Package cz.metacentrum.perun.core.api
Interface GroupsManager
- All Known Implementing Classes:
GroupsManagerEntry
public interface GroupsManager
Groups manager can do all work about groups in VOs.
You must get an instance of GroupsManager from instance of Perun (perun si singleton - see how to get it's instance on wiki):
GroupsManager gm = perun.getGroupsManager();
- Author:
- Michal Prochazka, Slavek Licehammer
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final String -
Method Summary
Modifier and TypeMethodDescriptionvoidaddAdmin(PerunSession perunSession, Group group, Group authorizedGroup) Adds a group administrator to the group.voidaddAdmin(PerunSession perunSession, Group group, User user) Adds a user administrator of the group.voidaddMember(PerunSession perunSession, Group group, Member member) Adds member of the VO to the group in the same VO.voidaddMember(PerunSession perunSession, List<Group> groups, Member member) Adds member of the VO to the groups in the same VO.voidaddMembers(PerunSession perunSession, Group group, List<Member> members) Adds members of the VO to the group in the same VO.voidallowGroupsToHierarchicalVo(PerunSession sess, List<Group> groups, Vo vo) Sets flag required for including groups to parent vo in a vo hierarchy.voidallowGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) Sets flag required for including group to parent vo in a vo hierarchy.booleancanExtendMembershipInGroup(PerunSession sess, Member member, Group group) Returns true if member in given group can extend membership or if no rules were set for the membershipExpirationbooleancanExtendMembershipInGroupWithReason(PerunSession sess, Member member, Group group) Returns true if member in given group can extend membership or throws exception with reason why use can't extends membershipvoidcopyMembers(PerunSession sess, Group sourceGroup, List<Group> destinationGroups, List<Member> members) Copies direct members from one group to other groups in the same VO.createGroup(PerunSession perunSession, Group parentGroup, Group group) Creates a new subgroup of the existing group.createGroup(PerunSession perunSession, Vo vo, Group group) Creates a new top-level group and associates it with the VO from parameter.createGroupUnion(PerunSession sess, Group resultGroup, Group operandGroup) Performs union operation on two groups.voiddeleteAllGroups(PerunSession perunSession, Vo vo) Deletes all groups under the VO except built-in groups (members, admins groups).voiddeleteGroup(PerunSession perunSession, Group group) Deletes group only if has no subgroups and no members.voiddeleteGroup(PerunSession perunSession, Group group, boolean forceDelete) If forceDelete is false, delete only group and if this group has members or subgroups, throw an exception.voiddeleteGroups(PerunSession perunSession, List<Group> groups, boolean forceDelete) Delete all groups in list from perun.voiddisallowGroupsToHierarchicalVo(PerunSession sess, List<Group> groups, Vo vo) Unsets flag required for including groups to parent vo in a vo hierarchyvoiddisallowGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) Unsets flag required for including group to parent vo in a vo hierarchyvoidextendMembershipInGroup(PerunSession sess, Member member, Group group) Extend member membership in given group using membershipExpirationRules attribute defined in Group.voidforceAllSubGroupsSynchronization(PerunSession sess, Group group) Force synchronization for all subgroups (recursively - whole tree) of the group (useful for group structure)voidforceGroupStructureSynchronization(PerunSession sess, Group group) Puts the group on the first place to the queue of groups waiting for group structure synchronization.voidforceGroupSynchronization(PerunSession sess, Group group) Synchronizes the group with the external group.getActiveGroupMembers(PerunSession perunSession, Group group) Return all members of the group who are active (valid) in the group.getAdminGroups(PerunSession perunSession, Group group) Deprecated.getAdmins(PerunSession perunSession, Group group) Deprecated.getAdmins(PerunSession perunSession, Group group, boolean onlyDirectAdmins) Deprecated.Returns all groups which can be included to VO.getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo, Vo memberVo) Returns groups which can be included to VO from specific member VO.getAllGroups(PerunSession sess) Get all groups from all vos.getAllGroups(PerunSession sess, Vo vo) Get groups of Vo by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all groups in vo - GROUPADMIN : only groups where user is admingetAllGroupsWhereMemberIsActive(PerunSession sess, Member member) Returns all member's groups where member is in active state (is valid there) Included members group.getAllGroupsWithHierarchy(PerunSession sess, Vo vo) Get groups of the VO stored in the map reflecting the hierarchy by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all Groups - GROUPADMIN : only groups where user is groupAdmingetAllMemberGroups(PerunSession sess, Member member) Return all member's groups.getAllRichGroups(PerunSession sess) Get all groups with all attributes.getAllRichGroups(PerunSession sess, List<String> attrNames) Get all groups with their specified attributes.getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames) Deprecated.getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) Return all RichGroups containing selected attributes filtered by role and its typegetAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames) Deprecated.getAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) Return all RichSubGroups in parentGroup (all levels sub groups) containing selected attributes filtered by role and its type,getAllSubGroups(PerunSession sess, Group parentGroup) Get all subgroups of the parentGroup recursively.getDirectAdmins(PerunSession perunSession, Group group) Deprecated.getDirectRichAdminsWithSpecificAttributes(PerunSession perunSession, Group group, List<String> specificAttributes) Deprecated.getGroupById(PerunSession perunSession, int id) Search for the group with specified id in all VOs.getGroupByName(PerunSession perunSession, Vo vo, String name) Search for the group with specified name in specified VO.getGroupDirectMembers(PerunSession perunSession, Group group) Return all direct group members.intgetGroupDirectMembersCount(PerunSession sess, Group group) Returns count of direct members in the groupgetGroupDirectRichMembers(PerunSession sess, Group group) Returns direct group members in the RichMember object, which contains Member+User data.getGroupMemberById(PerunSession sess, Group group, int memberId) Get group member by member ID.getGroupMembers(PerunSession perunSession, Group group) Return all group members.getGroupMembers(PerunSession perunSession, Group group, Status status) Return group members with specified vo membership status.intgetGroupMembersCount(PerunSession perunSession, Group group) getGroupMembersCountsByGroupStatus(PerunSession sess, Group group) Returns counts of group members by their group status.getGroupMembersCountsByVoStatus(PerunSession sess, Group group) Returns counts of group members by their status in VO.getGroupRichMembers(PerunSession sess, Group group) Returns group members in the RichMember object, which contains Member+User data.getGroupRichMembers(PerunSession sess, Group group, Status status) Returns group members with specified membership status in the RichMember object, which contains Member+User data.getGroupRichMembersByIds(PerunSession sess, int groupId, List<Integer> memberIds, List<String> attrNames) Returns list of RichMembers with requested attributes by their member IDs from given group.getGroupRichMembersWithAttributes(PerunSession sess, Group group) Returns group members in the RichMember object, which contains Member+User data.getGroupRichMembersWithAttributes(PerunSession sess, Group group, Status status) Returns group members with specified membership status in the RichMember object, which contains Member+User data.getGroups(PerunSession sess, Vo vo) Get groups of users under the VO by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all groups - GROUPADMIN : only groups where user is GroupAdmingetGroupsByIds(PerunSession perunSession, List<Integer> ids) Search for the groups with specified ids in all VOs.intgetGroupsCount(PerunSession sess) Get count of all groupsintgetGroupsCount(PerunSession sess, Vo vo) getGroupsPage(PerunSession sess, Vo vo, GroupsPageQuery query, List<String> attrNames) Get page of groups from the given vo.getGroupsWhereMemberIsActive(PerunSession sess, Member member) Returns all member's groups where member is in active state (is valid there) Excluded members group.getGroupsWhereMemberIsInactive(PerunSession sess, Member member) Returns all member's groups where member is in inactive state (it is not valid and it is expired there) Excluded members group.getGroupsWhereUserIsActiveMember(PerunSession session, User user, Vo vo) Returns groups in which the user is active member.getGroupUnions(PerunSession sess, Group group, boolean reverseDirection) Get list of group unions for specified group.getInactiveGroupMembers(PerunSession perunSession, Group group) Return all members of the group who are inactive (expired) in the group.getIndirectMembershipPaths(PerunSession sess, Member member, Group group) Get unique paths of groups via which member is indirectly included to the group.getMemberGroups(PerunSession sess, Member member) Returns all member's groups.getMemberGroupsByAttribute(PerunSession sess, Member member, Attribute attribute) Method return list of groups for selected member which (groups) has set specific attribute.getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames) Deprecated.getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) Return all RichGroups for specified member, containing selected attributes filtered by role and its type.getParentGroup(PerunSession sess, Group group) Get parent group.getParentGroupMembers(PerunSession sess, Group group) Get members from parent group.getParentGroupRichMembers(PerunSession sess, Group group) Get members form the parent group in RichMember format.getParentGroupRichMembersWithAttributes(PerunSession sess, Group group) Get members form the parent group in RichMember format including user/member attributes.getRichAdmins(PerunSession perunSession, Group group) Deprecated.getRichAdmins(PerunSession perunSession, Group group, List<String> specificAttributes, boolean allUserAttributes, boolean onlyDirectAdmins) Deprecated.getRichAdminsWithAttributes(PerunSession perunSession, Group group) Deprecated.getRichAdminsWithSpecificAttributes(PerunSession perunSession, Group group, List<String> specificAttributes) Deprecated.getRichGroupByIdWithAttributesByNames(PerunSession sess, int groupId, List<String> attrNames) Return RichGroup selected by id containing selected attributesgetRichGroupsAssignedToResourceWithAttributesByNames(PerunSession sess, Member member, Resource resource, List<String> attrNames) Get list of all richGroups with selected attributes assigned to the resource filtered by specific member.getRichGroupsAssignedToResourceWithAttributesByNames(PerunSession sess, Resource resource, List<String> attrNames) Get list of all richGroups with selected attributes assigned to resource.getRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames) Return RichSubGroups in parentGroup (only 1 level subgroups) containing selected attributesgetSubGroups(PerunSession sess, Group parentGroup) Get all subgroups of the parent group under the VO.intgetSubGroupsCount(PerunSession sess, Group parentGroup) Returns number of immediate subgroups of the parent group.getSubgroupsPage(PerunSession sess, Group group, GroupsPageQuery query, List<String> attrNames) Get page of subgroups from the given parent group.getVo(PerunSession sess, Group group) Gets the Vo which is owner of the group.booleanisAllowedGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) Returns flag representing if the group can be included in the (parent) vo's groupsbooleanisDirectGroupMember(PerunSession sess, Group group, Member member) Return true if Member is direct member of the GroupbooleanisGroupMember(PerunSession sess, Group group, Member member) Return true if Member is member of the GroupvoidmoveGroup(PerunSession sess, Group destinationGroup, Group movingGroup) Move one group structure under another group in same vo or as top level groupvoidremoveAdmin(PerunSession perunSession, Group group, Group authorizedGroup) Removes a group administrator of the group.voidremoveAdmin(PerunSession perunSession, Group group, User user) Removes a user administrator form the group.voidremoveGroupUnion(PerunSession sess, Group resultGroup, Group operandGroup) Removes a union relation between two groups.voidremoveMember(PerunSession perunSession, Group group, Member member) Removes member form the group.voidremoveMember(PerunSession perunSession, Member member, List<Group> groups) Removes a member from a list of groups.voidremoveMembers(PerunSession perunSession, Group group, List<Member> members) Removes members from a group.setMemberGroupStatus(PerunSession sess, Member member, Group group, MemberGroupStatus status) Set Members Group status for specified DIRECT member and group.voidSynchronize all groups which have enabled synchronization.voidSynchronize all groups structures (with members) which have enabled group structure synchronization.updateGroup(PerunSession perunSession, Group group) Updates group by ID.
-
Field Details
-
GROUPSQUERY_ATTRNAME
- See Also:
-
GROUPMEMBERSQUERY_ATTRNAME
- See Also:
-
GROUPMEMBERSFILTER_ATTRNAME
- See Also:
-
GROUPEXTSOURCE_ATTRNAME
- See Also:
-
GROUPMEMBERSEXTSOURCE_ATTRNAME
- See Also:
-
GROUPS_STRUCTURE_LOGIN_ATTRNAME
- See Also:
-
GROUPS_STRUCTURE_LOGIN_PREFIX_ATTRNAME
- See Also:
-
GROUPSYNCHROENABLED_ATTRNAME
- See Also:
-
GROUPS_STRUCTURE_SYNCHRO_ENABLED_ATTRNAME
- See Also:
-
GROUPSYNCHROINTERVAL_ATTRNAME
- See Also:
-
GROUP_STRUCTURE_SYNCHRO_INTERVAL_ATTRNAME
- See Also:
-
GROUPLIGHTWEIGHTSYNCHRONIZATION_ATTRNAME
- See Also:
-
GROUPAUTHORITATIVEGROUP_ATTRNAME
- See Also:
-
GROUP_FLAT_SYNCHRONIZATION_ATTRNAME
- See Also:
-
GROUP_SYNCHRO_TIMES_ATTRNAME
- See Also:
-
GROUP_STRUCTURE_SYNCHRO_TIMES_ATTRNAME
- See Also:
-
GROUP_START_OF_LAST_SUCCESSFUL_SYNC_ATTRNAME
- See Also:
-
GROUP_START_OF_LAST_SYNC_ATTRNAME
- See Also:
-
GROUP_MEMBERSHIP_EXPIRATION_RULES_ATTRNAME
- See Also:
-
GROUP_SYNCHRONIZATION_FILE_ATTRNAME
- See Also:
-
GROUP_SHORT_NAME_REGEXP
- See Also:
-
GROUP_FULL_NAME_REGEXP
- See Also:
-
-
Method Details
-
addAdmin
void addAdmin(PerunSession perunSession, Group group, User user) throws AlreadyAdminException, PrivilegeException, GroupNotExistsException, UserNotExistsException, RoleCannotBeManagedException, RoleCannotBeSetException Adds a user administrator of the group.- Parameters:
perunSession-group-user-- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsExceptionAlreadyAdminExceptionUserNotExistsExceptionRoleCannotBeManagedExceptionRoleCannotBeSetException
-
addAdmin
void addAdmin(PerunSession perunSession, Group group, Group authorizedGroup) throws AlreadyAdminException, PrivilegeException, GroupNotExistsException, RoleCannotBeManagedException, RoleCannotBeSetException Adds a group administrator to the group.- Parameters:
perunSession-group- - group that will be assigned admins (users) from authorizedGroupauthorizedGroup- - group that will be given the privilege- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsExceptionAlreadyAdminExceptionRoleCannotBeManagedExceptionRoleCannotBeSetException
-
addMember
void addMember(PerunSession perunSession, Group group, Member member) throws MemberNotExistsException, PrivilegeException, AlreadyMemberException, GroupNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Adds member of the VO to the group in the same VO.- Parameters:
perunSession-group-member-- Throws:
InternalErrorExceptionMemberNotExistsExceptionPrivilegeExceptionAlreadyMemberExceptionGroupNotExistsExceptionWrongAttributeValueException- if any member attribute value, required by resource (on which the group is assigned), is wrongWrongAttributeAssignmentExceptionAttributeNotExistsExceptionWrongReferenceAttributeValueExceptionExternallyManagedException
-
addMember
void addMember(PerunSession perunSession, List<Group> groups, Member member) throws MemberNotExistsException, PrivilegeException, AlreadyMemberException, GroupNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Adds member of the VO to the groups in the same VO.- Parameters:
perunSession-groups- list of groups, the member will be added tomember- member to be added- Throws:
InternalErrorExceptionMemberNotExistsExceptionPrivilegeExceptionAlreadyMemberExceptionGroupNotExistsExceptionWrongAttributeValueException- if any member attribute value, required by resource (on which the group is assigned), is wrongWrongAttributeAssignmentExceptionAttributeNotExistsExceptionWrongReferenceAttributeValueExceptionExternallyManagedException
-
addMembers
void addMembers(PerunSession perunSession, Group group, List<Member> members) throws MemberNotExistsException, PrivilegeException, AlreadyMemberException, GroupNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Adds members of the VO to the group in the same VO.- Parameters:
perunSession-group- list of groups, the member will be added tomembers- member to be added- Throws:
InternalErrorExceptionMemberNotExistsExceptionPrivilegeExceptionAlreadyMemberExceptionGroupNotExistsExceptionWrongAttributeValueException- if any member attribute value, required by resource (on which the group is assigned), is wrongWrongAttributeAssignmentExceptionAttributeNotExistsExceptionWrongReferenceAttributeValueExceptionExternallyManagedException
-
allowGroupToHierarchicalVo
void allowGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException, RelationNotExistsException, RelationExistsException Sets flag required for including group to parent vo in a vo hierarchy.- Parameters:
sess- perun sessiongroup- groupvo- parent vo- Throws:
VoNotExistsException- if vo does not existGroupNotExistsException- if group does not existPrivilegeException- insufficient rightsRelationNotExistsException- if group is not from parent vo's member vosRelationExistsException- if group is already allowed to be included to parent vo
-
allowGroupsToHierarchicalVo
void allowGroupsToHierarchicalVo(PerunSession sess, List<Group> groups, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException, RelationNotExistsException, RelationExistsException Sets flag required for including groups to parent vo in a vo hierarchy.- Parameters:
sess- perun sessiongroups- list of groupsvo- parent vo- Throws:
VoNotExistsException- if vo does not existGroupNotExistsException- if group does not existPrivilegeException- insufficient rightsRelationNotExistsException- if group is not from parent vo's member vosRelationExistsException- if group is already allowed to be included to parent vo
-
canExtendMembershipInGroup
boolean canExtendMembershipInGroup(PerunSession sess, Member member, Group group) throws MemberNotExistsException, GroupNotExistsException, PrivilegeException Returns true if member in given group can extend membership or if no rules were set for the membershipExpiration- Parameters:
sess- sessionmember- membergroup- group- Returns:
- true if given member can extend membership in given group or if no rules were set for the membership expiration, false otherwise
- Throws:
MemberNotExistsExceptionGroupNotExistsExceptionPrivilegeException
-
canExtendMembershipInGroupWithReason
boolean canExtendMembershipInGroupWithReason(PerunSession sess, Member member, Group group) throws MemberNotExistsException, GroupNotExistsException, PrivilegeException, ExtendMembershipException Returns true if member in given group can extend membership or throws exception with reason why use can't extends membership- Parameters:
sess- sessionmember- membergroup- group- Returns:
- true if given member can extend membership in given group or throws exception with reason why not
- Throws:
ExtendMembershipException- reason why user can't extend membershipMemberNotExistsExceptionGroupNotExistsExceptionPrivilegeException
-
copyMembers
void copyMembers(PerunSession sess, Group sourceGroup, List<Group> destinationGroups, List<Member> members) throws WrongReferenceAttributeValueException, WrongAttributeValueException, GroupNotExistsException, MemberNotExistsException, GroupGroupMismatchException, PrivilegeException, ExternallyManagedException, MemberGroupMismatchException Copies direct members from one group to other groups in the same VO. The members are copied without their member-group attributes. Copies all direct members if members list is empty or null.- Parameters:
sess- perun sessionsourceGroup- group to copy members fromdestinationGroups- groups to copy members tomembers- members to be copied- Throws:
WrongReferenceAttributeValueExceptionWrongAttributeValueExceptionGroupNotExistsException- when one of the groups does not existMemberNotExistsException- when one of the members does not existGroupGroupMismatchException- when the groups are not in the same VoPrivilegeExceptionExternallyManagedException- when destination group is managed from an external sourceMemberGroupMismatchException
-
createGroup
Group createGroup(PerunSession perunSession, Vo vo, Group group) throws GroupExistsException, PrivilegeException, VoNotExistsException Creates a new top-level group and associates it with the VO from parameter.For this method the new group has always same shortName like Name. Important: voId in object group is ignored
- Parameters:
perunSession-vo- to associates group withgroup- new group with name without ":"- Returns:
- newly created top-level group
- Throws:
InternalErrorException- if group.name contains ':' or other internal error occuredGroupExistsExceptionPrivilegeExceptionVoNotExistsException
-
createGroup
Group createGroup(PerunSession perunSession, Group parentGroup, Group group) throws GroupNotExistsException, GroupExistsException, PrivilegeException, GroupRelationNotAllowed, GroupRelationAlreadyExists, ExternallyManagedException Creates a new subgroup of the existing group.- Parameters:
perunSession-parentGroup-group- group.name must contain only shortName (without ":"). Hierarchy is defined by parentGroup parameter.- Returns:
- newly created sub group with full group.Name with ":"
- Throws:
InternalErrorException- if group.name contains ':' or other internal error occuredGroupNotExistsExceptionGroupExistsExceptionPrivilegeExceptionGroupRelationNotAllowedGroupRelationAlreadyExistsExternallyManagedException
-
createGroupUnion
Group createGroupUnion(PerunSession sess, Group resultGroup, Group operandGroup) throws GroupNotExistsException, PrivilegeException, GroupRelationNotAllowed, GroupRelationAlreadyExists, WrongAttributeValueException, WrongReferenceAttributeValueException, ExternallyManagedException, VoNotExistsException Performs union operation on two groups. Members from operand group are added to result group as indirect.- Parameters:
sess- perun sessionresultGroup- group to which members are addedoperandGroup- group from which members are taken- Returns:
- result group
- Throws:
InternalErrorExceptionGroupNotExistsExceptionGroupRelationNotAllowedGroupRelationAlreadyExistsPrivilegeExceptionWrongAttributeValueExceptionWrongReferenceAttributeValueExceptionVoNotExistsExceptionExternallyManagedException
-
deleteAllGroups
void deleteAllGroups(PerunSession perunSession, Vo vo) throws VoNotExistsException, PrivilegeException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved Deletes all groups under the VO except built-in groups (members, admins groups).- Parameters:
perunSession-vo- VO- Throws:
InternalErrorExceptionVoNotExistsExceptionPrivilegeExceptionGroupAlreadyRemovedException- if there is at least 1 group not affected by deleting from DBGroupAlreadyRemovedFromResourceException- if there is at least 1 group on resource affected by deleting from DBGroupRelationDoesNotExistGroupRelationCannotBeRemoved
-
deleteGroup
void deleteGroup(PerunSession perunSession, Group group, boolean forceDelete) throws GroupNotExistsException, PrivilegeException, RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, ExternallyManagedException If forceDelete is false, delete only group and if this group has members or subgroups, throw an exception. If forceDelete is true, delete group with all subgroups, members and administrators, then delete this group.- Parameters:
perunSession-group- group to deleteforceDelete- if forceDelete is false, delete group only if is empty and has no subgroups, if is true, delete anyway with all connections- Throws:
GroupNotExistsExceptionInternalErrorExceptionPrivilegeExceptionRelationExistsExceptionGroupAlreadyRemovedExceptionGroupAlreadyRemovedFromResourceExceptionGroupRelationDoesNotExistGroupRelationCannotBeRemovedExternallyManagedException
-
deleteGroup
void deleteGroup(PerunSession perunSession, Group group) throws GroupNotExistsException, PrivilegeException, RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, ExternallyManagedException Deletes group only if has no subgroups and no members. Other way throw exception. This method is same like deleteGroup(sess, group, false) with false for forceDelete- Parameters:
perunSession-group- group to delete- Throws:
GroupNotExistsExceptionInternalErrorExceptionPrivilegeExceptionRelationExistsExceptionGroupAlreadyRemovedExceptionGroupAlreadyRemovedFromResourceExceptionGroupRelationDoesNotExistGroupRelationCannotBeRemovedExternallyManagedException
-
deleteGroups
void deleteGroups(PerunSession perunSession, List<Group> groups, boolean forceDelete) throws GroupNotExistsException, PrivilegeException, GroupAlreadyRemovedException, RelationExistsException, GroupAlreadyRemovedFromResourceException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, ExternallyManagedException Delete all groups in list from perun. (Except members group)If forceDelete is false, delete groups only if none of them (IN MOMENT OF DELETING) has subgroups and members, in other case throw exception. if forceDelete is true, delete groups with all subgroups and members.
Groups are deleted in order: from longest name to the shortest - ex: Group A:b:c will be deleted sooner than Group A:b etc. - reason for this: with group are deleted its subgroups too
Important: Groups can be from different VOs.
- Parameters:
perunSession-groups- list of groups to deletedforceDelete- if forceDelete is false, delete groups only if all of them have no subgroups and no members, if is true, delete anyway with all connections- Throws:
GroupNotExistsException- If any group not exists in perunInternalErrorExceptionPrivilegeException- if user has no right to call delete operation on any of these groupsGroupAlreadyRemovedException- if any groups is already deletedRelationExistsException- raise if group has subgroups or member (forceDelete is false)GroupAlreadyRemovedFromResourceException- if any group is already removed from resourceGroupRelationDoesNotExistGroupRelationCannotBeRemovedExternallyManagedException
-
disallowGroupToHierarchicalVo
void disallowGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException, RelationNotExistsException Unsets flag required for including group to parent vo in a vo hierarchy- Parameters:
sess- perun sessiongroup- groupvo- parent vo- Throws:
VoNotExistsException- if vo does not existGroupNotExistsException- if group does not existPrivilegeException- insufficient rightsRelationNotExistsException- if group is not allowed to be included in parent vo
-
disallowGroupsToHierarchicalVo
void disallowGroupsToHierarchicalVo(PerunSession sess, List<Group> groups, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException, RelationNotExistsException Unsets flag required for including groups to parent vo in a vo hierarchy- Parameters:
sess- perun sessiongroups- list of groupsvo- parent vo- Throws:
VoNotExistsException- if vo does not existGroupNotExistsException- if group does not existPrivilegeException- insufficient rightsRelationNotExistsException- if group is not allowed to be included in parent vo
-
extendMembershipInGroup
void extendMembershipInGroup(PerunSession sess, Member member, Group group) throws ExtendMembershipException, PrivilegeException, MemberNotExistsException, GroupNotExistsException Extend member membership in given group using membershipExpirationRules attribute defined in Group.- Parameters:
sess- sessionmember- membergroup- group- Throws:
InternalErrorException- internal errorExtendMembershipException- extend membership exceptionPrivilegeExceptionMemberNotExistsExceptionGroupNotExistsException
-
forceAllSubGroupsSynchronization
void forceAllSubGroupsSynchronization(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException Force synchronization for all subgroups (recursively - whole tree) of the group (useful for group structure)- Parameters:
sess-group- the group where all its subgroups will be forced to synchronize- Throws:
PrivilegeException- user is not privileged to call this methodGroupNotExistsException- when group not exists in Perun
-
forceGroupStructureSynchronization
void forceGroupStructureSynchronization(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException, GroupStructureSynchronizationAlreadyRunningException Puts the group on the first place to the queue of groups waiting for group structure synchronization.- Parameters:
sess-group-- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeExceptionGroupStructureSynchronizationAlreadyRunningException
-
forceGroupSynchronization
void forceGroupSynchronization(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException, GroupSynchronizationAlreadyRunningException, GroupSynchronizationNotEnabledException Synchronizes the group with the external group.- Parameters:
sess-group-- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeExceptionGroupSynchronizationAlreadyRunningException- when synchronization for the group is already runningGroupSynchronizationNotEnabledException- when group doesn't have synchronization enabled
-
getActiveGroupMembers
List<Member> getActiveGroupMembers(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Return all members of the group who are active (valid) in the group.Do not return expired members of the group.
- Parameters:
perunSession- perun sessiongroup- to get members from- Returns:
- list of active (valid) members
- Throws:
InternalErrorExceptionPrivilegeException- insufficient permissionGroupNotExistsException- when group does not exist
-
getAdminGroups
@Deprecated List<Group> getAdminGroups(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of all group administrators of given group.- Parameters:
perunSession-group-- Returns:
- list of all group administrators of the given group
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getAdmins
@Deprecated List<User> getAdmins(PerunSession perunSession, Group group, boolean onlyDirectAdmins) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of all administrators of this group. If some group is administrator of the given group, all VALID members are included in the list.If onlyDirectAdmins is true, return only direct users of the group for supported role.
Supported roles: GroupAdmin
- Parameters:
perunSession-group-onlyDirectAdmins- if true, get only direct user administrators (if false, get both direct and indirect)- Returns:
- list of all user administrators of the given group for supported role
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getAdmins
@Deprecated List<User> getAdmins(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of all user administrators of this group. If some group is administrator of the given group, all members are included in the list.- Parameters:
perunSession-group-- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getAllAllowedGroupsToHierarchicalVo
List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo) throws VoNotExistsException, PrivilegeException Returns all groups which can be included to VO.- Parameters:
sess- sessionvo- parent VO- Returns:
- list of allowed groups to hierarchical VO
- Throws:
VoNotExistsException- if given VO does not existPrivilegeException- if unauthorized
-
getAllAllowedGroupsToHierarchicalVo
List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo, Vo memberVo) throws VoNotExistsException, PrivilegeException Returns groups which can be included to VO from specific member VO.- Parameters:
sess- sessionvo- parent VOmemberVo- member VO- Returns:
- list of allowed groups to hierarchical VO
- Throws:
VoNotExistsException- if given parent VO or member VO does not existPrivilegeException- if unauthorized
-
getAllGroups
Get all groups from all vos. Returned groups are filtered based on the principal rights.- Parameters:
sess- session- Returns:
- list of all groups
- Throws:
PrivilegeException- if the principal has insufficient permission
-
getAllGroups
Get groups of Vo by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all groups in vo - GROUPADMIN : only groups where user is admin- Parameters:
sess-vo-- Returns:
- list of groups
- Throws:
InternalErrorExceptionPrivilegeExceptionVoNotExistsException
-
getAllGroupsWhereMemberIsActive
List<Group> getAllGroupsWhereMemberIsActive(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Returns all member's groups where member is in active state (is valid there) Included members group.- Parameters:
sess- perun sessionmember- member to get groups for- Returns:
- list of groups where member is in active state (valid)
- Throws:
MemberNotExistsException- member in parameter not exists in perunPrivilegeException- user is not privileged to call this methodInternalErrorException
-
getAllGroupsWithHierarchy
Map<Group,Object> getAllGroupsWithHierarchy(PerunSession sess, Vo vo) throws PrivilegeException, VoNotExistsException Get groups of the VO stored in the map reflecting the hierarchy by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all Groups - GROUPADMIN : only groups where user is groupAdmin- Parameters:
sess-vo-- Returns:
- map of the groups hierarchically organized
- Throws:
InternalErrorExceptionPrivilegeExceptionVoNotExistsException
-
getAllMemberGroups
List<Group> getAllMemberGroups(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Return all member's groups. Included members groups.- Parameters:
sess-member-- Returns:
- Throws:
InternalErrorExceptionPrivilegeExceptionMemberNotExistsException
-
getAllRichGroups
List<RichGroup> getAllRichGroups(PerunSession sess, List<String> attrNames) throws PrivilegeException Get all groups with their specified attributes. If theattrNamesare null or empty, all group attributes are returned.- Parameters:
sess- sessionattrNames- list of attribute names to get- Returns:
- list of all groups with specified attributes
- Throws:
PrivilegeException- if the principal has insufficient permission
-
getAllRichGroups
Get all groups with all attributes.- Parameters:
sess- session- Returns:
- list of all groups with specified attributes
- Throws:
PrivilegeException- if the principal has insufficient permission
-
getAllRichGroupsWithAttributesByNames
@Deprecated List<RichGroup> getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames) throws VoNotExistsException, PrivilegeException Deprecated.Return all RichGroups containing selected attributes- Parameters:
sess-vo-attrNames- if attrNames is null method will return RichGroups containing all attributes- Returns:
- List of RichGroups
- Throws:
InternalErrorExceptionVoNotExistsExceptionPrivilegeException
-
getAllRichGroupsWithAttributesByNames
List<RichGroup> getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) throws VoNotExistsException, PrivilegeException Return all RichGroups containing selected attributes filtered by role and its type- Parameters:
sess- perun sessionvo- voattrNames- if attrNames is null method will return RichGroups containing all attributesroles- list of selected roles (if empty, then return groups by all roles)types- list of selected types of roles (if empty, then return by roles of all types)- Returns:
- List of RichGroups
- Throws:
InternalErrorExceptionVoNotExistsExceptionPrivilegeException
-
getAllRichSubGroupsWithAttributesByNames
@Deprecated List<RichGroup> getAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames) throws GroupNotExistsException, PrivilegeException Deprecated.Return all RichSubGroups in parentGroup (all levels sub groups) containing selected attributes- Parameters:
sess-parentGroup-attrNames- if attrNames is null method will return RichGroups containing all attributes- Returns:
- List of RichGroups
- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeException
-
getAllRichSubGroupsWithAttributesByNames
List<RichGroup> getAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) throws GroupNotExistsException, PrivilegeException Return all RichSubGroups in parentGroup (all levels sub groups) containing selected attributes filtered by role and its type,- Parameters:
sess- perun sessionparentGroup- parent groupattrNames- if attrNames is null method will return RichGroups containing all attributesroles- list of selected roles (if empty, then return groups by all roles)types- list of selected types of roles (if empty, then return by roles of all types)- Returns:
- List of RichGroups
- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeException
-
getAllSubGroups
List<Group> getAllSubGroups(PerunSession sess, Group parentGroup) throws PrivilegeException, GroupNotExistsException Get all subgroups of the parentGroup recursively. (parentGroup subgroups, their subgroups etc...)- Parameters:
sess-parentGroup- parent group- Returns:
- list of groups
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getDirectAdmins
@Deprecated List<User> getDirectAdmins(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of direct user administrators of this group. 'Direct' means, there aren't included users, who are members of group administrators, in the returned list.- Parameters:
perunSession-group-- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getDirectRichAdminsWithSpecificAttributes
@Deprecated List<RichUser> getDirectRichAdminsWithSpecificAttributes(PerunSession perunSession, Group group, List<String> specificAttributes) throws PrivilegeException, GroupNotExistsException Deprecated.Get list of Group administrators, which are directly assigned (not by group membership) with specific attributes. From list of specificAttributes get all Users Attributes and find those for every RichAdmin (only, other attributes are not searched)- Parameters:
perunSession-group-specificAttributes-- Returns:
- list of RichUsers with specific attributes.
- Throws:
InternalErrorExceptionPrivilegeExceptionVoNotExistsExceptionGroupNotExistsException
-
getGroupById
Group getGroupById(PerunSession perunSession, int id) throws GroupNotExistsException, PrivilegeException Search for the group with specified id in all VOs.- Parameters:
id-perunSession-- Returns:
- group with specified id or throws GroupNotExistsException
- Throws:
GroupNotExistsExceptionInternalErrorExceptionPrivilegeException
-
getGroupByName
Group getGroupByName(PerunSession perunSession, Vo vo, String name) throws GroupNotExistsException, PrivilegeException, VoNotExistsException Search for the group with specified name in specified VO.IMPORTANT: need to use full name of group (ex. 'toplevel:a:b', not the shortname which is in this example 'b')
- Parameters:
perunSession-vo-name-- Returns:
- group with specified name or throws GroupNotExistsException in specified VO
- Throws:
GroupNotExistsExceptionInternalErrorExceptionPrivilegeExceptionVoNotExistsException
-
getGroupDirectMembers
List<Member> getGroupDirectMembers(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Return all direct group members.- Parameters:
perunSession- perun sessiongroup- group- Returns:
- list of direct members
- Throws:
InternalErrorException- internal errorPrivilegeException- insufficient permissionGroupNotExistsException- when group does not exist
-
getGroupDirectMembersCount
int getGroupDirectMembersCount(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException Returns count of direct members in the group- Parameters:
sess-group-- Returns:
- count
- Throws:
GroupNotExistsExceptionPrivilegeException
-
getGroupDirectRichMembers
List<RichMember> getGroupDirectRichMembers(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Returns direct group members in the RichMember object, which contains Member+User data.- Parameters:
sess- sessiongroup- group- Returns:
- list of direct RichMembers
- Throws:
InternalErrorException- internal errorPrivilegeException- insufficient permissionGroupNotExistsException- when group does not exist
-
getGroupMemberById
Member getGroupMemberById(PerunSession sess, Group group, int memberId) throws NotGroupMemberException, GroupNotExistsException, PrivilegeException Get group member by member ID.- Parameters:
sess-group-memberId-- Returns:
- Member
- Throws:
InternalErrorExceptionNotGroupMemberExceptionGroupNotExistsExceptionPrivilegeException
-
getGroupMembers
List<Member> getGroupMembers(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Return all group members.- Parameters:
perunSession-group-- Returns:
- list of members or empty list if the group is empty
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getGroupMembers
List<Member> getGroupMembers(PerunSession perunSession, Group group, Status status) throws PrivilegeException, GroupNotExistsException Return group members with specified vo membership status.- Parameters:
perunSession-group-status-- Returns:
- list of members with specified membership status or empty list if no such member is found in group
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getGroupMembersCount
int getGroupMembersCount(PerunSession perunSession, Group group) throws GroupNotExistsException, PrivilegeException - Parameters:
perunSession-group-- Returns:
- count of members of specified group
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getGroupMembersCountsByGroupStatus
Map<MemberGroupStatus,Integer> getGroupMembersCountsByGroupStatus(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException Returns counts of group members by their group status.- Parameters:
sess-group-- Returns:
- map of member status in group to count of group members with the status
- Throws:
GroupNotExistsException- when the group doesn't existPrivilegeException
-
getGroupMembersCountsByVoStatus
Map<Status,Integer> getGroupMembersCountsByVoStatus(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException Returns counts of group members by their status in VO.- Parameters:
sess-group-- Returns:
- map of member status in VO to count of group members with the status
- Throws:
GroupNotExistsException- when the group doesn't existPrivilegeException
-
getGroupRichMembers
List<RichMember> getGroupRichMembers(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Returns group members in the RichMember object, which contains Member+User data.- Parameters:
sess-group-- Returns:
- list of RichMembers
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getGroupRichMembers
List<RichMember> getGroupRichMembers(PerunSession sess, Group group, Status status) throws PrivilegeException, GroupNotExistsException Returns group members with specified membership status in the RichMember object, which contains Member+User data.- Parameters:
sess-group-status-- Returns:
- list of RichMembers
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getGroupRichMembersByIds
List<RichMember> getGroupRichMembersByIds(PerunSession sess, int groupId, List<Integer> memberIds, List<String> attrNames) throws GroupNotExistsException, PrivilegeException, AttributeNotExistsException Returns list of RichMembers with requested attributes by their member IDs from given group. Skips invalid member IDs (unknown or not members of group). Supports member, member-group (stored in memberAttributes) and user attributes (stored in userAttributes).- Parameters:
sess- perun sessiongroupId- group idmemberIds- ids of members to include in resultattrNames- names of attributes to include in RichMembers- Returns:
- list of RichMembers
- Throws:
GroupNotExistsExceptionPrivilegeExceptionAttributeNotExistsException
-
getGroupRichMembersWithAttributes
List<RichMember> getGroupRichMembersWithAttributes(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Returns group members in the RichMember object, which contains Member+User data. Also contains user and member attributes.- Parameters:
sess-group-- Returns:
- list of RichMembers
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getGroupRichMembersWithAttributes
List<RichMember> getGroupRichMembersWithAttributes(PerunSession sess, Group group, Status status) throws PrivilegeException, GroupNotExistsException Returns group members with specified membership status in the RichMember object, which contains Member+User data. Also contains user and member attributes.- Parameters:
sess-group-status-- Returns:
- list of RichMembers
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getGroupUnions
List<Group> getGroupUnions(PerunSession sess, Group group, boolean reverseDirection) throws GroupNotExistsException, PrivilegeException Get list of group unions for specified group.- Parameters:
sess- perun sessiongroup- groupreverseDirection- if false get all operand groups of requested result group if true get all result groups of requested operand group- Returns:
- list of groups.
- Throws:
GroupNotExistsExceptionInternalErrorExceptionPrivilegeException
-
getGroups
Get groups of users under the VO by ACCESS RIGHTS: If user is: - PERUNADMIN or VOADMIN : all groups - GROUPADMIN : only groups where user is GroupAdmin- Parameters:
sess-vo- vo- Returns:
- list of groups
- Throws:
InternalErrorExceptionVoNotExistsExceptionPrivilegeException
-
getGroupsByIds
Search for the groups with specified ids in all VOs.- Parameters:
ids-perunSession-- Returns:
- groups with specified ids
- Throws:
InternalErrorExceptionPrivilegeException
-
getGroupsCount
- Parameters:
sess-vo-- Returns:
- count of VO's groups
- Throws:
InternalErrorExceptionPrivilegeExceptionVoNotExistsException
-
getGroupsCount
Get count of all groups- Parameters:
sess-- Returns:
- count of all groups
- Throws:
InternalErrorException
-
getGroupsPage
Paginated<RichGroup> getGroupsPage(PerunSession sess, Vo vo, GroupsPageQuery query, List<String> attrNames) throws VoNotExistsException, PrivilegeException, MemberNotExistsException, GroupNotExistsException, MemberGroupMismatchException Get page of groups from the given vo.- Parameters:
sess- sessionvo- voquery- query with page informationattrNames- attribute names- Returns:
- page of requested rich groups
- Throws:
VoNotExistsExceptionPrivilegeExceptionMemberNotExistsExceptionGroupNotExistsExceptionMemberGroupMismatchException
-
getGroupsWhereMemberIsActive
List<Group> getGroupsWhereMemberIsActive(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Returns all member's groups where member is in active state (is valid there) Excluded members group.- Parameters:
sess- perun sessionmember- member to get groups for- Returns:
- list of groups where member is in active state (valid)
- Throws:
MemberNotExistsException- member in parameter not exists in perunPrivilegeException- user is not privileged to call this methodInternalErrorException
-
getGroupsWhereMemberIsInactive
List<Group> getGroupsWhereMemberIsInactive(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Returns all member's groups where member is in inactive state (it is not valid and it is expired there) Excluded members group.- Parameters:
sess- perun sessionmember- member to get groups for- Returns:
- list of groups where member is in inactive state (expired)
- Throws:
MemberNotExistsException- member in parameter not exists in perunPrivilegeException- user is not privileged to call this methodInternalErrorException
-
getGroupsWhereUserIsActiveMember
List<Group> getGroupsWhereUserIsActiveMember(PerunSession session, User user, Vo vo) throws VoNotExistsException, UserNotExistsException, PrivilegeException Returns groups in which the user is active member. Groups are looked up only for the specified VO- Parameters:
session- sessionuser- user objectvo- VO object- Returns:
- List of groups
- Throws:
VoNotExistsExceptionUserNotExistsExceptionPrivilegeException
-
getInactiveGroupMembers
List<Member> getInactiveGroupMembers(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Return all members of the group who are inactive (expired) in the group.Do not return active members of the group.
- Parameters:
perunSession- perun sessiongroup- to get members from- Returns:
- list of inactive (expired) members
- Throws:
InternalErrorExceptionPrivilegeException- insufficient permissionGroupNotExistsException- when group does not exist
-
getIndirectMembershipPaths
List<List<Group>> getIndirectMembershipPaths(PerunSession sess, Member member, Group group) throws MemberNotExistsException, GroupNotExistsException, PrivilegeException Get unique paths of groups via which member is indirectly included to the group. Cuts off after first included group.- Parameters:
sess- perun sessionmember- membergroup- group in which the member is indirectly included- Returns:
- lists of groups [CURRENT GROUP -> SUBGROUP -> ... -> MEMBER'S SOURCE GROUP]
- Throws:
MemberNotExistsExceptionGroupNotExistsExceptionPrivilegeException
-
getMemberGroups
List<Group> getMemberGroups(PerunSession sess, Member member) throws PrivilegeException, MemberNotExistsException Returns all member's groups. Except members groups.- Parameters:
sess-member-- Returns:
- Throws:
InternalErrorExceptionPrivilegeExceptionMemberNotExistsException
-
getMemberGroupsByAttribute
List<Group> getMemberGroupsByAttribute(PerunSession sess, Member member, Attribute attribute) throws PrivilegeException, WrongAttributeAssignmentException, MemberNotExistsException, AttributeNotExistsException Method return list of groups for selected member which (groups) has set specific attribute. Attribute can be only from namespace "GROUP"- Parameters:
sess- sessmember- memerattribute- attribute from "GROUP" namespace- Returns:
- list of groups which contain member and have attribute with same value
- Throws:
InternalErrorExceptionPrivilegeExceptionWrongAttributeAssignmentExceptionMemberNotExistsExceptionAttributeNotExistsException
-
getMemberRichGroupsWithAttributesByNames
@Deprecated List<RichGroup> getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames) throws MemberNotExistsException, PrivilegeException Deprecated.Return all RichGroups for specified member, containing selected attributes. "members" group is not included.Supported are attributes from these namespaces: - group - member-group
- Parameters:
sess- internal sessionmember- the member to get the rich groups forattrNames- list of selected attributes from supported namespaces- Returns:
- list of rich groups with selected attributes
- Throws:
InternalErrorExceptionMemberNotExistsExceptionPrivilegeException
-
getMemberRichGroupsWithAttributesByNames
List<RichGroup> getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types) throws MemberNotExistsException, PrivilegeException Return all RichGroups for specified member, containing selected attributes filtered by role and its type. "members" group is not included.Supported are attributes from these namespaces: - group - member-group
- Parameters:
sess- internal sessionmember- the member to get the rich groups forattrNames- list of selected attributes from supported namespacesroles- list of selected roles (if empty, then return groups by all roles)types- list of selected types of roles (if empty, then return by roles of all types)- Returns:
- list of rich groups with selected attributes
- Throws:
InternalErrorExceptionMemberNotExistsExceptionPrivilegeException
-
getParentGroup
Group getParentGroup(PerunSession sess, Group group) throws GroupNotExistsException, PrivilegeException, ParentGroupNotExistsException Get parent group. If group is topLevel group or Members group, return Members group.- Parameters:
sess-group-- Returns:
- parent group
- Throws:
InternalErrorExceptionGroupNotExistsExceptionParentGroupNotExistsExceptionPrivilegeException
-
getParentGroupMembers
List<Member> getParentGroupMembers(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Get members from parent group. If the parent group doesn't exist (this is top level group) return all VO (from which the group is) members instead.- Parameters:
sess-group-- Returns:
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getParentGroupRichMembers
List<RichMember> getParentGroupRichMembers(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Get members form the parent group in RichMember format.- Parameters:
sess-group-- Returns:
- list of parent group rich members
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getParentGroupRichMembersWithAttributes
List<RichMember> getParentGroupRichMembersWithAttributes(PerunSession sess, Group group) throws PrivilegeException, GroupNotExistsException Get members form the parent group in RichMember format including user/member attributes.- Parameters:
sess-group-- Returns:
- list of parent group rich members
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getRichAdmins
@Deprecated List<RichUser> getRichAdmins(PerunSession perunSession, Group group, List<String> specificAttributes, boolean allUserAttributes, boolean onlyDirectAdmins) throws UserNotExistsException, PrivilegeException, GroupNotExistsException Deprecated.Gets list of all richUser administrators of this group. If some group is administrator of the given group, all VALID members are included in the list.Supported roles: GroupAdmin
If "onlyDirectAdmins" is "true", return only direct users of the group for supported role with specific attributes. If "allUserAttributes" is "true", do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes.
- Parameters:
perunSession-group-specificAttributes- list of specified attributes which are needed in object richUserallUserAttributes- if true, get all possible user attributes and ignore list of specificAttributes (if false, get only specific attributes)onlyDirectAdmins- if true, get only direct user administrators (if false, get both direct and indirect)- Returns:
- list of RichUser administrators for the group and supported role with attributes
- Throws:
InternalErrorExceptionPrivilegeExceptionUserNotExistsExceptionGroupNotExistsException
-
getRichAdmins
@Deprecated List<RichUser> getRichAdmins(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException Deprecated.Gets list of all administrators of this group like RichUsers without attributes.- Parameters:
perunSession-group-- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getRichAdminsWithAttributes
@Deprecated List<RichUser> getRichAdminsWithAttributes(PerunSession perunSession, Group group) throws PrivilegeException, GroupNotExistsException, UserNotExistsException Deprecated.Gets list of all administrators of this group like RichUsers with attributes.- Parameters:
perunSession-group-- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsExceptionUserNotExistsException
-
getRichAdminsWithSpecificAttributes
@Deprecated List<RichUser> getRichAdminsWithSpecificAttributes(PerunSession perunSession, Group group, List<String> specificAttributes) throws PrivilegeException, GroupNotExistsException Deprecated.Get list of Group administrators with specific attributes. From list of specificAttributes get all Users Attributes and find those for every RichAdmin (only, other attributes are not searched)- Parameters:
perunSession-group-specificAttributes-- Returns:
- list of RichUsers with specific attributes.
- Throws:
InternalErrorExceptionPrivilegeExceptionVoNotExistsExceptionGroupNotExistsException
-
getRichGroupByIdWithAttributesByNames
RichGroup getRichGroupByIdWithAttributesByNames(PerunSession sess, int groupId, List<String> attrNames) throws GroupNotExistsException, PrivilegeException Return RichGroup selected by id containing selected attributes- Parameters:
sess-groupId-attrNames- if attrNames is null method will return RichGroup containing all attributes- Returns:
- RichGroup
- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeException
-
getRichGroupsAssignedToResourceWithAttributesByNames
List<RichGroup> getRichGroupsAssignedToResourceWithAttributesByNames(PerunSession sess, Resource resource, List<String> attrNames) throws ResourceNotExistsException, PrivilegeException Get list of all richGroups with selected attributes assigned to resource. Allowed namespaces of attributes are group and group-resource.Last step is filtration of attributes: Attributes are filtered by rights of user in session. User get only those selected attributes he has rights to read.
- Parameters:
sess-resource- resource to get assigned groups forattrNames- list of selected attribute names, if it is null, return all possible non-empty attributes, empty list in attrNames means - no attributes needed- Returns:
- list of RichGroup objects with specific attributes specified by object Resource and object Member.
- Throws:
InternalErrorExceptionResourceNotExistsExceptionPrivilegeException
-
getRichGroupsAssignedToResourceWithAttributesByNames
List<RichGroup> getRichGroupsAssignedToResourceWithAttributesByNames(PerunSession sess, Member member, Resource resource, List<String> attrNames) throws ResourceNotExistsException, PrivilegeException, MemberNotExistsException Get list of all richGroups with selected attributes assigned to the resource filtered by specific member. Allowed namespaces of attributes are group, group-resource, member-groupLast step is filtration of attributes: Attributes are filtered by rights of user in session. User get only those selected attributes he has rights to read.
- Parameters:
sess-member- member used for filtering returned groups (groups have to contain this member to be returned)resource- resource to get assigned groups forattrNames- list of selected attribute names, if it is null, return all possible non-empty attributes, empty list in attrNames means - no attributes needed- Returns:
- list of RichGroup objects with specific attributes specified by object Resource and object Member
- Throws:
InternalErrorExceptionMemberNotExistsExceptionResourceNotExistsExceptionPrivilegeException
-
getRichSubGroupsWithAttributesByNames
List<RichGroup> getRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames) throws GroupNotExistsException, PrivilegeException Return RichSubGroups in parentGroup (only 1 level subgroups) containing selected attributes- Parameters:
sess-parentGroup-attrNames- if attrNames is null method will return RichGroups containing all attributes- Returns:
- List of RichGroups
- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeException
-
getSubGroups
List<Group> getSubGroups(PerunSession sess, Group parentGroup) throws PrivilegeException, GroupNotExistsException Get all subgroups of the parent group under the VO.- Parameters:
sess-parentGroup- parent group- Returns:
- list of groups
- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeException
-
getSubGroupsCount
int getSubGroupsCount(PerunSession sess, Group parentGroup) throws PrivilegeException, GroupNotExistsException Returns number of immediate subgroups of the parent group.- Parameters:
sess-parentGroup-- Returns:
- count of parent group immediate subgroups
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsException
-
getSubgroupsPage
Paginated<RichGroup> getSubgroupsPage(PerunSession sess, Group group, GroupsPageQuery query, List<String> attrNames) throws GroupNotExistsException, PrivilegeException Get page of subgroups from the given parent group.- Parameters:
sess- sessiongroup- parent groupquery- query with page informationattrNames- attribute names- Returns:
- page of requested rich groups
- Throws:
GroupNotExistsExceptionPrivilegeException
-
getVo
Gets the Vo which is owner of the group.- Parameters:
sess-group-- Returns:
- Vo which is owner of the group.
- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeException
-
isAllowedGroupToHierarchicalVo
boolean isAllowedGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) throws VoNotExistsException, GroupNotExistsException, PrivilegeException Returns flag representing if the group can be included in the (parent) vo's groups- Parameters:
sess- perun sessiongroup- groupvo- parent vo- Returns:
- true if group can be included in vo's groups, false otherwise
- Throws:
VoNotExistsException- if vo does not existGroupNotExistsException- if group does not existPrivilegeException- insufficient rights
-
isDirectGroupMember
boolean isDirectGroupMember(PerunSession sess, Group group, Member member) throws GroupNotExistsException, PrivilegeException Return true if Member is direct member of the Group- Parameters:
sess- sessiongroup- group where the membership is to be checkedmember- member whose membership is to be checked- Returns:
- true if Member is direct member of the Group
- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeException
-
isGroupMember
boolean isGroupMember(PerunSession sess, Group group, Member member) throws PrivilegeException, GroupNotExistsException, MemberNotExistsException Return true if Member is member of the Group- Parameters:
sess-group-member-- Returns:
- true if Member is member of the Group
- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsExceptionMemberNotExistsException
-
moveGroup
void moveGroup(PerunSession sess, Group destinationGroup, Group movingGroup) throws GroupNotExistsException, PrivilegeException, GroupMoveNotAllowedException, WrongAttributeValueException, WrongReferenceAttributeValueException, ExternallyManagedException Move one group structure under another group in same vo or as top level group- Parameters:
sess- perun sessiondestinationGroup- group to which is moving group moved, if it's null group will be moved as top level groupmovingGroup- group which is moved to destination group- Throws:
InternalErrorExceptionGroupNotExistsExceptionPrivilegeExceptionWrongAttributeValueExceptionWrongReferenceAttributeValueExceptionGroupMoveNotAllowedExceptionExternallyManagedException
-
removeAdmin
void removeAdmin(PerunSession perunSession, Group group, User user) throws PrivilegeException, GroupNotExistsException, UserNotAdminException, UserNotExistsException, RoleCannotBeManagedException Removes a user administrator form the group.- Parameters:
perunSession-group-user-- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsExceptionUserNotAdminExceptionUserNotExistsExceptionRoleCannotBeManagedException
-
removeAdmin
void removeAdmin(PerunSession perunSession, Group group, Group authorizedGroup) throws PrivilegeException, GroupNotExistsException, GroupNotAdminException, RoleCannotBeManagedException Removes a group administrator of the group.- Parameters:
perunSession-group-authorizedGroup- group that will be removed the privilege- Throws:
InternalErrorExceptionPrivilegeExceptionGroupNotExistsExceptionGroupNotAdminExceptionRoleCannotBeManagedException
-
removeGroupUnion
void removeGroupUnion(PerunSession sess, Group resultGroup, Group operandGroup) throws GroupNotExistsException, PrivilegeException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, ExternallyManagedException Removes a union relation between two groups. All indirect members that originate from operand group are removed from result group.- Parameters:
sess- perun sessionresultGroup- group from which members are removedoperandGroup- group which members are removed from result group- Throws:
GroupNotExistsExceptionInternalErrorExceptionGroupRelationDoesNotExistGroupRelationCannotBeRemovedPrivilegeExceptionExternallyManagedException
-
removeMember
void removeMember(PerunSession perunSession, Group group, Member member) throws MemberNotExistsException, NotGroupMemberException, PrivilegeException, GroupNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Removes member form the group.- Parameters:
perunSession-member- Member to be removedgroup- group, from which the member is to be removed- Throws:
InternalErrorExceptionPrivilegeExceptionMemberNotExistsException- when member doesn't existNotGroupMemberException- when member is not in the groupGroupNotExistsException- when the group doesn't existWrongAttributeAssignmentException- when assigning atribute to wrong entityAttributeNotExistsException- when attribute doesn't existExternallyManagedException- when the group is externally managed
-
removeMember
void removeMember(PerunSession perunSession, Member member, List<Group> groups) throws MemberNotExistsException, NotGroupMemberException, PrivilegeException, GroupNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Removes a member from a list of groups.- Parameters:
perunSession-member- Member to be removedgroups- list of groups, from which the member is to be removed, can be empty- Throws:
InternalErrorExceptionPrivilegeExceptionMemberNotExistsException- when member doesn't existNotGroupMemberException- when member is not in the groupGroupNotExistsException- when the group doesn't existWrongAttributeAssignmentException- when assigning atribute to wrong entityAttributeNotExistsException- when attribute doesn't existExternallyManagedException- when the group is externally managed
-
removeMembers
void removeMembers(PerunSession perunSession, Group group, List<Member> members) throws MemberNotExistsException, NotGroupMemberException, PrivilegeException, GroupNotExistsException, WrongAttributeAssignmentException, AttributeNotExistsException, ExternallyManagedException Removes members from a group.- Parameters:
perunSession-members- list of members to be removed, can be emptygroup- group, from which the members are to be removed- Throws:
InternalErrorExceptionPrivilegeExceptionMemberNotExistsException- when member doesn't existNotGroupMemberException- when member is not in the groupGroupNotExistsException- when the group doesn't existWrongAttributeAssignmentException- when assigning atribute to wrong entityAttributeNotExistsException- when attribute doesn't existExternallyManagedException- when the group is externally managed
-
setMemberGroupStatus
Member setMemberGroupStatus(PerunSession sess, Member member, Group group, MemberGroupStatus status) throws GroupNotExistsException, MemberNotExistsException, PrivilegeException, NotGroupMemberException Set Members Group status for specified DIRECT member and group. Member with newly calculated group membership status is returned.Please note, that if member is also sourced from sub-groups or groups in relation and has VALID status in any of them, then resulting status is still VALID. In order to really expire such member is to set EXPIRED status also to all sourcing sub-groups or groups in relation.
- Parameters:
sess- perun sessionmember- member to set status forgroup- group to set status instatus- status to set (VALID/EXPIRED)- Returns:
- Member with newly calculated status.
- Throws:
GroupNotExistsExceptionMemberNotExistsExceptionPrivilegeExceptionNotGroupMemberException
-
synchronizeGroups
Synchronize all groups which have enabled synchronization. This method is run by the scheduler every 5 minutes. -
synchronizeGroupsStructures
Synchronize all groups structures (with members) which have enabled group structure synchronization. This method is run by the scheduler every 5 minutes. -
updateGroup
Group updateGroup(PerunSession perunSession, Group group) throws GroupNotExistsException, GroupExistsException, PrivilegeException Updates group by ID.Update shortName (use shortName) and description. Group.name is ignored. Return Group with correctly set parameters (including group.name)
- Parameters:
perunSession-group- to update (use only ID, shortName and description)- Returns:
- updated group with correctly set parameters (including group.name)
- Throws:
InternalErrorExceptionGroupNotExistsExceptionGroupExistsException- if group with same name already exists in the same VOPrivilegeException
-