/** * Expires members whose expiration is set to given date or before it. * * @throws InternalErrorException internal error * @throws WrongAttributeAssignmentException error * @throws AttributeNotExistsException error */ private void expireMembers(Calendar date) throws InternalErrorException, WrongAttributeAssignmentException, AttributeNotExistsException { List<Member> shouldBeExpired = perun.getSearcherBl().getMembersByExpiration(sess, "<=", date); for (Member member : shouldBeExpired) { if (member.getStatus().equals(Status.VALID)) { try { perun.getMembersManagerBl().expireMember(sess, member); log.info("Switching {} to EXPIRE state, due to expiration {}.", member, perun.getAttributesManagerBl().getAttribute(sess, member, "urn:perun:member:attribute-def:def:membershipExpiration").getValue()); } catch (MemberNotValidYetException e) { log.error("Consistency error while trying to expire member {}, exception {}", member, e); } } } }
private Author convertAuthorToAuthorWithAttributes(Author author) { try { if (session == null) { session = perun.getPerunSession(new PerunPrincipal("perunCabinet", ExtSourcesManager.EXTSOURCE_NAME_INTERNAL, ExtSourcesManager.EXTSOURCE_INTERNAL), new PerunClient()); } User user = perun.getUsersManagerBl().getUserById(session, author.getId()); Attribute a = perun.getAttributesManagerBl().getAttribute(session, user, AttributesManager.NS_USER_ATTR_DEF + ":preferredMail"); Attribute b = perun.getAttributesManagerBl().getAttribute(session, user, AttributesManager.NS_USER_ATTR_DEF + ":organization"); author.setAttributes(Arrays.asList(a,b)); } catch (Exception ex) { log.error("Unable to get attributes for {}: {}", author, ex); } return author; }
/** * Validates member whose expiration is set after the given date * * @param date date * @throws InternalErrorException internal error * @throws WrongAttributeAssignmentException error * @throws AttributeNotExistsException error */ private void validateMembers(Calendar date) throws InternalErrorException, WrongAttributeAssignmentException, AttributeNotExistsException { List<Member> shouldntBeExpired = perun.getSearcherBl().getMembersByExpiration(sess, ">", date); for (Member member : shouldntBeExpired) { if (member.getStatus().equals(Status.EXPIRED)) { try { perun.getMembersManagerBl().validateMember(sess, member); log.info("Switching {} to VALID state, due to changed expiration {}.", member, perun.getAttributesManagerBl().getAttribute(sess, member, "urn:perun:member:attribute-def:def:membershipExpiration").getValue()); } catch (WrongAttributeValueException | WrongReferenceAttributeValueException e) { log.error("Error during validating member {}, exception {}", member, e); } } } }
List<Member> shouldBeExpired = perun.getSearcherBl().getMembersByGroupExpiration(sess, group, "<=", calendar); shouldBeExpired.stream() return perun.getGroupsManagerBl().getDirectMemberGroupStatus(sess, member, group).equals(MemberGroupStatus.VALID); } catch (InternalErrorException e) { log.error("Synchronizer: checkGroupMemberExpiration failed to read member's state in group. Member: {}, Group: {}, Exception: {}", member, group, e); .forEach(member -> { try { perun.getGroupsManagerBl().expireMemberInGroup(sess, member, group); log.info("Switching {} in {} to EXPIRED state, due to expiration {}.", member, group, perun.getAttributesManagerBl().getAttribute(sess, member, group, "urn:perun:member_group:attribute-def:def:membershipExpiration").getValue()); } catch (InternalErrorException e) { log.error("Consistency error while trying to expire member {} in {}, exception {}", member, group, e);
List<Member> shouldNotBeExpired = perun.getSearcherBl().getMembersByGroupExpiration(sess, group, ">", calendar); shouldNotBeExpired.stream() return perun.getGroupsManagerBl().getDirectMemberGroupStatus(sess, member, group).equals(MemberGroupStatus.EXPIRED); } catch (InternalErrorException e) { log.error("Synchronizer: checkGroupMemberExpiration failed to read member's state in group. Member: {}, Group: {}, Exception: {}", member, group, e); .forEach(member -> { try { perun.getGroupsManagerBl().validateMemberInGroup(sess, member, group); log.info("Switching {} in {} to VALID state, due to changed expiration {}.", member, group, perun.getAttributesManagerBl().getAttribute(sess, member, group, "urn:perun:member_group:attribute-def:def:membershipExpiration").getValue()); } catch (InternalErrorException e) { log.error("Error during validating member {} in {}, exception {}", member, group, e);
/** * Create proper UserExtSource */ @Override public Application approveApplication(PerunSession session, Application app) throws PerunException { PerunBl perun = (PerunBl)session.getPerun(); User user = app.getUser(); if (user == null) { log.error("At the end of approval action, we should have user present in application: {}", app); } else { Attribute userLogin = perun.getAttributesManagerBl().getAttribute(session, user, AttributesManager.NS_USER_ATTR_DEF + ":login-namespace:lifescience-hostel"); if (userLogin.getValue() != null) { ExtSource extSource = perun.getExtSourcesManagerBl().getExtSourceByName(session, "https://login.bbmri-eric.eu/lshostel/"); UserExtSource ues = new UserExtSource(extSource, userLogin + "@lifescience-hostel.org"); ues.setLoa(0); try { perun.getUsersManagerBl().addUserExtSource(session, user, ues); } catch (UserExtSourceExistsException ex) { // this is OK } } // User doesn't have login - don't set UES } return app; }
/** * Return groups that user is member of. * * @return groups that user is member of * @throws VOOTException if the can not read groups of user */ private List<Group> isMemberOf() throws VOOTException{ List<Group> groups = new ArrayList<Group>(); List<Vo> vos = new ArrayList<Vo>(); try{ vos.addAll(perun.getUsersManagerBl().getVosWhereUserIsMember(session, user)); }catch(InternalErrorException ex){ throw new VOOTException("internal_server_error"); } try{ for (Vo vo : vos) { Member member = perun.getMembersManagerBl().getMemberByUser(session, vo, user); groups.addAll(perun.getGroupsManagerBl().getAllMemberGroups(session, member)); } }catch(InternalErrorException ex){ throw new VOOTException("internal_server_error"); }catch(MemberNotExistsException ex){ throw new VOOTException("not_a_member"); } return groups; }
@Override public Application approveApplication(PerunSession session, Application app) throws PerunException { PerunBl perun = (PerunBl) session.getPerun(); Member member = perun.getMembersManagerBl().getMemberByUser(session, app.getVo(), app.getUser()); if (app.getGroup() == null && Objects.equals(app.getType(), Application.AppType.INITIAL)) { // IF VO INITIAL override VO rules to set unlimited (only to those with LoA = 2). Attribute loaAttr = perun.getAttributesManagerBl().getAttribute(session, member, AttributesManager.NS_MEMBER_ATTR_VIRT + ":loa"); int loa = Integer.valueOf((String) loaAttr.getValue()); if (loa == 2) { Attribute attr = perun.getAttributesManagerBl().getAttribute(session, member, AttributesManager.NS_MEMBER_ATTR_DEF + ":membershipExpiration"); attr.setValue("9999-01-01"); // set distant future as never expires perun.getAttributesManagerBl().setAttribute(session, member, attr); } } if ((app.getGroup() != null && Objects.equals(app.getType(), Application.AppType.INITIAL)) || (app.getGroup() == null && Objects.equals(app.getType(), Application.AppType.EXTENSION))) { // GROUP INITIAL OR VO EXTENSION -> set back standard expiration date based on VO rules Attribute attr = perun.getAttributesManagerBl().getAttribute(session, member, AttributesManager.NS_MEMBER_ATTR_DEF + ":membershipExpiration"); perun.getAttributesManagerBl().removeAttribute(session, member, attr); perun.getMembersManagerBl().extendMembership(session, member); } return app; }
/** * Return email addresses of specific user. Now is only preferred mail required. If user has not email, then is returned empty array. * * @param user specific user * @return emails of user, if user has not emails is returned empty array * @throws VOOTException if cannot read emails of user */ private Email[] getEmails(User user) throws VOOTException{ //preferred mail Email[] emails = new Email[1]; try{ Attribute preferredEmailAttribute = perun.getAttributesManagerBl().getAttribute(session, user, AttributesManager.NS_USER_ATTR_DEF + ":preferredMail"); if(preferredEmailAttribute.getValue() != null){ Email email = new Email(); email.setType("mail"); email.setValue((String) preferredEmailAttribute.getValue()); emails[0] = email; }else{ emails = null; } }catch(Exception ex){ emails = null; } return emails; }
/** * Init method, instantiate PerunSession * * @throws PerunException */ protected void initialize() throws PerunException { // gets session for a system principal "perunRegistrar" final PerunPrincipal pp = new PerunPrincipal("perunRegistrar", ExtSourcesManager.EXTSOURCE_NAME_INTERNAL, ExtSourcesManager.EXTSOURCE_INTERNAL); registrarSession = perun.getPerunSession(pp, new PerunClient()); this.attrManager = perun.getAttributesManager(); this.membersManager = perun.getMembersManager(); this.usersManager = perun.getUsersManager(); this.groupsManager = perun.getGroupsManager(); }
/** * Return all members of specific group. . * * @param group group specific group * @return group members of group * @throws VOOTException cannot read members of group */ private List<Member> getGroupMembers(Group group) throws VOOTException { List<Member> members = new ArrayList<Member>(); try { if (!perun.getGroupsManagerBl().isUserMemberOfGroup(session, user, group)) { // if not group member, check authorization in Entry members = perun.getGroupsManager().getGroupMembers(session, group); } else { members = perun.getGroupsManagerBl().getGroupMembers(session, group); } } catch (InternalErrorException ex){ throw new VOOTException("internal_server_error"); } catch (PrivilegeException ex) { throw new VOOTException("insufficient_privileges"); } catch (GroupNotExistsException ex) { throw new VOOTException("group_not_exists"); } return members; }
/** * Return group by name, which is consist of short name of VO, short name of parents group and short name of current group, e.g. 'vo1:group1:group2'. * * @param name name of group, e.g. 'vo1:group1:group2' * @return group * @throws VOOTException if can not read group */ private Group getGroupByName(String name) throws VOOTException{ String voName = name.split(":")[0]; Vo vo = null; try{ vo = perun.getVosManagerBl().getVoByShortName(session, voName); }catch(InternalErrorException ex){ throw new VOOTException("internal_server_error"); }catch(VoNotExistsException ex){ throw new VOOTException("internal_server_error", "vo not exists"); } Group group = null; try{ group = perun.getGroupsManagerBl().getGroupByName(session, vo, name.substring(name.indexOf(":")+1, name.length())); }catch(GroupNotExistsException ex){ throw new VOOTException("internal_server_error", "group not exists"); }catch(InternalErrorException ex){ throw new VOOTException("internal_server_error"); } return group; }
if (perun.isPerunReadOnly()) { log.debug("This instance is just read only so skip checking members states."); return; try { vos = perun.getVosManagerBl().getVos(sess); } catch (InternalErrorException e) { log.error("Synchronizer: checkMembersState, failed to get all vos exception {}", e);
/** * Creates ExtSource and UserExtSource if necessary for the purpose of joining users identities. * * @param user User to add UES to * @param actor Actor to add * @param extSourceName ExtSource name to add * @param extSourceType ExtSource type to add * @param loa loa in ext source * @return created UserExtSource * @throws PerunException when anything fails */ private UserExtSource createExtSourceAndUserExtSource(User user, String actor, String extSourceName, String extSourceType, int loa) throws PerunException { ExtSource extSource = new ExtSource(extSourceName, extSourceType); try { extSource = perun.getExtSourcesManagerBl().getExtSourceByName(registrarSession, extSourceName); } catch (ExtSourceNotExistsException ex) { extSource = perun.getExtSourcesManager().createExtSource(registrarSession, extSource, null); } UserExtSource ues = new UserExtSource(); ues.setLogin(actor); ues.setLoa(loa); ues.setExtSource(extSource); return perun.getUsersManager().addUserExtSource(registrarSession, user, ues); }
public void initialize() throws InternalErrorException { String synchronizerPrincipal = "perunSynchronizer"; this.sess = perun.getPerunSession( new PerunPrincipal(synchronizerPrincipal, ExtSourcesManager.EXTSOURCE_NAME_INTERNAL, ExtSourcesManager.EXTSOURCE_INTERNAL), new PerunClient()); }
@Override public void run() { try { Thread.sleep(5000); } catch (InterruptedException e) { // TODO Auto-generated catch block e.printStackTrace(); } try { perun.getMembersManagerBl().validateMember(registrarSession, member); } catch (InternalErrorException | WrongAttributeValueException | WrongReferenceAttributeValueException e) { log.error("[REGISTRAR] Exception when validating {} after approving application {}.", member, app); } try { // get user's group apps with auto-approve and approve them autoApproveUsersGroupApplications(sess, app.getVo(), app.getUser()); } catch (PerunException ex) { log.error("[REGISTRAR] Exception when auto-approving waiting group applications for {} after approving application {}.", member, app); } } }).start();
@Override public void copyFormFromGroupToGroup(PerunSession sess, Group fromGroup, Group toGroup) throws PerunException { Vo fromVO = perun.getVosManagerBl().getVoById(registrarSession, fromGroup.getVoId()); if ((!AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, fromGroup) && !AuthzResolver.isAuthorized(sess, Role.VOADMIN, fromGroup) && !AuthzResolver.isAuthorized(sess, Role.TOPGROUPCREATOR, fromVO)) || (!AuthzResolver.isAuthorized(sess, Role.GROUPADMIN, toGroup) && !AuthzResolver.isAuthorized(sess, Role.VOADMIN, toGroup))) { throw new PrivilegeException(sess, "copyFormFromGroupToGroup"); } List<ApplicationFormItem> items = getFormItems(sess, getFormForGroup(fromGroup)); for (ApplicationFormItem item : items) { item.setOrdnum(null); // reset order, id is always new inside add method addFormItem(sess, getFormForGroup(toGroup), item); } }
@SuppressWarnings("unused") @PostConstruct private void init() throws Exception { if (!perun.isPerunReadOnly()) { perunNotifPoolMessageDao.setAllCreatedToNow(); } session = NotifUtils.getPerunSession(perun); }
private EmailSCIM getEmail(User perunUser) { Attribute preferredEmailAttribute = new Attribute(); EmailSCIM email = new EmailSCIM(); try { preferredEmailAttribute = perunBl.getAttributesManagerBl().getAttribute(session, perunUser, AttributesManager.NS_USER_ATTR_DEF + ":preferredMail"); if (preferredEmailAttribute.getValue() != null) { email.setValue(preferredEmailAttribute.getValue().toString()); email.setPrimary(true); email.setType("preferred email"); return email; } } catch (InternalErrorException | WrongAttributeAssignmentException ex) { log.error("Internal exception occured while getting preferred email of user " + perunUser.getId(), ex); } catch (AttributeNotExistsException ex) { log.error("Attribute preferredMail doesn't exist for user " + perunUser.getId(), ex); } return null; } }
public static PerunSession getPerunSession(PerunBl perun) throws InternalErrorException { if (session == null) { if (perun != null) { session = perun.getPerunSession( new PerunPrincipal("perunNotifications", ExtSourcesManager.EXTSOURCE_NAME_INTERNAL, ExtSourcesManager.EXTSOURCE_INTERNAL), new PerunClient()); } else { throw new InternalErrorException("PerunBl is null"); } } return session; } }