public Vo getVoById(PerunSession sess, int id)
throws VoNotExistsException, InternalErrorException, PrivilegeException {
Utils.notNull(sess, "sess");
Vo vo = vosManagerBl.getVoById(sess, id);
// Authorization
// TODO Any groupAdmin can get anyVo
if (!AuthzResolver.isAuthorized(sess, Role.VOADMIN, vo)
&& !AuthzResolver.isAuthorized(sess, Role.GROUPADMIN)
&& !AuthzResolver.isAuthorized(sess, Role.SERVICE)
&& !AuthzResolver.isAuthorized(sess, Role.RPC)
&& !AuthzResolver.isAuthorized(sess, Role.SELF)) {
throw new PrivilegeException(sess, "getVoById");
}
return vo;
}
public List<Vo> getVos(PerunSession sess) throws InternalErrorException, PrivilegeException {
Utils.notNull(sess, "sess");
// Perun admin can see everything
if (AuthzResolver.isAuthorized(sess, Role.PERUNADMIN)) {
return vosManagerBl.getVos(sess);
} else {
if (sess.getPerunPrincipal().getRoles().hasRole(Role.VOADMIN)
|| sess.getPerunPrincipal().getRoles().hasRole(Role.GROUPADMIN)) {
Set<Vo> vos = new HashSet<Vo>();
// Get Vos where user is VO Admin
for (PerunBean vo :
AuthzResolver.getComplementaryObjectsForRole(sess, Role.VOADMIN, Vo.class)) {
vos.add((Vo) vo);
}
// Get Vos where user has an group admin right on some of the group
for (PerunBean group :
AuthzResolver.getComplementaryObjectsForRole(sess, Role.GROUPADMIN, Group.class)) {
try {
vos.add(vosManagerBl.getVoById(sess, ((Group) group).getVoId()));
} catch (VoNotExistsException e) {
throw new ConsistencyErrorException(
"User has group admin role for group from non-existent VO id:"
+ ((Group) group).getVoId(),
e);
}
}
return new ArrayList<Vo>(vos);
} else {
throw new PrivilegeException(sess, "getVos");
}
}
}
