use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class urn_perun_user_facility_attribute_def_def_defaultUnixGID method checkAttributeValue.
@Override
public /**
* Checks the new default GID of the user at the specified facility. The new GID must be equals to any of resource unixGID attribute where resource is from speciafie facility (and user must have acces to this resource) or from groupResource:unixGID attribute (groups if from the resources and user have acess to them)
*
* TODO Known issues: Can't detect if unixGid is not set on all resources and groups where user is allowed. This will be reported as WrongAttributeValueException, but it should be WrongReferenceAttributeValueException
*/
void checkAttributeValue(PerunSessionImpl sess, Facility facility, User user, Attribute attribute) throws WrongAttributeValueException, WrongReferenceAttributeValueException, InternalErrorException, WrongAttributeAssignmentException {
Integer gid = (Integer) attribute.getValue();
if (gid == null)
return;
Attribute namespaceAttribute;
try {
namespaceAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, facility, AttributesManager.NS_FACILITY_ATTR_DEF + ":unixGID-namespace");
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
if (namespaceAttribute.getValue() == null)
throw new WrongReferenceAttributeValueException(attribute, namespaceAttribute, "Reference attribute is null");
String namespaceName = (String) namespaceAttribute.getValue();
Attribute unixGroupNameNamespace;
try {
unixGroupNameNamespace = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, facility, AttributesManager.NS_FACILITY_ATTR_DEF + ":unixGroupName-namespace");
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
if (unixGroupNameNamespace.getValue() == null)
throw new WrongReferenceAttributeValueException(attribute, unixGroupNameNamespace, user, facility, facility, null, "Reference attribute is null");
String unixGroupNameNamespaceName = (String) unixGroupNameNamespace.getValue();
Attribute resourceGidAttribute;
try {
resourceGidAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + namespaceName));
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Namespace from value of " + namespaceAttribute + " doesn't exists. (Resource attribute " + AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + namespaceName + " doesn't exists", ex);
}
resourceGidAttribute.setValue(attribute.getValue());
List<Resource> allowedResources = sess.getPerunBl().getUsersManagerBl().getAllowedResources(sess, facility, user);
List<Resource> allowedResourcesWithSameGid = sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGidAttribute);
allowedResourcesWithSameGid.retainAll(allowedResources);
//We found at least one allowed resource with same gid as the user have => attribute is OK
if (!allowedResourcesWithSameGid.isEmpty())
return;
Attribute groupGidAttribute;
try {
groupGidAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_GROUP_ATTR_DEF + ":unixGID-namespace:" + namespaceName));
groupGidAttribute.setValue(attribute.getValue());
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Namespace from value of " + namespaceAttribute + " doesn't exists. (Group-resource attribute " + AttributesManager.NS_GROUP_ATTR_DEF + ":unixGID-namespace:" + namespaceName + " doesn't exists", ex);
}
List<Group> groupWithSameGid = sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupGidAttribute);
List<Group> candidateGroups = groupWithSameGid;
candidateGroups.retainAll(sess.getPerunBl().getFacilitiesManagerBl().getAllowedGroups(sess, facility, null, null));
for (Group group : candidateGroups) {
//check if group has unix group name in namespace required by facility
try {
Attribute unixGroupName = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, group, AttributesManager.NS_GROUP_ATTR_DEF + ":unixGroupName-namespace:" + unixGroupNameNamespaceName);
if (unixGroupName.getValue() == null || ((String) unixGroupName.getValue()).isEmpty()) {
continue;
}
} catch (AttributeNotExistsException ex) {
throw new InternalErrorException(ex);
}
//check if the user is member of the group
if (sess.getPerunBl().getGroupsManagerBl().isUserMemberOfGroup(sess, user, group)) {
//attribute is OK
return;
}
}
throw new WrongAttributeValueException(attribute, user, facility, "User isn't allowed to have the default unix group which have this gid (" + gid + ") or such group doesn't exist. " + user);
}
use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class urn_perun_user_facility_attribute_def_def_accountExpirationTime method checkAttributeValue.
public void checkAttributeValue(PerunSessionImpl perunSession, Facility facility, User user, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
Integer accExpTime = (Integer) attribute.getValue();
if (accExpTime == null) {
throw new WrongAttributeValueException("account expiration time shouldn't be null");
}
Integer facilityAccExpTime = null;
try {
facilityAccExpTime = (Integer) perunSession.getPerunBl().getAttributesManagerBl().getAttribute(perunSession, facility, attribute.getName()).getValue();
} catch (AttributeNotExistsException ex) {
throw new InternalErrorException(ex);
}
if (accExpTime > facilityAccExpTime) {
throw new WrongAttributeValueException("this user_facility attribute cannot has higher value than same facility attribute");
}
}
use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class urn_perun_user_attribute_def_virt_login_namespace_bbmri_persistent method getAttributeValue.
@Override
public Attribute getAttributeValue(PerunSessionImpl sess, User user, AttributeDefinition attributeDefinition) throws InternalErrorException {
Attribute bbmriPersistent = new Attribute(attributeDefinition);
try {
Attribute bbmriPersistentShadow = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, user, SHADOW);
if (bbmriPersistentShadow.getValue() == null) {
bbmriPersistentShadow = sess.getPerunBl().getAttributesManagerBl().fillAttribute(sess, user, bbmriPersistentShadow);
if (bbmriPersistentShadow.getValue() == null) {
throw new InternalErrorException("BBMRI id couldn't be set automatically");
}
sess.getPerunBl().getAttributesManagerBl().setAttribute(sess, user, bbmriPersistentShadow);
}
bbmriPersistent.setValue(bbmriPersistentShadow.getValue());
return bbmriPersistent;
} catch (WrongAttributeAssignmentException e) {
throw new InternalErrorException(e);
} catch (AttributeNotExistsException e) {
throw new InternalErrorException(e);
} catch (WrongReferenceAttributeValueException e) {
throw new InternalErrorException(e);
} catch (WrongAttributeValueException e) {
throw new InternalErrorException(e);
}
}
use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class urn_perun_user_attribute_def_def_vsupMailAlias method changedAttributeHook.
@Override
public void changedAttributeHook(PerunSessionImpl session, User user, Attribute attribute) throws InternalErrorException, WrongReferenceAttributeValueException {
// map of reserved vsup mails
Attribute reservedMailsAttribute;
Map<String, String> reservedMailsAttributeValue;
// other vsup mail attributes to get values from
Attribute vsupMailAttribute;
Attribute mailAliasesAttribute;
Attribute vsupPreferredMailAttribute;
// output sets used for comparison
Set<String> reservedMailsOfUser = new HashSet<>();
Set<String> actualMailsOfUser = new HashSet<>();
try {
reservedMailsAttribute = session.getPerunBl().getAttributesManagerBl().getEntitylessAttributeForUpdate(session, usedMailsKeyVsup, usedMailsUrn);
vsupMailAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupMailUrn);
mailAliasesAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupMailAliasesUrn);
vsupPreferredMailAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupPreferredMailUrn);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute doesn't exists.", ex);
} catch (WrongAttributeAssignmentException e) {
throw new InternalErrorException(e);
}
if (attribute.getValue() == null && reservedMailsAttribute.getValue() == null) {
throw new ConsistencyErrorException("Entityless attribute 'urn:perun:entityless:attribute-def:def:usedMails' is empty, but we are removing 'vsupMailAlias' value, so there should have been entry in entityless attribute.");
}
if (reservedMailsAttribute.getValue() == null) {
reservedMailsAttributeValue = new LinkedHashMap<>();
} else {
reservedMailsAttributeValue = (Map<String, String>) reservedMailsAttribute.getValue();
}
// if SET action and mail is already reserved by other user
if (attribute.getValue() != null) {
String ownersUserId = reservedMailsAttributeValue.get((String) attribute.getValue());
if (ownersUserId != null && !Objects.equals(ownersUserId, String.valueOf(user.getId()))) {
// TODO - maybe get actual owners attribute and throw WrongReferenceAttributeException to be nice in a GUI ?
throw new InternalErrorException("VŠUP mail alias: '" + attribute.getValue() + "' is already in use by User ID: " + ownersUserId + ".");
}
}
for (Map.Entry<String, String> entry : reservedMailsAttributeValue.entrySet()) {
if (Objects.equals(entry.getValue(), String.valueOf(user.getId()))) {
// reserved mails of a user
reservedMailsOfUser.add(entry.getKey());
}
}
if (vsupMailAttribute.getValue() != null) {
actualMailsOfUser.add((String) vsupMailAttribute.getValue());
}
if (vsupPreferredMailAttribute.getValue() != null) {
actualMailsOfUser.add((String) vsupPreferredMailAttribute.getValue());
}
if (mailAliasesAttribute.getValue() != null) {
actualMailsOfUser.addAll((ArrayList<String>) mailAliasesAttribute.getValue());
}
for (String mail : reservedMailsOfUser) {
if (!actualMailsOfUser.contains(mail)) {
// Remove mail, which is not in attributes anymore
reservedMailsAttributeValue.remove(mail);
// since this attribute holds single value, we can break the cycle here
break;
}
}
// Put in which is in attribute but not in a map
if (attribute.getValue() != null) {
reservedMailsAttributeValue.putIfAbsent((String) attribute.getValue(), String.valueOf(user.getId()));
}
// save changes in entityless attribute
try {
// always set value to attribute, since we might start with null in attribute and empty map in variable !!
reservedMailsAttribute.setValue(reservedMailsAttributeValue);
session.getPerunBl().getAttributesManagerBl().setAttribute(session, usedMailsKeyVsup, reservedMailsAttribute);
} catch (WrongAttributeValueException | WrongAttributeAssignmentException ex) {
throw new InternalErrorException(ex);
}
// if set, check vsupPreferredMail and set it's value if is currently empty or equals vsupMail
if (attribute.getValue() != null) {
String preferredMail = (String) vsupPreferredMailAttribute.getValue();
if (preferredMail == null || Objects.equals(preferredMail, vsupMailAttribute.getValue())) {
vsupPreferredMailAttribute.setValue(attribute.getValue());
try {
session.getPerunBl().getAttributesManagerBl().setAttribute(session, user, vsupPreferredMailAttribute);
} catch (WrongAttributeValueException | WrongAttributeAssignmentException e) {
throw new InternalErrorException("Unable to store generated vsupMailAlias to vsupPreferredMail.", e);
}
}
}
}
use of cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException in project perun by CESNET.
the class urn_perun_user_attribute_def_def_vsupMailAlias method checkAttributeValue.
@Override
public void checkAttributeValue(PerunSessionImpl sess, User user, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongAttributeAssignmentException {
// can be empty
if (attribute.getValue() == null)
return;
// if set, must match generic format
Matcher emailMatcher = emailAliasPattern.matcher((String) attribute.getValue());
if (!emailMatcher.find())
throw new WrongAttributeValueException(attribute, user, "School mail alias is not in a correct form: \"firstName.lastName[counter]@vsup.cz\".");
try {
Attribute reservedMailsAttribute = sess.getPerunBl().getAttributesManagerBl().getEntitylessAttributeForUpdate(sess, usedMailsKeyVsup, usedMailsUrn);
if (reservedMailsAttribute.getValue() != null) {
Map<String, String> reservedMailsAttributeValue = (Map<String, String>) reservedMailsAttribute.getValue();
String ownersUserId = reservedMailsAttributeValue.get((String) attribute.getValue());
if (ownersUserId != null && !Objects.equals(ownersUserId, String.valueOf(user.getId()))) {
throw new WrongAttributeValueException("VŠUP mail alias: '" + attribute.getValue() + "' is already in use by User ID: " + ownersUserId + ".");
}
}
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute doesn't exists.", ex);
}
}
Aggregations