Examples with PermissionDeniedCacheException diskCacheV111.util.PermissionDeniedCacheException used on opensource projects

Example 21 with PermissionDeniedCacheException

use of diskCacheV111.util.PermissionDeniedCacheException in project dcache by dCache.

the class FileResources method deleteFileEntry.

@DELETE
@Path("{path : .*}")
@ApiOperation(value = "delete a file or directory", notes = "If a directory is targeted then the directory must already be empty.")
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses({ @ApiResponse(code = 401, message = "Unauthorized"), @ApiResponse(code = 403, message = "Forbidden"), @ApiResponse(code = 404, message = "Not Found"), @ApiResponse(code = 500, message = "Internal Server Error") })
public Response deleteFileEntry(@ApiParam(value = "Path of file or directory.", required = true) @PathParam("path") String requestPath) throws CacheException {
    PnfsHandler handler = HandlerBuilders.roleAwarePnfsHandler(pnfsmanager);
    FsPath path = pathMapper.asDcachePath(request, requestPath, ForbiddenException::new);
    try {
        handler.deletePnfsEntry(path.toString());
    } catch (FileNotFoundCacheException e) {
        throw new NotFoundException(e);
    } catch (PermissionDeniedCacheException e) {
        if (RequestUser.isAnonymous()) {
            throw new NotAuthorizedException(e);
        } else {
            throw new ForbiddenException(e);
        }
    } catch (JSONException | IllegalArgumentException | CacheException e) {
        throw new BadRequestException(e);
    } catch (Exception e) {
        LOG.warn(Exceptions.meaningfulMessage(e));
        throw new InternalServerErrorException(e);
    }
    return successfulResponse(Response.Status.OK);
}

Example 22 with PermissionDeniedCacheException

use of diskCacheV111.util.PermissionDeniedCacheException in project dcache by dCache.

the class IdResources method getAttributes.

@GET
@ApiOperation(value = "Discover information about a file from the PNFS-ID.", notes = "Retrieve all file attributes plus the file's path from the " + "given PNFS-ID.")
@ApiResponses({ @ApiResponse(code = 400, message = "Bad pnsfid"), @ApiResponse(code = 401, message = "Unauthorized"), @ApiResponse(code = 403, message = "Forbidden"), @ApiResponse(code = 404, message = "Not Found"), @ApiResponse(code = 500, message = "Internal Server Error") })
@Path("{pnfsid}")
@Produces(MediaType.APPLICATION_JSON)
public JsonFileAttributes getAttributes(@ApiParam("The PNFS-ID of a file or directory.") @PathParam("pnfsid") String value) {
    Set<FileAttribute> attributeSet = NamespaceUtils.getRequestedAttributes(true, true, true, true, true);
    JsonFileAttributes result = new JsonFileAttributes();
    PnfsHandler handler = HandlerBuilders.roleAwarePnfsHandler(pnfsmanager);
    try {
        PnfsId id = new PnfsId(value);
        FileAttributes attributes = handler.getFileAttributes(id, attributeSet);
        /*
             * Caveat: Because there is a possibility that a given file could have
             * a number of hard-linked paths, and that the current path finder
             * code selects only the most recently created path/link, there
             * is a possibility of getting a path which may not correspond
             * to the expected one.
             */
        FsPath path = FsPath.create(attributes.getStorageInfo().getKey("path"));
        /*
             * Since FileResources maps according to the effective root,
             * we should return the path in the same form here.
             */
        result.setPath(pathMapper.asRequestPath(request, path));
        String name = path.name();
        result.setFileName(name);
        NamespaceUtils.chimeraToJsonAttributes(name, result, attributes, true, true, true, true, false, true, request, poolMonitor);
        NamespaceUtils.addQoSAttributes(result, attributes, request, poolMonitor, pinmanager);
    } catch (IllegalArgumentException e) {
        throw new BadRequestException("Bad pnsfid " + value, e);
    } catch (FileNotFoundCacheException e) {
        throw new NotFoundException(e);
    } catch (PermissionDeniedCacheException e) {
        if (RequestUser.isAnonymous()) {
            throw new NotAuthorizedException(e);
        } else {
            throw new ForbiddenException(e);
        }
    } catch (CacheException | InterruptedException | NoRouteToCellException e) {
        LOGGER.warn(Exceptions.meaningfulMessage(e));
        throw new InternalServerErrorException(e);
    }
    return result;
}

Example 23 with PermissionDeniedCacheException

use of diskCacheV111.util.PermissionDeniedCacheException in project dcache by dCache.

the class QosManagement method getQueriedQosForFiles.

@GET
@ApiOperation("Provide information about a specific file quality of " + "services.  Requires authentication.")
@ApiResponses({ @ApiResponse(code = 401, message = "Unauthorized"), @ApiResponse(code = 403, message = "Forbidden"), @ApiResponse(code = 404, message = "Not found"), @ApiResponse(code = 500, message = "Internal Server Error") })
@Path("/file/{qos}")
@Produces(MediaType.APPLICATION_JSON)
public BackendCapabilityResponse getQueriedQosForFiles(@ApiParam("The file quality of service to query.") @PathParam("qos") String qosValue) {
    BackendCapabilityResponse backendCapabilityResponse = new BackendCapabilityResponse();
    BackendCapability backendCapability = new BackendCapability();
    try {
        if (RequestUser.isAnonymous()) {
            throw new PermissionDeniedCacheException("Permission denied");
        }
        backendCapabilityResponse.setStatus("200");
        backendCapabilityResponse.setMessage("successful");
        QoSMetadata qoSMetadata;
        switch(Qos.fromDisplayName(qosValue)) {
            case DISK:
                qoSMetadata = new QoSMetadata("1", geographicPlacement, "100");
                setBackendCapability(backendCapability, DISK.displayName(), Arrays.asList(TAPE.displayName(), DISK_TAPE.displayName()), qoSMetadata);
                break;
            case TAPE:
                qoSMetadata = new QoSMetadata("1", geographicPlacement, "600000");
                setBackendCapability(backendCapability, TAPE.displayName(), Arrays.asList(DISK_TAPE.displayName()), qoSMetadata);
                break;
            case DISK_TAPE:
                qoSMetadata = new QoSMetadata("2", geographicPlacement, "100");
                setBackendCapability(backendCapability, DISK_TAPE.displayName(), Arrays.asList(TAPE.displayName()), qoSMetadata);
                break;
            case VOLATILE:
                qoSMetadata = new QoSMetadata("0", geographicPlacement, "100");
                setBackendCapability(backendCapability, VOLATILE.displayName(), Arrays.asList(DISK.displayName(), TAPE.displayName(), DISK_TAPE.displayName()), qoSMetadata);
                break;
            default:
                throw new NotFoundException();
        }
    } catch (PermissionDeniedCacheException e) {
        if (RequestUser.isAnonymous()) {
            throw new NotAuthorizedException(e);
        } else {
            throw new ForbiddenException(e);
        }
    } catch (UnsupportedOperationException e) {
        throw new BadRequestException(e);
    }
    backendCapabilityResponse.setBackendCapability(backendCapability);
    return backendCapabilityResponse;
}

Example 24 with PermissionDeniedCacheException

use of diskCacheV111.util.PermissionDeniedCacheException in project dcache by dCache.

the class PnfsManagerV3 method checkMkdirAllowed.

private void checkMkdirAllowed(PnfsCreateEntryMessage message) throws PermissionDeniedCacheException {
    if (Subjects.isRoot(message.getSubject())) {
        return;
    }
    FsPath path = message.getFsPath();
    Restriction restriction = message.getRestriction();
    /* As a special case, if the user is allowed to upload into
         * a child directory then they are also allowed to create this
         * directory.  This allows the user to create missing parent
         * directories upto (but not including) the final element in the path.
         * The final element, if missing MUST be uploaded as a file.
         *
         * For example, if the allowed path for upload is '/data/test-1/item1'
         * where 'test-1' and 'item1' do not exist, then an attempt to create
         * the directory '/data/test-1' should succeed.  However, an attempt to
         * mkdir '/data/test-1/item1' should fail.
         */
    if (restriction.hasUnrestrictedChild(UPLOAD, path)) {
        return;
    }
    /* As another special case, allow the user to create a directory if
         * the user is allowed to upload.  We want to ensure that the user
         * cannot create a directory for the final the target directory.
         *
         * For example, if the allowed path for upload is '/data/test-1/item1`
         * where 'item1' already exists as a directory, then the user should
         * be allowed to create the directory '/data/test-1/item1/subdir1'.
         *
         * Example 2, if the allowed path for upload is '/data/test-1/item1'
         * where 'test-1' already exists but 'item1' does not exist then
         * the user SHOULD NOT be allowed to create 'item1' as a directory.
         *
         * To cover these two cases, we check whether the user would be allowed
         * to upload a file as the same name as the parent for the new
         * directory.  In example 1, the parent is 'item1' and the user would
         * be allowed to upload this file (if it didn't alreaedy exist).
         * In example 2, the parent is 'test-1' and the user is not allowed to
         * upload this file.
         */
    if (!path.isRoot() && !restriction.isRestricted(UPLOAD, path.parent())) {
        return;
    }
    /**
     * A regular permissions check, categorising this operation as a MANAGE
     * activity.
     */
    checkRestrictionOnParent(message, MANAGE);
}

Example 25 with PermissionDeniedCacheException

use of diskCacheV111.util.PermissionDeniedCacheException in project dcache by dCache.

the class SrmHandler method handleRequest.

public Object handleRequest(String requestName, Object request) throws RemoteException {
    long startTimeStamp = System.currentTimeMillis();
    // requestName values all start "srm".  This is redundant, so may
    // be removed when creating the session id.  The initial character is
    // converted to lowercase, so "srmPrepareToPut" becomes "prepareToPut".
    String session = "srm2:" + Character.toLowerCase(requestName.charAt(3)) + requestName.substring(4);
    try (JDC ignored = JDC.createSession(session)) {
        for (RequestLogger logger : loggers) {
            logger.request(requestName, request);
        }
        Subject user = Subject.getSubject(AccessController.getContext());
        Object response;
        if (requestName.equals("srmPing")) {
            // Ping is special as it isn't authenticated and unable to return a failure
            response = new SrmPingResponse("v2.2", pingExtraInfo);
        } else {
            try {
                response = dispatch(user, requestName, request);
            } catch (SRMInternalErrorException e) {
                LOGGER.error(e.getMessage());
                response = getFailedResponse(requestName, e.getStatusCode(), "Authentication failed (server log contains additional information).");
            } catch (SRMAuthorizationException e) {
                LOGGER.info(e.getMessage());
                response = getFailedResponse(requestName, e.getStatusCode(), "Permission denied.");
            } catch (SRMAuthenticationException e) {
                LOGGER.warn(e.getMessage());
                response = getFailedResponse(requestName, e.getStatusCode(), "Authentication failed (server log contains additional information).");
            } catch (SRMException e) {
                response = getFailedResponse(requestName, e.getStatusCode(), e.getMessage());
            } catch (PermissionDeniedCacheException e) {
                response = getFailedResponse(requestName, TStatusCode.SRM_AUTHORIZATION_FAILURE, e.getMessage());
            } catch (CacheException e) {
                response = getFailedResponse(requestName, TStatusCode.SRM_INTERNAL_ERROR, e.getMessage());
            } catch (InterruptedException e) {
                response = getFailedResponse(requestName, TStatusCode.SRM_FATAL_INTERNAL_ERROR, "Server shutdown.");
            } catch (NoRouteToCellException e) {
                LOGGER.error(e.getMessage());
                response = getFailedResponse(requestName, TStatusCode.SRM_INTERNAL_ERROR, "SRM backend serving this request is currently offline.");
            }
        }
        long time = System.currentTimeMillis() - startTimeStamp;
        for (RequestLogger logger : loggers) {
            logger.response(requestName, request, response, user, time);
        }
        return response;
    }
}