use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.
the class ManageFilePermissionsPage method revokeRole.
// internal method used by removeRoleAssignments
private void revokeRole(Long roleAssignmentId) {
try {
RoleAssignment ra = em.find(RoleAssignment.class, roleAssignmentId);
commandEngine.submit(new RevokeRoleCommand(ra, dvRequestService.getDataverseRequest()));
JsfHelper.addSuccessMessage(ra.getRole().getName() + " role for " + roleAssigneeService.getRoleAssignee(ra.getAssigneeIdentifier()).getDisplayInfo().getTitle() + " was removed.");
} catch (PermissionException ex) {
JH.addMessage(FacesMessage.SEVERITY_ERROR, "The role assignment was not able to be removed.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
} catch (CommandException ex) {
JH.addMessage(FacesMessage.SEVERITY_FATAL, "The role assignment could not be removed.");
logger.log(Level.SEVERE, "Error removing role assignment: " + ex.getMessage(), ex);
}
}
use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.
the class ManageFilePermissionsPage method assignRole.
private boolean assignRole(RoleAssignee ra, DataFile file, DataverseRole r) {
try {
String privateUrlToken = null;
commandEngine.submit(new AssignRoleCommand(ra, r, file, dvRequestService.getDataverseRequest(), privateUrlToken));
JsfHelper.addSuccessMessage(r.getName() + " role assigned to " + ra.getDisplayInfo().getTitle() + " for " + file.getDisplayName() + ".");
} catch (PermissionException ex) {
JH.addMessage(FacesMessage.SEVERITY_ERROR, "The role was not able to be assigned.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
return false;
} catch (CommandException ex) {
// JH.addMessage(FacesMessage.SEVERITY_FATAL, "The role was not able to be assigned.");
String message = r.getName() + " role could NOT be assigned to " + ra.getDisplayInfo().getTitle() + " for " + file.getDisplayName() + ".";
JsfHelper.addErrorMessage(message);
logger.log(Level.SEVERE, "Error assiging role: " + ex.getMessage(), ex);
return false;
}
return true;
}
use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.
the class RolePermissionFragment method revokeRole.
public void revokeRole(Long roleAssignmentId) {
try {
commandEngine.submit(new RevokeRoleCommand(em.find(RoleAssignment.class, roleAssignmentId), dvRequestService.getDataverseRequest()));
JH.addMessage(FacesMessage.SEVERITY_INFO, "Role assignment revoked successfully");
} catch (PermissionException ex) {
JH.addMessage(FacesMessage.SEVERITY_ERROR, "Cannot revoke role assignment - you're missing permission", ex.getRequiredPermissions().toString());
logger.log(Level.SEVERE, "Error revoking role assignment: " + ex.getMessage(), ex);
} catch (CommandException ex) {
JH.addMessage(FacesMessage.SEVERITY_ERROR, "Cannot revoke role assignment: " + ex.getMessage());
logger.log(Level.SEVERE, "Error revoking role assignment: " + ex.getMessage(), ex);
}
}
use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.
the class EjbDataverseEngine method submit.
public <R> R submit(Command<R> aCommand) throws CommandException {
final ActionLogRecord logRec = new ActionLogRecord(ActionLogRecord.ActionType.Command, aCommand.getClass().getCanonicalName());
try {
logRec.setUserIdentifier(aCommand.getRequest().getUser().getIdentifier());
// Check permissions - or throw an exception
Map<String, ? extends Set<Permission>> requiredMap = aCommand.getRequiredPermissions();
if (requiredMap == null) {
throw new RuntimeException("Command " + aCommand + " does not define required permissions.");
}
DataverseRequest dvReq = aCommand.getRequest();
Map<String, DvObject> affectedDvObjects = aCommand.getAffectedDvObjects();
logRec.setInfo(aCommand.describe());
for (Map.Entry<String, ? extends Set<Permission>> pair : requiredMap.entrySet()) {
String dvName = pair.getKey();
if (!affectedDvObjects.containsKey(dvName)) {
throw new RuntimeException("Command instance " + aCommand + " does not have a DvObject named '" + dvName + "'");
}
DvObject dvo = affectedDvObjects.get(dvName);
Set<Permission> granted = (dvo != null) ? permissionService.permissionsFor(dvReq, dvo) : EnumSet.allOf(Permission.class);
Set<Permission> required = requiredMap.get(dvName);
if (!granted.containsAll(required)) {
required.removeAll(granted);
logRec.setActionResult(ActionLogRecord.Result.PermissionError);
/**
* @todo Is there any harm in showing the "granted" set
* since we already show "required"? It would help people
* reason about the mismatch.
*/
throw new PermissionException("Can't execute command " + aCommand + ", because request " + aCommand.getRequest() + " is missing permissions " + required + " on Object " + dvo.accept(DvObject.NamePrinter), aCommand, required, dvo);
}
}
try {
return aCommand.execute(getContext());
} catch (EJBException ejbe) {
logRec.setActionResult(ActionLogRecord.Result.InternalError);
throw new CommandException("Command " + aCommand.toString() + " failed: " + ejbe.getMessage(), ejbe.getCausedByException(), aCommand);
}
} catch (RuntimeException re) {
logRec.setActionResult(ActionLogRecord.Result.InternalError);
logRec.setInfo(re.getMessage());
Throwable cause = re;
while (cause != null) {
if (cause instanceof ConstraintViolationException) {
StringBuilder sb = new StringBuilder();
sb.append("Unexpected bean validation constraint exception:");
ConstraintViolationException constraintViolationException = (ConstraintViolationException) cause;
for (ConstraintViolation<?> violation : constraintViolationException.getConstraintViolations()) {
sb.append(" Invalid value: <<<").append(violation.getInvalidValue()).append(">>> for ").append(violation.getPropertyPath()).append(" at ").append(violation.getLeafBean()).append(" - ").append(violation.getMessage());
}
logger.log(Level.SEVERE, sb.toString());
// set this more detailed info in action log
logRec.setInfo(sb.toString());
}
cause = cause.getCause();
}
throw re;
} finally {
if (logRec.getActionResult() == null) {
logRec.setActionResult(ActionLogRecord.Result.OK);
}
logRec.setEndTime(new java.util.Date());
logSvc.log(logRec);
}
}
use of edu.harvard.iq.dataverse.engine.command.exception.PermissionException in project dataverse by IQSS.
the class ManagePermissionsPage method assignRole.
private void assignRole(RoleAssignee ra, DataverseRole r) {
try {
String privateUrlToken = null;
commandEngine.submit(new AssignRoleCommand(ra, r, dvObject, dvRequestService.getDataverseRequest(), privateUrlToken));
JsfHelper.addSuccessMessage(r.getName() + " role assigned to " + ra.getDisplayInfo().getTitle() + " for " + StringEscapeUtils.escapeHtml(dvObject.getDisplayName()) + ".");
// don't notify if role = file downloader and object is not released
if (!(r.getAlias().equals(DataverseRole.FILE_DOWNLOADER) && !dvObject.isReleased())) {
notifyRoleChange(ra, UserNotification.Type.ASSIGNROLE);
}
} catch (PermissionException ex) {
JH.addMessage(FacesMessage.SEVERITY_ERROR, "The role was not able to be assigned.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
} catch (CommandException ex) {
String message = r.getName() + " role could NOT be assigned to " + ra.getDisplayInfo().getTitle() + " for " + StringEscapeUtils.escapeHtml(dvObject.getDisplayName()) + ".";
JsfHelper.addErrorMessage(message);
// JH.addMessage(FacesMessage.SEVERITY_FATAL, "The role was not able to be assigned.");
logger.log(Level.SEVERE, "Error assiging role: " + ex.getMessage(), ex);
}
showAssignmentMessages();
}
Aggregations