public void checkAttributeValue(PerunSessionImpl perunSession, String key, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException { Integer maxGID = (Integer) attribute.getValue(); if (maxGID != null) { if (maxGID < 1) throw new WrongAttributeValueException(attribute, "Attribute value must be min 1."); try { Attribute minGIDAttr = perunSession .getPerunBl() .getAttributesManagerBl() .getAttribute( perunSession, key, AttributesManager.NS_ENTITYLESS_ATTR_DEF + ":namespace-minGID"); } catch (AttributeNotExistsException ex) { throw new ConsistencyErrorException("Attribute namespace-minGID is supposed to exist.", ex); } Integer minGID = (Integer) attribute.getValue(); if (minGID != null) { if (maxGID < minGID) throw new WrongAttributeValueException( attribute, "Attribute value must be more than minGID. MinGID = " + minGID + ", and maxGID try to set = " + maxGID); } } }
@Override public void checkAttributeValue( PerunSessionImpl perunSession, Resource resource, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException { Attribute attrDefaultFilesLimit = null; Integer defaultFilesQuota = null; Integer defaultFilesLimit = null; // Get DefaultFilesLimit attribute try { attrDefaultFilesLimit = perunSession .getPerunBl() .getAttributesManagerBl() .getAttribute(perunSession, resource, A_R_defaultFilesLimit); } catch (AttributeNotExistsException ex) { throw new ConsistencyErrorException( "Attribute with defaultFilesLimit from resource " + resource.getId() + " could not obtained.", ex); } // Get defaultFilesQuota value if (attribute.getValue() != null) { defaultFilesQuota = (Integer) attribute.getValue(); } if (defaultFilesQuota != null && defaultFilesQuota < 0) throw new WrongAttributeValueException(attribute, attribute + " cannot be less than 0."); // Get defaultFilesLimit value if (attrDefaultFilesLimit != null && attrDefaultFilesLimit.getValue() != null) { defaultFilesLimit = (Integer) attrDefaultFilesLimit.getValue(); } if (defaultFilesLimit != null && defaultFilesLimit < 0) throw new ConsistencyErrorException(attrDefaultFilesLimit + " cannot be less than 0."); // Compare DefaultFilesQuota with DefaultFilesLimit if (defaultFilesQuota == null || defaultFilesQuota == 0) { if (defaultFilesLimit != null && defaultFilesLimit != 0) throw new WrongReferenceAttributeValueException( attribute, attrDefaultFilesLimit, "Try to set unlimited quota, but limit is still " + defaultFilesLimit); } else if (defaultFilesLimit != null && defaultFilesLimit != 0) { if (defaultFilesLimit < defaultFilesQuota) throw new WrongReferenceAttributeValueException( attribute, attrDefaultFilesLimit, attribute + " must be less than or equals " + attrDefaultFilesLimit); } }
@Test public void getUsersForCoreAttribute() throws Exception { System.out.println("Searcher.getUsersForCoreAttribute"); Attribute attr = perun .getAttributesManagerBl() .getAttribute(sess, user1, "urn:perun:user:attribute-def:core:id"); Map<String, String> attributesWithSearchingValues = new HashMap<String, String>(); attributesWithSearchingValues.put(attr.getName(), attr.getValue().toString()); List<User> users = new ArrayList<User>(); users = searcherBl.getUsers(sess, attributesWithSearchingValues); System.out.println(attr.getValue().toString()); System.out.println(attr.getType().toString()); System.out.println(users.toString()); }
@Override public void checkAttributeValue( PerunSessionImpl perunSession, Facility facility, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException { if (attribute.getValue() == null) { throw new WrongAttributeValueException(attribute, facility, "attribute is null"); } String value = (String) attribute.getValue(); if (value.length() < 3) { throw new WrongAttributeValueException( attribute, facility, "attribute has to start with \"ou=\" or \"dc=\""); } String sub = value.substring(0, 3); if (!(sub.equalsIgnoreCase("ou=") || sub.equalsIgnoreCase("dc="))) { throw new WrongAttributeValueException( attribute, facility, "attribute has to start with \"ou=\" or \"dc=\""); } }
@Override public void checkAttributeValue( PerunSessionImpl perunSession, Resource resource, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException { // attribute can be null, it means there are no default settings on resource if (attribute.getValue() == null) { return; } // Check if every part of this map has the right pattern // And also check if every quota part has right settings (softQuota<=hardQuota) perunSession .getPerunBl() .getModulesUtilsBl() .checkAndTransferQuotas(attribute, resource, null, true); }
public Attribute getAttributeValue( PerunSessionImpl sess, Facility facility, User user, AttributeDefinition attributeDefinition) throws InternalErrorException { Attribute attr = new Attribute(attributeDefinition); try { Attribute attribute = sess.getPerunBl() .getAttributesManagerBl() .getAttribute( sess, facility, user, AttributesManager.NS_USER_FACILITY_ATTR_DEF + ":shell"); if (attribute.getValue() != null) { Utils.copyAttributeToVirtualAttributeWithValue(attribute, attr); return attr; } } catch (WrongAttributeAssignmentException | AttributeNotExistsException ex) { throw new InternalErrorException(ex); } try { Attribute facilityShells = sess.getPerunBl() .getAttributesManagerBl() .getAttribute(sess, facility, AttributesManager.NS_FACILITY_ATTR_DEF + ":shells"); Attribute userPrefferedShells = (sess.getPerunBl() .getAttributesManagerBl() .getAttribute(sess, user, AttributesManager.NS_USER_ATTR_DEF + ":preferredShells")); List<Resource> resources = sess.getPerunBl().getUsersManagerBl().getAllowedResources(sess, facility, user); Set<String> resourcesShells = new HashSet<String>(); for (Resource resource : resources) { List<String> resourcesShellsForTest = (List<String>) sess.getPerunBl() .getAttributesManagerBl() .getAttribute( sess, resource, AttributesManager.NS_RESOURCE_ATTR_DEF + ":shells") .getValue(); if (resourcesShellsForTest != null) resourcesShells.addAll(resourcesShellsForTest); } if (userPrefferedShells.getValue() != null) { for (String pShell : (List<String>) userPrefferedShells.getValue()) { if (resourcesShells.contains(pShell)) { Utils.copyAttributeToViAttributeWithoutValue(userPrefferedShells, attr); attr.setValue(pShell); return attr; } } } if (facilityShells.getValue() != null) { for (String fShell : (List<String>) facilityShells.getValue()) { if (resourcesShells.contains(fShell)) { Utils.copyAttributeToViAttributeWithoutValue(facilityShells, attr); attr.setValue(fShell); return attr; } } } } catch (AttributeNotExistsException | WrongAttributeAssignmentException ex) { throw new InternalErrorException(ex); } return attr; }
/** * Convert RichUsers to Identity objects with obfuscated email address and limited set of ext * sources. Service users are removed from the list. * * @param list RichUsers to convert * @return list of Identities without service ones * @throws PerunException */ private List<Identity> convertToIdentities(List<RichUser> list) throws PerunException { List<Identity> result = new ArrayList<Identity>(); if (list != null && !list.isEmpty()) { for (RichUser u : list) { // skip service users if (u.isServiceUser()) continue; Identity identity = new Identity(); identity.setName(u.getDisplayName()); identity.setId(u.getId()); for (Attribute a : u.getUserAttributes()) { if (MailManagerImpl.URN_USER_PREFERRED_MAIL.equals(a.getName())) { if (a.getValue() != null && !((String) a.getValue()).isEmpty()) { String safeMail = ((String) a.getValue()).split("@")[0]; if (safeMail.length() > 2) { safeMail = safeMail.substring(0, 1) + "****" + safeMail.substring(safeMail.length() - 1, safeMail.length()); } safeMail += "@" + ((String) a.getValue()).split("@")[1]; identity.setEmail(safeMail); } } else if ("urn:perun:user:attribute-def:def:organization".equals(a.getName())) { if (a.getValue() != null) { identity.setOrganization((String) a.getValue()); } } } List<ExtSource> es = new ArrayList<ExtSource>(); for (UserExtSource ues : u.getUserExtSources()) { if (ues.getExtSource().getType().equals(ExtSourcesManagerEntry.EXTSOURCE_X509)) { es.add(ues.getExtSource()); } else if (ues.getExtSource().getType().equals(ExtSourcesManagerEntry.EXTSOURCE_IDP)) { if (ues.getExtSource().getName().equals("https://extidp.cesnet.cz/idp/shibboleth")) { // FIXME - hack Social IdP to let us know proper identity source String type = ues.getLogin().split("@")[1].split("\\.")[0]; ues.getExtSource() .setName( "https://extidp.cesnet.cz/idp/shibboleth&authnContextClassRef=urn:cesnet:extidp:authn:" + type); } else if (ues.getExtSource().getName().equals("https://login.elixir-czech.org/idp/")) { // FIXME - hack Elixir proxy IdP to let us know proper identity source String type = ues.getLogin().split("@")[1]; ues.getExtSource().setName("https://login.elixir-czech.org/idp/@" + type); } es.add(ues.getExtSource()); } else if (ues.getExtSource() .getType() .equals(ExtSourcesManagerEntry.EXTSOURCE_KERBEROS)) { es.add(ues.getExtSource()); } } identity.setIdentities(es); result.add(identity); } } return result; }
public void checkAttributeValue(PerunSessionImpl sess, Vo vo, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException { Map<String, String> attrValue = new LinkedHashMap<String, String>(); // For no value is correct (it means no rules) if (attribute.getValue() == null) return; // save value to map attrValue attrValue = (Map) attribute.getValue(); // Same for empty HashList if (attrValue.isEmpty()) return; // If is not empty, so i will check if all keys are correct first Set<String> keys = new LinkedHashSet<String>(); keys = attrValue.keySet(); // Only possibilities: period, doNotExtendLoa, gracePeriod, periodLoa for (String k : keys) { if (!isAllowedParameter(k)) throw new WrongAttributeValueException( attribute, "There is not allowed parameter value: " + k); } // If all possibilities are correct, so check their values // For period (only date like 1.1. or 29.4. without year) or (+xy where x is number and y is // d/m/y - +35m or +80d) String parameter = MembersManager.membershipPeriodKeyName; if (keys.contains(parameter)) { DateFormat dateFormatter = new SimpleDateFormat("dd.MM."); Date date = null; try { date = dateFormatter.parse(attrValue.get(parameter)); // Test if it is valid date format (need to use standardization: 01.01. = 1.1, 29.03 = 29.3 // for both in test) if (!standardFormatDate(dateFormatter.format(date)) .equals(standardFormatDate(attrValue.get(parameter)))) { throw new WrongAttributeValueException( attribute, "There is not allowed value (bad date format) for parameter '" + parameter + "': " + attrValue.get(parameter)); } } catch (ParseException ex) { // Its not date in format dd.MM. so test for next option exmp: "+18m" Matcher extensionDateMatcher = extensionDatePattern.matcher(attrValue.get(parameter)); if (!extensionDateMatcher.find()) throw new WrongAttributeValueException( attribute, "There is not allowed value for parameter '" + parameter + "': " + attrValue.get(parameter)); } } // For gracePeriod (xy where x is number and y is d/m/y - 35m or 80d) parameter = MembersManager.membershipGracePeriodKeyName; if (keys.contains(parameter)) { Matcher dateMatcher = datePattern.matcher(attrValue.get(parameter)); if (!dateMatcher.find()) throw new WrongAttributeValueException( attribute, "There is not allowed value for parameter '" + parameter + "': " + attrValue.get(parameter)); } // For doNotExtendLoa (exmp: '3,4,5' or '3, 4 ,5' or '325, 324,336') parameter = MembersManager.membershipDoNotExtendLoaKeyName; if (keys.contains(parameter)) { Matcher loaMatcher = loaPattern.matcher(attrValue.get(parameter)); if (!loaMatcher.find()) throw new WrongAttributeValueException( attribute, "There is not allowed value for parameter '" + parameter + "': " + attrValue.get(parameter)); } // For doNotAllowLoa (exmp: '3,4,5' or '3, 4 ,5' or '325, 324,336') parameter = MembersManager.membershipDoNotAllowLoaKeyName; if (keys.contains(parameter)) { Matcher loaMatcher = loaPattern.matcher(attrValue.get(parameter)); if (!loaMatcher.find()) throw new WrongAttributeValueException( attribute, "There is not allowed value for parameter '" + parameter + "': " + attrValue.get(parameter)); } // For periodLoa x|y. or x|y where x is loa format and y is period format and symbol '.' is not // mandatory parameter = MembersManager.membershipPeriodLoaKeyName; if (keys.contains(parameter)) { Matcher periodLoaMatcher = periodLoaPattern.matcher(attrValue.get(parameter)); if (!periodLoaMatcher.find()) throw new WrongAttributeValueException( attribute, "There is not allowed value for parameter '" + parameter + "': " + attrValue.get(parameter)); String value = attrValue.get(parameter); for (int i = 0; i < value.length(); i++) { if (value.charAt(i) == '|') value = value.substring(i + 1); } if (value.charAt(0) != '+') { if (value.contains("..")) { value = value.substring(0, value.length() - 1); } DateFormat dateFormatter = new SimpleDateFormat("dd.MM."); Date date = null; try { date = dateFormatter.parse(value); // Test if it is valid date format (need to use standardization: 01.01. = 1.1, 29.03 = // 29.3 for both in test) if (!standardFormatDate(dateFormatter.format(date)).equals(standardFormatDate(value))) { throw new WrongAttributeValueException( attribute, "There is not allowed value (bad date format) for parameter '" + parameter + "': " + attrValue.get(parameter)); } } catch (ParseException ex) { throw new WrongAttributeValueException( attribute, "There is not allowed value (bad date format) for parameter '" + parameter + "': " + attrValue.get(parameter)); } } } }