Interface GroupsManagerBl

All Known Implementing Classes:
GroupsManagerBlImpl

public interface GroupsManagerBl

Groups manager can do all work about groups in VOs.

You must get an instance of GroupsManager from instance of Perun (perun si singleton - see how to get it's instance on wiki):

    GroupsManager gm = perun.getGroupsManager();
 
Author:
Michal Prochazka, Slavek Licehammer
See Also:
  • Method Details

    • addGroupsToAutoRegistration

      void addGroupsToAutoRegistration(PerunSession sess, List<Group> groups) throws GroupNotAllowedToAutoRegistrationException
      Adds groups to a list of groups which can be registered into during vo registration. This will NOT create empty application form for groups and will throw exception if none exists.
      Parameters:
      sess - session
      groups - list of groups
      Throws:
      GroupNotAllowedToAutoRegistrationException - if given group cannot be added to auto registration
    • addGroupsToAutoRegistration

      void addGroupsToAutoRegistration(PerunSession sess, List<Group> groups, ApplicationFormItem formItem) throws GroupNotAllowedToAutoRegistrationException, FormItemNotExistsException
      Adds groups to a list of groups which can be registered into during vo or group registration. This will NOT create empty application form for groups and will throw exception if none exists.
      Parameters:
      sess - session
      groups - list of groups
      formItem - application form item
      Throws:
      GroupNotAllowedToAutoRegistrationException - if given group cannot be added to auto registration
      FormItemNotExistsException
    • addMember

      Adds member of the VO to the group in the same VO. But not to administrators and members group.
      Parameters:
      perunSession -
      group -
      member -
      Throws:
      InternalErrorException
      AlreadyMemberException
      WrongAttributeValueException
      WrongReferenceAttributeValueException
      GroupNotExistsException
    • addMember

      Adds member of the VO to the groups in the same VO. But not to administrators and members group.
      Parameters:
      perunSession -
      groups -
      member -
      Throws:
      InternalErrorException
      AlreadyMemberException
      WrongAttributeValueException
      WrongReferenceAttributeValueException
      GroupNotExistsException
    • addMemberToMembersGroup

      Special addMember which is able to add members into the members and administrators group.
      Parameters:
      perunSession -
      group -
      member -
      Throws:
      InternalErrorException
      AlreadyMemberException
      WrongAttributeValueException
      WrongReferenceAttributeValueException
      GroupNotExistsException
    • addMembers

      Adds members of the VO to the group in the same VO. But not to administrators and members group.
      Parameters:
      perunSession -
      group -
      members -
      Throws:
      InternalErrorException
      AlreadyMemberException
      WrongAttributeValueException
      WrongReferenceAttributeValueException
      GroupNotExistsException
    • addMissingMemberWhileSynchronization

      void addMissingMemberWhileSynchronization(PerunSession sess, Group group, Candidate candidate, List<String> overwriteUserAttributesList, List<String> mergeMemberAttributesList, List<String> skippedMembers)
      Get new candidate and add him to the Group.

      If Candidate can't be added to Group, skip him and add this information to skippedMembers list.

      When creating new member from Candidate, if user already exists, merge his attributes, if attribute exists in list of overwriteUserAttributesList, update it instead of merging.

      This method runs in separate transaction.

      Parameters:
      sess - perun session
      group - to be synchronized
      candidate - new member (candidate)
      overwriteUserAttributesList - list of attributes to be updated for user if found
      mergeMemberAttributesList - list of attributes to be merged for member if found
      skippedMembers - list of not successfully synchronized members
    • addRelationMembers

      void addRelationMembers(PerunSession sess, Group resultGroup, List<Member> changedMembers, int sourceGroupId) throws AlreadyMemberException, WrongReferenceAttributeValueException, WrongAttributeValueException, GroupNotExistsException
      Method recalculates all relations between groups. Method recursively adds members from groups and all their relations. The method is called in case of: 1) added relation 2) added member 3) group creation 4) group movement
      Parameters:
      sess - perun session
      resultGroup - group to which members are added or removed from
      changedMembers - list of changed members which is passed as argument to add indirect members method. List contains records of added indirect members from operand group.
      sourceGroupId - id of a group from which members originate
      Throws:
      InternalErrorException
      AlreadyMemberException
      WrongReferenceAttributeValueException
      WrongAttributeValueException
      GroupNotExistsException
    • allowGroupToHierarchicalVo

      void allowGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) throws RelationNotExistsException, RelationExistsException
      Sets flag required for including group to parent vo in a vo hierarchy.
      Parameters:
      sess - perun session
      group - group
      vo - parent vo
      Throws:
      RelationNotExistsException - if group is not from parent vo's member vos
      RelationExistsException - if group is already allowed to be included to parent vo
    • canExtendMembershipInGroup

      boolean canExtendMembershipInGroup(PerunSession sess, Member member, Group group)
      Returns true if member in given group can extend membership or if no rules were set for the membershipExpiration
      Parameters:
      sess - session
      member - member
      group - group
      Returns:
      true if given member can extend membership in given group or if no rules were set for the membership expiration, false otherwise
    • canExtendMembershipInGroupWithReason

      boolean canExtendMembershipInGroupWithReason(PerunSession sess, Member member, Group group) throws ExtendMembershipException
      Returns true if member in given group can extend membership or throws exception with reason why use can't extends membership
      Parameters:
      sess - session
      member - member
      group - group
      Returns:
      true if given member can extend membership in given group or throws exception with reason why not
      Throws:
      ExtendMembershipException - reason why user can't extend membership
    • checkGroupExists

      void checkGroupExists(PerunSession sess, Group group) throws GroupNotExistsException
      Throws:
      GroupNotExistsException
    • convertGroupToRichGroupWithAttributes

      RichGroup convertGroupToRichGroupWithAttributes(PerunSession sess, Group group)
      This method takes group and creates RichGroup containing all attributes
      Parameters:
      sess -
      group -
      Returns:
      RichGroup
      Throws:
      InternalErrorException
    • convertGroupToRichGroupWithAttributesByName

      RichGroup convertGroupToRichGroupWithAttributesByName(PerunSession sess, Group group, List<String> attrNames)
      This method takes group and creates RichGroup containing selected attributes
      Parameters:
      sess -
      group -
      attrNames - list of selected attributes
      Returns:
      RichGroup
      Throws:
      InternalErrorException
    • convertGroupsToRichGroupsWithAttributes

      List<RichGroup> convertGroupsToRichGroupsWithAttributes(PerunSession sess, List<Group> groups)
      This method takes list of groups and creates list of RichGroups containing all attributes
      Parameters:
      sess -
      groups - list of groups
      Returns:
      RichGroup
      Throws:
      InternalErrorException
    • convertGroupsToRichGroupsWithAttributes

      List<RichGroup> convertGroupsToRichGroupsWithAttributes(PerunSession sess, Member member, List<Group> groups) throws MemberGroupMismatchException
      This method takes list of groups and member and then creates list of RichGroups containing all group and member-group attributes
      Parameters:
      sess -
      member - specified member which is assigned to groups
      groups - list of groups
      Returns:
      list of RichGroups with attributes
      Throws:
      MemberGroupMismatchException
    • convertGroupsToRichGroupsWithAttributes

      List<RichGroup> convertGroupsToRichGroupsWithAttributes(PerunSession sess, Resource resource, List<Group> groups) throws GroupResourceMismatchException
      This method takes list of groups and resource and then creates list of RichGroups containing all group and group-resource attributes
      Parameters:
      sess -
      resource - specified resource to which are groups assigned
      groups - list of groups
      Returns:
      list of RichGroups with attributes
      Throws:
      InternalErrorException
      GroupResourceMismatchException
    • convertGroupsToRichGroupsWithAttributes

      List<RichGroup> convertGroupsToRichGroupsWithAttributes(PerunSession sess, List<Group> groups, List<String> attrNames)
      This method takes list of groups and creates list of RichGroups containing selected attributes
      Parameters:
      sess -
      groups - list of groups
      attrNames - list of selected attributes
      Returns:
      RichGroup
      Throws:
      InternalErrorException
    • convertGroupsToRichGroupsWithAttributes

      List<RichGroup> convertGroupsToRichGroupsWithAttributes(PerunSession sess, Resource resource, List<Group> groups, List<String> attrNames) throws GroupResourceMismatchException
      This method takes list of groups, resource and list of attrNames and then creates list of RichGroups containing all selected group and group-resource attributes by list (attributes from other namespaces are skipped). If attribute is in the list, it can be return with empty value if it is not set.
      Parameters:
      sess -
      resource -
      groups -
      attrNames - list of selected attribute names, if it is null, return all possible non-empty attributes, empty list in attrNames means - no attributes needed
      Returns:
      list of RichGroups with selected attributes
      Throws:
      InternalErrorException
      GroupResourceMismatchException
    • convertGroupsToRichGroupsWithAttributes

      List<RichGroup> convertGroupsToRichGroupsWithAttributes(PerunSession sess, Member member, List<Group> groups, List<String> attrNames) throws MemberGroupMismatchException, MemberNotExistsException, GroupNotExistsException
      This method takes list of groups, member and list of attrNames and then creates list of RichGroups containing all selected group and member-group attributes by list (attributes from other namespaces are skipped). If attribute is in the list, it can be return with empty value if it is not set.
      Parameters:
      sess -
      member -
      groups -
      attrNames - list of selected attribute names, if it is null, return all possible non-empty attributes, empty list in attrNames means - no attributes needed
      Returns:
      list of RichGroups with selected attributes
      Throws:
      InternalErrorException
      GroupResourceMismatchException
      MemberGroupMismatchException
      MemberNotExistsException
      GroupNotExistsException
    • convertGroupsToRichGroupsWithAttributes

      List<RichGroup> convertGroupsToRichGroupsWithAttributes(PerunSession sess, Member member, Resource resource, List<Group> groups, List<String> attrNames) throws GroupResourceMismatchException, MemberResourceMismatchException, MemberGroupMismatchException
      This method takes list of groups, resource, member and list of attrNames and then creates list of RichGroups containing all selected group, group-resource and member-group attributes filtered by list (attributes from other namespaces are skipped without any warning). If attribute with correct namespace is in the list, it will be return even with empty value (if no value exists).
      Parameters:
      sess -
      member - member to get member-resource and member-group attributes for
      resource - resource to get group-resource and member-resource attributes for
      groups - to convert to richGroups and get group-resource and member-group attributes for
      attrNames - list of selected attribute names, if it is null, return all possible non-empty attributes, empty list in attrNames means - no attributes needed
      Returns:
      list of RichGroups with selected attributes
      Throws:
      InternalErrorException
      GroupResourceMismatchException - if group is not assigned to resource
      MemberResourceMismatchException - if member is not assigned to group
      MemberGroupMismatchException - if member is not in the same vo as group
    • convertToEnrichedGroup

      EnrichedGroup convertToEnrichedGroup(PerunSession sess, Group group, List<String> attrNames)
      Creates enrichedGroup from given group and load attributes with given names. If the attrNames are null, all group attributes are added.
      Parameters:
      sess - session
      group - group
      attrNames - names of attributes to return
      Returns:
      EnrichedGroup for given group with desired attributes
    • copyMembers

      void copyMembers(PerunSession sess, Group sourceGroup, List<Group> destinationGroups, List<Member> members) throws WrongReferenceAttributeValueException, WrongAttributeValueException, MemberGroupMismatchException
      Copies direct members from one group to other groups in the same VO. The members are copied without their member-group attributes. Copies all direct members if members list is empty or null.
      Parameters:
      sess - perun session
      sourceGroup - group to copy members from
      destinationGroups - groups to copy members to
      members - members to be copies
      Throws:
      WrongReferenceAttributeValueException
      WrongAttributeValueException
      MemberGroupMismatchException
    • createGroup

      Group createGroup(PerunSession perunSession, Vo vo, Group group) throws GroupExistsException
      Creates a new top-level group and associates it with the VO from parameter.

      For this method the new group has always same shortName like Name. Important: voId in object group is ignored

      Parameters:
      perunSession -
      vo - to associates group with
      group - new group with name without ":"
      Returns:
      newly created top-level group
      Throws:
      InternalErrorException - if group.name contains ':' or other internal error occur
      GroupExistsException
    • createGroup

      Group createGroup(PerunSession perunSession, Group parentGroup, Group group) throws GroupExistsException, GroupRelationNotAllowed, GroupRelationAlreadyExists
      Creates a new subgroup of the existing group.
      Parameters:
      perunSession -
      parentGroup -
      group - group.name must contain only shortName (without ":"). Hierarchy is defined by parentGroup parameter.
      Returns:
      newly created sub group with full group.Name with ":"
      Throws:
      GroupExistsException
      InternalErrorException
      GroupRelationNotAllowed
      GroupRelationAlreadyExists
    • createGroupUnion

      Performs union operation on two groups. Members from operand group are added to result group as indirect.
      Parameters:
      sess - perun session
      resultGroup - group to which members are added
      operandGroup - group from which members are taken
      parentFlag - if true union cannot be deleted; false otherwise (it flags relations created by hierarchical structure)
      Returns:
      result group
      Throws:
      GroupRelationAlreadyExists
      GroupRelationNotAllowed
      InternalErrorException
      WrongReferenceAttributeValueException
      WrongAttributeValueException
      GroupNotExistsException
      VoNotExistsException
    • deleteAllGroups

      Deletes all groups under the VO except built-in groups (members, admins groups).
      Parameters:
      perunSession -
      vo - VO
      Throws:
      InternalErrorException
      GroupAlreadyRemovedException
      GroupAlreadyRemovedFromResourceException
      GroupRelationDoesNotExist
      GroupRelationCannotBeRemoved
    • deleteGroup

      If forceDelete is false, delete only group and if this group has members or subgroups, throw an exception. If forceDelete is true, delete group with all subgroups, members and administrators, then delete this group.
      Parameters:
      perunSession -
      group - group to delete
      forceDelete - if forceDelete is false, delete group only if is empty and has no subgroups, if is true, delete anyway with all connections
      Throws:
      InternalErrorException
      RelationExistsException
      GroupAlreadyRemovedException
      GroupAlreadyRemovedFromResourceException
      GroupNotExistsException
      GroupRelationDoesNotExist
      GroupRelationCannotBeRemoved
    • deleteGroups

      Delete all groups in list from perun. (Except members group)

      If forceDelete is false, delete groups only if none of them (IN MOMENT OF DELETING) has subgroups and members, in other case throw exception. if forceDelete is true, delete groups with all subgroups and members.

      Groups are deleted in order: from longest name to the shortest - ex: Group A:b:c will be deleted sooner than Group A:b etc. - reason for this: with group are deleted its subgroups too

      Important: Groups can be from different VOs.

      Parameters:
      perunSession -
      groups - list of groups to deleted
      forceDelete - if forceDelete is false, delete groups only if all of them have no subgroups and no members, if is true, delete anyway with all connections
      Throws:
      InternalErrorException
      GroupAlreadyRemovedException
      RelationExistsException
      GroupAlreadyRemovedFromResourceException
      GroupNotExistsException
      GroupRelationDoesNotExist
      GroupRelationCannotBeRemoved
    • deleteGroupsFromAutoRegistration

      void deleteGroupsFromAutoRegistration(PerunSession sess, List<Group> groups)
      Deletes groups from a list of groups which can be registered into during vo registration.
      Parameters:
      sess - session
      groups - list of groups
    • deleteGroupsFromAutoRegistration

      void deleteGroupsFromAutoRegistration(PerunSession sess, List<Group> groups, ApplicationFormItem formItem) throws FormItemNotExistsException
      Deletes groups from a list of groups which can be registered into during vo or group registration.
      Parameters:
      sess - session
      groups - list of groups
      formItem - application form item
      Throws:
      FormItemNotExistsException
    • deleteMembersGroup

      Deletes built-in members group.
      Parameters:
      sess -
      vo -
      Throws:
      InternalErrorException
      GroupAlreadyRemovedException
      GroupAlreadyRemovedFromResourceException
      GroupNotExistsException
      GroupRelationDoesNotExist
      GroupRelationCannotBeRemoved
    • disallowGroupToHierarchicalVo

      void disallowGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo) throws RelationNotExistsException
      Unsets flag required for including group to parent vo in a vo hierarchy
      Parameters:
      sess - perun session
      group - group
      vo - parent vo
      Throws:
      RelationNotExistsException - if group is not allowed to be included in parent vo
    • expireMemberInGroup

      void expireMemberInGroup(PerunSession sess, Member member, Group group)
      Set member's status in given group to EXPIRED
      Parameters:
      sess - perun session
      member - member whose status will be changed
      group - group in which given member will be expired
      Throws:
      InternalErrorException - internal error
    • extendMembershipInGroup

      void extendMembershipInGroup(PerunSession sess, Member member, Group group) throws ExtendMembershipException
      Extend member membership in given group using membershipExpirationRules attribute defined in Group.
      Parameters:
      sess - session
      member - member
      group - group
      Throws:
      InternalErrorException - internal error
      ExtendMembershipException - extend membership exception
    • filterMembersByMembershipTypeInGroup

      List<Member> filterMembersByMembershipTypeInGroup(List<Member> members)
      This method take list of members (also with duplicit) and: 1] add all members with direct membership to target list 2] add all members with indirect membership who are not already in target list to the target list
      Parameters:
      members - list of members to filtering
      Returns:
      filteredMembers list of members without duplicit after filtering
    • filterOnlyAllowedAttributes

      RichGroup filterOnlyAllowedAttributes(PerunSession sess, RichGroup richGroup)
      For richGroup filter all his group attributes and remove all which principal has no access to.
      Parameters:
      sess -
      richGroup -
      Returns:
      richGroup with only allowed attributes
      Throws:
      InternalErrorException
    • filterOnlyAllowedAttributes

      List<RichGroup> filterOnlyAllowedAttributes(PerunSession sess, List<RichGroup> richGroups)
      For list of richGroups filter all their group attributes and remove all which principal has no access to.
      Parameters:
      sess -
      richGroups -
      Returns:
      list of RichGroups with only allowed attributes
      Throws:
      InternalErrorException
    • filterOnlyAllowedAttributes

      List<RichGroup> filterOnlyAllowedAttributes(PerunSession sess, List<RichGroup> richGroups, Resource resource, boolean useContext)
      For list of richGroups filter all their group attributes and remove all which principal has no access to. Context usage is safe even for groups from different VOs.

      Context means same "combination of authz role for a group"+"attribute_urn (name)". Since privileges are resolved by roles on group and attribute type.

      if useContext is true: every attribute is unique in a context of authz roles combination and its URN. So for each combination of users authz roles granted for the group, attributes with same URN has same privilege.

      if useContext is false: every attribute is unique in context of group, which means every attribute for more groups need to be check separately, because for example groups can be from different vos where user has different authz (better authorization check, worse performance)

      Parameters:
      sess -
      richGroups -
      resource - optional resource param used for context
      Returns:
      list of RichGroups with only allowed attributes
      Throws:
      InternalErrorException
    • filterOnlyAllowedAttributes

      List<RichGroup> filterOnlyAllowedAttributes(PerunSession sess, List<RichGroup> richGroups, Member member, Resource resource, boolean useContext)
      For list of richGroups filter all their group attributes and remove all which principal has no access to. Context usage is safe even for groups from different VOs.

      Context means same "combination of authz role for a group"+"attribute_urn (name)". Since privileges are resolved by roles on group and attribute type.

      if useContext is true: every attribute is unique in a context of authz roles combination and its URN. So for each combination of users authz roles granted for the group, attributes with same URN has same privilege.

      if useContext is false: every attribute is unique in context of group, which means every attribute for more groups need to be check separately, because for example groups can be from different vos where user has different authz (better authorization check, worse performance)

      Parameters:
      sess -
      richGroups -
      member - optional member param used for context
      resource - optional resource param used for context
      Returns:
      list of RichGroups with only allowed attributes
      Throws:
      InternalErrorException
    • filterOnlyAllowedAttributes

      EnrichedGroup filterOnlyAllowedAttributes(PerunSession sess, EnrichedGroup enrichedGroup)
      For enrichedGroup filter all its group attributes and remove all which principal has no access to.
      Parameters:
      sess -
      enrichedGroup -
      Returns:
      enrichedGroup with only allowed attributes
      Throws:
      InternalErrorException
    • forceAllSubGroupsSynchronization

      void forceAllSubGroupsSynchronization(PerunSession sess, Group group)
      Force synchronization for all subgroups (recursively - whole tree) of the group (useful for group structure)
      Parameters:
      sess -
      group - the group where all its subgroups will be forced to synchronize
    • forceGroupStructureSynchronization

      void forceGroupStructureSynchronization(PerunSession sess, Group group) throws GroupStructureSynchronizationAlreadyRunningException
      Synchronize the group structure with an external group structure. It checks if the synchronization of the same group is already in progress.
      Parameters:
      group - the group to be forced this way
      Throws:
      InternalErrorException
      GroupStructureSynchronizationAlreadyRunningException
    • forceGroupSynchronization

      Synchronize the group with external group. It checks if the synchronization of the same group is already in progress.
      Parameters:
      sess -
      group -
      Throws:
      InternalErrorException
      GroupSynchronizationAlreadyRunningException - when synchronization for the group is already running
      GroupSynchronizationNotEnabledException - when group doesn't have synchronization enabled
    • getActiveGroupMembers

      List<Member> getActiveGroupMembers(PerunSession perunSession, Group group)
      Return all members of the group who are active (valid) in the group.

      Do not return expired members of the group.

      Parameters:
      perunSession - perun session
      group - to get members from
      Returns:
      list of active (valid) members
      Throws:
      InternalErrorException
    • getActiveGroupMembers

      List<Member> getActiveGroupMembers(PerunSession sess, Group group, Status status)
      Return all members of the group who are active (valid) in the group and have specific status in the Vo.

      Do not return expired members of the group.

      Parameters:
      sess - perun session
      group - to get members from
      status - to get only members with this specific status in the Vo
      Returns:
      list of active (valid) members with specific status in the Vo
      Throws:
      InternalErrorException
    • getAdminGroups

      List<Group> getAdminGroups(PerunSession perunSession, Group group)
      Gets list of all group administrators of this group.
      Parameters:
      perunSession -
      group -
      Returns:
      list of group administrators
      Throws:
      InternalErrorException
    • getAdmins

      List<User> getAdmins(PerunSession perunSession, Group group, boolean onlyDirectAdmins)
      Gets list of all administrators of this group. If some group is administrator of the given group, all VALID members are included in the list.

      If onlyDirectAdmins is true, return only direct users of the group for supported role.

      Supported roles: GroupAdmin

      Parameters:
      perunSession -
      group -
      onlyDirectAdmins - if true, get only direct user administrators (if false, get both direct and indirect)
      Returns:
      list of all user administrators of the given group for supported role
      Throws:
      InternalErrorException
    • getAdmins

      @Deprecated List<User> getAdmins(PerunSession perunSession, Group group)
      Deprecated.
      Gets list of all user administrators of this group. If some group is administrator of the given group, all members are included in the list.
      Parameters:
      perunSession -
      group -
      Returns:
      list of administrators
      Throws:
      InternalErrorException
    • getAllAllowedGroupsToHierarchicalVo

      List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo)
      Returns all groups which can be included to VO.
      Parameters:
      sess - session
      vo - VO
      Returns:
      list of allowed groups to hierarchical VO
    • getAllAllowedGroupsToHierarchicalVo

      List<Group> getAllAllowedGroupsToHierarchicalVo(PerunSession sess, Vo vo, Vo memberVo)
      Returns groups which can be included to VO from specific member VO.
      Parameters:
      sess - session
      vo - parent VO
      memberVo - member VO
      Returns:
      list of allowed groups to hierarchical VO
    • getAllGroups

      List<Group> getAllGroups(PerunSession sess)
      Get all groups from all vos.
      Parameters:
      sess - session
      Returns:
      list of all groups
    • getAllGroups

      List<Group> getAllGroups(PerunSession sess, Vo vo)
      Get all groups of the VO.
      Parameters:
      sess -
      vo -
      Returns:
      list of groups
      Throws:
      InternalErrorException
    • getAllGroupsForAutoRegistration

      List<Group> getAllGroupsForAutoRegistration(PerunSession sess)
      Returns all groups which can be registered into during any vo registration. This method serves only for migration to new functionality related to the new table.
      Parameters:
      sess - session
      Returns:
      list of groups
    • getAllGroupsWhereMemberIsActive

      List<Group> getAllGroupsWhereMemberIsActive(PerunSession sess, Member member)
      Returns all member's groups where member is in active state (is valid there) Included members group.
      Parameters:
      sess - perun session
      member - member to get groups for
      Returns:
      list of groups where member is in active state (valid)
      Throws:
      InternalErrorException
    • getAllGroupsWithHierarchy

      Map<Group,Object> getAllGroupsWithHierarchy(PerunSession sess, Vo vo)
      Get all groups of the VO stored in the map reflecting the hierarchy.
      Parameters:
      sess -
      vo -
      Returns:
      map of the groups hierarchically organized
      Throws:
      InternalErrorException
    • getAllMemberGroups

      List<Group> getAllMemberGroups(PerunSession sess, Member member)
      Return all member's groups. Included members and administrators groups.
      Parameters:
      sess -
      member -
      Returns:
      Throws:
      InternalErrorException
    • getAllRichGroupsWithAttributesByNames

      @Deprecated List<RichGroup> getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames)
      Deprecated.
      Returns all RichGroups containing selected attributes
      Parameters:
      sess -
      vo -
      attrNames - if attrNames is null method will return RichGroups containing all attributes
      Returns:
      List of RichGroups
      Throws:
      InternalErrorException
    • getAllRichGroupsWithAttributesByNames

      List<RichGroup> getAllRichGroupsWithAttributesByNames(PerunSession sess, Vo vo, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types)
      Returns all RichGroups containing selected attributes filtered by role and its type
      Parameters:
      sess - perun session
      vo - vo
      attrNames - if attrNames is null method will return RichGroups containing all attributes
      roles - list of selected roles (if empty, then return groups by all roles)
      types - list of selected types of roles (if empty, then return by roles of all types)
      Returns:
      List of RichGroups
      Throws:
      InternalErrorException
    • getAllRichSubGroupsWithAttributesByNames

      @Deprecated List<RichGroup> getAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames)
      Deprecated.
      Returns all RichSubGroups from parentGroup containing selected attributes (all levels subgroups)
      Parameters:
      sess -
      parentGroup -
      attrNames - if attrNames is null method will return RichGroups containing all attributes
      Returns:
      List of RichGroups
      Throws:
      InternalErrorException
    • getAllRichSubGroupsWithAttributesByNames

      List<RichGroup> getAllRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types)
      Returns all RichSubGroups from parentGroup containing selected attributes filtered by role and its type (all levels subgroups)
      Parameters:
      sess -
      parentGroup -
      attrNames - if attrNames is null method will return RichGroups containing all attributes
      roles - list of selected roles (if empty, then return groups by all roles)
      types - list of selected types of roles (if empty, then return by roles of all types)
      Returns:
      List of RichGroups
      Throws:
      InternalErrorException
    • getAllSubGroups

      List<Group> getAllSubGroups(PerunSession sess, Group parentGroup)
      Get all subgroups of the parentGroup recursively. (parentGroup subgroups, their subgroups etc...)
      Parameters:
      sess -
      parentGroup - parent group
      Returns:
      list of groups
      Throws:
      InternalErrorException
    • getAssignedGroupsToFacility

      List<Group> getAssignedGroupsToFacility(PerunSession perunSession, Facility facility)
      Return list of assigned groups on all facility resources (without subgroups unless they are assigned too)
      Parameters:
      perunSession -
      facility -
      Returns:
      list of groups, which are assigned on all facility resources
      Throws:
      InternalErrorException
    • getAssignedGroupsToResource

      List<Group> getAssignedGroupsToResource(PerunSession perunSession, Resource resource)
      Return list of assigned groups on the resource (without subgroups unless they are assigned too)
      Parameters:
      perunSession -
      resource -
      Returns:
      list of groups, which are assigned on the resource
      Throws:
      InternalErrorException
    • getAssignedGroupsToResource

      List<Group> getAssignedGroupsToResource(PerunSession perunSession, Resource resource, Member member)
      Return list of assigned groups on the resource (without subgroups unless they are assigned too), which contain specific member
      Parameters:
      perunSession -
      resource -
      member -
      Returns:
      list of groups, which are assigned on the resource and contain specific member
      Throws:
      InternalErrorException
    • getAssignedGroupsToResource

      List<Group> getAssignedGroupsToResource(PerunSession perunSession, Resource resource, boolean withSubGroups)
      Return list of assigned groups on the resource.
      Parameters:
      perunSession -
      resource -
      withSubGroups - if true returns also all subgroups of assigned groups
      Returns:
      list of groups, which are assigned on the resource
      Throws:
      InternalErrorException
    • getAssociatedGroupsToFacility

      List<Group> getAssociatedGroupsToFacility(PerunSession perunSession, Facility facility)
      Return list of all associated groups from all facility resources (does not require ACTIVE group-resource status)
      Parameters:
      perunSession -
      facility -
      Returns:
      list of groups, which are associated with all facility resources
      Throws:
      InternalErrorException
    • getAssociatedGroupsToResource

      List<Group> getAssociatedGroupsToResource(PerunSession perunSession, Resource resource, Member member)
      Return list of groups associated with the resource with specified member. Does not require ACTIVE group-resource status.
      Parameters:
      perunSession -
      resource -
      member -
      Returns:
      list of groups, which are associated with the resource with specified member
      Throws:
      InternalErrorException
    • getAssociatedGroupsToResource

      List<Group> getAssociatedGroupsToResource(PerunSession perunSession, Resource resource)
      Return list of assigned groups on the resource. Similar to assigned groups, but does not require ACTIVE group-resource status.
      Parameters:
      perunSession -
      resource -
      Returns:
      list of groups, which are associated with the resource
      Throws:
      InternalErrorException
    • getDirectAdmins

      @Deprecated List<User> getDirectAdmins(PerunSession perunSession, Group group)
      Deprecated.
      Gets list of direct user administrators of this group. 'Direct' means, there aren't included users, who are members of group administrators, in the returned list.
      Parameters:
      perunSession -
      group -
      Returns:
      list of direct administrators
      Throws:
      InternalErrorException
    • getDirectMemberGroupStatus

      MemberGroupStatus getDirectMemberGroupStatus(PerunSession session, Member member, Group group)
      Returns members direct status in given group. This method doesn't calculate status from subgroups! If there is no relation, null is returned.
      Parameters:
      session - session
      member - member
      group - group
      Returns:
      status of member in given group
      Throws:
      InternalErrorException - internal error
    • getDirectRichAdmins

      @Deprecated List<RichUser> getDirectRichAdmins(PerunSession perunSession, Group group)
      Deprecated.
      Gets list of all administrators of this group, which are assigned directly, like RichUsers without attributes.
      Parameters:
      perunSession -
      group -
      Throws:
      InternalErrorException
    • getDirectRichAdminsWithSpecificAttributes

      @Deprecated List<RichUser> getDirectRichAdminsWithSpecificAttributes(PerunSession perunSession, Group group, List<String> specificAttributes)
      Deprecated.
      Get list of Group administrators, which are directly assigned (not by group membership) with specific attributes. From list of specificAttributes get all Users Attributes and find those for every RichAdmin (only, other attributes are not searched)
      Parameters:
      perunSession -
      group -
      specificAttributes -
      Returns:
      list of RichUsers with specific attributes.
      Throws:
      InternalErrorException
    • getFacilitiesWhereGroupIsAdmin

      List<Facility> getFacilitiesWhereGroupIsAdmin(PerunSession perunSession, Group group)
      Get list of facilities where the given group is given the admin role.
      Parameters:
      perunSession -
      group - with the admin role.
      Returns:
      List of administered facilities.
      Throws:
      InternalErrorException
    • getGroupById

      Group getGroupById(PerunSession perunSession, int id) throws GroupNotExistsException
      Search for the group with specified id in all VOs.
      Parameters:
      perunSession -
      id -
      Returns:
      group with specified id or throws
      Throws:
      InternalErrorException
      GroupNotExistsException
    • getGroupByName

      Group getGroupByName(PerunSession perunSession, Vo vo, String name) throws GroupNotExistsException
      Search for the group with specified name in specified VO.

      IMPORTANT: need to use full name of group (ex. 'toplevel:a:b', not the shortname which is in this example 'b')

      Parameters:
      perunSession -
      vo -
      name -
      Returns:
      group with specified name or throws in specified VO
      Throws:
      InternalErrorException
      GroupNotExistsException
    • getGroupDirectMembers

      List<Member> getGroupDirectMembers(PerunSession perunSession, Group group)
      Return all direct group members.
      Parameters:
      perunSession - perun session
      group - group
      Returns:
      list of direct members
      Throws:
      InternalErrorException - internal error
    • getGroupDirectMembersCount

      int getGroupDirectMembersCount(PerunSession sess, Group group)
      Returns count of direct members in the group
      Parameters:
      sess -
      group -
      Returns:
      count
    • getGroupDirectRichMembers

      List<RichMember> getGroupDirectRichMembers(PerunSession sess, Group group)
      Returns direct group members in the RichMember object, which contains Member+User data.
      Parameters:
      sess - session
      group - group
      Returns:
      list of direct RichMembers
      Throws:
      InternalErrorException - internal error
    • getGroupMemberById

      Member getGroupMemberById(PerunSession sess, Group group, int memberId) throws NotGroupMemberException
      Get group member by member ID.
      Parameters:
      sess -
      group -
      memberId -
      Returns:
      Member
      Throws:
      InternalErrorException
      NotGroupMemberException
    • getGroupMembers

      List<Member> getGroupMembers(PerunSession perunSession, Group group)
      Return all group members.
      Parameters:
      perunSession -
      group -
      Returns:
      list of users or empty list if the group is empty
      Throws:
      InternalErrorException
    • getGroupMembers

      List<Member> getGroupMembers(PerunSession sess, Group group, MemberGroupStatus statusInGroup, Status status)
      Return all members of the group who has specific status in the group and also specific status in the Vo.

      For example: All members with valid status in the Vo and also valid status in the group.

      Parameters:
      sess - perun session
      group - to get members from
      statusInGroup - to get only members with this specific status in the group
      status - to get only members with this specific status in the Vo
      Returns:
      list of members with specific status in group and specific status in the Vo
      Throws:
      InternalErrorException
    • getGroupMembers

      List<Member> getGroupMembers(PerunSession perunSession, Group group, Status status)
      Return group members.
      Parameters:
      perunSession -
      group -
      status -
      Returns:
      list users or empty list if there are no users on specified page
      Throws:
      InternalErrorException
    • getGroupMembersCount

      int getGroupMembersCount(PerunSession perunSession, Group group)
      Parameters:
      perunSession -
      group -
      Returns:
      count of members of specified group
      Throws:
      InternalErrorException
    • getGroupMembersCountsByGroupStatus

      Map<MemberGroupStatus,Integer> getGroupMembersCountsByGroupStatus(PerunSession sess, Group group)
      Returns counts of group members by their group status.
      Parameters:
      sess -
      group -
      Returns:
      map of member status in group to count of group members with the status
    • getGroupMembersCountsByVoStatus

      Map<Status,Integer> getGroupMembersCountsByVoStatus(PerunSession sess, Group group)
      Returns counts of group members by their status in VO.
      Parameters:
      sess -
      group -
      Returns:
      map of member status in VO to count of group members with the status
    • getGroupMembersExceptInvalid

      List<Member> getGroupMembersExceptInvalid(PerunSession perunSession, Group group)
      Return only valid, suspended, expired and disabled group members.
      Parameters:
      perunSession -
      group -
      Returns:
      list members or empty list if there are no such members
      Throws:
      InternalErrorException
    • getGroupMembersExceptInvalidAndDisabled

      List<Member> getGroupMembersExceptInvalidAndDisabled(PerunSession perunSession, Group group)
      Return only valid, suspended and expired group members.
      Parameters:
      perunSession -
      group -
      Returns:
      list members or empty list if there are no such members
      Throws:
      InternalErrorException
    • getGroupResourcePairsByAttribute

      List<Pair<Group,Resource>> getGroupResourcePairsByAttribute(PerunSession sess, Attribute attribute) throws WrongAttributeAssignmentException
      Returns all group-resource which have set the attribute with the value. Searching only def and opt attributes.
      Parameters:
      sess -
      attribute -
      Returns:
      Throws:
      InternalErrorException
      WrongAttributeAssignmentException
    • getGroupRichMembers

      List<RichMember> getGroupRichMembers(PerunSession sess, Group group)
      Returns group members in the RichMember object, which contains Member+User data.
      Parameters:
      sess -
      group -
      Returns:
      list of RichMembers
      Throws:
      InternalErrorException
    • getGroupRichMembers

      List<RichMember> getGroupRichMembers(PerunSession sess, Group group, Status status)
      Returns group members in the RichMember object, which contains Member+User data.
      Parameters:
      sess -
      group -
      status -
      Returns:
      list of RichMembers
      Throws:
      InternalErrorException
    • getGroupRichMembersExceptInvalid

      List<RichMember> getGroupRichMembersExceptInvalid(PerunSession sess, Group group)
      Returns only valid, suspended and expired group members in the RichMember object, which contains Member+User data.
      Parameters:
      sess -
      group -
      Returns:
      list of RichMembers
      Throws:
      InternalErrorException
    • getGroupRichMembersWithAttributes

      List<RichMember> getGroupRichMembersWithAttributes(PerunSession sess, Group group)
      Returns group members in the RichMember object, which contains Member+User data. Also contains user and member attributes.
      Parameters:
      sess -
      group -
      Returns:
      list of RichMembers
      Throws:
      InternalErrorException
    • getGroupRichMembersWithAttributes

      List<RichMember> getGroupRichMembersWithAttributes(PerunSession sess, Group group, Status status)
      Returns group members in the RichMember object, which contains Member+User data. Also contains user and member attributes.
      Parameters:
      sess -
      group -
      status -
      Returns:
      list of RichMembers
      Throws:
      InternalErrorException
    • getGroupRichMembersWithAttributesExceptInvalid

      List<RichMember> getGroupRichMembersWithAttributesExceptInvalid(PerunSession sess, Group group)
      Returns only valid, suspended and expired group members in the RichMember object, which contains Member+User data. Also contains user and member attributes.
      Parameters:
      sess -
      group -
      Returns:
      list of RichMembers
      Throws:
      InternalErrorException
    • getGroupUnions

      List<Group> getGroupUnions(PerunSession sess, Group group, boolean reverseDirection)
      Get list of group unions for specified group.
      Parameters:
      sess - perun session
      group - group
      reverseDirection - if false get all operand groups of requested result group if true get all result groups of requested operand group
      Returns:
      list of groups.
      Throws:
      InternalErrorException
    • getGroupUsers

      List<User> getGroupUsers(PerunSession perunSession, Group group)
      Return group users sorted by name.
      Parameters:
      perunSession -
      group -
      Returns:
      list users sorted or empty list if there are no users on specified page
    • getGroups

      List<Group> getGroups(PerunSession sess, Vo vo)
      Get all groups of users under the VO.
      Parameters:
      sess -
      vo - vo
      Returns:
      list of groups
      Throws:
      InternalErrorException
    • getGroupsByAttribute

      List<Group> getGroupsByAttribute(PerunSession sess, Attribute attribute) throws WrongAttributeAssignmentException
      Returns all groups which have set the attribute with the value. Searching only def and opt attributes.
      Parameters:
      sess -
      attribute -
      Returns:
      list of groups
      Throws:
      InternalErrorException
      WrongAttributeAssignmentException
    • getGroupsByIds

      List<Group> getGroupsByIds(PerunSession perunSession, List<Integer> ids)
      Search for the groups with specified ids in all VOs.
      Parameters:
      perunSession -
      ids -
      Returns:
      groups with specified ids
      Throws:
      InternalErrorException
    • getGroupsByPerunBean

      List<Group> getGroupsByPerunBean(PerunSession sess, Member member)
      Returns list of groups connected with a member
      Parameters:
      sess -
      member -
      Returns:
      list of groups connected with member
      Throws:
      InternalErrorException
    • getGroupsByPerunBean

      List<Group> getGroupsByPerunBean(PerunSession sess, Resource resource)
      Returns list of groups connected with a resource
      Parameters:
      sess -
      resource -
      Returns:
      list of groups connected with resource
      Throws:
      InternalErrorException
    • getGroupsByPerunBean

      List<Group> getGroupsByPerunBean(PerunSession sess, User user)
      Returns list of groups connected with a user
      Parameters:
      sess -
      user -
      Returns:
      list of groups connected with user
      Throws:
      InternalErrorException
    • getGroupsByPerunBean

      List<Group> getGroupsByPerunBean(PerunSession sess, Host host)
      Returns list of groups connected with a host
      Parameters:
      sess -
      host -
      Returns:
      list of groups connected with host
      Throws:
      InternalErrorException
    • getGroupsByPerunBean

      List<Group> getGroupsByPerunBean(PerunSession sess, Facility facility)
      Returns list of groups connected with a facility
      Parameters:
      sess -
      facility -
      Returns:
      list of groups connected with facility
      Throws:
      InternalErrorException
    • getGroupsByPerunBean

      List<Group> getGroupsByPerunBean(PerunSession sess, Vo vo)
      Returns list of groups connected with a vo
      Parameters:
      sess -
      vo -
      Returns:
      list of groups connected with vo
      Throws:
      InternalErrorException
    • getGroupsCount

      int getGroupsCount(PerunSession sess, Vo vo)
      Parameters:
      sess -
      vo -
      Returns:
      count of VO's groups
      Throws:
      InternalErrorException
    • getGroupsCount

      int getGroupsCount(PerunSession perunSession)
      Get count of all groups.
      Parameters:
      perunSession -
      Returns:
      count of all groups
      Throws:
      InternalErrorException
    • getGroupsForAutoRegistration

      List<Group> getGroupsForAutoRegistration(PerunSession sess, Vo vo)
      Returns all groups which can be registered into during vo registration.
      Parameters:
      sess - session
      vo - vo
      Returns:
      list of groups
    • getGroupsForAutoRegistration

      List<Group> getGroupsForAutoRegistration(PerunSession sess, Vo vo, ApplicationFormItem formItem)
      Returns all groups which can be registered into during vo registration.
      Parameters:
      sess - session
      vo - vo
      formItem - application form item
      Returns:
      list of groups
    • getGroupsForAutoRegistration

      List<Group> getGroupsForAutoRegistration(PerunSession sess, Group registrationGroup, ApplicationFormItem formItem)
      Returns all groups which can be registered into during group registration.
      Parameters:
      sess - session
      registrationGroup - group
      formItem - application form item
      Returns:
      list of groups
    • getGroupsPage

      Get page of groups from the given vo.
      Parameters:
      sess - session
      vo - vo
      query - query with page information
      attrNames - attribute names
      Returns:
      page of requested rich groups
      Throws:
      GroupNotExistsException
      MemberNotExistsException
      MemberGroupMismatchException
    • getGroupsToSynchronize

      List<Group> getGroupsToSynchronize(PerunSession sess)
      Gets all groups which have enabled synchronization.
      Parameters:
      sess -
      Returns:
      list of groups to synchronize
      Throws:
      InternalErrorException
      GroupNotExistsException
    • getGroupsWhereGroupIsAdmin

      List<Group> getGroupsWhereGroupIsAdmin(PerunSession perunSession, Group group)
      Get list of groups where the given group is given the admin role.
      Parameters:
      perunSession -
      group - with the admin role.
      Returns:
      List of administered groups.
      Throws:
      InternalErrorException
    • getGroupsWhereMemberIsActive

      List<Group> getGroupsWhereMemberIsActive(PerunSession sess, Member member)
      Returns all member's groups where member is in active state (is valid there) Excluded members group.
      Parameters:
      sess - perun session
      member - member to get groups for
      Returns:
      list of groups where member is in active state (valid)
      Throws:
      InternalErrorException
    • getGroupsWhereMemberIsInactive

      List<Group> getGroupsWhereMemberIsInactive(PerunSession sess, Member member)
      Returns all member's groups where member is in inactive state (it is not valid and it is expired there) Excluded members group.
      Parameters:
      sess - perun session
      member - member to get groups for
      Returns:
      list of groups where member is in inactive state (expired)
      Throws:
      InternalErrorException
    • getGroupsWhereUserIsActiveMember

      List<Group> getGroupsWhereUserIsActiveMember(PerunSession sess, User user, Vo vo)
      Returns groups in which the user is active member. Groups are looked up only for the specified VO.
      Parameters:
      sess - session
      user - user object
      vo - VO object
      Returns:
      List of groups
    • getGroupsWithAssignedExtSourceInVo

      List<Group> getGroupsWithAssignedExtSourceInVo(PerunSession sess, ExtSource source, Vo vo)
      Get all groups in specific vo with assigned extSource
      Parameters:
      sess -
      source -
      vo -
      Returns:
      l
      Throws:
      InternalErrorException
    • getInactiveGroupMembers

      List<Member> getInactiveGroupMembers(PerunSession perunSession, Group group)
      Return all members of the group who are inactive (expired) in the group.

      Do not return active members of the group.

      Parameters:
      perunSession - perun session
      group - to get members from
      Returns:
      list of inactive (expired) members
      Throws:
      InternalErrorException
    • getInactiveGroupMembers

      List<Member> getInactiveGroupMembers(PerunSession sess, Group group, Status status)
      Return all members of the group who are inactive (expired) in the group and have specific status in the Vo.

      Do not return active members of the group.

      Parameters:
      sess - perun session
      group - to get members from
      status - to get only members with this specific status in the Vo
      Returns:
      list of inactive (expired) members with specific status in the Vo
      Throws:
      InternalErrorException
    • getIndirectMembershipPaths

      List<List<Group>> getIndirectMembershipPaths(PerunSession sess, Member member, Group group) throws MemberNotExistsException, GroupNotExistsException
      Get unique paths of groups via which member is indirectly included to the group. Cuts off after first included group.
      Parameters:
      sess - perun session
      member - member
      group - group in which the member is indirectly included
      Returns:
      lists of groups [CURRENT GROUP -> SUBGROUP -> ... -> MEMBER'S SOURCE GROUP]
      Throws:
      MemberNotExistsException
      GroupNotExistsException
    • getMemberDirectGroups

      List<Group> getMemberDirectGroups(PerunSession sess, Member member)
      Get all groups (except member groups) where member has direct membership.
      Parameters:
      sess -
      member - to get information about
      Returns:
      list of groups where member is direct member (not members group), empty list if there is no such group
      Throws:
      InternalErrorException
    • getMemberGroups

      List<Group> getMemberGroups(PerunSession sess, Member member)
      Returns all members groups. Except 'members' group.
      Parameters:
      sess -
      member -
      Returns:
      Throws:
      InternalErrorException
    • getMemberGroupsByAttribute

      List<Group> getMemberGroupsByAttribute(PerunSession sess, Member member, Attribute attribute) throws WrongAttributeAssignmentException
      Method return list of groups for selected member which (groups) has set specific attribute. Attribute can be only from namespace "GROUP"
      Parameters:
      sess - sess
      member - member
      attribute - attribute from "GROUP" namespace
      Returns:
      list of groups which contain member and have attribute with same value
      Throws:
      InternalErrorException
      WrongAttributeAssignmentException
    • getMemberRichGroupsWithAttributesByNames

      @Deprecated List<RichGroup> getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames)
      Deprecated.
      Return all RichGroups for specified member, containing selected attributes. "members" group is not included.

      Supported are attributes from these namespaces: - group - member-group

      Parameters:
      sess - internal session
      member - the member to get the rich groups for
      attrNames - list of selected attributes
      Returns:
      list of rich groups with selected attributes
      Throws:
      InternalErrorException
    • getMemberRichGroupsWithAttributesByNames

      List<RichGroup> getMemberRichGroupsWithAttributesByNames(PerunSession sess, Member member, List<String> attrNames, List<String> roles, List<RoleAssignmentType> types)
      Return all RichGroups for specified member, containing selected attributes filtered by role and its type. "members" group is not included.

      Supported are attributes from these namespaces: - group - member-group

      Parameters:
      sess - internal session
      member - the member to get the rich groups for
      attrNames - list of selected attributes
      roles - list of selected roles (if empty, then return groups by all roles)
      types - list of selected types of roles (if empty, then return by roles of all types)
      Returns:
      list of rich groups with selected attributes
      Throws:
      InternalErrorException
    • getParentGroup

      Group getParentGroup(PerunSession sess, Group group) throws ParentGroupNotExistsException
      Get parent group. If group is topLevel group or Members group, return Members group.
      Parameters:
      sess -
      group -
      Returns:
      parent group
      Throws:
      InternalErrorException
      ParentGroupNotExistsException
    • getParentGroupMembers

      List<Member> getParentGroupMembers(PerunSession sess, Group group)
      Get members from parent group. If the parent group doesn't exist (this is top level group) return all VO (from which the group is) members instead.
      Parameters:
      sess -
      group -
      Returns:
      Throws:
      InternalErrorException
    • getParentGroupRichMembers

      List<RichMember> getParentGroupRichMembers(PerunSession sess, Group group)
      Get members form the parent group in RichMember format.
      Parameters:
      sess -
      group -
      Returns:
      list of parent group rich members
      Throws:
      InternalErrorException
    • getParentGroupRichMembersWithAttributes

      List<RichMember> getParentGroupRichMembersWithAttributes(PerunSession sess, Group group)
      Get members form the parent group in RichMember format including user/member attributes.
      Parameters:
      sess -
      group -
      Returns:
      list of parent group rich members
      Throws:
      InternalErrorException
    • getRichAdmins

      List<RichUser> getRichAdmins(PerunSession perunSession, Group group, List<String> specificAttributes, boolean allUserAttributes, boolean onlyDirectAdmins) throws UserNotExistsException
      Gets list of all richUser administrators of this group. If some group is administrator of the given group, all VALID members are included in the list.

      Supported roles: GroupAdmin

      If "onlyDirectAdmins" is "true", return only direct users of the group for supported role with specific attributes. If "allUserAttributes" is "true", do not specify attributes through list and return them all in objects richUser . Ignoring list of specific attributes.

      Parameters:
      perunSession -
      group -
      specificAttributes - list of specified attributes which are needed in object richUser
      allUserAttributes - if true, get all possible user attributes and ignore list of specificAttributes (if false, get only specific attributes)
      onlyDirectAdmins - if true, get only direct user administrators (if false, get both direct and indirect)
      Returns:
      list of RichUser administrators for the group and supported role with attributes
      Throws:
      InternalErrorException
      UserNotExistsException
    • getRichAdmins

      @Deprecated List<RichUser> getRichAdmins(PerunSession perunSession, Group group)
      Deprecated.
      Gets list of all administrators of this group like RichUsers without attributes.
      Parameters:
      perunSession -
      group -
      Throws:
      InternalErrorException
    • getRichAdminsWithAttributes

      @Deprecated List<RichUser> getRichAdminsWithAttributes(PerunSession perunSession, Group group) throws UserNotExistsException
      Deprecated.
      Gets list of all administrators of this group like RichUsers with attributes.
      Parameters:
      perunSession -
      group -
      Throws:
      InternalErrorException
      UserNotExistsException
    • getRichAdminsWithSpecificAttributes

      @Deprecated List<RichUser> getRichAdminsWithSpecificAttributes(PerunSession perunSession, Group group, List<String> specificAttributes)
      Deprecated.
      Get list of Group administrators with specific attributes. From list of specificAttributes get all Users Attributes and find those for every RichAdmin (only, other attributes are not searched)
      Parameters:
      perunSession -
      group -
      specificAttributes -
      Returns:
      list of RichUsers with specific attributes.
      Throws:
      InternalErrorException
    • getRichGroupByIdWithAttributesByNames

      RichGroup getRichGroupByIdWithAttributesByNames(PerunSession sess, int groupId, List<String> attrNames) throws GroupNotExistsException
      Returns RichGroup selected by id containing selected attributes
      Parameters:
      sess -
      groupId -
      attrNames - if attrNames is null method will return RichGroup containing all attributes
      Returns:
      RichGroup
      Throws:
      InternalErrorException
      GroupNotExistsException
    • getRichGroupsWithAttributesAssignedToResource

      List<RichGroup> getRichGroupsWithAttributesAssignedToResource(PerunSession sess, Resource resource, List<String> attrNames)
      Get all RichGroups with selected attributes assigned to the resource.
      Parameters:
      sess -
      resource - the resource to get assigned groups from it
      attrNames - list of selected attribute names, if it is null, return all possible non-empty attributes, empty list in attrNames means - no attributes needed
      Returns:
      list of RichGroups with selected attributes assigned to the resource
      Throws:
      InternalErrorException
    • getRichGroupsWithAttributesAssignedToResource

      List<RichGroup> getRichGroupsWithAttributesAssignedToResource(PerunSession sess, Member member, Resource resource, List<String> attrNames)
      Get list of all richGroups with selected attributes assigned to the resource filtered by specific member. Allowed namespaces of attributes are group, group-resource, member-group and member-resource.

      Last step is filtration of attributes: Attributes are filtered by rights of user in session. User get only those selected attributes he has rights to read.

      Parameters:
      sess -
      member - member used for filtering returned groups (groups have to contain this member to be returned)
      resource - resource to get assigned groups for
      attrNames - list of selected attribute names, if it is null, return all possible non-empty attributes, empty list in attrNames means - no attributes needed
      Returns:
      list of RichGroup objects with specific attributes specified by object Resource and object Member
      Throws:
      InternalErrorException
    • getRichSubGroupsWithAttributesByNames

      List<RichGroup> getRichSubGroupsWithAttributesByNames(PerunSession sess, Group parentGroup, List<String> attrNames)
      Returns RichSubGroups from parentGroup containing selected attributes (only 1 level subgroups)
      Parameters:
      sess -
      parentGroup -
      attrNames - if attrNames is null method will return RichGroups containing all attributes
      Returns:
      List of RichGroups
      Throws:
      InternalErrorException
    • getServiceGroupMembers

      List<Member> getServiceGroupMembers(PerunSession perunSession, Group group)
      Return a list of all group members, who are service users
      Parameters:
      perunSession -
      group -
      Returns:
      list of Members from given group who are service users
    • getSubGroups

      List<Group> getSubGroups(PerunSession sess, Group parentGroup)
      Get all subgroups of the parent group under the VO.
      Parameters:
      sess -
      parentGroup - parent group
      Returns:
      list of groups
      Throws:
      InternalErrorException
    • getSubGroupsCount

      int getSubGroupsCount(PerunSession sess, Group parentGroup)
      Returns number of immediate subgroups of the parent group.
      Parameters:
      sess -
      parentGroup -
      Returns:
      count of parent group immediate subgroups
      Throws:
      InternalErrorException
    • getSubgroupsPage

      Paginated<RichGroup> getSubgroupsPage(PerunSession sess, Group group, GroupsPageQuery query, List<String> attrNames)
      Get page of subgroups from the given parent group.
      Parameters:
      sess - session
      group - parent group
      query - query with page information
      attrNames - attribute names
      Returns:
      page of requested rich groups
    • getTotalGroupStatusForMembers

      Map<Integer,MemberGroupStatus> getTotalGroupStatusForMembers(PerunSession session, Group group, List<Member> members)
      Returns total member's status of given members in given group.
      Parameters:
      session - session
      group - group
      members - members
      Returns:
      total status of members in given group
    • getTotalMemberGroupStatus

      MemberGroupStatus getTotalMemberGroupStatus(PerunSession session, Member member, Group group)
      Returns total member's status in given group. If there is no relation, null is returned.
      Parameters:
      session - session
      member - member
      group - group
      Returns:
      total status of member in given group
      Throws:
      InternalErrorException - internal error
    • getUserGroups

      List<Group> getUserGroups(PerunSession sess, User user)
      Return groups where user is member.
      Parameters:
      sess -
      user -
      Returns:
      list of groups
      Throws:
      InternalErrorException
    • getUserGroups

      List<Group> getUserGroups(PerunSession sess, User user, List<Status> memberStatuses, List<MemberGroupStatus> memberGroupStatuses)
      Return groups where user is member with allowed statuses in vo and group. If statuses are empty or null, all statuses are used.
      Parameters:
      sess -
      user -
      memberStatuses - allowed statuses of member in VO
      memberGroupStatuses - allowed statuses of member in group
      Returns:
      list of groups
      Throws:
      InternalErrorException
    • getVo

      Vo getVo(PerunSession sess, Group group)
      Gets the Vo which is owner of the group.
      Parameters:
      sess -
      group -
      Returns:
      Vo which is owner of the group.
      Throws:
      InternalErrorException
    • getVosWhereGroupIsAdmin

      List<Vo> getVosWhereGroupIsAdmin(PerunSession perunSession, Group group)
      Get list of VOs where the given group is given the admin role.
      Parameters:
      perunSession -
      group - with the admin role.
      Returns:
      List of administered VOs.
      Throws:
      InternalErrorException
    • hasGroupSynchronizedChild

      boolean hasGroupSynchronizedChild(PerunSession session, Group group)
      Check if there is a subgroup of the group, which is defined as synchronized from an external source at this moment.
      Parameters:
      session -
      group -
      Returns:
      Throws:
      InternalErrorException
    • inactivateMember

      void inactivateMember(PerunSession sess, Member member, Group group) throws MemberNotExistsException
      Inactivates member in group and sets its status to EXPIRED.
      Parameters:
      sess - perun session
      member - member
      group - group
      Throws:
      InternalErrorException - internal error
      MemberNotExistsException - if given member is not direct member of given group
    • isAllowedGroupToHierarchicalVo

      boolean isAllowedGroupToHierarchicalVo(PerunSession sess, Group group, Vo vo)
      Returns flag representing if the group can be included in the (parent) vo's groups
      Parameters:
      sess - perun session
      group - group
      vo - parent vo
      Returns:
      true if group can be included in vo's groups, false otherwise
    • isDirectGroupMember

      boolean isDirectGroupMember(PerunSession sess, Group group, Member member)
      Return true if Member is direct member of the Group
      Parameters:
      sess - session
      group - group where the membership is to be checked
      member - member whose membership is to be checked
      Returns:
      true if Member is direct member of the Group
      Throws:
      InternalErrorException
    • isGroupForAnyAutoRegistration

      boolean isGroupForAnyAutoRegistration(PerunSession sess, Group group)
      Check if group has automatic registration enabled in any form item.
      Parameters:
      sess - session
      group - group to check
    • isGroupForAutoRegistration

      boolean isGroupForAutoRegistration(PerunSession sess, Group group, List<Integer> formItems)
      Check if group has automatic registration enabled in the given form item.
      Parameters:
      sess - session
      group - group to check
      formItems - form items for which the group can be configured
    • isGroupInStructureSynchronizationTree

      boolean isGroupInStructureSynchronizationTree(PerunSession session, Group group)
      Check if the group or its subgroups are defined as synchronized from an external source at this moment.
      Parameters:
      session -
      group -
      Returns:
      Throws:
      InternalErrorException
    • isGroupLastAdminInSomeFacility

      List<Facility> isGroupLastAdminInSomeFacility(PerunSession sess, Group group)
      Check whether the group supplies the last FACILITYADMIN in some facility, return those facilities in which it does. Such facilities could upon removal of the group be left without a person to manage them.
      Parameters:
      sess - session
      group - group
      Returns:
      list of facilities which the group supplies last FACILITYADMIN to
    • isGroupLastAdminInSomeFacility

      List<Group> isGroupLastAdminInSomeFacility(PerunSession sess, List<Group> groups)
      Check whether some of the groups supply the last FACILITYADMIN in some facility, return the groups that do. Such facilities could upon removal of the group be left without a person to manage them.
      Parameters:
      sess - session
      groups - groups to check
      Returns:
      list of groups which supply last FACILITYADMIN in some facility
    • isGroupLastAdminInSomeVo

      List<Group> isGroupLastAdminInSomeVo(PerunSession sess, List<Group> groups)
      Check whether some of the groups supply the last VOADMIN in some vo, return the groups that do. Such vos could upon removal of the group be left without a person to manage them.
      Parameters:
      sess - session
      groups - groups to check
      Returns:
      list of groups which supply last VOADMIN in some facility
    • isGroupLastAdminInSomeVo

      List<Vo> isGroupLastAdminInSomeVo(PerunSession sess, Group group)
      Check whether the group supplies the last VOADMIN in some vo, return those vos in which it does. Such vos could upon removal of the group be left without a person to manage them.
      Parameters:
      sess - session
      group - group
      Returns:
      list of vos which the group supplies last VOADMIN to
    • isGroupMember

      boolean isGroupMember(PerunSession sess, Group group, Member member)
      Return true if Member is member of the Group
      Parameters:
      sess -
      group -
      member -
      Returns:
      true if Member is member of the Group
      Throws:
      InternalErrorException
    • isGroupSynchronizedFromExternallSource

      boolean isGroupSynchronizedFromExternallSource(PerunSession session, Group group)
      Check if the group is defined as synchronized from an external source at this moment.
      Parameters:
      session -
      group -
      Returns:
      Throws:
      InternalErrorException
    • suspendGroupSynchronization

      void suspendGroupSynchronization(PerunSession sess, boolean suspend)
      Suspend synchronizing groups and their structures.
      Parameters:
      sess - session
      suspend - whether to suspend or unsuspend
    • isSuspendedGroupSynchronization

      boolean isSuspendedGroupSynchronization()
      Check if synchronizing groups is suspended.
      Returns:
      True if suspended, false if synchronizing
    • isUserMemberOfGroup

      boolean isUserMemberOfGroup(PerunSession sess, User user, Group group)
      Checks whether the user is member of the group.
      Parameters:
      sess -
      user -
      group -
      Returns:
      true if the user is member of the group
      Throws:
      InternalErrorException
    • moveGroup

      Move one group structure under another group in same vo or as top level group
      Parameters:
      sess - perun session
      destinationGroup - group to which is moving group moved, if it's null group will be moved as top level group
      movingGroup - group which is moved to destination group
      Throws:
      InternalErrorException
      GroupMoveNotAllowedException
      WrongAttributeValueException
      WrongReferenceAttributeValueException
    • reactivateMember

      void reactivateMember(PerunSession sess, Member member, Group group) throws MemberNotExistsException
      Reactivates member in group and sets its status to VALID.
      Parameters:
      sess - perun session
      member - member
      group - group
      Throws:
      InternalErrorException - internal error
      MemberNotExistsException - if given member is not member of given group
    • recalculateMemberGroupStatusRecursively

      void recalculateMemberGroupStatusRecursively(PerunSession sess, Member member, Group group, Map<Integer,Map<Integer,MemberGroupStatus>> previousStatuses)
      Calculates the state of given member in given group and calls this method recursively for all parent groups.
      Parameters:
      member - member
      group - group
      previousStatuses - previousStatuses
      Throws:
      InternalErrorException - internal error
    • removeFormerMemberWhileSynchronization

      void removeFormerMemberWhileSynchronization(PerunSession sess, Group group, RichMember memberToRemove, boolean isAuthoritative) throws GroupNotExistsException
      Remove former member from group (if he is not listed in ExtSource).

      If this is membersGroup (of some Vo) try to disableMember, if not possible then delete him. If this is regular group (of some Vo) remove him and if this group is also his last authoritative group, disable or delete him also in the Vo.

      This method runs in separate transaction.

      Parameters:
      sess - perun session
      group - to be synchronized
      memberToRemove - member to be removed from Group
      Throws:
      GroupNotExistsException - if group does not exist
    • removeGroupUnion

      void removeGroupUnion(PerunSession sess, Group resultGroup, Group operandGroup, boolean parentFlag) throws GroupRelationDoesNotExist, GroupRelationCannotBeRemoved, GroupNotExistsException
      Removes a union relation between two groups. All indirect members that originate from operand group are removed from result group.
      Parameters:
      sess - perun session
      resultGroup - group from which members are removed
      operandGroup - group which members are removed from result group
      parentFlag - if true union cannot be deleted; false otherwise (it flags relations created by hierarchical structure)
      Throws:
      GroupRelationDoesNotExist
      GroupRelationCannotBeRemoved
      InternalErrorException
      GroupNotExistsException
    • removeMember

      void removeMember(PerunSession perunSession, Group group, Member member) throws NotGroupMemberException, GroupNotExistsException
      Removes member form the group. But not from members or administrators group.
      Parameters:
      perunSession -
      group -
      member -
      Throws:
      InternalErrorException
      NotGroupMemberException
      GroupNotExistsException
    • removeMember

      void removeMember(PerunSession perunSession, List<Group> groups, Member member) throws NotGroupMemberException, GroupNotExistsException
      Removes member from groups. But not from members or administrators group.
      Parameters:
      perunSession -
      groups -
      member -
      Throws:
      InternalErrorException
      NotGroupMemberException
      GroupNotExistsException
    • removeMemberFromMembersOrAdministratorsGroup

      void removeMemberFromMembersOrAdministratorsGroup(PerunSession perunSession, Group group, Member member) throws NotGroupMemberException, GroupNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException
      Removes member from members or administrators group only.
      Parameters:
      perunSession -
      group -
      member -
      Throws:
      InternalErrorException
      NotGroupMemberException
      GroupNotExistsException
      WrongAttributeValueException
      WrongReferenceAttributeValueException
    • removeMembers

      void removeMembers(PerunSession perunSession, Group group, List<Member> members) throws NotGroupMemberException, GroupNotExistsException
      Removes members from the group. But not from members or administrators group.
      Parameters:
      perunSession -
      group -
      members -
      Throws:
      InternalErrorException
      NotGroupMemberException
      GroupNotExistsException
    • removeRelationMembers

      void removeRelationMembers(PerunSession sess, Group resultGroup, List<Member> changedMembers, int sourceGroupId) throws WrongReferenceAttributeValueException, NotGroupMemberException, WrongAttributeValueException, GroupNotExistsException
      Method recalculates all relations between groups. Method recursively removes members from groups and all their relations. The method is called in case of: 1) removed relation 2) removed member 3) group removal 4) group movement
      Parameters:
      sess - perun session
      resultGroup - group to which members are added or removed from
      changedMembers - list of changed members which is passed as argument to add indirect members method. List contains records of removed indirect members from operand group.
      sourceGroupId - id of a group from which members originate
      Throws:
      WrongReferenceAttributeValueException
      NotGroupMemberException
      WrongAttributeValueException
      InternalErrorException
      GroupNotExistsException
    • saveInformationAboutGroupStructureSynchronizationInNestedTransaction

      void saveInformationAboutGroupStructureSynchronizationInNestedTransaction(PerunSession sess, Group group, boolean failedDueToException, String exceptionMessage) throws AttributeNotExistsException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, WrongAttributeValueException
      This method will set timestamp, state and exceptionMessage to group attributes for the group structure. Also log information about failed group structure synchronization to auditer_log.

      IMPORTANT: This method runs in nested transaction. With a nested transaction, this method can be used in method running in the nested transaction, where the group was changed in the database. However, rollback on the outer transaction, where this method is used, will revert saving of given information.

      Set timestamp to attribute "group_def_lastGroupStructureSynchronizationTimestamp" Set exception message to attribute "group_def_lastGroupStructureSynchronizationState"

      FailedDueToException is true means group structure synchronization failed completely. FailedDueToException is false means group structure synchronization is ok or finished with some errors (some groups were not synchronized)

      Parameters:
      sess - perun session
      group - the group structure for synchronization
      failedDueToException - if exception means fail of whole synchronization of this group structure or only problem with some data
      exceptionMessage - message of an exception, ok if everything is ok
      Throws:
      AttributeNotExistsException
      InternalErrorException
      WrongReferenceAttributeValueException
      WrongAttributeAssignmentException
      WrongAttributeValueException
    • saveInformationAboutGroupStructureSynchronizationInNewTransaction

      void saveInformationAboutGroupStructureSynchronizationInNewTransaction(PerunSession sess, Group group, boolean failedDueToException, String exceptionMessage) throws AttributeNotExistsException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, WrongAttributeValueException
      This method will set timestamp, state and exceptionMessage to group attributes for the group structure. Also log information about failed group structure synchronization to auditer_log.

      IMPORTANT: This method runs in new transaction (because of it being used in synchronization of groups structures) This method is run in a new transaction to ensure successful saving of given information, in case of a rollback in previous transaction. However, this method cannot be used in method running in the nested transaction, where the group was changed in the database.

      Set timestamp to attribute "group_def_lastGroupStructureSynchronizationTimestamp" Set exception message to attribute "group_def_lastGroupStructureSynchronizationState"

      FailedDueToException is true means group structure synchronization failed completely. FailedDueToException is false means group structure synchronization is ok or finished with some errors (some groups were not synchronized)

      Parameters:
      sess - perun session
      group - the group structure for synchronization
      failedDueToException - if exception means fail of whole synchronization of this group structure or only problem with some data
      exceptionMessage - message of an exception, ok if everything is ok
      Throws:
      AttributeNotExistsException
      InternalErrorException
      WrongReferenceAttributeValueException
      WrongAttributeAssignmentException
      WrongAttributeValueException
    • saveInformationAboutGroupSynchronizationInNestedTransaction

      void saveInformationAboutGroupSynchronizationInNestedTransaction(PerunSession sess, Group group, long startTime, boolean failedDueToException, String exceptionMessage) throws AttributeNotExistsException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, WrongAttributeValueException
      This method will set timestamp, synchronization start time and exceptionMessage to group attributes for the group. Also log information about failed synchronization to auditer_log.

      IMPORTANT: This method runs in nested transaction so it can be used in another transaction With a nested transaction, this method can be used in method running in the nested transaction, where the group was changed in the database. However, rollback on the outer transaction, where this method is used, will revert saving of given information.

      Set timestamp to attribute "group_def_lastSynchronizationTimestamp" Set exception message to attribute "group_def_lastSynchronizationState" Set start time to attribute "group_def_startOfLastSuccessSynchronizationTimestamp"

      FailedDueToException is true means group synchronization failed completely. FailedDueToException is false means group synchronization is ok or finished with some errors (some members were not synchronized)

      Parameters:
      sess - perun session
      group - the group for synchronization
      startTime - of the synchronization
      failedDueToException - if exception means fail of whole synchronization of this group or only problem with some data
      exceptionMessage - message of an exception, ok if everything is ok
      Throws:
      AttributeNotExistsException
      InternalErrorException
      WrongReferenceAttributeValueException
      WrongAttributeAssignmentException
      WrongAttributeValueException
    • saveInformationAboutGroupSynchronizationInNewTransaction

      void saveInformationAboutGroupSynchronizationInNewTransaction(PerunSession sess, Group group, long startTime, boolean failedDueToException, String exceptionMessage) throws AttributeNotExistsException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, WrongAttributeValueException
      This method will set timestamp, synchronization start time and exceptionMessage to group attributes for the group. Also log information about failed synchronization to auditer_log.

      IMPORTANT: This method runs in new transaction (because of using in synchronization of groups) This method is run in a new transaction to ensure successful saving of given information, in case of a rollback in previous transaction. However, this method cannot be used in method running in the nested transaction, where the group was changed in the database.

      Set timestamp to attribute "group_def_lastSynchronizationTimestamp" Set exception message to attribute "group_def_lastSynchronizationState" Set start time to attribute "group_def_startOfLastSuccessSynchronizationTimestamp"

      FailedDueToException is true means group synchronization failed completely. FailedDueToException is false means group synchronization is ok or finished with some errors (some members were not synchronized)

      Parameters:
      sess - perun session
      group - the group for synchronization
      startTime - of the synchronization
      failedDueToException - if exception means fail of whole synchronization of this group or only problem with some data
      exceptionMessage - message of an exception, ok if everything is ok
      Throws:
      AttributeNotExistsException
      InternalErrorException
      WrongReferenceAttributeValueException
      WrongAttributeAssignmentException
      WrongAttributeValueException
    • synchronizeGroup

      Synchronizes the group with the external group without checking if the synchronization is already in progress. If some members from extSource of this group were skipped, return info about them. if not, return empty string instead, which means all members was successfully load from extSource.
      Parameters:
      sess -
      group -
      Returns:
      List of strings with skipped users with reasons why were skipped
      Throws:
      InternalErrorException
      AttributeNotExistsException
      WrongAttributeAssignmentException
      ExtSourceNotExistsException
      GroupNotExistsException
    • synchronizeGroupStructure

      Synchronize a group structure with an external source group structure under the group.
      Parameters:
      sess -
      group - base group under which will be synchronized structure of groups
      Returns:
      List of strings with skipped groups with reasons why were skipped
      Throws:
      InternalErrorException
      AttributeNotExistsException
      WrongAttributeAssignmentException
      ExtSourceNotExistsException
      WrongAttributeValueException
      WrongReferenceAttributeValueException
    • synchronizeGroups

      void synchronizeGroups(PerunSession sess)
      Synchronize all groups which have enabled synchronization. This method is run by the scheduler every 5 minutes.
      Throws:
      InternalErrorException
    • synchronizeGroupsStructures

      void synchronizeGroupsStructures(PerunSession sess)
      Synchronize all groups structures which have enabled group structure synchronization. This method is run by the scheduler every 5 minutes.
      Throws:
      InternalErrorException
    • updateExistingMemberWhileSynchronization

      void updateExistingMemberWhileSynchronization(PerunSession sess, Group group, Candidate candidate, RichMember memberToUpdate, List<String> overwriteUserAttributesList, List<String> mergeMemberAttributesList, List<AttributeDefinition> attrDefs)
      Get candidate and corresponding memberToUpdate and update his attributes, extSources, expiration and status.

      For Member - updateAttributes For User - updateAttributes if exists in list of overwriteUserAttributesList, in other case just mergeAttributes.

      updateAttributes = store new values mergeAttributes = for List and Map add new values, do not remove old one, for other cases store new values (like String, Integer etc.)

      This method runs in separate transaction.

      Parameters:
      sess - perun session
      group - to be synchronized
      candidate - candidate to update by
      memberToUpdate - richMember for updating in Perun by information from extSource
      overwriteUserAttributesList - list of user attributes to be updated instead of merged
      mergeMemberAttributesList - list of member attributes to be merged instead of updated
      attrDefs - list of attribute definitions to update from candidate, if null the list is filled in process
      Throws:
      AttributeNotExistsException - if some attributes not exists and for this reason can't be updated
      WrongAttributeAssignmentException - if some attribute is updated in bad way (bad assignment)
    • updateGroup

      Group updateGroup(PerunSession perunSession, Group group) throws GroupExistsException
      Updates group by ID.

      Update shortName (use shortName) and description. Group.name is ignored. Return Group with correctly set parameters (including group.name)

      Parameters:
      perunSession -
      group - to update (use only ID, shortName and description)
      Returns:
      updated group with correctly set parameters (including group.name)
      Throws:
      InternalErrorException
      GroupExistsException - if group with same name already exists in the same VO
    • updateParentGroupId

      Group updateParentGroupId(PerunSession perunSession, Group group)
      Updates parentGroupId.

      !! IMPORTANT This method allows to change parentGroupId, but it doesn't update group and subGroup names !!

      Parameters:
      perunSession -
      group - to update
      Returns:
      group with updated parentGroupId
      Throws:
      InternalErrorException
    • validateMemberInGroup

      void validateMemberInGroup(PerunSession sess, Member member, Group group)
      Set member's status in given group to VALID
      Parameters:
      sess - perun session
      member - member whose status will be changed
      group - group in which given member will be validated
      Throws:
      InternalErrorException - internal error