use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class MembersManagerBlImpl method manageMembershipExpiration.
/**
* More info on https://wiki.metacentrum.cz/wiki/VO_managers%27s_manual
*
* If setAttributeValue is true, then store the membership expiration date into the attribute, otherwise
* return object pair containing true/false if the member can be extended and date specifying exact date of the new expiration
*
* @param sess session
* @param member member to check / set membership expiration
* @param setAttributeValue TRUE = set new membership expiration date / FALSE = do NOT set new expiration date (just calculate it)
* @param throwExceptions TRUE = throw exception / FALSE = return false when member can't extend membership
* @return Pair with result in left side (can / can't extend membership) and Date in right side telling new membership expiration date
*
* @throws InternalErrorException
* @throws ExtendMembershipException When member can't extend membership and throwException is set to true.
*/
protected Pair<Boolean, Date> manageMembershipExpiration(PerunSession sess, Member member, boolean setAttributeValue, boolean throwExceptions) throws InternalErrorException, ExtendMembershipException {
// Check if the VO has set membershipExpirationRules attribute
LinkedHashMap<String, String> membershipExpirationRules;
Vo vo;
Attribute membershipExpirationRulesAttribute = null;
try {
vo = getPerunBl().getVosManagerBl().getVoById(sess, member.getVoId());
membershipExpirationRulesAttribute = getPerunBl().getAttributesManagerBl().getAttribute(sess, vo, MembersManager.membershipExpirationRulesAttributeName);
membershipExpirationRules = (LinkedHashMap<String, String>) membershipExpirationRulesAttribute.getValue();
// If attribute was not filled, then silently exit
if (membershipExpirationRules == null)
return new Pair<Boolean, Date>(true, null);
} catch (VoNotExistsException e) {
throw new ConsistencyErrorException("Member " + member + " of non-existing VO id=" + member.getVoId());
} catch (AttributeNotExistsException e) {
// There is no attribute definition for membership expiration rules.
return new Pair<Boolean, Date>(true, null);
} catch (WrongAttributeAssignmentException e) {
throw new InternalErrorException("Shouldn't happen.");
}
// Get user LOA
String memberLoa = null;
try {
Attribute loa = getPerunBl().getAttributesManagerBl().getAttribute(sess, member, AttributesManager.NS_MEMBER_ATTR_VIRT + ":loa");
memberLoa = (String) loa.getValue();
} catch (AttributeNotExistsException e) {
// Ignore, will be probably set further
} catch (WrongAttributeAssignmentException e) {
throw new InternalErrorException(e);
}
// Get current membershipExpiration date
Attribute membershipExpirationAttribute = null;
try {
membershipExpirationAttribute = getPerunBl().getAttributesManagerBl().getAttribute(sess, member, AttributesManager.NS_MEMBER_ATTR_DEF + ":membershipExpiration");
} catch (AttributeNotExistsException e) {
throw new ConsistencyErrorException("Attribute: " + AttributesManager.NS_MEMBER_ATTR_DEF + ":membershipExpiration" + " must be defined in order to use membershipExpirationRules");
} catch (WrongAttributeAssignmentException e) {
throw new InternalErrorException(e);
}
boolean isServiceUser = false;
try {
User user = getPerunBl().getUsersManagerBl().getUserById(sess, member.getUserId());
isServiceUser = user.isServiceUser();
} catch (UserNotExistsException ex) {
throw new ConsistencyErrorException("User must exists for " + member + " when checking expiration rules.");
}
// and are not service users
if (membershipExpirationRules.get(MembersManager.membershipDoNotExtendLoaKeyName) != null && membershipExpirationAttribute.getValue() != null && !isServiceUser) {
if (memberLoa == null) {
// Member doesn't have LOA defined and LOA is required for extension, so do not extend membership.
log.warn("Member {} doesn't have LOA defined, but 'doNotExtendLoa' option is set for VO id {}.", member, member.getVoId());
if (throwExceptions) {
throw new ExtendMembershipException(ExtendMembershipException.Reason.NOUSERLOA, "Member " + member + " doesn't have LOA defined, but 'doNotExtendLoa' option is set for VO id " + member.getVoId() + ".");
} else {
return new Pair<Boolean, Date>(false, null);
}
}
String[] doNotExtendLoas = membershipExpirationRules.get(MembersManager.membershipDoNotExtendLoaKeyName).split(",");
for (String doNotExtendLoa : doNotExtendLoas) {
if (doNotExtendLoa.equals(memberLoa)) {
// Member has LOA which is not allowed for extension
if (throwExceptions) {
throw new ExtendMembershipException(ExtendMembershipException.Reason.INSUFFICIENTLOAFOREXTENSION, "Member " + member + " doesn't have required LOA for VO id " + member.getVoId() + ".");
} else {
return new Pair<Boolean, Date>(false, null);
}
}
}
}
Calendar calendar = Calendar.getInstance();
// Does the user have expired membership, if yes, then for canExtendMembership return true
if (!setAttributeValue && membershipExpirationAttribute.getValue() != null) {
try {
Date currentMemberExpiration = BeansUtils.getDateFormatterWithoutTime().parse((String) membershipExpirationAttribute.getValue());
Calendar currentMemberExpirationCalendar = Calendar.getInstance();
currentMemberExpirationCalendar.setTime(currentMemberExpiration);
if (calendar.after(currentMemberExpirationCalendar)) {
return new Pair<Boolean, Date>(true, null);
}
} catch (ParseException e) {
throw new InternalErrorException("Wrong format of the membersExpiration: " + membershipExpirationAttribute.getValue(), e);
}
}
String period = null;
// Default extension
if (membershipExpirationRules.get(MembersManager.membershipPeriodKeyName) != null) {
period = membershipExpirationRules.get(MembersManager.membershipPeriodKeyName);
}
// Do we extend particular LoA? Attribute syntax LoA|[period][.]
if (membershipExpirationRules.get(MembersManager.membershipPeriodLoaKeyName) != null) {
// Which period
String[] membershipPeriodLoa = membershipExpirationRules.get(MembersManager.membershipPeriodLoaKeyName).split("\\|");
String loa = membershipPeriodLoa[0];
String periodLoa = membershipPeriodLoa[1];
// Does the user have this LoA?
if (loa.equals(memberLoa)) {
if (periodLoa.endsWith(".")) {
// If period ends with ., then we do not allow extension for users with particular LoA if they are already members
if (membershipExpirationAttribute.getValue() != null) {
if (throwExceptions) {
throw new ExtendMembershipException(ExtendMembershipException.Reason.INSUFFICIENTLOAFOREXTENSION, "Member " + member + " doesn't have required LOA for VO id " + member.getVoId() + ".");
} else {
return new Pair<Boolean, Date>(false, null);
}
}
// remove dot from the end of the string
period = periodLoa.substring(0, periodLoa.length() - 1);
} else {
period = periodLoa;
}
}
}
// Do we extend for x months or for static date?
if (period != null) {
if (period.startsWith("+")) {
if (!isMemberInGracePeriod(membershipExpirationRules, (String) membershipExpirationAttribute.getValue())) {
if (throwExceptions) {
throw new ExtendMembershipException(ExtendMembershipException.Reason.OUTSIDEEXTENSIONPERIOD, (String) membershipExpirationAttribute.getValue(), "Member " + member + " cannot extend because we are outside grace period for VO id " + member.getVoId() + ".");
} else {
return new Pair<Boolean, Date>(false, null);
}
}
// By default do not add nothing
int amount = 0;
int field;
// We will add days/months/years
Pattern p = Pattern.compile("\\+([0-9]+)([dmy]?)");
Matcher m = p.matcher(period);
if (m.matches()) {
String countString = m.group(1);
amount = Integer.valueOf(countString);
String dmyString = m.group(2);
if (dmyString.equals("d")) {
field = Calendar.DAY_OF_YEAR;
} else if (dmyString.equals("m")) {
field = Calendar.MONTH;
} else if (dmyString.equals("y")) {
field = Calendar.YEAR;
} else {
throw new InternalErrorException("Wrong format of period in VO membershipExpirationRules attribute. Period: " + period);
}
} else {
throw new InternalErrorException("Wrong format of period in VO membershipExpirationRules attribute. Period: " + period);
}
// Add days/months/years
calendar.add(field, amount);
} else {
// We will extend to particular date
// Parse date
Pattern p = Pattern.compile("([0-9]+).([0-9]+).");
Matcher m = p.matcher(period);
if (m.matches()) {
int day = Integer.valueOf(m.group(1));
int month = Integer.valueOf(m.group(2));
// Get current year
int year = calendar.get(Calendar.YEAR);
// We must detect if the extension date is in current year or in a next year
boolean extensionInNextYear;
Calendar extensionCalendar = Calendar.getInstance();
extensionCalendar.set(year, month - 1, day);
Calendar today = Calendar.getInstance();
if (extensionCalendar.before(today)) {
// Extension date is in a next year
extensionInNextYear = true;
} else {
// Extension is in the current year
extensionInNextYear = false;
}
// Set the date to which the membershi should be extended, can be changed if there was grace period, see next part of the code
// month is 0-based
calendar.set(year, month - 1, day);
if (extensionInNextYear) {
calendar.add(Calendar.YEAR, 1);
}
// Is there a grace period?
if (membershipExpirationRules.get(MembersManager.membershipGracePeriodKeyName) != null) {
String gracePeriod = membershipExpirationRules.get(MembersManager.membershipGracePeriodKeyName);
// If the extension is requested in period-gracePeriod then extend to next period
// Get the value of the grace period
p = Pattern.compile("([0-9]+)([dmy]?)");
m = p.matcher(gracePeriod);
if (m.matches()) {
String countString = m.group(1);
int amount = Integer.valueOf(countString);
// Set the gracePeriodCalendar to the extension date
Calendar gracePeriodCalendar = Calendar.getInstance();
gracePeriodCalendar.set(year, month - 1, day);
if (extensionInNextYear) {
gracePeriodCalendar.add(Calendar.YEAR, 1);
}
int field;
String dmyString = m.group(2);
if (dmyString.equals("d")) {
field = Calendar.DAY_OF_YEAR;
} else if (dmyString.equals("m")) {
field = Calendar.MONTH;
} else if (dmyString.equals("y")) {
field = Calendar.YEAR;
} else {
throw new InternalErrorException("Wrong format of gracePeriod in VO membershipExpirationRules attribute. gracePeriod: " + gracePeriod);
}
// subtracts period definition, e.g. 3m
gracePeriodCalendar.add(field, -amount);
// Check if we are in grace period
if (gracePeriodCalendar.before(Calendar.getInstance())) {
// We are in grace period, so extend to the next period
calendar.add(Calendar.YEAR, 1);
}
// If we do not need to set the attribute value, only check if the current member's expiration time is not in grace period
if (!setAttributeValue && membershipExpirationAttribute.getValue() != null) {
try {
Date currentMemberExpiration = BeansUtils.getDateFormatterWithoutTime().parse((String) membershipExpirationAttribute.getValue());
// subtracts grace period from the currentMemberExpiration
Calendar currentMemberExpirationCalendar = Calendar.getInstance();
currentMemberExpirationCalendar.setTime(currentMemberExpiration);
currentMemberExpirationCalendar.add(field, -amount);
// if today is before that time, user can extend his period
if (currentMemberExpirationCalendar.after(Calendar.getInstance())) {
if (throwExceptions) {
throw new ExtendMembershipException(ExtendMembershipException.Reason.OUTSIDEEXTENSIONPERIOD, (String) membershipExpirationAttribute.getValue(), "Member " + member + " cannot extend because we are outside grace period for VO id " + member.getVoId() + ".");
} else {
return new Pair<Boolean, Date>(false, null);
}
}
} catch (ParseException e) {
throw new InternalErrorException("Wrong format of the membersExpiration: " + membershipExpirationAttribute.getValue(), e);
}
}
}
}
} else {
throw new InternalErrorException("Wrong format of period in VO membershipExpirationRules attribute. Period: " + period);
}
}
// Reset hours, minutes and seconds to 0
calendar.set(Calendar.HOUR, 0);
calendar.set(Calendar.MINUTE, 0);
calendar.set(Calendar.SECOND, 0);
calendar.set(Calendar.MILLISECOND, 0);
// Set new value of the membershipExpiration for the member
if (setAttributeValue) {
membershipExpirationAttribute.setValue(BeansUtils.getDateFormatterWithoutTime().format(calendar.getTime()));
try {
getPerunBl().getAttributesManagerBl().setAttribute(sess, member, membershipExpirationAttribute);
} catch (WrongAttributeValueException e) {
throw new InternalErrorException("Wrong value: " + membershipExpirationAttribute.getValue(), e);
} catch (WrongReferenceAttributeValueException e) {
throw new InternalErrorException(e);
} catch (WrongAttributeAssignmentException e) {
throw new InternalErrorException(e);
}
}
}
return new Pair<Boolean, Date>(true, calendar.getTime());
}
use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class urn_perun_user_attribute_def_virt_login_namespace_elixir_persistent method getAttributeValue.
@Override
public Attribute getAttributeValue(PerunSessionImpl sess, User user, AttributeDefinition attributeDefinition) throws InternalErrorException {
Attribute elixirPersistent = new Attribute(attributeDefinition);
try {
Attribute elixirPersistentShadow = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, user, SHADOW);
if (elixirPersistentShadow.getValue() == null) {
elixirPersistentShadow = sess.getPerunBl().getAttributesManagerBl().fillAttribute(sess, user, elixirPersistentShadow);
if (elixirPersistentShadow.getValue() == null) {
throw new InternalErrorException("Elixir id couldn't be set automatically");
}
sess.getPerunBl().getAttributesManagerBl().setAttribute(sess, user, elixirPersistentShadow);
}
elixirPersistent.setValue(elixirPersistentShadow.getValue());
return elixirPersistent;
} catch (WrongAttributeAssignmentException e) {
throw new InternalErrorException(e);
} catch (AttributeNotExistsException e) {
throw new InternalErrorException(e);
} catch (WrongReferenceAttributeValueException e) {
throw new InternalErrorException(e);
} catch (WrongAttributeValueException e) {
throw new InternalErrorException(e);
}
}
use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class urn_perun_user_attribute_def_def_vsupPreferredMail method changedAttributeHook.
@Override
public void changedAttributeHook(PerunSessionImpl session, User user, Attribute attribute) throws InternalErrorException, WrongReferenceAttributeValueException {
// map of reserved vsup mails
Attribute reservedMailsAttribute;
Map<String, String> reservedMailsAttributeValue;
// other vsup mail attributes to get values from
Attribute vsupMailAttribute;
Attribute vsupMailAliasAttribute;
Attribute mailAliasesAttribute;
// output sets used for comparison
Set<String> reservedMailsOfUser = new HashSet<>();
Set<String> actualMailsOfUser = new HashSet<>();
try {
reservedMailsAttribute = session.getPerunBl().getAttributesManagerBl().getEntitylessAttributeForUpdate(session, usedMailsKeyVsup, usedMailsUrn);
vsupMailAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupMailUrn);
mailAliasesAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupMailAliasesUrn);
vsupMailAliasAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupMailAliasUrn);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute doesn't exists.", ex);
} catch (WrongAttributeAssignmentException e) {
throw new InternalErrorException(e);
}
if (attribute.getValue() == null && reservedMailsAttribute.getValue() == null) {
throw new ConsistencyErrorException("Entityless attribute 'urn:perun:entityless:attribute-def:def:usedMails' is empty, but we are removing 'vsupPreferredMail' value, so there should have been entry in entityless attribute.");
}
if (reservedMailsAttribute.getValue() == null) {
reservedMailsAttributeValue = new LinkedHashMap<>();
} else {
reservedMailsAttributeValue = (Map<String, String>) reservedMailsAttribute.getValue();
}
// if SET action and mail is already reserved by other user
if (attribute.getValue() != null) {
String ownersUserId = reservedMailsAttributeValue.get((String) attribute.getValue());
if (ownersUserId != null && !Objects.equals(ownersUserId, String.valueOf(user.getId()))) {
// TODO - maybe get actual owners attribute and throw WrongReferenceAttributeException to be nice in a GUI ?
throw new InternalErrorException("VŠUP preferred mail: '" + attribute.getValue() + "' is already in use by User ID: " + ownersUserId + ".");
}
}
for (Map.Entry<String, String> entry : reservedMailsAttributeValue.entrySet()) {
if (Objects.equals(entry.getValue(), String.valueOf(user.getId()))) {
// reserved mails of a user
reservedMailsOfUser.add(entry.getKey());
}
}
if (vsupMailAttribute.getValue() != null) {
actualMailsOfUser.add((String) vsupMailAttribute.getValue());
}
if (vsupMailAliasAttribute.getValue() != null) {
actualMailsOfUser.add((String) vsupMailAliasAttribute.getValue());
}
if (mailAliasesAttribute.getValue() != null) {
actualMailsOfUser.addAll((ArrayList<String>) mailAliasesAttribute.getValue());
}
for (String mail : reservedMailsOfUser) {
if (!actualMailsOfUser.contains(mail)) {
// Remove mail, which is not in attributes anymore
reservedMailsAttributeValue.remove(mail);
// since this attribute holds single value, we can break the cycle here
break;
}
}
// Put in which is in attribute but not in a map
if (attribute.getValue() != null) {
reservedMailsAttributeValue.putIfAbsent((String) attribute.getValue(), String.valueOf(user.getId()));
}
// save changes in entityless attribute
try {
// always set value to attribute, since we might start with null in attribute and empty map in variable !!
reservedMailsAttribute.setValue(reservedMailsAttributeValue);
session.getPerunBl().getAttributesManagerBl().setAttribute(session, usedMailsKeyVsup, reservedMailsAttribute);
} catch (WrongAttributeValueException | WrongAttributeAssignmentException ex) {
throw new InternalErrorException(ex);
}
// update user:preferredMail so admin can see users preferred mail in GUI.
try {
if (attribute.getValue() != null) {
Attribute userPreferredMail = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, "urn:perun:user:attribute-def:def:preferredMail");
if (!Objects.equals(userPreferredMail.getValue(), attribute.getValue())) {
// if preferred mail is different, update user:preferredMail
userPreferredMail.setValue(attribute.getValue());
session.getPerunBl().getAttributesManagerBl().setAttribute(session, user, userPreferredMail);
}
}
} catch (WrongAttributeValueException | WrongAttributeAssignmentException | AttributeNotExistsException ex) {
throw new InternalErrorException(ex);
}
}
use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class urn_perun_user_facility_attribute_def_def_homeMountPoint method checkAttributeValue.
@Override
public void checkAttributeValue(PerunSessionImpl session, Facility facility, User user, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
List<Resource> usersResources = null;
usersResources = session.getPerunBl().getUsersManagerBl().getAllowedResources(session, facility, user);
List<String> homeMntPointsOnAllResources = new ArrayList<String>();
for (Resource res : usersResources) {
Attribute resAttribute;
try {
resAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, res, AttributesManager.NS_RESOURCE_ATTR_DEF + ":homeMountPoints");
} catch (AttributeNotExistsException ex) {
throw new InternalErrorException("no homemountpoints found on underlying resources", ex);
}
List<String> homeMntPoint = (List<String>) resAttribute.getValue();
if (homeMntPoint != null) {
homeMntPointsOnAllResources.addAll(homeMntPoint);
}
}
if (homeMntPointsOnAllResources.isEmpty()) {
throw new WrongReferenceAttributeValueException("No homeMountPoints set on associated resources.");
}
if (!homeMntPointsOnAllResources.contains((String) attribute.getValue())) {
throw new WrongAttributeValueException(attribute, user, facility, "User's home mount point is invalid. Valid mount points: " + homeMntPointsOnAllResources);
}
Pattern pattern = Pattern.compile("^/[-a-zA-Z.0-9_/]*$*");
Matcher match = pattern.matcher((String) attribute.getValue());
if (!match.matches()) {
throw new WrongAttributeValueException(attribute, "Attribute has wrong format");
}
}
use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class urn_perun_user_facility_attribute_def_def_basicDefaultGID method checkAttributeValue.
@Override
public void checkAttributeValue(PerunSessionImpl sess, Facility facility, User user, Attribute attribute) throws WrongAttributeValueException, WrongReferenceAttributeValueException, InternalErrorException, WrongAttributeAssignmentException {
Attribute namespaceAttribute;
try {
namespaceAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, facility, AttributesManager.NS_FACILITY_ATTR_DEF + ":unixGID-namespace");
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
if (namespaceAttribute.getValue() == null) {
throw new WrongReferenceAttributeValueException(attribute, namespaceAttribute, "Reference attribute is null");
}
String namespaceName = (String) namespaceAttribute.getValue();
Attribute resourceGidAttribute;
try {
resourceGidAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + namespaceName));
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Namespace from value of " + namespaceAttribute + " doesn't exists. (Resource attribute " + AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + namespaceName + " doesn't exists", ex);
}
resourceGidAttribute.setValue(attribute.getValue());
List<Resource> allowedResources = sess.getPerunBl().getUsersManagerBl().getAllowedResources(sess, facility, user);
List<Resource> resourcesWithSameGid = sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGidAttribute);
if (resourcesWithSameGid.isEmpty() && allowedResources.isEmpty() && resourceGidAttribute.getValue() == null)
return;
if (resourcesWithSameGid.isEmpty() && resourceGidAttribute.getValue() != null)
throw new WrongAttributeValueException(attribute, user, facility, "Resource with requiered unix GID doesn't exist.");
if (allowedResources.isEmpty())
throw new WrongAttributeValueException(attribute, user, "User has not access to requiered resource");
resourcesWithSameGid.retainAll(allowedResources);
if (!resourcesWithSameGid.isEmpty()) {
//We found at least one allowed resource with same gid as the user have => attribute is OK
return;
} else {
throw new WrongAttributeValueException(attribute, user, "User has not access to resource with required group id");
}
}
Aggregations