use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.
the class ConsolidatorManagerImpl method checkForSimilarUsers.
@Override
public List<Identity> checkForSimilarUsers(PerunSession sess, int appId) throws PerunException {
String email = "";
String name = "";
List<RichUser> result = new ArrayList<RichUser>();
List<String> attrNames = new ArrayList<String>();
attrNames.add("urn:perun:user:attribute-def:def:preferredMail");
attrNames.add("urn:perun:user:attribute-def:def:organization");
Application app = registrarManager.getApplicationById(registrarSession, appId);
if (app.getGroup() == null) {
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo())) {
if (sess.getPerunPrincipal().getUser() != null) {
// check if application to find similar users by belongs to user
if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
throw new PrivilegeException("checkForSimilarUsers");
} else {
if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
throw new PrivilegeException("checkForSimilarUsers");
}
}
} else {
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, app.getVo()) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, app.getGroup())) {
if (sess.getPerunPrincipal().getUser() != null) {
// check if application to find similar users by belongs to user
if (!sess.getPerunPrincipal().getUser().equals(app.getUser()))
throw new PrivilegeException("checkForSimilarUsers");
} else {
if (!sess.getPerunPrincipal().getExtSourceName().equals(app.getExtSourceName()) && !sess.getPerunPrincipal().getActor().equals(app.getCreatedBy()))
throw new PrivilegeException("checkForSimilarUsers");
}
}
}
// only for initial VO applications if user==null
if (app.getType().equals(Application.AppType.INITIAL) && app.getGroup() == null && app.getUser() == null) {
try {
User u = perun.getUsersManager().getUserByExtSourceNameAndExtLogin(registrarSession, app.getExtSourceName(), app.getCreatedBy());
if (u != null) {
// do not show error message in GUI by returning an empty array.
return convertToIdentities(result);
}
} catch (Exception ex) {
// we don't care, let's try to search by name
}
List<ApplicationFormItemData> data = registrarManager.getApplicationDataById(sess, appId);
// search by email, which should be unique (check is more precise)
for (ApplicationFormItemData item : data) {
if ("urn:perun:user:attribute-def:def:preferredMail".equals(item.getFormItem().getPerunDestinationAttribute())) {
email = item.getValue();
}
if (email != null && !email.isEmpty())
break;
}
List<RichUser> users = (email != null && !email.isEmpty()) ? perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames) : new ArrayList<RichUser>();
if (users != null && !users.isEmpty()) {
// found by preferredMail
return convertToIdentities(users);
}
// search by different mail
// clear previous value
email = "";
for (ApplicationFormItemData item : data) {
if ("urn:perun:member:attribute-def:def:mail".equals(item.getFormItem().getPerunDestinationAttribute())) {
email = item.getValue();
}
if (email != null && !email.isEmpty())
break;
}
users = (email != null && !email.isEmpty()) ? perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, email, attrNames) : new ArrayList<RichUser>();
if (users != null && !users.isEmpty()) {
// found by member mail
return convertToIdentities(users);
}
for (ApplicationFormItemData item : data) {
if (RegistrarManagerImpl.URN_USER_DISPLAY_NAME.equals(item.getFormItem().getPerunDestinationAttribute())) {
name = item.getValue();
// use parsed name to drop mistakes on IDP side
try {
if (name != null && !name.isEmpty()) {
Map<String, String> nameMap = Utils.parseCommonName(name);
// drop name titles to spread search
String newName = "";
if (nameMap.get("firstName") != null && !nameMap.get("firstName").isEmpty()) {
newName += nameMap.get("firstName") + " ";
}
if (nameMap.get("lastName") != null && !nameMap.get("lastName").isEmpty()) {
newName += nameMap.get("lastName");
}
// fill parsed name instead of input
if (newName != null && !newName.isEmpty()) {
name = newName;
}
}
} catch (Exception ex) {
log.error("[REGISTRAR] Unable to parse new user's display/common name when searching for similar users. Exception: {}", ex);
}
if (name != null && !name.isEmpty())
break;
}
}
users = (name != null && !name.isEmpty()) ? perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames) : new ArrayList<RichUser>();
if (users != null && !users.isEmpty()) {
// found by member display name
return convertToIdentities(users);
}
// continue to search by last name
// clear previous value
name = "";
for (ApplicationFormItemData item : data) {
if (RegistrarManagerImpl.URN_USER_LAST_NAME.equals(item.getFormItem().getPerunDestinationAttribute())) {
name = item.getValue();
if (name != null && !name.isEmpty())
break;
}
}
if (name != null && !name.isEmpty()) {
// what was found by name
return convertToIdentities(perun.getUsersManager().findRichUsersWithAttributesByExactMatch(registrarSession, name, attrNames));
} else {
// not found by name
return convertToIdentities(result);
}
} else {
// not found, since not proper type of application to check users for
return convertToIdentities(result);
}
}
use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.
the class RegistrarBaseIntegrationTest method applyForMembershipInVO.
private static void applyForMembershipInVO(RegistrarManager registrarManager, PerunBl perun, Vo vo, PerunSession user) throws PerunException, DuplicateRegistrationAttemptException {
Map<String, String> feder = new HashMap<String, String>();
feder.put("Shib-Person-displayName", "pplk. doc. Ing. Václav Rumcajs, DrSc.");
feder.put("Shib-Person-commonName", "Václav Rumcajs");
feder.put("Shib-Person-givenName", "Václav");
feder.put("Shib-Person-sureName", "Rumcajs");
feder.put("Shib-Person-o", "Les Řáholec");
feder.put("Shib-EP-Affiliation", "member");
feder.put("Shib-InetOrgPerson-mail", "mail@gmail.org");
feder.put("Shib-EP-PrincipalName", user.getPerunPrincipal().getActor());
user.getPerunPrincipal().getAdditionalInformations().putAll(feder);
List<ApplicationFormItemWithPrefilledValue> prefilledForm = registrarManager.getFormItemsWithPrefilledValues(user, INITIAL, registrarManager.getFormForVo(vo));
//data z federace a od uzivatele
Application application = new Application();
application.setType(INITIAL);
application.setCreatedAt(user.getPerunPrincipal().getActor());
application.setExtSourceName(user.getPerunPrincipal().getExtSourceName());
application.setExtSourceType(ExtSourcesManager.EXTSOURCE_IDP);
application.setFedInfo(feder.toString());
application.setVo(vo);
List<ApplicationFormItemData> data = new ArrayList<ApplicationFormItemData>();
for (ApplicationFormItemWithPrefilledValue itemW : prefilledForm) {
ApplicationFormItem item = itemW.getFormItem();
//log.info("prefilled item "+itemW);
if (item.getShortname().equals("preferredMail")) {
data.add(new ApplicationFormItemData(item, item.getShortname(), "rumcajs@gmail.com", "0"));
} else if (item.getShortname().equals("username")) {
data.add(new ApplicationFormItemData(item, item.getShortname(), "rumcik", "0"));
} else {
//nechej predvyplnenou hodnotu
data.add(new ApplicationFormItemData(item, item.getShortname(), itemW.getPrefilledValue(), itemW.getAssuranceLevel()));
}
}
registrarManager.createApplication(user, application, data);
}
use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.
the class MailManagerImpl method sendInvitation.
@Override
public void sendInvitation(PerunSession sess, Vo vo, Group group, String name, String email, String language) throws PerunException {
if (group == null) {
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.TOPGROUPCREATOR, vo)) {
throw new PrivilegeException(sess, "sendInvitation");
}
} else {
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo) && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, group)) {
throw new PrivilegeException(sess, "sendInvitation");
}
}
if (email == null || email.isEmpty())
throw new RegistrarException("You must provide non-empty email of person you are inviting.");
// get form
ApplicationForm form;
if (group != null) {
form = registrarManager.getFormForGroup(group);
} else {
form = registrarManager.getFormForVo(vo);
}
// get mail definition
ApplicationMail mail = getMailByParams(form.getId(), AppType.INITIAL, MailType.USER_INVITE);
if (mail == null) {
throw new RegistrarException("You don't have invitation e-mail template defined.");
} else if (mail.getSend() == false) {
throw new RegistrarException("Sending of invitations is disabled.");
}
if (language == null) {
language = "en";
if (group == null) {
try {
Attribute a = attrManager.getAttribute(registrarSession, vo, URN_VO_LANGUAGE_EMAIL);
if (a != null && a.getValue() != null) {
language = BeansUtils.attributeValueToString(a);
}
} catch (Exception ex) {
log.error("[MAIL MANAGER] Exception thrown when getting preferred language of notification for VO={}: {}", vo, ex);
}
} else {
try {
Attribute a = attrManager.getAttribute(registrarSession, group, URN_GROUP_LANGUAGE_EMAIL);
if (a != null && a.getValue() != null) {
language = BeansUtils.attributeValueToString(a);
}
} catch (Exception ex) {
log.error("[MAIL MANAGER] Exception thrown when getting preferred language of notification for Group={}: {}", group, ex);
}
}
}
// get language
Locale lang = new Locale(language);
// get localized subject and text
MailText mt = mail.getMessage(lang);
String mailText = "";
String mailSubject = "";
if (mt.getText() != null && !mt.getText().isEmpty()) {
mailText = mt.getText();
}
if (mt.getSubject() != null && !mt.getSubject().isEmpty()) {
mailSubject = mt.getSubject();
}
SimpleMailMessage message = new SimpleMailMessage();
// fake app to get "from" address
Application app = new Application();
app.setVo(vo);
app.setGroup(group);
// get from
setFromMailAddress(message, app);
message.setTo(email);
mailText = substituteCommonStringsForInvite(vo, group, null, name, mailText);
mailSubject = substituteCommonStringsForInvite(vo, group, null, name, mailSubject);
message.setSubject(mailSubject);
message.setText(mailText);
try {
mailSender.send(message);
log.info("[MAIL MANAGER] Sending mail: USER_INVITE to: {} / " + app.getVo() + " / " + app.getGroup(), message.getTo());
} catch (MailException ex) {
log.error("[MAIL MANAGER] Sending mail: USER_INVITE failed because of exception: {}", ex);
throw new RegistrarException("Unable to send e-mail.", ex);
}
}
use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.
the class RegistrarManagerImpl method createApplication.
@Override
public List<ApplicationFormItemData> createApplication(PerunSession session, Application application, List<ApplicationFormItemData> data) throws PerunException {
// If user is known in Perun but unknown in GUI (user joined identity by consolidator)
if (application.getUser() == null && session.getPerunPrincipal().getUser() != null) {
application.setUser(session.getPerunPrincipal().getUser());
}
// using this to init inner transaction
// all minor exceptions inside are catched, if not, it's ok to throw them
Application app = this.registrarManager.createApplicationInternal(session, application, data);
// try to verify (or even auto-approve) application
try {
tryToVerifyApplication(session, app);
// refresh current session, if submission was successful,
// since user might have been created.
AuthzResolverBlImpl.refreshSession(session);
} catch (Exception ex) {
log.error("[REGISTRAR] Unable to verify or auto-approve application {}, because of exception {}", app, ex);
throw ex;
}
return data;
}
use of cz.metacentrum.perun.registrar.model.Application in project perun by CESNET.
the class RegistrarManagerImpl method approveApplication.
@Override
public Application approveApplication(PerunSession sess, int appId) throws PerunException {
Application app;
try {
app = registrarManager.approveApplicationInternal(sess, appId);
} catch (AlreadyMemberException ex) {
// case when user joined identity after sending initial application and former user was already member of VO
throw new RegistrarException("User is already member of your VO with ID:" + ex.getMember().getId() + " (user joined his identities after sending new application). You can reject this application and re-validate old member to keep old data (e.g. login,email).", ex);
} catch (MemberNotExistsException ex) {
throw new RegistrarException("To approve application user must already be member of VO.", ex);
} catch (UserNotExistsException ex) {
throw new RegistrarException("To approve application user must already be member of VO.", ex);
} catch (UserExtSourceNotExistsException ex) {
throw new RegistrarException("To approve application user must already be member of VO.", ex);
} catch (ExtSourceNotExistsException ex) {
throw new RegistrarException("To approve application user must already be member of VO.", ex);
}
Member member = perun.getMembersManager().getMemberByUser(registrarSession, app.getVo(), app.getUser());
// get user's group apps with auto-approve and approve them
autoApproveUsersGroupApplications(sess, app.getVo(), app.getUser());
try {
// validate member async when all changes are committed
perun.getMembersManagerBl().validateMemberAsync(registrarSession, member);
} catch (Exception ex) {
// we skip any exception thrown from here
log.error("[REGISTRAR] Exception when validating {} after approving application {}.", member, app);
}
perun.getAuditer().log(sess, "Application ID=" + appId + " voID=" + app.getVo().getId() + ((app.getGroup() != null) ? (" groupID=" + app.getGroup().getId()) : "") + " was approved.");
return app;
}
Aggregations