Search in sources :

Example 1 with PermissionException

use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.

the class ManageFilePermissionsPage method revokeRole.

// internal method used by removeRoleAssignments
private void revokeRole(Long roleAssignmentId) {
    try {
        RoleAssignment ra = em.find(RoleAssignment.class, roleAssignmentId);
        commandEngine.submit(new RevokeRoleCommand(ra, dvRequestService.getDataverseRequest()));
        JsfHelper.addSuccessMessage(ra.getRole().getName() + " role for " + roleAssigneeService.getRoleAssignee(ra.getAssigneeIdentifier()).getDisplayInfo().getTitle() + " was removed.");
    } catch (PermissionException ex) {
        JH.addMessage(FacesMessage.SEVERITY_ERROR, "The role assignment was not able to be removed.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
    } catch (CommandException ex) {
        JH.addMessage(FacesMessage.SEVERITY_FATAL, "The role assignment could not be removed.");
        logger.log(Level.SEVERE, "Error removing role assignment: " + ex.getMessage(), ex);
    }
}
Also used : PermissionException(edu.harvard.iq.dataverse.engine.command.exception.PermissionException) RevokeRoleCommand(edu.harvard.iq.dataverse.engine.command.impl.RevokeRoleCommand) CommandException(edu.harvard.iq.dataverse.engine.command.exception.CommandException)

Example 2 with PermissionException

use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.

the class ManageFilePermissionsPage method assignRole.

private boolean assignRole(RoleAssignee ra, DataFile file, DataverseRole r) {
    try {
        String privateUrlToken = null;
        commandEngine.submit(new AssignRoleCommand(ra, r, file, dvRequestService.getDataverseRequest(), privateUrlToken));
        JsfHelper.addSuccessMessage(r.getName() + " role assigned to " + ra.getDisplayInfo().getTitle() + " for " + file.getDisplayName() + ".");
    } catch (PermissionException ex) {
        JH.addMessage(FacesMessage.SEVERITY_ERROR, "The role was not able to be assigned.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
        return false;
    } catch (CommandException ex) {
        // JH.addMessage(FacesMessage.SEVERITY_FATAL, "The role was not able to be assigned.");
        String message = r.getName() + " role could NOT be assigned to " + ra.getDisplayInfo().getTitle() + " for " + file.getDisplayName() + ".";
        JsfHelper.addErrorMessage(message);
        logger.log(Level.SEVERE, "Error assiging role: " + ex.getMessage(), ex);
        return false;
    }
    return true;
}
Also used : PermissionException(edu.harvard.iq.dataverse.engine.command.exception.PermissionException) CommandException(edu.harvard.iq.dataverse.engine.command.exception.CommandException) AssignRoleCommand(edu.harvard.iq.dataverse.engine.command.impl.AssignRoleCommand)

Example 3 with PermissionException

use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.

the class RolePermissionFragment method revokeRole.

public void revokeRole(Long roleAssignmentId) {
    try {
        commandEngine.submit(new RevokeRoleCommand(em.find(RoleAssignment.class, roleAssignmentId), dvRequestService.getDataverseRequest()));
        JH.addMessage(FacesMessage.SEVERITY_INFO, "Role assignment revoked successfully");
    } catch (PermissionException ex) {
        JH.addMessage(FacesMessage.SEVERITY_ERROR, "Cannot revoke role assignment - you're missing permission", ex.getRequiredPermissions().toString());
        logger.log(Level.SEVERE, "Error revoking role assignment: " + ex.getMessage(), ex);
    } catch (CommandException ex) {
        JH.addMessage(FacesMessage.SEVERITY_ERROR, "Cannot revoke role assignment: " + ex.getMessage());
        logger.log(Level.SEVERE, "Error revoking role assignment: " + ex.getMessage(), ex);
    }
}
Also used : PermissionException(edu.harvard.iq.dataverse.engine.command.exception.PermissionException) RevokeRoleCommand(edu.harvard.iq.dataverse.engine.command.impl.RevokeRoleCommand) CommandException(edu.harvard.iq.dataverse.engine.command.exception.CommandException)

Example 4 with PermissionException

use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.

the class EjbDataverseEngine method submit.

public <R> R submit(Command<R> aCommand) throws CommandException {
    final ActionLogRecord logRec = new ActionLogRecord(ActionLogRecord.ActionType.Command, aCommand.getClass().getCanonicalName());
    try {
        logRec.setUserIdentifier(aCommand.getRequest().getUser().getIdentifier());
        // Check permissions - or throw an exception
        Map<String, ? extends Set<Permission>> requiredMap = aCommand.getRequiredPermissions();
        if (requiredMap == null) {
            throw new RuntimeException("Command " + aCommand + " does not define required permissions.");
        }
        DataverseRequest dvReq = aCommand.getRequest();
        Map<String, DvObject> affectedDvObjects = aCommand.getAffectedDvObjects();
        logRec.setInfo(aCommand.describe());
        for (Map.Entry<String, ? extends Set<Permission>> pair : requiredMap.entrySet()) {
            String dvName = pair.getKey();
            if (!affectedDvObjects.containsKey(dvName)) {
                throw new RuntimeException("Command instance " + aCommand + " does not have a DvObject named '" + dvName + "'");
            }
            DvObject dvo = affectedDvObjects.get(dvName);
            Set<Permission> granted = (dvo != null) ? permissionService.permissionsFor(dvReq, dvo) : EnumSet.allOf(Permission.class);
            Set<Permission> required = requiredMap.get(dvName);
            if (!granted.containsAll(required)) {
                required.removeAll(granted);
                logRec.setActionResult(ActionLogRecord.Result.PermissionError);
                /**
                 * @todo Is there any harm in showing the "granted" set
                 * since we already show "required"? It would help people
                 * reason about the mismatch.
                 */
                throw new PermissionException("Can't execute command " + aCommand + ", because request " + aCommand.getRequest() + " is missing permissions " + required + " on Object " + dvo.accept(DvObject.NamePrinter), aCommand, required, dvo);
            }
        }
        try {
            return aCommand.execute(getContext());
        } catch (EJBException ejbe) {
            logRec.setActionResult(ActionLogRecord.Result.InternalError);
            throw new CommandException("Command " + aCommand.toString() + " failed: " + ejbe.getMessage(), ejbe.getCausedByException(), aCommand);
        }
    } catch (RuntimeException re) {
        logRec.setActionResult(ActionLogRecord.Result.InternalError);
        logRec.setInfo(re.getMessage());
        Throwable cause = re;
        while (cause != null) {
            if (cause instanceof ConstraintViolationException) {
                StringBuilder sb = new StringBuilder();
                sb.append("Unexpected bean validation constraint exception:");
                ConstraintViolationException constraintViolationException = (ConstraintViolationException) cause;
                for (ConstraintViolation<?> violation : constraintViolationException.getConstraintViolations()) {
                    sb.append(" Invalid value: <<<").append(violation.getInvalidValue()).append(">>> for ").append(violation.getPropertyPath()).append(" at ").append(violation.getLeafBean()).append(" - ").append(violation.getMessage());
                }
                logger.log(Level.SEVERE, sb.toString());
                // set this more detailed info in action log
                logRec.setInfo(sb.toString());
            }
            cause = cause.getCause();
        }
        throw re;
    } finally {
        if (logRec.getActionResult() == null) {
            logRec.setActionResult(ActionLogRecord.Result.OK);
        }
        logRec.setEndTime(new java.util.Date());
        logSvc.log(logRec);
    }
}
Also used : PermissionException(edu.harvard.iq.dataverse.engine.command.exception.PermissionException) CommandException(edu.harvard.iq.dataverse.engine.command.exception.CommandException) ActionLogRecord(edu.harvard.iq.dataverse.actionlogging.ActionLogRecord) DataverseRequest(edu.harvard.iq.dataverse.engine.command.DataverseRequest) ConstraintViolation(javax.validation.ConstraintViolation) Permission(edu.harvard.iq.dataverse.authorization.Permission) ConstraintViolationException(javax.validation.ConstraintViolationException) EJBException(javax.ejb.EJBException) Map(java.util.Map)

Example 5 with PermissionException

use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.

the class ManagePermissionsPage method assignRole.

private void assignRole(RoleAssignee ra, DataverseRole r) {
    try {
        String privateUrlToken = null;
        commandEngine.submit(new AssignRoleCommand(ra, r, dvObject, dvRequestService.getDataverseRequest(), privateUrlToken));
        JsfHelper.addSuccessMessage(r.getName() + " role assigned to " + ra.getDisplayInfo().getTitle() + " for " + StringEscapeUtils.escapeHtml(dvObject.getDisplayName()) + ".");
        // don't notify if role = file downloader and object is not released
        if (!(r.getAlias().equals(DataverseRole.FILE_DOWNLOADER) && !dvObject.isReleased())) {
            notifyRoleChange(ra, UserNotification.Type.ASSIGNROLE);
        }
    } catch (PermissionException ex) {
        JH.addMessage(FacesMessage.SEVERITY_ERROR, "The role was not able to be assigned.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
    } catch (CommandException ex) {
        String message = r.getName() + " role could NOT be assigned to " + ra.getDisplayInfo().getTitle() + " for " + StringEscapeUtils.escapeHtml(dvObject.getDisplayName()) + ".";
        JsfHelper.addErrorMessage(message);
        // JH.addMessage(FacesMessage.SEVERITY_FATAL, "The role was not able to be assigned.");
        logger.log(Level.SEVERE, "Error assiging role: " + ex.getMessage(), ex);
    }
    showAssignmentMessages();
}
Also used : PermissionException(edu.harvard.iq.dataverse.engine.command.exception.PermissionException) CommandException(edu.harvard.iq.dataverse.engine.command.exception.CommandException) AssignRoleCommand(edu.harvard.iq.dataverse.engine.command.impl.AssignRoleCommand)

Aggregations

PermissionException (edu.harvard.iq.dataverse.engine.command.exception.PermissionException)17 CommandException (edu.harvard.iq.dataverse.engine.command.exception.CommandException)15 AuthenticatedUser (edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)8 DataFile (edu.harvard.iq.dataverse.DataFile)3 Dataset (edu.harvard.iq.dataverse.Dataset)3 RevokeRoleCommand (edu.harvard.iq.dataverse.engine.command.impl.RevokeRoleCommand)3 Dataverse (edu.harvard.iq.dataverse.Dataverse)2 IdServiceBean (edu.harvard.iq.dataverse.IdServiceBean)2 DataverseRole (edu.harvard.iq.dataverse.authorization.DataverseRole)2 IllegalCommandException (edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException)2 AssignRoleCommand (edu.harvard.iq.dataverse.engine.command.impl.AssignRoleCommand)2 DvObject (edu.harvard.iq.dataverse.DvObject)1 Guestbook (edu.harvard.iq.dataverse.Guestbook)1 RoleAssignment (edu.harvard.iq.dataverse.RoleAssignment)1 ActionLogRecord (edu.harvard.iq.dataverse.actionlogging.ActionLogRecord)1 Permission (edu.harvard.iq.dataverse.authorization.Permission)1 RoleAssignee (edu.harvard.iq.dataverse.authorization.RoleAssignee)1 User (edu.harvard.iq.dataverse.authorization.users.User)1 DataCaptureModuleException (edu.harvard.iq.dataverse.datacapturemodule.DataCaptureModuleException)1 ScriptRequestResponse (edu.harvard.iq.dataverse.datacapturemodule.ScriptRequestResponse)1