public List<User> getAdmins(PerunSession sess, Vo vo)
      throws InternalErrorException, PrivilegeException, VoNotExistsException {
    Utils.notNull(sess, "sess");
    vosManagerBl.checkVoExists(sess, vo);

    //  Authorization - Vo admin required
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
      throw new PrivilegeException(sess, "getAdmins");
    }

    return vosManagerBl.getAdmins(sess, vo);
  }
  public List<Candidate> findCandidates(PerunSession sess, Vo vo, String searchString)
      throws InternalErrorException, VoNotExistsException, PrivilegeException {
    Utils.notNull(searchString, "searchString");
    Utils.notNull(sess, "sess");
    vosManagerBl.checkVoExists(sess, vo);

    // Authorization - Vo admin required
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
      throw new PrivilegeException(sess, "findCandidates");
    }

    return vosManagerBl.findCandidates(sess, vo, searchString);
  }
  public void removeAdmin(PerunSession sess, Vo vo, User user)
      throws InternalErrorException, PrivilegeException, VoNotExistsException,
          UserNotAdminException, UserNotExistsException {
    Utils.notNull(sess, "sess");
    vosManagerBl.checkVoExists(sess, vo);
    perunBl.getUsersManagerBl().checkUserExists(sess, user);

    // Authorization - Vo admin required
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
      throw new PrivilegeException(sess, "deleteAdmin");
    }

    vosManagerBl.removeAdmin(sess, vo, user);
  }
  public void deleteVo(PerunSession sess, Vo vo)
      throws VoNotExistsException, InternalErrorException, PrivilegeException,
          RelationExistsException {
    Utils.notNull(sess, "sess");

    // Authorization - only Perun admin can delete the VO
    if (!AuthzResolver.isAuthorized(sess, Role.PERUNADMIN)) {
      throw new PrivilegeException(sess, "deleteVo");
    }

    vosManagerBl.checkVoExists(sess, vo);

    vosManagerBl.deleteVo(sess, vo);
  }
  public List<RichUser> getRichAdminsWithAttributes(PerunSession sess, Vo vo)
      throws InternalErrorException, PrivilegeException, VoNotExistsException,
          UserNotExistsException {
    Utils.notNull(sess, "sess");
    vosManagerBl.checkVoExists(sess, vo);

    //  Authorization - Vo admin required
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
      throw new PrivilegeException(sess, "getRichAdminsWithAttributes");
    }

    return getPerunBl()
        .getUsersManagerBl()
        .filterOnlyAllowedAttributes(sess, vosManagerBl.getRichAdminsWithAttributes(sess, vo));
  }
  @Override
  public void addAdmin(PerunSession sess, Vo vo, Group group)
      throws InternalErrorException, PrivilegeException, AlreadyAdminException,
          VoNotExistsException, GroupNotExistsException {
    Utils.notNull(sess, "sess");
    vosManagerBl.checkVoExists(sess, vo);
    perunBl.getGroupsManagerBl().checkGroupExists(sess, group);

    // Authorization - Vo admin required
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
      throw new PrivilegeException(sess, "addAdmin");
    }

    vosManagerBl.addAdmin(sess, vo, group);
  }
 public List<Vo> getAllVos(PerunSession perunSession)
     throws InternalErrorException, PrivilegeException {
   Utils.notNull(perunSession, "sess");
   if (!AuthzResolver.isAuthorized(perunSession, Role.VOADMIN)
       && !AuthzResolver.isAuthorized(perunSession, Role.GROUPADMIN)
       && !AuthzResolver.isAuthorized(perunSession, Role.FACILITYADMIN)) {
     throw new PrivilegeException(perunSession, "getAllVos");
   }
   return vosManagerBl.getVos(perunSession);
 }
  public Vo updateVo(PerunSession sess, Vo vo)
      throws VoNotExistsException, InternalErrorException, PrivilegeException {
    Utils.notNull(sess, "sess");
    vosManagerBl.checkVoExists(sess, vo);

    // Authorization - Vo admin required
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)) {
      throw new PrivilegeException(sess, "updateVo");
    }

    if (vo.getName().length() > 128) {
      throw new InternalErrorException("VO name is too long, >128 characters");
    }

    if (!vo.getShortName().matches("^[-_a-zA-z0-9.]{1,16}$")) {
      throw new InternalErrorException(
          "Wrong VO short name - must matches [-_a-zA-z0-9.]+ and not be longer than 16 characters.");
    }

    return vosManagerBl.updateVo(sess, vo);
  }
  public List<Vo> getVos(PerunSession sess) throws InternalErrorException, PrivilegeException {
    Utils.notNull(sess, "sess");

    // Perun admin can see everything
    if (AuthzResolver.isAuthorized(sess, Role.PERUNADMIN)) {
      return vosManagerBl.getVos(sess);
    } else {
      if (sess.getPerunPrincipal().getRoles().hasRole(Role.VOADMIN)
          || sess.getPerunPrincipal().getRoles().hasRole(Role.GROUPADMIN)) {

        Set<Vo> vos = new HashSet<Vo>();

        // Get Vos where user is VO Admin
        for (PerunBean vo :
            AuthzResolver.getComplementaryObjectsForRole(sess, Role.VOADMIN, Vo.class)) {
          vos.add((Vo) vo);
        }

        // Get Vos where user has an group admin right on some of the group
        for (PerunBean group :
            AuthzResolver.getComplementaryObjectsForRole(sess, Role.GROUPADMIN, Group.class)) {
          try {
            vos.add(vosManagerBl.getVoById(sess, ((Group) group).getVoId()));
          } catch (VoNotExistsException e) {
            throw new ConsistencyErrorException(
                "User has group admin role for group from non-existent VO id:"
                    + ((Group) group).getVoId(),
                e);
          }
        }

        return new ArrayList<Vo>(vos);
      } else {
        throw new PrivilegeException(sess, "getVos");
      }
    }
  }
Beispiel #10
0
  public Vo getVoByShortName(PerunSession sess, String shortName)
      throws VoNotExistsException, InternalErrorException, PrivilegeException {
    Utils.notNull(shortName, "shortName");
    Utils.notNull(sess, "sess");
    Vo vo = vosManagerBl.getVoByShortName(sess, shortName);

    // Authorization
    // TODO Any groupAdmin can get anyVo
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)
        && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN)
        && !AuthzResolver.isAuthorized(sess, Role.SERVICE)) {
      throw new PrivilegeException(sess, "getVoByShortName");
    }

    return vo;
  }