.api.Facility)3
Resource (cz.metacentrum.perun.core.api.Resource)3
Vo (cz.metacentrum.perun.core.api.Vo)3
BanNotExistsException (cz.metacentrum.perun.core.api.exceptions.BanNotExistsException)3
ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)3
WrongAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)3
WrongReferenceAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)3
RichGroup (cz.metacentrum.perun.core.api.RichGroup)2
SecurityTeam (cz.metacentrum.perun.core.api.SecurityTeam)2
AttributeValueException (cz.metacentrum.perun.core.api.exceptions.AttributeValueException)2
GroupNotDefinedOnResourceException (cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException)2
FacilityDeleted (cz.metacentrum.perun.audit.events.FacilityManagerEvents.FacilityDeleted)1
