Search in sources :

Example 1 with Application

use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.

the class ConsolidatorManagerImpl method checkForSimilarUsers.

@Override
public List<Identity> checkForSimilarUsers(PerunSession sess, int appId) throws PerunException {
    String email = "";
    String name = "";
    List<RichUser> result = new ArrayList<RichUser>();
    List<String> attrNames = new ArrayList<String>();
    attrNames.add("urn:perun:user:attribute-def:def:preferredMail");
    attrNames.add("urn:perun:user:attribute-def:def:organization");
    Application app = registrarManager.getApplicationById(registrarSession, appId);
    if (app.getGroup() == null) {
        if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo())) {
            if (sess.getPerunPrincipal().getUser() != null) {
                // check if application to find similar users by belongs to user
                if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
                    throw new PrivilegeException("checkForSimilarUsers");
            } else {
                if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
                    throw new PrivilegeException("checkForSimilarUsers");
            }
        }
    } else {
        if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo()) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, app.getGroup())) {
            if (sess.getPerunPrincipal().getUser() != null) {
                // check if application to find similar users by belongs to user
                if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
                    throw new PrivilegeException("checkForSimilarUsers");
            } else {
                if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
                    throw new PrivilegeException("checkForSimilarUsers");
            }
        }
    }
    // only for initial VO applications if user==null
    if (app.getType().equals(Application.AppType.INITIAL) && app.getGroup() == null && app.getUser() == null) {
        try {
            User u = perun.getUsersManager().getUserByExtSourceNameAndExtLogin(registrarSession, app.getExtSourceName(), app.getCreatedBy());
            if (u != null) {
                // do not show error message in GUI by returning an empty array.
                return convertToIdentities(result);
            }
        } catch (Exception ex) {
        // we don't care, let's try to search by name
        }
        List<ApplicationFormItemData> data = registrarManager.getApplicationDataById(sess, appId);
        // search by email, which should be unique (check is more precise)
        for (ApplicationFormItemData item : data) {
            if ("urn:perun:user:attribute-def:def:preferredMail".equals(item.getFormItem().getPerunDestinationAttribute())) {
                email = item.getValue();
            }
            if (email != null && !email.isEmpty())
                break;
        }
        List<RichUser> users = (email != null && !email.isEmpty()) ? perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames) : new ArrayList<RichUser>();
        if (users != null && !users.isEmpty()) {
            // found by preferredMail
            return convertToIdentities(users);
        }
        // search by different mail
        // clear previous value
        email = "";
        for (ApplicationFormItemData item : data) {
            if ("urn:perun:member:attribute-def:def:mail".equals(item.getFormItem().getPerunDestinationAttribute())) {
                email = item.getValue();
            }
            if (email != null && !email.isEmpty())
                break;
        }
        users = (email != null && !email.isEmpty()) ? perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames) : new ArrayList<RichUser>();
        if (users != null && !users.isEmpty()) {
            // found by member mail
            return convertToIdentities(users);
        }
        for (ApplicationFormItemData item : data) {
            if (RegistrarManagerImpl.URN_USER_DISPLAY_NAME.equals(item.getFormItem().getPerunDestinationAttribute())) {
                name = item.getValue();
                // use parsed name to drop mistakes on IDP side
                try {
                    if (name != null && !name.isEmpty()) {
                        Map<String, String> nameMap = Utils.parseCommonName(name);
                        // drop name titles to spread search
                        String newName = "";
                        if (nameMap.get("firstName") != null && !nameMap.get("firstName").isEmpty()) {
                            newName += nameMap.get("firstName") + " ";
                        }
                        if (nameMap.get("lastName") != null && !nameMap.get("lastName").isEmpty()) {
                            newName += nameMap.get("lastName");
                        }
                        // fill parsed name instead of input
                        if (newName != null && !newName.isEmpty()) {
                            name = newName;
                        }
                    }
                } catch (Exception ex) {
                    log.error("[REGISTRAR] Unable to parse new user's display/common name when searching for similar users. Exception: {}", ex);
                }
                if (name != null && !name.isEmpty())
                    break;
            }
        }
        users = (name != null && !name.isEmpty()) ? perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames) : new ArrayList<RichUser>();
        if (users != null && !users.isEmpty()) {
            // found by member display name
            return convertToIdentities(users);
        }
        // continue to search by last name
        // clear previous value
        name = "";
        for (ApplicationFormItemData item : data) {
            if (RegistrarManagerImpl.URN_USER_LAST_NAME.equals(item.getFormItem().getPerunDestinationAttribute())) {
                name = item.getValue();
                if (name != null && !name.isEmpty())
                    break;
            }
        }
        if (name != null && !name.isEmpty()) {
            // what was found by name
            return convertToIdentities(perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames));
        } else {
            // not found by name
            return convertToIdentities(result);
        }
    } else {
        // not found, since not proper type of application to check users for
        return convertToIdentities(result);
    }
}
Also used : ApplicationFormItemData(cz.metacentrum.perun.registrar.model.ApplicationFormItemData) ExtSourceNotExistsException(cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException) PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) PerunException(cz.metacentrum.perun.core.api.exceptions.PerunException) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) Application(cz.metacentrum.perun.registrar.model.Application)

Example 2 with Application

use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.

the class RegistrarBaseIntegrationTest method applyForMembershipInVO.

private static void applyForMembershipInVO(RegistrarManager registrarManager, PerunBl perun, Vo vo, PerunSession user) throws PerunException, DuplicateRegistrationAttemptException {
    Map<String, String> feder = new HashMap<String, String>();
    feder.put("Shib-Person-displayName", "pplk. doc. Ing. Václav Rumcajs, DrSc.");
    feder.put("Shib-Person-commonName", "Václav Rumcajs");
    feder.put("Shib-Person-givenName", "Václav");
    feder.put("Shib-Person-sureName", "Rumcajs");
    feder.put("Shib-Person-o", "Les Řáholec");
    feder.put("Shib-EP-Affiliation", "member");
    feder.put("Shib-InetOrgPerson-mail", "mail@gmail.org");
    feder.put("Shib-EP-PrincipalName", user.getPerunPrincipal().getActor());
    user.getPerunPrincipal().getAdditionalInformations().putAll(feder);
    List<ApplicationFormItemWithPrefilledValue> prefilledForm = registrarManager.getFormItemsWithPrefilledValues(user, INITIAL, registrarManager.getFormForVo(vo));
    //data z federace a od uzivatele
    Application application = new Application();
    application.setType(INITIAL);
    application.setCreatedAt(user.getPerunPrincipal().getActor());
    application.setExtSourceName(user.getPerunPrincipal().getExtSourceName());
    application.setExtSourceType(ExtSourcesManager.EXTSOURCE_IDP);
    application.setFedInfo(feder.toString());
    application.setVo(vo);
    List<ApplicationFormItemData> data = new ArrayList<ApplicationFormItemData>();
    for (ApplicationFormItemWithPrefilledValue itemW : prefilledForm) {
        ApplicationFormItem item = itemW.getFormItem();
        //log.info("prefilled item "+itemW);
        if (item.getShortname().equals("preferredMail")) {
            data.add(new ApplicationFormItemData(item, item.getShortname(), "rumcajs@gmail.com", "0"));
        } else if (item.getShortname().equals("username")) {
            data.add(new ApplicationFormItemData(item, item.getShortname(), "rumcik", "0"));
        } else {
            //nechej predvyplnenou hodnotu
            data.add(new ApplicationFormItemData(item, item.getShortname(), itemW.getPrefilledValue(), itemW.getAssuranceLevel()));
        }
    }
    registrarManager.createApplication(user, application, data);
}
Also used : ApplicationFormItem(cz.metacentrum.perun.registrar.model.ApplicationFormItem) ApplicationFormItemWithPrefilledValue(cz.metacentrum.perun.registrar.model.ApplicationFormItemWithPrefilledValue) ApplicationFormItemData(cz.metacentrum.perun.registrar.model.ApplicationFormItemData) Application(cz.metacentrum.perun.registrar.model.Application)

Example 3 with Application

use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.

the class MailManagerImpl method sendInvitation.

@Override
public void sendInvitation(PerunSession sess, Vo vo, Group group, String name, String email, String language) throws PerunException {
    if (group == null) {
        if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.TOPGROUPCREATOR, vo)) {
            throw new PrivilegeException(sess, "sendInvitation");
        }
    } else {
        if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
            throw new PrivilegeException(sess, "sendInvitation");
        }
    }
    if (email == null || email.isEmpty())
        throw new RegistrarException("You must provide non-empty email of person you are inviting.");
    // get form
    ApplicationForm form;
    if (group != null) {
        form = registrarManager.getFormForGroup(group);
    } else {
        form = registrarManager.getFormForVo(vo);
    }
    // get mail definition
    ApplicationMail mail = getMailByParams(form.getId(), AppType.INITIAL, MailType.USER_INVITE);
    if (mail == null) {
        throw new RegistrarException("You don't have invitation e-mail template defined.");
    } else if (mail.getSend() == false) {
        throw new RegistrarException("Sending of invitations is disabled.");
    }
    if (language == null) {
        language = "en";
        if (group == null) {
            try {
                Attribute a = attrManager.getAttribute(registrarSession, vo, URN_VO_LANGUAGE_EMAIL);
                if (a != null && a.getValue() != null) {
                    language = BeansUtils.attributeValueToString(a);
                }
            } catch (Exception ex) {
                log.error("[MAIL MANAGER] Exception thrown when getting preferred language of notification for VO={}: {}", vo, ex);
            }
        } else {
            try {
                Attribute a = attrManager.getAttribute(registrarSession, group, URN_GROUP_LANGUAGE_EMAIL);
                if (a != null && a.getValue() != null) {
                    language = BeansUtils.attributeValueToString(a);
                }
            } catch (Exception ex) {
                log.error("[MAIL MANAGER] Exception thrown when getting preferred language of notification for Group={}: {}", group, ex);
            }
        }
    }
    // get language
    Locale lang = new Locale(language);
    // get localized subject and text
    MailText mt = mail.getMessage(lang);
    String mailText = "";
    String mailSubject = "";
    if (mt.getText() != null && !mt.getText().isEmpty()) {
        mailText = mt.getText();
    }
    if (mt.getSubject() != null && !mt.getSubject().isEmpty()) {
        mailSubject = mt.getSubject();
    }
    SimpleMailMessage message = new SimpleMailMessage();
    // fake app to get "from" address
    Application app = new Application();
    app.setVo(vo);
    app.setGroup(group);
    // get from
    setFromMailAddress(message, app);
    message.setTo(email);
    mailText = substituteCommonStringsForInvite(vo, group, null, name, mailText);
    mailSubject = substituteCommonStringsForInvite(vo, group, null, name, mailSubject);
    message.setSubject(mailSubject);
    message.setText(mailText);
    try {
        mailSender.send(message);
        log.info("[MAIL MANAGER] Sending mail: USER_INVITE to: {} / " + app.getVo() + " / " + app.getGroup(), message.getTo());
    } catch (MailException ex) {
        log.error("[MAIL MANAGER] Sending mail: USER_INVITE failed because of exception: {}", ex);
        throw new RegistrarException("Unable to send e-mail.", ex);
    }
}
Also used : ApplicationForm(cz.metacentrum.perun.registrar.model.ApplicationForm) SimpleMailMessage(org.springframework.mail.SimpleMailMessage) MailText(cz.metacentrum.perun.registrar.model.ApplicationMail.MailText) RegistrarException(cz.metacentrum.perun.registrar.exceptions.RegistrarException) MailException(org.springframework.mail.MailException) Application(cz.metacentrum.perun.registrar.model.Application) SQLException(java.sql.SQLException) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) RegistrarException(cz.metacentrum.perun.registrar.exceptions.RegistrarException) DuplicateKeyException(org.springframework.dao.DuplicateKeyException) MailException(org.springframework.mail.MailException) ApplicationMail(cz.metacentrum.perun.registrar.model.ApplicationMail)

Example 4 with Application

use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.

the class RegistrarManagerImpl method createApplication.

@Override
public List<ApplicationFormItemData> createApplication(PerunSession session, Application application, List<ApplicationFormItemData> data) throws PerunException {
    // If user is known in Perun but unknown in GUI (user joined identity by consolidator)
    if (application.getUser() == null && session.getPerunPrincipal().getUser() != null) {
        application.setUser(session.getPerunPrincipal().getUser());
    }
    // using this to init inner transaction
    // all minor exceptions inside are catched, if not, it's ok to throw them
    Application app = this.registrarManager.createApplicationInternal(session, application, data);
    // try to verify (or even auto-approve) application
    try {
        tryToVerifyApplication(session, app);
        // refresh current session, if submission was successful,
        // since user might have been created.
        AuthzResolverBlImpl.refreshSession(session);
    } catch (Exception ex) {
        log.error("[REGISTRAR] Unable to verify or auto-approve application {}, because of exception {}", app, ex);
        throw ex;
    }
    return data;
}
Also used : Application(cz.metacentrum.perun.registrar.model.Application) SQLException(java.sql.SQLException) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) DuplicateKeyException(org.springframework.dao.DuplicateKeyException)

Example 5 with Application

use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.

the class RegistrarManagerImpl method approveApplication.

@Override
public Application approveApplication(PerunSession sess, int appId) throws PerunException {
    Application app;
    try {
        app = registrarManager.approveApplicationInternal(sess, appId);
    } catch (AlreadyMemberException ex) {
        // case when user joined identity after sending initial application and former user was already member of VO
        throw new RegistrarException("User is already member of your VO with ID:" + ex.getMember().getId() + " (user joined his identities after sending new application). You can reject this application and re-validate old member to keep old data (e.g. login,email).", ex);
    } catch (MemberNotExistsException ex) {
        throw new RegistrarException("To approve application user must already be member of VO.", ex);
    } catch (UserNotExistsException ex) {
        throw new RegistrarException("To approve application user must already be member of VO.", ex);
    } catch (UserExtSourceNotExistsException ex) {
        throw new RegistrarException("To approve application user must already be member of VO.", ex);
    } catch (ExtSourceNotExistsException ex) {
        throw new RegistrarException("To approve application user must already be member of VO.", ex);
    }
    Member member = perun.getMembersManager().getMemberByUser(registrarSession, app.getVo(), app.getUser());
    // get user's group apps with auto-approve and approve them
    autoApproveUsersGroupApplications(sess, app.getVo(), app.getUser());
    try {
        // validate member async when all changes are committed
        perun.getMembersManagerBl().validateMemberAsync(registrarSession, member);
    } catch (Exception ex) {
        // we skip any exception thrown from here
        log.error("[REGISTRAR] Exception when validating {} after approving application {}.", member, app);
    }
    perun.getAuditer().log(sess, "Application ID=" + appId + " voID=" + app.getVo().getId() + ((app.getGroup() != null) ? (" groupID=" + app.getGroup().getId()) : "") + " was approved.");
    return app;
}
Also used : Application(cz.metacentrum.perun.registrar.model.Application) SQLException(java.sql.SQLException) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) DuplicateKeyException(org.springframework.dao.DuplicateKeyException)

Aggregations

Application (cz.metacentrum.perun.registrar.model.Application)11 SQLException (java.sql.SQLException)6 EmptyResultDataAccessException (org.springframework.dao.EmptyResultDataAccessException)6 DuplicateKeyException (org.springframework.dao.DuplicateKeyException)4 RegistrarModule (cz.metacentrum.perun.registrar.RegistrarModule)2 RegistrarException (cz.metacentrum.perun.registrar.exceptions.RegistrarException)2 ApplicationForm (cz.metacentrum.perun.registrar.model.ApplicationForm)2 ApplicationFormItemData (cz.metacentrum.perun.registrar.model.ApplicationFormItemData)2 ApplicationMail (cz.metacentrum.perun.registrar.model.ApplicationMail)2 MailText (cz.metacentrum.perun.registrar.model.ApplicationMail.MailText)2 ResultSet (java.sql.ResultSet)2 MailException (org.springframework.mail.MailException)2 SimpleMailMessage (org.springframework.mail.SimpleMailMessage)2 Transactional (org.springframework.transaction.annotation.Transactional)2 ExtSourceNotExistsException (cz.metacentrum.perun.core.api.exceptions.ExtSourceNotExistsException)1 PerunException (cz.metacentrum.perun.core.api.exceptions.PerunException)1 PrivilegeException (cz.metacentrum.perun.core.api.exceptions.PrivilegeException)1 ApplicationFormItem (cz.metacentrum.perun.registrar.model.ApplicationFormItem)1 ApplicationFormItemWithPrefilledValue (cz.metacentrum.perun.registrar.model.ApplicationFormItemWithPrefilledValue)1 RowMapper (org.springframework.jdbc.core.RowMapper)1