示例#1
0
  public Vo getVoById(PerunSession sess, int id)
      throws VoNotExistsException, InternalErrorException, PrivilegeException {
    Utils.notNull(sess, "sess");
    Vo vo = vosManagerBl.getVoById(sess, id);

    // Authorization
    // TODO Any groupAdmin can get anyVo
    if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)
        && !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN)
        && !AuthzResolver.isAuthorized(sess, Role.SERVICE)
        && !AuthzResolver.isAuthorized(sess, Role.RPC)
        && !AuthzResolver.isAuthorized(sess, Role.SELF)) {
      throw new PrivilegeException(sess, "getVoById");
    }

    return vo;
  }
示例#2
0
  public List<Vo> getVos(PerunSession sess) throws InternalErrorException, PrivilegeException {
    Utils.notNull(sess, "sess");

    // Perun admin can see everything
    if (AuthzResolver.isAuthorized(sess, Role.PERUNADMIN)) {
      return vosManagerBl.getVos(sess);
    } else {
      if (sess.getPerunPrincipal().getRoles().hasRole(Role.VOADMIN)
          || sess.getPerunPrincipal().getRoles().hasRole(Role.GROUPADMIN)) {

        Set<Vo> vos = new HashSet<Vo>();

        // Get Vos where user is VO Admin
        for (PerunBean vo :
            AuthzResolver.getComplementaryObjectsForRole(sess, Role.VOADMIN, Vo.class)) {
          vos.add((Vo) vo);
        }

        // Get Vos where user has an group admin right on some of the group
        for (PerunBean group :
            AuthzResolver.getComplementaryObjectsForRole(sess, Role.GROUPADMIN, Group.class)) {
          try {
            vos.add(vosManagerBl.getVoById(sess, ((Group) group).getVoId()));
          } catch (VoNotExistsException e) {
            throw new ConsistencyErrorException(
                "User has group admin role for group from non-existent VO id:"
                    + ((Group) group).getVoId(),
                e);
          }
        }

        return new ArrayList<Vo>(vos);
      } else {
        throw new PrivilegeException(sess, "getVos");
      }
    }
  }