Interface GroupsManager
- All Known Implementing Classes:
GroupsManagerEntry
Groups manager can do all work about groups in VOs.
You must get an instance of GroupsManager from instance of Perun (perun si singleton - see how to get it's instance on wiki):
GroupsManager gm = perun.getGroupsManager();
- Author:
- Michal Prochazka, Slavek Licehammer
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addAdmin
(PerunSession perunSession, Group group, Group authorizedGroup) Adds a group administrator to the group.void
addAdmin
(PerunSession perunSession, Group group, User user) Adds a user administrator of the group.void
addMember
(PerunSession perunSession, Group group, Member member) Adds member of the VO to the group in the same VO.void
addMember
(PerunSession perunSession, List<Group> groups, Member member) Adds member of the VO to the groups in the same VO.void
addMembers
(PerunSession perunSession, Group group, List<Member> members) Adds members of the VO to the group in the same VO.void
allowGroupsToHierarchicalVo
(PerunSession sess, List<Group> groups, Vo vo) Sets flag required for including groups to parent vo in a vo hierarchy.void
allowGroupToHierarchicalVo
(PerunSession sess, Group group, Vo vo) Sets flag required for including group to parent vo in a vo hierarchy.boolean
canExtendMembershipInGroup
(PerunSession sess, Member member, Group group) Returns true if member in given group can extend membership or if no rules were set for the membershipExpirationboolean
canExtendMembershipInGroupWithReason
(PerunSession sess, Member member, Group group) Returns true if member in given group can extend membership or throws exception with reason why use can't extends membershipvoid
copyMembers
(PerunSession sess, Group sourceGroup, List<Group> destinationGroups, List<Member> members) Copies direct members from one group to other groups in the same VO.createGroup
(PerunSession perunSession, Group parentGroup, Group group) Creates a new subgroup of the existing group.createGroup
(PerunSession perunSession, Vo vo, Group group) Creates a new top-level group and associates it with the VO from parameter.createGroupUnion
(PerunSession sess, Group resultGroup, Group operandGroup) Performs union operation on two groups.void
deleteAllGroups
(PerunSession perunSession, Vo vo) Deletes all groups under the VO except built-in groups (members, admins groups).void
deleteGroup
(PerunSession perunSession, Group group) Deletes group only if has no subgroups and no members.void
deleteGroup
(PerunSession perunSession, Group group, boolean forceDelete) If forceDelete is false, delete only group and if this group has members or subgroups, throw an exception.void
deleteGroups
(PerunSession perunSession, List<Group> groups, boolean forceDelete) Delete all groups in list from perun.void
disallowGroupsToHierarchicalVo
(PerunSession sess, List<Group> groups, Vo vo) Unsets flag required for including groups to parent vo in a vo hierarchyvoid
disallowGroupToHierarchicalVo
(PerunSession sess, Group group, Vo vo) Unsets flag required for including group to parent vo in a vo hierarchyvoid
extendMembershipInGroup
(PerunSession sess, Member member, Group group) Extend member membership in given group using membershipExpirationRules attribute defined in Group.void
forceAllSubGroupsSynchronization
(PerunSession sess, Group group) Force synchronization for all subgroups (recursively - whole tree) of the group (useful for group structure)void
forceGroupStructureSynchronization
(PerunSession sess, Group group) Puts the group on the first place to the queue of groups waiting for group structure synchronization.void
forceGroupSynchronization
(PerunSession sess, Group group) Synchronizes the group with the external group.getActiveGroupMembers
(PerunSession perunSession, Group group) Return all members of the group who are active (valid) in the group.getAdminGroups
(PerunSession perunSession, Group group) Deprecated.getAdmins
(PerunSession perunSession, Group group) Deprecated.getAdmins
(PerunSession perunSession, Group group, boolean onlyDirectAdmins) Deprecated.Returns all groups which can be included to VO.getAllAllowedGroupsToHierarchicalVo
(PerunSession sess, Vo vo, Vo memberVo) Returns groups which can be included to VO from specific member VO.getAllGroups
(PerunSession sess) Get all groups from all vos.getAllGroups
(PerunSession sess, Vo vo) Get groups of Vo by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all groups in vo - GROUPADMIN : only groups where user is admingetAllGroupsWhereMemberIsActive
(PerunSession sess, Member member) Returns all member's groups where member is in active state (is valid there) Included members group.getAllGroupsWithHierarchy
(PerunSession sess, Vo vo) Get groups of the VO stored in the map reflecting the hierarchy by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all Groups - GROUPADMIN : only groups where user is groupAdmingetAllMemberGroups
(PerunSession sess, Member member) Return all member's groups.getAllRichGroups
(PerunSession sess) Get all groups with all attributes.getAllRichGroups
(PerunSession sess, List<String> attrNames) Get all groups with their specified attributes.getAllRichGroupsWithAttributesByNames
(PerunSession sess, Vo vo, List<String> attrNames) Deprecated.getAllRichGroupsWithAttributesByNames
(PerunSession sess, Vo vo, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) Return all RichGroups containing selected attributes filtered by role and its typegetAllRichSubGroupsWithAttributesByNames
(PerunSession sess, Group parentGroup, List<String> attrNames) Deprecated.getAllRichSubGroupsWithAttributesByNames
(PerunSession sess, Group parentGroup, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) Return all RichSubGroups in parentGroup (all levels sub groups) containing selected attributes filtered by role and its type,getAllSubGroups
(PerunSession sess, Group parentGroup) Get all subgroups of the parentGroup recursively.getDirectAdmins
(PerunSession perunSession, Group group) Deprecated.getDirectRichAdminsWithSpecificAttributes
(PerunSession perunSession, Group group, List<String> specificAttributes) Deprecated.getGroupById
(PerunSession perunSession, int id) Search for the group with specified id in all VOs.getGroupByName
(PerunSession perunSession, Vo vo, String name) Search for the group with specified name in specified VO.getGroupDirectMembers
(PerunSession perunSession, Group group) Return all direct group members.int
getGroupDirectMembersCount
(PerunSession sess, Group group) Returns count of direct members in the groupgetGroupDirectRichMembers
(PerunSession sess, Group group) Returns direct group members in the RichMember object, which contains Member+User data.getGroupMemberById
(PerunSession sess, Group group, int memberId) Get group member by member ID.getGroupMembers
(PerunSession perunSession, Group group) Return all group members.getGroupMembers
(PerunSession perunSession, Group group, Status status) Return group members with specified vo membership status.int
getGroupMembersCount
(PerunSession perunSession, Group group) getGroupMembersCountsByGroupStatus
(PerunSession sess, Group group) Returns counts of group members by their group status.getGroupMembersCountsByVoStatus
(PerunSession sess, Group group) Returns counts of group members by their status in VO.getGroupRichMembers
(PerunSession sess, Group group) Returns group members in the RichMember object, which contains Member+User data.getGroupRichMembers
(PerunSession sess, Group group, Status status) Returns group members with specified membership status in the RichMember object, which contains Member+User data.getGroupRichMembersByIds
(PerunSession sess, int groupId, List<Integer> memberIds, List<String> attrNames) Returns list of RichMembers with requested attributes by their member IDs from given group.getGroupRichMembersWithAttributes
(PerunSession sess, Group group) Returns group members in the RichMember object, which contains Member+User data.getGroupRichMembersWithAttributes
(PerunSession sess, Group group, Status status) Returns group members with specified membership status in the RichMember object, which contains Member+User data.getGroups
(PerunSession sess, Vo vo) Get groups of users under the VO by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all groups - GROUPADMIN : only groups where user is GroupAdmingetGroupsByIds
(PerunSession perunSession, List<Integer> ids) Search for the groups with specified ids in all VOs.int
getGroupsCount
(PerunSession sess) Get count of all groupsint
getGroupsCount
(PerunSession sess, Vo vo) getGroupsPage
(PerunSession sess, Vo vo, GroupsPageQuery query, List<String> attrNames) Get page of groups from the given vo.getGroupsWhereMemberIsActive
(PerunSession sess, Member member) Returns all member's groups where member is in active state (is valid there) Excluded members group.getGroupsWhereMemberIsInactive
(PerunSession sess, Member member) Returns all member's groups where member is in inactive state (it is not valid and it is expired there) Excluded members group.getGroupsWhereUserIsActiveMember
(PerunSession session, User user, Vo vo) Returns groups in which the user is active member.getGroupUnions
(PerunSession sess, Group group, boolean reverseDirection) Get list of group unions for specified group.getInactiveGroupMembers
(PerunSession perunSession, Group group) Return all members of the group who are inactive (expired) in the group.getIndirectMembershipPaths
(PerunSession sess, Member member, Group group) Get unique paths of groups via which member is indirectly included to the group.getMemberGroups
(PerunSession sess, Member member) Returns all member's groups.getMemberGroupsByAttribute
(PerunSession sess, Member member, Attribute attribute) Method return list of groups for selected member which (groups) has set specific attribute.getMemberRichGroupsWithAttributesByNames
(PerunSession sess, Member member, List<String> attrNames) Deprecated.getMemberRichGroupsWithAttributesByNames
(PerunSession sess, Member member, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) Return all RichGroups for specified member, containing selected attributes filtered by role and its type.getParentGroup
(PerunSession sess, Group group) Get parent group.getParentGroupMembers
(PerunSession sess, Group group) Get members from parent group.getParentGroupRichMembers
(PerunSession sess, Group group) Get members form the parent group in RichMember format.getParentGroupRichMembersWithAttributes
(PerunSession sess, Group group) Get members form the parent group in RichMember format including user/member attributes.getRichAdmins
(PerunSession perunSession, Group group) Deprecated.getRichAdmins
(PerunSession perunSession, Group group, List<String> specificAttributes, boolean allUserAttributes, boolean onlyDirectAdmins) Deprecated.getRichAdminsWithAttributes
(PerunSession perunSession, Group group) Deprecated.getRichAdminsWithSpecificAttributes
(PerunSession perunSession, Group group, List<String> specificAttributes) Deprecated.getRichGroupByIdWithAttributesByNames
(PerunSession sess, int groupId, List<String> attrNames) Return RichGroup selected by id containing selected attributesgetRichGroupsAssignedToResourceWithAttributesByNames
(PerunSession sess, Member member, Resource resource, List<String> attrNames) Get list of all richGroups with selected attributes assigned to the resource filtered by specific member.getRichGroupsAssignedToResourceWithAttributesByNames
(PerunSession sess, Resource resource, List<String> attrNames) Get list of all richGroups with selected attributes assigned to resource.getRichSubGroupsWithAttributesByNames
(PerunSession sess, Group parentGroup, List<String> attrNames) Return RichSubGroups in parentGroup (only 1 level subgroups) containing selected attributesgetSubGroups
(PerunSession sess, Group parentGroup) Get all subgroups of the parent group under the VO.int
getSubGroupsCount
(PerunSession sess, Group parentGroup) Returns number of immediate subgroups of the parent group.getSubgroupsPage
(PerunSession sess, Group group, GroupsPageQuery query, List<String> attrNames) Get page of subgroups from the given parent group.getVo
(PerunSession sess, Group group) Gets the Vo which is owner of the group.boolean
isAllowedGroupToHierarchicalVo
(PerunSession sess, Group group, Vo vo) Returns flag representing if the group can be included in the (parent) vo's groupsboolean
isDirectGroupMember
(PerunSession sess, Group group, Member member) Return true if Member is direct member of the GroupisGroupLastAdminInSomeFacility
(PerunSession sess, List<Group> groups) Check whether some of the groups supply the last FACILITYADMIN in some facility, return the groups that do.isGroupLastAdminInSomeVo
(PerunSession sess, List<Group> groups) Check whether some of the groups supply the last VOADMIN in some vo, return the groups that do.boolean
isGroupMember
(PerunSession sess, Group group, Member member) Return true if Member is member of the Groupboolean
Check if synchronizing groups is suspended.void
moveGroup
(PerunSession sess, Group destinationGroup, Group movingGroup) Move one group structure under another group in same vo or as top level groupvoid
removeAdmin
(PerunSession perunSession, Group group, Group authorizedGroup) Removes a group administrator of the group.void
removeAdmin
(PerunSession perunSession, Group group, User user) Removes a user administrator form the group.void
removeGroupUnion
(PerunSession sess, Group resultGroup, Group operandGroup) Removes a union relation between two groups.void
removeGroupUnions
(PerunSession sess, Group resultGroup, List<Group> operandGroups) Removes a union relations between groups.void
removeMember
(PerunSession perunSession, Group group, Member member) Removes member form the group.void
removeMember
(PerunSession perunSession, Member member, List<Group> groups) Removes a member from a list of groups.void
removeMembers
(PerunSession perunSession, Group group, List<Member> members) Removes members from a group.setMemberGroupStatus
(PerunSession sess, Member member, Group group, MemberGroupStatus status) Set Members Group status for specified DIRECT member and group.void
suspendGroupSynchronization
(PerunSession sess, boolean suspend) Suspend synchronizing groups and their structures.void
Synchronize all groups which have enabled synchronization.void
Synchronize all groups structures (with members) which have enabled group structure synchronization.updateGroup
(PerunSession perunSession, Group group) Updates group by ID.
-
Field Details
-
GROUPSQUERY_ATTRNAME
- See Also:
-
GROUPMEMBERSQUERY_ATTRNAME
- See Also:
-
GROUPMEMBERSFILTER_ATTRNAME
- See Also:
-
GROUPEXTSOURCE_ATTRNAME
- See Also:
-
GROUPMEMBERSEXTSOURCE_ATTRNAME
- See Also:
-
GROUPS_STRUCTURE_LOGIN_ATTRNAME
- See Also:
-
GROUPS_STRUCTURE_LOGIN_PREFIX_ATTRNAME
- See Also:
-
GROUPSYNCHROENABLED_ATTRNAME
- See Also:
-
GROUPS_STRUCTURE_SYNCHRO_ENABLED_ATTRNAME
- See Also:
-
GROUPSYNCHROINTERVAL_ATTRNAME
- See Also:
-
GROUP_STRUCTURE_SYNCHRO_INTERVAL_ATTRNAME
- See Also:
-
GROUPLIGHTWEIGHTSYNCHRONIZATION_ATTRNAME
- See Also:
-
GROUPAUTHORITATIVEGROUP_ATTRNAME
- See Also:
-
GROUP_FLAT_SYNCHRONIZATION_ATTRNAME
- See Also:
-
GROUP_SYNCHRO_TIMES_ATTRNAME
- See Also:
-
GROUP_STRUCTURE_SYNCHRO_TIMES_ATTRNAME
- See Also:
-
GROUP_START_OF_LAST_SUCCESSFUL_SYNC_ATTRNAME
- See Also:
-
GROUP_START_OF_LAST_SYNC_ATTRNAME
- See Also:
-
GROUP_MEMBERSHIP_EXPIRATION_RULES_ATTRNAME
- See Also:
-
GROUP_SYNCHRONIZATION_FILE_ATTRNAME
- See Also:
-
GROUP_SHORT_NAME_REGEXP
- See Also:
-
GROUP_FULL_NAME_REGEXP
- See Also:
-
-
Method Details
-
addAdmin
void addAdmin(PerunSession perunSession, Group group, User user) throws AlreadyAdminException, PrivilegeException, GroupNotExistsException, UserNotExistsException, RoleCannotBeManagedException, RoleCannotBeSetException Adds a user administrator of the group.- Parameters:
perunSession
-group
-user
-- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
AlreadyAdminException
UserNotExistsException
RoleCannotBeManagedException
RoleCannotBeSetException
-
addAdmin
void addAdmin(PerunSession perunSession, Group group, Group authorizedGroup) throws AlreadyAdminException, PrivilegeException, GroupNotExistsException, RoleCannotBeManagedException, RoleCannotBeSetException Adds a group administrator to the group.- Parameters:
perunSession
-group
- - group that will be assigned admins (users) from authorizedGroupauthorizedGroup
- - group that will be given the privilege- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
AlreadyAdminException
RoleCannotBeManagedException
RoleCannotBeSetException
-
addMember
void addMember(PerunSession perunSession, Group group, Member member) throws MemberNotExistsException, PrivilegeException, AlreadyMemberException, GroupNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Adds member of the VO to the group in the same VO.- Parameters:
perunSession
-group
-member
-- Throws:
InternalErrorException
MemberNotExistsException
PrivilegeException
AlreadyMemberException
GroupNotExistsException
WrongAttributeValueException
- if any member attribute value, required by resource (on which the group is assigned), is wrongWrongAttributeAssignmentException
AttributeNotExistsException
WrongReferenceAttributeValueException
ExternallyManagedException
-
addMember
void addMember(PerunSession perunSession, List<Group> groups, Member member) throws MemberNotExistsException, PrivilegeException, AlreadyMemberException, GroupNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Adds member of the VO to the groups in the same VO.- Parameters:
perunSession
-groups
- list of groups, the member will be added tomember
- member to be added- Throws:
InternalErrorException
MemberNotExistsException
PrivilegeException
AlreadyMemberException
GroupNotExistsException
WrongAttributeValueException
- if any member attribute value, required by resource (on which the group is assigned), is wrongWrongAttributeAssignmentException
AttributeNotExistsException
WrongReferenceAttributeValueException
ExternallyManagedException
-
addMembers
void addMembers(PerunSession perunSession, Group group, List<Member> members) throws MemberNotExistsException, PrivilegeException, AlreadyMemberException, GroupNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Adds members of the VO to the group in the same VO.- Parameters:
perunSession
-group
- list of groups, the member will be added tomembers
- member to be added- Throws:
InternalErrorException
MemberNotExistsException
PrivilegeException
AlreadyMemberException
GroupNotExistsException
WrongAttributeValueException
- if any member attribute value, required by resource (on which the group is assigned), is wrongWrongAttributeAssignmentException
AttributeNotExistsException
WrongReferenceAttributeValueException
ExternallyManagedException
-
allowGroupToHierarchicalVo
void allowGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException, RelationNotExistsException, RelationExistsException Sets flag required for including group to parent vo in a vo hierarchy.- Parameters:
sess
- perun sessiongroup
- groupvo
- parent vo- Throws:
VoNotExistsException
- if vo does not existGroupNotExistsException
- if group does not existPrivilegeException
- insufficient rightsRelationNotExistsException
- if group is not from parent vo's member vosRelationExistsException
- if group is already allowed to be included to parent vo
-
allowGroupsToHierarchicalVo
void allowGroupsToHierarchicalVo(PerunSession sess, List<Group> groups, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException, RelationNotExistsException, RelationExistsException Sets flag required for including groups to parent vo in a vo hierarchy.- Parameters:
sess
- perun sessiongroups
- list of groupsvo
- parent vo- Throws:
VoNotExistsException
- if vo does not existGroupNotExistsException
- if group does not existPrivilegeException
- insufficient rightsRelationNotExistsException
- if group is not from parent vo's member vosRelationExistsException
- if group is already allowed to be included to parent vo
-
canExtendMembershipInGroup
boolean canExtendMembershipInGroup(PerunSession sess, Member member, Group group) throws MemberNotExistsException, GroupNotExistsException, PrivilegeException Returns true if member in given group can extend membership or if no rules were set for the membershipExpiration- Parameters:
sess
- sessionmember
- membergroup
- group- Returns:
- true if given member can extend membership in given group or if no rules were set for the membership expiration, false otherwise
- Throws:
MemberNotExistsException
GroupNotExistsException
PrivilegeException
-
canExtendMembershipInGroupWithReason
boolean canExtendMembershipInGroupWithReason(PerunSession sess, Member member, Group group) throws MemberNotExistsException, GroupNotExistsException, PrivilegeException, ExtendMembershipException Returns true if member in given group can extend membership or throws exception with reason why use can't extends membership- Parameters:
sess
- sessionmember
- membergroup
- group- Returns:
- true if given member can extend membership in given group or throws exception with reason why not
- Throws:
ExtendMembershipException
- reason why user can't extend membershipMemberNotExistsException
GroupNotExistsException
PrivilegeException
-
copyMembers
void copyMembers(PerunSession sess, Group sourceGroup, List<Group> destinationGroups, List<Member> members) throws WrongReferenceAttributeValueException, WrongAttributeValueException, GroupNotExistsException, MemberNotExistsException, GroupGroupMismatchException, PrivilegeException, ExternallyManagedException, MemberGroupMismatchException Copies direct members from one group to other groups in the same VO. The members are copied without their member-group attributes. Copies all direct members if members list is empty or null.- Parameters:
sess
- perun sessionsourceGroup
- group to copy members fromdestinationGroups
- groups to copy members tomembers
- members to be copied- Throws:
WrongReferenceAttributeValueException
WrongAttributeValueException
GroupNotExistsException
- when one of the groups does not existMemberNotExistsException
- when one of the members does not existGroupGroupMismatchException
- when the groups are not in the same VoPrivilegeException
ExternallyManagedException
- when destination group is managed from an external sourceMemberGroupMismatchException
-
createGroup
Group createGroup(PerunSession perunSession, Vo vo, Group group) throws GroupExistsException, PrivilegeException, VoNotExistsException Creates a new top-level group and associates it with the VO from parameter.For this method the new group has always same shortName like Name. Important: voId in object group is ignored
- Parameters:
perunSession
-vo
- to associates group withgroup
- new group with name without ":"- Returns:
- newly created top-level group
- Throws:
InternalErrorException
- if group.name contains ':' or other internal error occuredGroupExistsException
PrivilegeException
VoNotExistsException
-
createGroup
Group createGroup(PerunSession perunSession, Group parentGroup, Group group) throws GroupNotExistsException, GroupExistsException, PrivilegeException, GroupRelationNotAllowed, GroupRelationAlreadyExists, ExternallyManagedException Creates a new subgroup of the existing group.- Parameters:
perunSession
-parentGroup
-group
- group.name must contain only shortName (without ":"). Hierarchy is defined by parentGroup parameter.- Returns:
- newly created sub group with full group.Name with ":"
- Throws:
InternalErrorException
- if group.name contains ':' or other internal error occuredGroupNotExistsException
GroupExistsException
PrivilegeException
GroupRelationNotAllowed
GroupRelationAlreadyExists
ExternallyManagedException
-
createGroupUnion
Group createGroupUnion(PerunSession sess, Group resultGroup, Group operandGroup) throws GroupNotExistsException, PrivilegeException, GroupRelationNotAllowed, GroupRelationAlreadyExists, WrongAttributeValueException, WrongReferenceAttributeValueException, ExternallyManagedException, VoNotExistsException Performs union operation on two groups. Members from operand group are added to result group as indirect.- Parameters:
sess
- perun sessionresultGroup
- group to which members are addedoperandGroup
- group from which members are taken- Returns:
- result group
- Throws:
InternalErrorException
GroupNotExistsException
GroupRelationNotAllowed
GroupRelationAlreadyExists
PrivilegeException
WrongAttributeValueException
WrongReferenceAttributeValueException
VoNotExistsException
ExternallyManagedException
-
deleteAllGroups
void deleteAllGroups(PerunSession perunSession, Vo vo) throws VoNotExistsException, PrivilegeException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved Deletes all groups under the VO except built-in groups (members, admins groups).- Parameters:
perunSession
-vo
- VO- Throws:
InternalErrorException
VoNotExistsException
PrivilegeException
GroupAlreadyRemovedException
- if there is at least 1 group not affected by deleting from DBGroupAlreadyRemovedFromResourceException
- if there is at least 1 group on resource affected by deleting from DBGroupRelationDoesNotExist
GroupRelationCannotBeRemoved
-
deleteGroup
void deleteGroup(PerunSession perunSession, Group group, boolean forceDelete) throws GroupNotExistsException, PrivilegeException, RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, ExternallyManagedException If forceDelete is false, delete only group and if this group has members or subgroups, throw an exception. If forceDelete is true, delete group with all subgroups, members and administrators, then delete this group.- Parameters:
perunSession
-group
- group to deleteforceDelete
- if forceDelete is false, delete group only if is empty and has no subgroups, if is true, delete anyway with all connections- Throws:
GroupNotExistsException
InternalErrorException
PrivilegeException
RelationExistsException
GroupAlreadyRemovedException
GroupAlreadyRemovedFromResourceException
GroupRelationDoesNotExist
GroupRelationCannotBeRemoved
ExternallyManagedException
-
deleteGroup
void deleteGroup(PerunSession perunSession, Group group) throws GroupNotExistsException, PrivilegeException, RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, ExternallyManagedException Deletes group only if has no subgroups and no members. Other way throw exception. This method is same like deleteGroup(sess, group, false) with false for forceDelete- Parameters:
perunSession
-group
- group to delete- Throws:
GroupNotExistsException
InternalErrorException
PrivilegeException
RelationExistsException
GroupAlreadyRemovedException
GroupAlreadyRemovedFromResourceException
GroupRelationDoesNotExist
GroupRelationCannotBeRemoved
ExternallyManagedException
-
deleteGroups
void deleteGroups(PerunSession perunSession, List<Group> groups, boolean forceDelete) throws GroupNotExistsException, PrivilegeException, GroupAlreadyRemovedException, RelationExistsException, GroupAlreadyRemovedFromResourceException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, ExternallyManagedException Delete all groups in list from perun. (Except members group)If forceDelete is false, delete groups only if none of them (IN MOMENT OF DELETING) has subgroups and members, in other case throw exception. if forceDelete is true, delete groups with all subgroups and members.
Groups are deleted in order: from longest name to the shortest - ex: Group A:b:c will be deleted sooner than Group A:b etc. - reason for this: with group are deleted its subgroups too
Important: Groups can be from different VOs.
- Parameters:
perunSession
-groups
- list of groups to deletedforceDelete
- if forceDelete is false, delete groups only if all of them have no subgroups and no members, if is true, delete anyway with all connections- Throws:
GroupNotExistsException
- If any group not exists in perunInternalErrorException
PrivilegeException
- if user has no right to call delete operation on any of these groupsGroupAlreadyRemovedException
- if any groups is already deletedRelationExistsException
- raise if group has subgroups or member (forceDelete is false)GroupAlreadyRemovedFromResourceException
- if any group is already removed from resourceGroupRelationDoesNotExist
GroupRelationCannotBeRemoved
ExternallyManagedException
-
disallowGroupToHierarchicalVo
void disallowGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException, RelationNotExistsException Unsets flag required for including group to parent vo in a vo hierarchy- Parameters:
sess
- perun sessiongroup
- groupvo
- parent vo- Throws:
VoNotExistsException
- if vo does not existGroupNotExistsException
- if group does not existPrivilegeException
- insufficient rightsRelationNotExistsException
- if group is not allowed to be included in parent vo
-
disallowGroupsToHierarchicalVo
void disallowGroupsToHierarchicalVo(PerunSession sess, List<Group> groups, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException, RelationNotExistsException Unsets flag required for including groups to parent vo in a vo hierarchy- Parameters:
sess
- perun sessiongroups
- list of groupsvo
- parent vo- Throws:
VoNotExistsException
- if vo does not existGroupNotExistsException
- if group does not existPrivilegeException
- insufficient rightsRelationNotExistsException
- if group is not allowed to be included in parent vo
-
extendMembershipInGroup
void extendMembershipInGroup(PerunSession sess, Member member, Group group) throws ExtendMembershipException, PrivilegeException, MemberNotExistsException, GroupNotExistsException Extend member membership in given group using membershipExpirationRules attribute defined in Group.- Parameters:
sess
- sessionmember
- membergroup
- group- Throws:
InternalErrorException
- internal errorExtendMembershipException
- extend membership exceptionPrivilegeException
MemberNotExistsException
GroupNotExistsException
-
forceAllSubGroupsSynchronization
void forceAllSubGroupsSynchronization(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException Force synchronization for all subgroups (recursively - whole tree) of the group (useful for group structure)- Parameters:
sess
-group
- the group where all its subgroups will be forced to synchronize- Throws:
PrivilegeException
- user is not privileged to call this methodGroupNotExistsException
- when group not exists in Perun
-
forceGroupStructureSynchronization
void forceGroupStructureSynchronization(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException, GroupStructureSynchronizationAlreadyRunningException Puts the group on the first place to the queue of groups waiting for group structure synchronization.- Parameters:
sess
-group
-- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
GroupStructureSynchronizationAlreadyRunningException
-
forceGroupSynchronization
void forceGroupSynchronization(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException, GroupSynchronizationAlreadyRunningException, GroupSynchronizationNotEnabledException Synchronizes the group with the external group.- Parameters:
sess
-group
-- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
GroupSynchronizationAlreadyRunningException
- when synchronization for the group is already runningGroupSynchronizationNotEnabledException
- when group doesn't have synchronization enabled
-
getActiveGroupMembers
List<Member> getActiveGroupMembers(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Return all members of the group who are active (valid) in the group.Do not return expired members of the group.
- Parameters:
perunSession
- perun sessiongroup
- to get members from- Returns:
- list of active (valid) members
- Throws:
InternalErrorException
PrivilegeException
- insufficient permissionGroupNotExistsException
- when group does not exist
-
getAdminGroups
@Deprecated List<Group> getAdminGroups(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of all group administrators of given group.- Parameters:
perunSession
-group
-- Returns:
- list of all group administrators of the given group
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getAdmins
@Deprecated List<User> getAdmins(PerunSession perunSession, Group group, boolean onlyDirectAdmins) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of all administrators of this group. If some group is administrator of the given group, all VALID members are included in the list.If onlyDirectAdmins is true, return only direct users of the group for supported role.
Supported roles: GroupAdmin
- Parameters:
perunSession
-group
-onlyDirectAdmins
- if true, get only direct user administrators (if false, get both direct and indirect)- Returns:
- list of all user administrators of the given group for supported role
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getAdmins
@Deprecated List<User> getAdmins(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of all user administrators of this group. If some group is administrator of the given group, all members are included in the list.- Parameters:
perunSession
-group
-- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getAllAllowedGroupsToHierarchicalVo
List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo) throws VoNotExistsException, PrivilegeException Returns all groups which can be included to VO.- Parameters:
sess
- sessionvo
- parent VO- Returns:
- list of allowed groups to hierarchical VO
- Throws:
VoNotExistsException
- if given VO does not existPrivilegeException
- if unauthorized
-
getAllAllowedGroupsToHierarchicalVo
List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo, Vo memberVo) throws VoNotExistsException, PrivilegeException Returns groups which can be included to VO from specific member VO.- Parameters:
sess
- sessionvo
- parent VOmemberVo
- member VO- Returns:
- list of allowed groups to hierarchical VO
- Throws:
VoNotExistsException
- if given parent VO or member VO does not existPrivilegeException
- if unauthorized
-
getAllGroups
Get all groups from all vos. Returned groups are filtered based on the principal rights.- Parameters:
sess
- session- Returns:
- list of all groups
- Throws:
PrivilegeException
- if the principal has insufficient permission
-
getAllGroups
Get groups of Vo by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all groups in vo - GROUPADMIN : only groups where user is admin- Parameters:
sess
-vo
-- Returns:
- list of groups
- Throws:
InternalErrorException
PrivilegeException
VoNotExistsException
-
getAllGroupsWhereMemberIsActive
List<Group> getAllGroupsWhereMemberIsActive(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Returns all member's groups where member is in active state (is valid there) Included members group.- Parameters:
sess
- perun sessionmember
- member to get groups for- Returns:
- list of groups where member is in active state (valid)
- Throws:
MemberNotExistsException
- member in parameter not exists in perunPrivilegeException
- user is not privileged to call this methodInternalErrorException
-
getAllGroupsWithHierarchy
Map<Group,Object> getAllGroupsWithHierarchy(PerunSession sess, Vo vo) throws PrivilegeException, VoNotExistsException Get groups of the VO stored in the map reflecting the hierarchy by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all Groups - GROUPADMIN : only groups where user is groupAdmin- Parameters:
sess
-vo
-- Returns:
- map of the groups hierarchically organized
- Throws:
InternalErrorException
PrivilegeException
VoNotExistsException
-
getAllMemberGroups
List<Group> getAllMemberGroups(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Return all member's groups. Included members groups.- Parameters:
sess
-member
-- Returns:
- Throws:
InternalErrorException
PrivilegeException
MemberNotExistsException
-
getAllRichGroups
List<RichGroup> getAllRichGroups(PerunSession sess, List<String> attrNames) throws PrivilegeException Get all groups with their specified attributes. If theattrNames
are null or empty, all group attributes are returned.- Parameters:
sess
- sessionattrNames
- list of attribute names to get- Returns:
- list of all groups with specified attributes
- Throws:
PrivilegeException
- if the principal has insufficient permission
-
getAllRichGroups
Get all groups with all attributes.- Parameters:
sess
- session- Returns:
- list of all groups with specified attributes
- Throws:
PrivilegeException
- if the principal has insufficient permission
-
getAllRichGroupsWithAttributesByNames
@Deprecated List<RichGroup> getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames) throws VoNotExistsException, PrivilegeException Deprecated.Return all RichGroups containing selected attributes- Parameters:
sess
-vo
-attrNames
- if attrNames is null method will return RichGroups containing all attributes- Returns:
- List of RichGroups
- Throws:
InternalErrorException
VoNotExistsException
PrivilegeException
-
getAllRichGroupsWithAttributesByNames
List<RichGroup> getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) throws VoNotExistsException, PrivilegeException Return all RichGroups containing selected attributes filtered by role and its type- Parameters:
sess
- perun sessionvo
- voattrNames
- if attrNames is null method will return RichGroups containing all attributesroles
- list of selected roles (if empty, then return groups by all roles)types
- list of selected types of roles (if empty, then return by roles of all types)- Returns:
- List of RichGroups
- Throws:
InternalErrorException
VoNotExistsException
PrivilegeException
-
getAllRichSubGroupsWithAttributesByNames
@Deprecated List<RichGroup> getAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames) throws GroupNotExistsException, PrivilegeException Deprecated.Return all RichSubGroups in parentGroup (all levels sub groups) containing selected attributes- Parameters:
sess
-parentGroup
-attrNames
- if attrNames is null method will return RichGroups containing all attributes- Returns:
- List of RichGroups
- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
-
getAllRichSubGroupsWithAttributesByNames
List<RichGroup> getAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) throws GroupNotExistsException, PrivilegeException Return all RichSubGroups in parentGroup (all levels sub groups) containing selected attributes filtered by role and its type,- Parameters:
sess
- perun sessionparentGroup
- parent groupattrNames
- if attrNames is null method will return RichGroups containing all attributesroles
- list of selected roles (if empty, then return groups by all roles)types
- list of selected types of roles (if empty, then return by roles of all types)- Returns:
- List of RichGroups
- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
-
getAllSubGroups
List<Group> getAllSubGroups(PerunSession sess, Group parentGroup) throws PrivilegeException, GroupNotExistsException Get all subgroups of the parentGroup recursively. (parentGroup subgroups, their subgroups etc...)- Parameters:
sess
-parentGroup
- parent group- Returns:
- list of groups
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getDirectAdmins
@Deprecated List<User> getDirectAdmins(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of direct user administrators of this group. 'Direct' means, there aren't included users, who are members of group administrators, in the returned list.- Parameters:
perunSession
-group
-- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getDirectRichAdminsWithSpecificAttributes
@Deprecated List<RichUser> getDirectRichAdminsWithSpecificAttributes(PerunSession perunSession, Group group, List<String> specificAttributes) throws PrivilegeException, GroupNotExistsException Deprecated.Get list of Group administrators, which are directly assigned (not by group membership) with specific attributes. From list of specificAttributes get all Users Attributes and find those for every RichAdmin (only, other attributes are not searched)- Parameters:
perunSession
-group
-specificAttributes
-- Returns:
- list of RichUsers with specific attributes.
- Throws:
InternalErrorException
PrivilegeException
VoNotExistsException
GroupNotExistsException
-
getGroupById
Group getGroupById(PerunSession perunSession, int id) throws GroupNotExistsException, PrivilegeException Search for the group with specified id in all VOs.- Parameters:
perunSession
-id
-- Returns:
- group with specified id or throws GroupNotExistsException
- Throws:
GroupNotExistsException
InternalErrorException
PrivilegeException
-
getGroupByName
Group getGroupByName(PerunSession perunSession, Vo vo, String name) throws GroupNotExistsException, PrivilegeException, VoNotExistsException Search for the group with specified name in specified VO.IMPORTANT: need to use full name of group (ex. 'toplevel:a:b', not the shortname which is in this example 'b')
- Parameters:
perunSession
-vo
-name
-- Returns:
- group with specified name or throws GroupNotExistsException in specified VO
- Throws:
GroupNotExistsException
InternalErrorException
PrivilegeException
VoNotExistsException
-
getGroupDirectMembers
List<Member> getGroupDirectMembers(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Return all direct group members.- Parameters:
perunSession
- perun sessiongroup
- group- Returns:
- list of direct members
- Throws:
InternalErrorException
- internal errorPrivilegeException
- insufficient permissionGroupNotExistsException
- when group does not exist
-
getGroupDirectMembersCount
int getGroupDirectMembersCount(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException Returns count of direct members in the group- Parameters:
sess
-group
-- Returns:
- count
- Throws:
GroupNotExistsException
PrivilegeException
-
getGroupDirectRichMembers
List<RichMember> getGroupDirectRichMembers(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Returns direct group members in the RichMember object, which contains Member+User data.- Parameters:
sess
- sessiongroup
- group- Returns:
- list of direct RichMembers
- Throws:
InternalErrorException
- internal errorPrivilegeException
- insufficient permissionGroupNotExistsException
- when group does not exist
-
getGroupMemberById
Member getGroupMemberById(PerunSession sess, Group group, int memberId) throws NotGroupMemberException, GroupNotExistsException, PrivilegeException Get group member by member ID.- Parameters:
sess
-group
-memberId
-- Returns:
- Member
- Throws:
InternalErrorException
NotGroupMemberException
GroupNotExistsException
PrivilegeException
-
getGroupMembers
List<Member> getGroupMembers(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Return all group members.- Parameters:
perunSession
-group
-- Returns:
- list of members or empty list if the group is empty
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getGroupMembers
List<Member> getGroupMembers(PerunSession perunSession, Group group, Status status) throws PrivilegeException, GroupNotExistsException Return group members with specified vo membership status.- Parameters:
perunSession
-group
-status
-- Returns:
- list of members with specified membership status or empty list if no such member is found in group
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getGroupMembersCount
int getGroupMembersCount(PerunSession perunSession, Group group) throws GroupNotExistsException, PrivilegeException - Parameters:
perunSession
-group
-- Returns:
- count of members of specified group
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getGroupMembersCountsByGroupStatus
Map<MemberGroupStatus,Integer> getGroupMembersCountsByGroupStatus(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException Returns counts of group members by their group status.- Parameters:
sess
-group
-- Returns:
- map of member status in group to count of group members with the status
- Throws:
GroupNotExistsException
- when the group doesn't existPrivilegeException
-
getGroupMembersCountsByVoStatus
Map<Status,Integer> getGroupMembersCountsByVoStatus(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException Returns counts of group members by their status in VO.- Parameters:
sess
-group
-- Returns:
- map of member status in VO to count of group members with the status
- Throws:
GroupNotExistsException
- when the group doesn't existPrivilegeException
-
getGroupRichMembers
List<RichMember> getGroupRichMembers(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Returns group members in the RichMember object, which contains Member+User data.- Parameters:
sess
-group
-- Returns:
- list of RichMembers
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getGroupRichMembers
List<RichMember> getGroupRichMembers(PerunSession sess, Group group, Status status) throws PrivilegeException, GroupNotExistsException Returns group members with specified membership status in the RichMember object, which contains Member+User data.- Parameters:
sess
-group
-status
-- Returns:
- list of RichMembers
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getGroupRichMembersByIds
List<RichMember> getGroupRichMembersByIds(PerunSession sess, int groupId, List<Integer> memberIds, List<String> attrNames) throws GroupNotExistsException, PrivilegeException, AttributeNotExistsException Returns list of RichMembers with requested attributes by their member IDs from given group. Skips invalid member IDs (unknown or not members of group). Supports member, member-group (stored in memberAttributes) and user attributes (stored in userAttributes).- Parameters:
sess
- perun sessiongroupId
- group idmemberIds
- ids of members to include in resultattrNames
- names of attributes to include in RichMembers- Returns:
- list of RichMembers
- Throws:
GroupNotExistsException
PrivilegeException
AttributeNotExistsException
-
getGroupRichMembersWithAttributes
List<RichMember> getGroupRichMembersWithAttributes(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Returns group members in the RichMember object, which contains Member+User data. Also contains user and member attributes.- Parameters:
sess
-group
-- Returns:
- list of RichMembers
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getGroupRichMembersWithAttributes
List<RichMember> getGroupRichMembersWithAttributes(PerunSession sess, Group group, Status status) throws PrivilegeException, GroupNotExistsException Returns group members with specified membership status in the RichMember object, which contains Member+User data. Also contains user and member attributes.- Parameters:
sess
-group
-status
-- Returns:
- list of RichMembers
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getGroupUnions
List<Group> getGroupUnions(PerunSession sess, Group group, boolean reverseDirection) throws GroupNotExistsException, PrivilegeException Get list of group unions for specified group.- Parameters:
sess
- perun sessiongroup
- groupreverseDirection
- if false get all operand groups of requested result group if true get all result groups of requested operand group- Returns:
- list of groups.
- Throws:
GroupNotExistsException
InternalErrorException
PrivilegeException
-
getGroups
Get groups of users under the VO by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all groups - GROUPADMIN : only groups where user is GroupAdmin- Parameters:
sess
-vo
- vo- Returns:
- list of groups
- Throws:
InternalErrorException
VoNotExistsException
PrivilegeException
-
getGroupsByIds
Search for the groups with specified ids in all VOs.- Parameters:
perunSession
-ids
-- Returns:
- groups with specified ids
- Throws:
InternalErrorException
PrivilegeException
-
getGroupsCount
- Parameters:
sess
-vo
-- Returns:
- count of VO's groups
- Throws:
InternalErrorException
PrivilegeException
VoNotExistsException
-
getGroupsCount
Get count of all groups- Parameters:
sess
-- Returns:
- count of all groups
- Throws:
InternalErrorException
-
getGroupsPage
Paginated<RichGroup> getGroupsPage(PerunSession sess, Vo vo, GroupsPageQuery query, List<String> attrNames) throws VoNotExistsException, PrivilegeException, MemberNotExistsException, GroupNotExistsException, MemberGroupMismatchException Get page of groups from the given vo.- Parameters:
sess
- sessionvo
- voquery
- query with page informationattrNames
- attribute names- Returns:
- page of requested rich groups
- Throws:
VoNotExistsException
PrivilegeException
MemberNotExistsException
GroupNotExistsException
MemberGroupMismatchException
-
getGroupsWhereMemberIsActive
List<Group> getGroupsWhereMemberIsActive(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Returns all member's groups where member is in active state (is valid there) Excluded members group.- Parameters:
sess
- perun sessionmember
- member to get groups for- Returns:
- list of groups where member is in active state (valid)
- Throws:
MemberNotExistsException
- member in parameter not exists in perunPrivilegeException
- user is not privileged to call this methodInternalErrorException
-
getGroupsWhereMemberIsInactive
List<Group> getGroupsWhereMemberIsInactive(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Returns all member's groups where member is in inactive state (it is not valid and it is expired there) Excluded members group.- Parameters:
sess
- perun sessionmember
- member to get groups for- Returns:
- list of groups where member is in inactive state (expired)
- Throws:
MemberNotExistsException
- member in parameter not exists in perunPrivilegeException
- user is not privileged to call this methodInternalErrorException
-
getGroupsWhereUserIsActiveMember
List<Group> getGroupsWhereUserIsActiveMember(PerunSession session, User user, Vo vo) throws VoNotExistsException, UserNotExistsException, PrivilegeException Returns groups in which the user is active member. Groups are looked up only for the specified VO- Parameters:
session
- sessionuser
- user objectvo
- VO object- Returns:
- List of groups
- Throws:
VoNotExistsException
UserNotExistsException
PrivilegeException
-
getInactiveGroupMembers
List<Member> getInactiveGroupMembers(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Return all members of the group who are inactive (expired) in the group.Do not return active members of the group.
- Parameters:
perunSession
- perun sessiongroup
- to get members from- Returns:
- list of inactive (expired) members
- Throws:
InternalErrorException
PrivilegeException
- insufficient permissionGroupNotExistsException
- when group does not exist
-
getIndirectMembershipPaths
List<List<Group>> getIndirectMembershipPaths(PerunSession sess, Member member, Group group) throws MemberNotExistsException, GroupNotExistsException, PrivilegeException Get unique paths of groups via which member is indirectly included to the group. Cuts off after first included group.- Parameters:
sess
- perun sessionmember
- membergroup
- group in which the member is indirectly included- Returns:
- lists of groups [CURRENT GROUP -> SUBGROUP -> ... -> MEMBER'S SOURCE GROUP]
- Throws:
MemberNotExistsException
GroupNotExistsException
PrivilegeException
-
getMemberGroups
List<Group> getMemberGroups(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Returns all member's groups. Except members groups.- Parameters:
sess
-member
-- Returns:
- Throws:
InternalErrorException
PrivilegeException
MemberNotExistsException
-
getMemberGroupsByAttribute
List<Group> getMemberGroupsByAttribute(PerunSession sess, Member member, Attribute attribute) throws PrivilegeException, WrongAttributeAssignmentException, MemberNotExistsException, AttributeNotExistsException Method return list of groups for selected member which (groups) has set specific attribute. Attribute can be only from namespace "GROUP"- Parameters:
sess
- sessmember
- memerattribute
- attribute from "GROUP" namespace- Returns:
- list of groups which contain member and have attribute with same value
- Throws:
InternalErrorException
PrivilegeException
WrongAttributeAssignmentException
MemberNotExistsException
AttributeNotExistsException
-
getMemberRichGroupsWithAttributesByNames
@Deprecated List<RichGroup> getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames) throws MemberNotExistsException, PrivilegeException Deprecated.Return all RichGroups for specified member, containing selected attributes. "members" group is not included.Supported are attributes from these namespaces: - group - member-group
- Parameters:
sess
- internal sessionmember
- the member to get the rich groups forattrNames
- list of selected attributes from supported namespaces- Returns:
- list of rich groups with selected attributes
- Throws:
InternalErrorException
MemberNotExistsException
PrivilegeException
-
getMemberRichGroupsWithAttributesByNames
List<RichGroup> getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) throws MemberNotExistsException, PrivilegeException Return all RichGroups for specified member, containing selected attributes filtered by role and its type. "members" group is not included.Supported are attributes from these namespaces: - group - member-group
- Parameters:
sess
- internal sessionmember
- the member to get the rich groups forattrNames
- list of selected attributes from supported namespacesroles
- list of selected roles (if empty, then return groups by all roles)types
- list of selected types of roles (if empty, then return by roles of all types)- Returns:
- list of rich groups with selected attributes
- Throws:
InternalErrorException
MemberNotExistsException
PrivilegeException
-
getParentGroup
Group getParentGroup(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException, ParentGroupNotExistsException Get parent group. If group is topLevel group or Members group, return Members group.- Parameters:
sess
-group
-- Returns:
- parent group
- Throws:
InternalErrorException
GroupNotExistsException
ParentGroupNotExistsException
PrivilegeException
-
getParentGroupMembers
List<Member> getParentGroupMembers(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Get members from parent group. If the parent group doesn't exist (this is top level group) return all VO (from which the group is) members instead.- Parameters:
sess
-group
-- Returns:
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getParentGroupRichMembers
List<RichMember> getParentGroupRichMembers(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Get members form the parent group in RichMember format.- Parameters:
sess
-group
-- Returns:
- list of parent group rich members
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getParentGroupRichMembersWithAttributes
List<RichMember> getParentGroupRichMembersWithAttributes(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Get members form the parent group in RichMember format including user/member attributes.- Parameters:
sess
-group
-- Returns:
- list of parent group rich members
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getRichAdmins
@Deprecated List<RichUser> getRichAdmins(PerunSession perunSession, Group group, List<String> specificAttributes, boolean allUserAttributes, boolean onlyDirectAdmins) throws UserNotExistsException, PrivilegeException, GroupNotExistsException Deprecated.Gets list of all richUser administrators of this group. If some group is administrator of the given group, all VALID members are included in the list.Supported roles: GroupAdmin
If "onlyDirectAdmins" is "true", return only direct users of the group for supported role with specific attributes. If "allUserAttributes" is "true", do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes.
- Parameters:
perunSession
-group
-specificAttributes
- list of specified attributes which are needed in object richUserallUserAttributes
- if true, get all possible user attributes and ignore list of specificAttributes (if false, get only specific attributes)onlyDirectAdmins
- if true, get only direct user administrators (if false, get both direct and indirect)- Returns:
- list of RichUser administrators for the group and supported role with attributes
- Throws:
InternalErrorException
PrivilegeException
UserNotExistsException
GroupNotExistsException
-
getRichAdmins
@Deprecated List<RichUser> getRichAdmins(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of all administrators of this group like RichUsers without attributes.- Parameters:
perunSession
-group
-- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getRichAdminsWithAttributes
@Deprecated List<RichUser> getRichAdminsWithAttributes(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException, UserNotExistsException Deprecated.Gets list of all administrators of this group like RichUsers with attributes.- Parameters:
perunSession
-group
-- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
UserNotExistsException
-
getRichAdminsWithSpecificAttributes
@Deprecated List<RichUser> getRichAdminsWithSpecificAttributes(PerunSession perunSession, Group group, List<String> specificAttributes) throws PrivilegeException, GroupNotExistsException Deprecated.Get list of Group administrators with specific attributes. From list of specificAttributes get all Users Attributes and find those for every RichAdmin (only, other attributes are not searched)- Parameters:
perunSession
-group
-specificAttributes
-- Returns:
- list of RichUsers with specific attributes.
- Throws:
InternalErrorException
PrivilegeException
VoNotExistsException
GroupNotExistsException
-
getRichGroupByIdWithAttributesByNames
RichGroup getRichGroupByIdWithAttributesByNames(PerunSession sess, int groupId, List<String> attrNames) throws GroupNotExistsException, PrivilegeException Return RichGroup selected by id containing selected attributes- Parameters:
sess
-groupId
-attrNames
- if attrNames is null method will return RichGroup containing all attributes- Returns:
- RichGroup
- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
-
getRichGroupsAssignedToResourceWithAttributesByNames
List<RichGroup> getRichGroupsAssignedToResourceWithAttributesByNames(PerunSession sess, Resource resource, List<String> attrNames) throws ResourceNotExistsException, PrivilegeException Get list of all richGroups with selected attributes assigned to resource. Allowed namespaces of attributes are group and group-resource.Last step is filtration of attributes: Attributes are filtered by rights of user in session. User get only those selected attributes he has rights to read.
- Parameters:
sess
-resource
- resource to get assigned groups forattrNames
- list of selected attribute names, if it is null, return all possible non-empty attributes, empty list in attrNames means - no attributes needed- Returns:
- list of RichGroup objects with specific attributes specified by object Resource and object Member.
- Throws:
InternalErrorException
ResourceNotExistsException
PrivilegeException
-
getRichGroupsAssignedToResourceWithAttributesByNames
List<RichGroup> getRichGroupsAssignedToResourceWithAttributesByNames(PerunSession sess, Member member, Resource resource, List<String> attrNames) throws ResourceNotExistsException, PrivilegeException, MemberNotExistsException Get list of all richGroups with selected attributes assigned to the resource filtered by specific member. Allowed namespaces of attributes are group, group-resource, member-groupLast step is filtration of attributes: Attributes are filtered by rights of user in session. User get only those selected attributes he has rights to read.
- Parameters:
sess
-member
- member used for filtering returned groups (groups have to contain this member to be returned)resource
- resource to get assigned groups forattrNames
- list of selected attribute names, if it is null, return all possible non-empty attributes, empty list in attrNames means - no attributes needed- Returns:
- list of RichGroup objects with specific attributes specified by object Resource and object Member
- Throws:
InternalErrorException
MemberNotExistsException
ResourceNotExistsException
PrivilegeException
-
getRichSubGroupsWithAttributesByNames
List<RichGroup> getRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames) throws GroupNotExistsException, PrivilegeException Return RichSubGroups in parentGroup (only 1 level subgroups) containing selected attributes- Parameters:
sess
-parentGroup
-attrNames
- if attrNames is null method will return RichGroups containing all attributes- Returns:
- List of RichGroups
- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
-
getSubGroups
List<Group> getSubGroups(PerunSession sess, Group parentGroup) throws PrivilegeException, GroupNotExistsException Get all subgroups of the parent group under the VO.- Parameters:
sess
-parentGroup
- parent group- Returns:
- list of groups
- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
-
getSubGroupsCount
int getSubGroupsCount(PerunSession sess, Group parentGroup) throws PrivilegeException, GroupNotExistsException Returns number of immediate subgroups of the parent group.- Parameters:
sess
-parentGroup
-- Returns:
- count of parent group immediate subgroups
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
-
getSubgroupsPage
Paginated<RichGroup> getSubgroupsPage(PerunSession sess, Group group, GroupsPageQuery query, List<String> attrNames) throws GroupNotExistsException, PrivilegeException Get page of subgroups from the given parent group.- Parameters:
sess
- sessiongroup
- parent groupquery
- query with page informationattrNames
- attribute names- Returns:
- page of requested rich groups
- Throws:
GroupNotExistsException
PrivilegeException
-
getVo
Gets the Vo which is owner of the group.- Parameters:
sess
-group
-- Returns:
- Vo which is owner of the group.
- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
-
isAllowedGroupToHierarchicalVo
boolean isAllowedGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException Returns flag representing if the group can be included in the (parent) vo's groups- Parameters:
sess
- perun sessiongroup
- groupvo
- parent vo- Returns:
- true if group can be included in vo's groups, false otherwise
- Throws:
VoNotExistsException
- if vo does not existGroupNotExistsException
- if group does not existPrivilegeException
- insufficient rights
-
isDirectGroupMember
boolean isDirectGroupMember(PerunSession sess, Group group, Member member) throws GroupNotExistsException, PrivilegeException Return true if Member is direct member of the Group- Parameters:
sess
- sessiongroup
- group where the membership is to be checkedmember
- member whose membership is to be checked- Returns:
- true if Member is direct member of the Group
- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
-
isGroupLastAdminInSomeFacility
List<Group> isGroupLastAdminInSomeFacility(PerunSession sess, List<Group> groups) throws GroupNotExistsException, PrivilegeException Check whether some of the groups supply the last FACILITYADMIN in some facility, return the groups that do. Such facilities could upon removal of the group be left without a person to manage them.- Parameters:
sess
- sessiongroups
- groups to check- Returns:
- list of groups which supply last FACILITYADMIN in some facility
- Throws:
GroupNotExistsException
- group does not existPrivilegeException
- insufficient rights
-
isGroupLastAdminInSomeVo
List<Group> isGroupLastAdminInSomeVo(PerunSession sess, List<Group> groups) throws GroupNotExistsException, PrivilegeException Check whether some of the groups supply the last VOADMIN in some vo, return the groups that do. Such vos could upon removal of the group be left without a person to manage them.- Parameters:
sess
- sessiongroups
- groups to check- Returns:
- list of groups which supply last VOADMIN in some facility
- Throws:
GroupNotExistsException
- group does not existPrivilegeException
- insufficient rights
-
isGroupMember
boolean isGroupMember(PerunSession sess, Group group, Member member) throws PrivilegeException, GroupNotExistsException, MemberNotExistsException Return true if Member is member of the Group- Parameters:
sess
-group
-member
-- Returns:
- true if Member is member of the Group
- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
MemberNotExistsException
-
moveGroup
void moveGroup(PerunSession sess, Group destinationGroup, Group movingGroup) throws GroupNotExistsException, PrivilegeException, GroupMoveNotAllowedException, WrongAttributeValueException, WrongReferenceAttributeValueException, ExternallyManagedException Move one group structure under another group in same vo or as top level group- Parameters:
sess
- perun sessiondestinationGroup
- group to which is moving group moved, if it's null group will be moved as top level groupmovingGroup
- group which is moved to destination group- Throws:
InternalErrorException
GroupNotExistsException
PrivilegeException
WrongAttributeValueException
WrongReferenceAttributeValueException
GroupMoveNotAllowedException
ExternallyManagedException
-
removeAdmin
void removeAdmin(PerunSession perunSession, Group group, User user) throws PrivilegeException, GroupNotExistsException, UserNotAdminException, UserNotExistsException, RoleCannotBeManagedException Removes a user administrator form the group.- Parameters:
perunSession
-group
-user
-- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
UserNotAdminException
UserNotExistsException
RoleCannotBeManagedException
-
removeAdmin
void removeAdmin(PerunSession perunSession, Group group, Group authorizedGroup) throws PrivilegeException, GroupNotExistsException, GroupNotAdminException, RoleCannotBeManagedException Removes a group administrator of the group.- Parameters:
perunSession
-group
-authorizedGroup
- group that will be removed the privilege- Throws:
InternalErrorException
PrivilegeException
GroupNotExistsException
GroupNotAdminException
RoleCannotBeManagedException
-
removeGroupUnion
void removeGroupUnion(PerunSession sess, Group resultGroup, Group operandGroup) throws GroupNotExistsException, PrivilegeException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, ExternallyManagedException Removes a union relation between two groups. All indirect members that originate from operand group are removed from result group.- Parameters:
sess
- perun sessionresultGroup
- group from which members are removedoperandGroup
- group which members are removed from result group- Throws:
GroupNotExistsException
InternalErrorException
GroupRelationDoesNotExist
GroupRelationCannotBeRemoved
PrivilegeException
ExternallyManagedException
-
removeGroupUnions
void removeGroupUnions(PerunSession sess, Group resultGroup, List<Group> operandGroups) throws GroupNotExistsException, PrivilegeException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, ExternallyManagedException Removes a union relations between groups. All indirect members that originate from operand groups are removed from result group.- Parameters:
sess
- perun sessionresultGroup
- group from which members are removedoperandGroups
- groups which members are removed from result group- Throws:
GroupNotExistsException
InternalErrorException
GroupRelationDoesNotExist
GroupRelationCannotBeRemoved
PrivilegeException
ExternallyManagedException
-
removeMember
void removeMember(PerunSession perunSession, Group group, Member member) throws MemberNotExistsException, NotGroupMemberException, PrivilegeException, GroupNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Removes member form the group.- Parameters:
perunSession
-group
- group, from which the member is to be removedmember
- Member to be removed- Throws:
InternalErrorException
PrivilegeException
MemberNotExistsException
- when member doesn't existNotGroupMemberException
- when member is not in the groupGroupNotExistsException
- when the group doesn't existWrongAttributeAssignmentException
- when assigning atribute to wrong entityAttributeNotExistsException
- when attribute doesn't existExternallyManagedException
- when the group is externally managed
-
removeMember
void removeMember(PerunSession perunSession, Member member, List<Group> groups) throws MemberNotExistsException, NotGroupMemberException, PrivilegeException, GroupNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Removes a member from a list of groups.- Parameters:
perunSession
-member
- Member to be removedgroups
- list of groups, from which the member is to be removed, can be empty- Throws:
InternalErrorException
PrivilegeException
MemberNotExistsException
- when member doesn't existNotGroupMemberException
- when member is not in the groupGroupNotExistsException
- when the group doesn't existWrongAttributeAssignmentException
- when assigning atribute to wrong entityAttributeNotExistsException
- when attribute doesn't existExternallyManagedException
- when the group is externally managed
-
removeMembers
void removeMembers(PerunSession perunSession, Group group, List<Member> members) throws MemberNotExistsException, NotGroupMemberException, PrivilegeException, GroupNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Removes members from a group.- Parameters:
perunSession
-group
- group, from which the members are to be removedmembers
- list of members to be removed, can be empty- Throws:
InternalErrorException
PrivilegeException
MemberNotExistsException
- when member doesn't existNotGroupMemberException
- when member is not in the groupGroupNotExistsException
- when the group doesn't existWrongAttributeAssignmentException
- when assigning atribute to wrong entityAttributeNotExistsException
- when attribute doesn't existExternallyManagedException
- when the group is externally managed
-
setMemberGroupStatus
Member setMemberGroupStatus(PerunSession sess, Member member, Group group, MemberGroupStatus status) throws GroupNotExistsException, MemberNotExistsException, PrivilegeException, NotGroupMemberException Set Members Group status for specified DIRECT member and group. Member with newly calculated group membership status is returned.Please note, that if member is also sourced from sub-groups or groups in relation and has VALID status in any of them, then resulting status is still VALID. In order to really expire such member is to set EXPIRED status also to all sourcing sub-groups or groups in relation.
- Parameters:
sess
- perun sessionmember
- member to set status forgroup
- group to set status instatus
- status to set (VALID/EXPIRED)- Returns:
- Member with newly calculated status.
- Throws:
GroupNotExistsException
MemberNotExistsException
PrivilegeException
NotGroupMemberException
-
suspendGroupSynchronization
Suspend synchronizing groups and their structures. Groups being currently synchronized will finish.- Parameters:
sess
- sessionsuspend
- whether to suspend or unsuspend- Throws:
PrivilegeException
-
isSuspendedGroupSynchronization
Check if synchronizing groups is suspended.- Returns:
- True if suspended, false if synchronizing
- Throws:
PrivilegeException
-
synchronizeGroups
Synchronize all groups which have enabled synchronization. This method is run by the scheduler every 5 minutes. -
synchronizeGroupsStructures
Synchronize all groups structures (with members) which have enabled group structure synchronization. This method is run by the scheduler every 5 minutes. -
updateGroup
Group updateGroup(PerunSession perunSession, Group group) throws GroupNotExistsException, GroupExistsException, PrivilegeException Updates group by ID.Update shortName (use shortName) and description. Group.name is ignored. Return Group with correctly set parameters (including group.name)
- Parameters:
perunSession
-group
- to update (use only ID, shortName and description)- Returns:
- updated group with correctly set parameters (including group.name)
- Throws:
InternalErrorException
GroupNotExistsException
GroupExistsException
- if group with same name already exists in the same VOPrivilegeException
-