Package cz.metacentrum.perun.core.impl
Class AuthzResolverImpl
java.lang.Object
cz.metacentrum.perun.core.impl.AuthzResolverImpl
- All Implemented Interfaces:
AuthzResolverImplApi
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addAdmin
(PerunSession sess, Facility facility, Group group) Add group of users role admin for the facilityvoid
addAdmin
(PerunSession sess, Facility facility, User user) Add user role admin for the facilityvoid
addAdmin
(PerunSession sess, Group group, Group authorizedGroup) Add group of users role admin for the groupvoid
addAdmin
(PerunSession sess, Group group, User user) Add user role admin for the groupvoid
addAdmin
(PerunSession sess, Resource resource, Group group) Add group of users role admin for the resourcevoid
addAdmin
(PerunSession sess, Resource resource, User user) Add user role admin for the resourcevoid
addAdmin
(PerunSession sess, SecurityTeam securityTeam, Group group) void
addAdmin
(PerunSession sess, SecurityTeam securityTeam, User user) void
addAdmin
(PerunSession sess, User sponsoredUser, Group group) Add group of users role admin for the sponsored uservoid
addAdmin
(PerunSession sess, User sponsoredUser, User user) Add user role admin for the sponsored uservoid
addResourceRole
(PerunSession sess, Group group, String role, Resource resource) Sets role to given group for given resource.void
addResourceRole
(PerunSession sess, User user, String role, Resource resource) Sets role to given user for given resource.void
addVoRole
(PerunSession sess, String role, Vo vo, Group group) Adds role for group in a VO.void
addVoRole
(PerunSession sess, String role, Vo vo, User user) Adds role for user in VO.static List
<PerunPolicy> fetchPolicyWithAllIncludedPolicies
(String policyName) Get the policy according the policy name and all its inlcuded policies (without cycle).getAdminGroups
(Map<String, Integer> mappingOfValues) Get all authorizedGroups for complementary object and role.Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.static List
<PerunPolicy> Return all loaded perun policies.static List
<RoleManagementRules> Return all loaded roles management rules.getFacilitiesWhereUserIsInRoles
(User user, List<String> roles) Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.getGroupsWhereUserIsInRoles
(User user, List<String> roles) Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.getMembersWhereUserIsInRoles
(User user, List<String> roles) Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.static PerunPolicy
getPerunPolicy
(String policyName) Get PerunPolicy for the policy name from the PerunPoliciesContainergetResourcesWhereUserIsInRoles
(User user, List<String> roles) Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.Returns map of role name and map of corresponding role complementary objects (perun beans) distinguished by type.Fetch the identification of the role from the table roles in the database;int
getRoleIdByName
(String name) Returns role id based on its namestatic RoleManagementRules
getRoleManagementRules
(String roleName) Get RoleManagementRules for the role name from the PerunPoliciesContainerReturns all group's roles.Returns user's direct roles, can also include roles resulting from being a VALID member of authorized groupsReturns user's roles resulting from being a VALID member of authorized groupsstatic Map
<String, Set<ActionType>> getRolesWhichCanWorkWithAttribute
(ActionType actionType, AttributeDefinition attrDef) Deprecated.getSecurityTeamsWhereUserIsInRoles
(User user, List<String> roles) Get all SecurityTeams where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.getVoIdsForGroupInRole
(PerunSession sess, Group group, String role) Gets list of VOs for which the group has the role.getVoIdsForUserInRole
(PerunSession sess, User user, String role) Gets list of VOs for which the user has the role.getVosWhereUserIsInRoles
(User user, List<String> roles) Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.boolean
groupMatchesUserRolesFilter
(PerunSession sess, User user, Group group, List<String> roles, List<RoleAssignmentType> types) Check if the given group passes the user's roles filter.void
Load all authorization components to the database and to the PerunPoliciesContainerboolean
isGroupInRoleForVo
(PerunSession session, Group group, String role, Vo vo) Checks whether the gruop is in role for Vo.boolean
isUserInRoleForVo
(PerunSession session, User user, String role, Vo vo) Checks whether the user is in role for Vo.boolean
isVoAdminOrObserver
(PerunSession sess, Vo vo) Returns true if the user in session is vo admin or vo observer of specific vovoid
Load perun roles and policies from the configuration file perun-roles.yml.void
makeAuthorizedGroupPerunObserver
(PerunSession sess, Group authorizedGroup) Make group Perun observervoid
makeUserCabinetAdmin
(PerunSession sess, User user) Make user Cabinet manager.void
makeUserPerunAdmin
(PerunSession sess, User user) Make user to be perunAdminvoid
makeUserPerunObserver
(PerunSession sess, User user) Make user Perun observervoid
removeAdmin
(PerunSession sess, Facility facility, Group group) Remove group of users role admin for the facilityvoid
removeAdmin
(PerunSession sess, Facility facility, User user) Remove user role admin for the facilityvoid
removeAdmin
(PerunSession sess, Group group, Group authorizedGroup) Remove group of users role admin for the groupvoid
removeAdmin
(PerunSession sess, Group group, User user) Remove user role admin for the groupvoid
removeAdmin
(PerunSession sess, Resource resource, Group group) Remove group of users role admin for the resourcevoid
removeAdmin
(PerunSession sess, Resource resource, User user) Remove user role admin for the resourcevoid
removeAdmin
(PerunSession sess, SecurityTeam securityTeam, Group group) void
removeAdmin
(PerunSession sess, SecurityTeam securityTeam, User user) void
removeAdmin
(PerunSession sess, User sponsoredUser, Group group) Remove group of users role admin for the sponsoredUservoid
removeAdmin
(PerunSession sess, User sponsoredUser, User user) Remove user role admin for the sponsoredUservoid
removeAllAuthzForFacility
(PerunSession sess, Facility facility) Removes all authz entries for the facilityvoid
removeAllAuthzForGroup
(PerunSession sess, Group group) Removes all authz entries for the groupvoid
removeAllAuthzForResource
(PerunSession sess, Resource resource) Removes all authz entries for the resourcevoid
removeAllAuthzForSecurityTeam
(PerunSession sess, SecurityTeam securityTeam) Removes all authz entries for the securityTeamvoid
removeAllAuthzForService
(PerunSession sess, Service service) Removes all authz entries for the servicevoid
removeAllAuthzForVo
(PerunSession sess, Vo vo) Removes all authz entries for the vovoid
removeAllSponsoredUserAuthz
(PerunSession sess, User sponsoredUser) Removes all authz entries for the sponsoredUser.void
removeAllUserAuthz
(PerunSession sess, User user) Removes all authz entries for the user.void
removeCabinetAdmin
(PerunSession sess, User user) Remove role Cabinet manager from user.void
removePerunAdmin
(PerunSession sess, User user) Remove role perunAdmin for user.void
removePerunObserver
(PerunSession sess, User user) Remove role Perun observer from user.void
removePerunObserverFromAuthorizedGroup
(PerunSession sess, Group authorizedGroup) Remove role Perun observer from authorizedGroup.void
removeResourceRole
(PerunSession sess, String role, Resource resource, Group group) Remove role to group for resource.void
removeResourceRole
(PerunSession sess, String role, Resource resource, User user) Remove role to user for resource.void
removeVoRole
(PerunSession sess, String role, Vo vo, Group group) Removes role from group in a VO.void
removeVoRole
(PerunSession sess, String role, Vo vo, User user) Removes role from user in a VO.boolean
roleExists
(String role) Check if the given role exists in the database.void
setPerunRolesLoader
(PerunRolesLoader perunRolesLoader) void
Set a role according the mapping of valuesboolean
someAdminExists
(Map<String, Integer> mappingOfValues, boolean onlyDirectAdmins) Check if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).void
Unset a role according the mapping of values
-
Constructor Details
-
AuthzResolverImpl
-
-
Method Details
-
getRolesWhichCanWorkWithAttribute
@Deprecated public static Map<String,Set<ActionType>> getRolesWhichCanWorkWithAttribute(ActionType actionType, AttributeDefinition attrDef) Deprecated. -
getPerunPolicy
Get PerunPolicy for the policy name from the PerunPoliciesContainer- Parameters:
policyName
- for which will be the policy fetched- Returns:
- PerunPolicy for the role name
- Throws:
PolicyNotExistsException
- of there is no policy for the policy name
-
fetchPolicyWithAllIncludedPolicies
public static List<PerunPolicy> fetchPolicyWithAllIncludedPolicies(String policyName) throws PolicyNotExistsException Get the policy according the policy name and all its inlcuded policies (without cycle).- Parameters:
policyName
- from which will be the policies fetched- Returns:
- list of policies
- Throws:
PolicyNotExistsException
- if policy or some included policies does not exists in PerunPoliciesContainer
-
getAllPolicies
Return all loaded perun policies.- Returns:
- all loaded policies
-
getAllRolesManagementRules
Return all loaded roles management rules.- Returns:
- all roles management rules
-
getRoleManagementRules
public static RoleManagementRules getRoleManagementRules(String roleName) throws RoleManagementRulesNotExistsException Get RoleManagementRules for the role name from the PerunPoliciesContainer- Parameters:
roleName
- for which will be the rules fetched- Returns:
- RoleManagementRules for the role name
- Throws:
PolicyNotExistsException
- of there are no rules for the role nameRoleManagementRulesNotExistsException
-
addAdmin
Description copied from interface:AuthzResolverImplApi
Add user role admin for the facility- Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-facility
-user
-- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, Facility facility, Group group) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApi
Add group of users role admin for the facility- Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-facility
-group
-- Throws:
AlreadyAdminException
-
addAdmin
Description copied from interface:AuthzResolverImplApi
Add user role admin for the resource- Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-resource
-user
-- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, Resource resource, Group group) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApi
Add group of users role admin for the resource- Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-resource
-group
-- Throws:
AlreadyAdminException
-
addAdmin
Description copied from interface:AuthzResolverImplApi
Add user role admin for the sponsored user- Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-sponsoredUser
-user
-- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, User sponsoredUser, Group group) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApi
Add group of users role admin for the sponsored user- Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-sponsoredUser
-group
-- Throws:
AlreadyAdminException
-
addAdmin
Description copied from interface:AuthzResolverImplApi
Add user role admin for the group- Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-group
-user
-- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, Group group, Group authorizedGroup) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApi
Add group of users role admin for the group- Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-group
-authorizedGroup
-- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, SecurityTeam securityTeam, User user) throws AlreadyAdminException - Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, SecurityTeam securityTeam, Group group) throws AlreadyAdminException - Specified by:
addAdmin
in interfaceAuthzResolverImplApi
- Throws:
AlreadyAdminException
-
addResourceRole
public void addResourceRole(PerunSession sess, User user, String role, Resource resource) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApi
Sets role to given user for given resource.- Specified by:
addResourceRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- sessionuser
- userrole
- roleresource
- resource- Throws:
AlreadyAdminException
- when already in role
-
addResourceRole
public void addResourceRole(PerunSession sess, Group group, String role, Resource resource) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApi
Sets role to given group for given resource.- Specified by:
addResourceRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- sessiongroup
- grouprole
- roleresource
- resource- Throws:
AlreadyAdminException
- when already in role
-
addVoRole
public void addVoRole(PerunSession sess, String role, Vo vo, User user) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApi
Adds role for user in VO.- Specified by:
addVoRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- perun sessionrole
- role of user in VOvo
- virtual organizationuser
- user- Throws:
AlreadyAdminException
-
addVoRole
public void addVoRole(PerunSession sess, String role, Vo vo, Group group) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApi
Adds role for group in a VO.- Specified by:
addVoRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- perun sessionrole
- role of group in VOvo
- virtual organizationgroup
- group- Throws:
AlreadyAdminException
-
getAdminGroups
Description copied from interface:AuthzResolverImplApi
Get all authorizedGroups for complementary object and role.- Specified by:
getAdminGroups
in interfaceAuthzResolverImplApi
- Parameters:
mappingOfValues
- according to which will be the role selected- Returns:
- list of authorizedGroups
-
getAdmins
Description copied from interface:AuthzResolverImplApi
Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.- Specified by:
getAdmins
in interfaceAuthzResolverImplApi
- Parameters:
mappingOfValues
- from which will be the query created (keys are column names and values are their ids)onlyDirectAdmins
- if we do not want to include also members of authorized groups.- Returns:
- list of user administrators for complementary object and role with specified attributes.
-
someAdminExists
Description copied from interface:AuthzResolverImplApi
Check if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).- Specified by:
someAdminExists
in interfaceAuthzResolverImplApi
- Parameters:
mappingOfValues
- from which will be the query created (keys are column names and values are their ids)onlyDirectAdmins
- if true, search only direct user administrators (if false, search both direct and indirect)- Returns:
- true, if some user with required role exists, false otherwise.
-
getFacilitiesWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApi
Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.- Specified by:
getFacilitiesWhereUserIsInRoles
in interfaceAuthzResolverImplApi
- Parameters:
user
- for who Facilities are retrievedroles
- for which Facilities are retrieved- Returns:
- Set of Facilities
-
getGroupsWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApi
Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.Method does not return subgroups of the fetched groups.
- Specified by:
getGroupsWhereUserIsInRoles
in interfaceAuthzResolverImplApi
- Parameters:
user
- for who Groups are retrievedroles
- for which Groups are retrieved- Returns:
- Set of Groups
-
getMembersWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApi
Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.- Specified by:
getMembersWhereUserIsInRoles
in interfaceAuthzResolverImplApi
- Parameters:
user
- for who Members are retrievedroles
- for which Members are retrieved- Returns:
- Set of Members
-
getResourcesWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApi
Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.- Specified by:
getResourcesWhereUserIsInRoles
in interfaceAuthzResolverImplApi
- Parameters:
user
- for who Resources are retrievedroles
- for which Resources are retrieved- Returns:
- Set of Resources
-
getRoleComplementaryObjectsWithAuthorizedGroups
public Map<String,Map<String, getRoleComplementaryObjectsWithAuthorizedGroupsMap<Integer, List<Group>>>> (User user) Description copied from interface:AuthzResolverImplApi
Returns map of role name and map of corresponding role complementary objects (perun beans) distinguished by type. * together with list of authorized groups where user is member: * Mapinvalid input: '<' RoleName, Mapinvalid input: '<' BeanName, Mapinvalid input: '<' BeanID, List>>> - Specified by:
getRoleComplementaryObjectsWithAuthorizedGroups
in interfaceAuthzResolverImplApi
- Parameters:
user
-- Returns:
- Mapinvalid input: '<'String, Map invalid input: '<' String, Map invalid input: '<' Integer, List invalid input: '<' Group>>>> complementary objects with associated authorized groups
-
getRoleId
Description copied from interface:AuthzResolverImplApi
Fetch the identification of the role from the table roles in the database;- Specified by:
getRoleId
in interfaceAuthzResolverImplApi
- Returns:
- identification of the role
-
getRoleIdByName
Returns role id based on its name- Specified by:
getRoleIdByName
in interfaceAuthzResolverImplApi
- Parameters:
name
- - name of the role- Returns:
- role id
-
getRoles
Description copied from interface:AuthzResolverImplApi
Returns user's direct roles, can also include roles resulting from being a VALID member of authorized groups- Specified by:
getRoles
in interfaceAuthzResolverImplApi
- Parameters:
user
-getAuthorizedGroupBasedRoles
-- Returns:
- AuthzRoles object which contains all roles with perunbeans
-
getRoles
Description copied from interface:AuthzResolverImplApi
Returns all group's roles.- Specified by:
getRoles
in interfaceAuthzResolverImplApi
- Parameters:
group
-- Returns:
- AuthzRoles object which contains all roles with perunbeans
-
getRolesObtainedFromAuthorizedGroupMemberships
Description copied from interface:AuthzResolverImplApi
Returns user's roles resulting from being a VALID member of authorized groups- Specified by:
getRolesObtainedFromAuthorizedGroupMemberships
in interfaceAuthzResolverImplApi
- Parameters:
user
- user- Returns:
- AuthzRoles object which contains roles with perunbeans
-
getSecurityTeamsWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApi
Get all SecurityTeams where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.- Specified by:
getSecurityTeamsWhereUserIsInRoles
in interfaceAuthzResolverImplApi
- Parameters:
user
- for who SecurityTeams are retrievedroles
- for which SecurityTeams are retrieved- Returns:
- Set of SecurityTeams
-
getVoIdsForGroupInRole
Description copied from interface:AuthzResolverImplApi
Gets list of VOs for which the group has the role.- Specified by:
getVoIdsForGroupInRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- perun sessiongroup
- grouprole
- role of group- Returns:
- list of VOs from which the group has the role
-
getVoIdsForUserInRole
Description copied from interface:AuthzResolverImplApi
Gets list of VOs for which the user has the role.- Specified by:
getVoIdsForUserInRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- perun sessionuser
- userrole
- role of user- Returns:
- list of VOs for which the user has the role.
-
getVosWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApi
Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.- Specified by:
getVosWhereUserIsInRoles
in interfaceAuthzResolverImplApi
- Parameters:
user
- for who Vos are retrievedroles
- for which Vos are retrieved- Returns:
- Set of Vos
-
groupMatchesUserRolesFilter
public boolean groupMatchesUserRolesFilter(PerunSession sess, User user, Group group, List<String> roles, List<RoleAssignmentType> types) Description copied from interface:AuthzResolverImplApi
Check if the given group passes the user's roles filter.- Specified by:
groupMatchesUserRolesFilter
in interfaceAuthzResolverImplApi
- Parameters:
sess
- sessionuser
- usergroup
- grouproles
- list of selected roles (if empty, then return groups by all roles)types
- list of selected types of roles (if empty, then return by roles of all types)- Returns:
- list of groups
-
initialize
public void initialize()Load all authorization components to the database and to the PerunPoliciesContainer- Throws:
InternalErrorException
-
isGroupInRoleForVo
Description copied from interface:AuthzResolverImplApi
Checks whether the gruop is in role for Vo.- Specified by:
isGroupInRoleForVo
in interfaceAuthzResolverImplApi
- Parameters:
session
- perun sessiongroup
- grouprole
- role of groupvo
- virtual organization- Returns:
- true if group is in role for VO, otherwise false.
-
isUserInRoleForVo
Description copied from interface:AuthzResolverImplApi
Checks whether the user is in role for Vo.- Specified by:
isUserInRoleForVo
in interfaceAuthzResolverImplApi
- Parameters:
session
- perun sessionuser
- userrole
- role of uservo
- virtual organisation- Returns:
- true if user is in role for VO, otherwise false.
-
isVoAdminOrObserver
Returns true if the user in session is vo admin or vo observer of specific vo- Specified by:
isVoAdminOrObserver
in interfaceAuthzResolverImplApi
- Parameters:
sess
- - sessionvo
- - vo- Returns:
-
loadAuthorizationComponents
public void loadAuthorizationComponents()Description copied from interface:AuthzResolverImplApi
Load perun roles and policies from the configuration file perun-roles.yml. Roles are loaded to the database and policies are loaded to the PerunPoliciesContainer.- Specified by:
loadAuthorizationComponents
in interfaceAuthzResolverImplApi
-
makeAuthorizedGroupPerunObserver
public void makeAuthorizedGroupPerunObserver(PerunSession sess, Group authorizedGroup) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApi
Make group Perun observer- Specified by:
makeAuthorizedGroupPerunObserver
in interfaceAuthzResolverImplApi
- Parameters:
sess
- the perunSessionauthorizedGroup
- authorizedGroup to be promoted to perunObserver- Throws:
AlreadyAdminException
-
makeUserCabinetAdmin
Description copied from interface:AuthzResolverImplApi
Make user Cabinet manager.- Specified by:
makeUserCabinetAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
- PerunSessionuser
- User to add Cabinet manager role.
-
makeUserPerunAdmin
Description copied from interface:AuthzResolverImplApi
Make user to be perunAdmin- Specified by:
makeUserPerunAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-user
-- Throws:
AlreadyAdminException
-
makeUserPerunObserver
Description copied from interface:AuthzResolverImplApi
Make user Perun observer- Specified by:
makeUserPerunObserver
in interfaceAuthzResolverImplApi
- Parameters:
sess
- the perunSessionuser
- user to be promoted to perunObserver- Throws:
AlreadyAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Facility facility, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApi
Remove user role admin for the facility- Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-facility
-user
-- Throws:
UserNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Facility facility, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApi
Remove group of users role admin for the facility- Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-facility
-group
-- Throws:
GroupNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Resource resource, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApi
Remove user role admin for the resource- Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-resource
-user
-- Throws:
UserNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Resource resource, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApi
Remove group of users role admin for the resource- Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-resource
-group
-- Throws:
GroupNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, User sponsoredUser, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApi
Remove user role admin for the sponsoredUser- Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-sponsoredUser
-user
-- Throws:
UserNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, User sponsoredUser, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApi
Remove group of users role admin for the sponsoredUser- Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-sponsoredUser
-group
-- Throws:
GroupNotAdminException
-
removeAdmin
Description copied from interface:AuthzResolverImplApi
Remove user role admin for the group- Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-group
-user
-- Throws:
UserNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Group group, Group authorizedGroup) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApi
Remove group of users role admin for the group- Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-group
-authorizedGroup
-- Throws:
GroupNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, SecurityTeam securityTeam, User user) throws UserNotAdminException - Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Throws:
UserNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, SecurityTeam securityTeam, Group group) throws GroupNotAdminException - Specified by:
removeAdmin
in interfaceAuthzResolverImplApi
- Throws:
GroupNotAdminException
-
removeAllAuthzForFacility
Description copied from interface:AuthzResolverImplApi
Removes all authz entries for the facility- Specified by:
removeAllAuthzForFacility
in interfaceAuthzResolverImplApi
- Parameters:
sess
-facility
-
-
removeAllAuthzForGroup
Description copied from interface:AuthzResolverImplApi
Removes all authz entries for the group- Specified by:
removeAllAuthzForGroup
in interfaceAuthzResolverImplApi
- Parameters:
sess
-group
-
-
removeAllAuthzForResource
Description copied from interface:AuthzResolverImplApi
Removes all authz entries for the resource- Specified by:
removeAllAuthzForResource
in interfaceAuthzResolverImplApi
- Parameters:
sess
-resource
-
-
removeAllAuthzForSecurityTeam
Description copied from interface:AuthzResolverImplApi
Removes all authz entries for the securityTeam- Specified by:
removeAllAuthzForSecurityTeam
in interfaceAuthzResolverImplApi
- Parameters:
sess
-securityTeam
-
-
removeAllAuthzForService
Description copied from interface:AuthzResolverImplApi
Removes all authz entries for the service- Specified by:
removeAllAuthzForService
in interfaceAuthzResolverImplApi
- Parameters:
sess
-service
-
-
removeAllAuthzForVo
Description copied from interface:AuthzResolverImplApi
Removes all authz entries for the vo- Specified by:
removeAllAuthzForVo
in interfaceAuthzResolverImplApi
- Parameters:
sess
-vo
-
-
removeAllSponsoredUserAuthz
Description copied from interface:AuthzResolverImplApi
Removes all authz entries for the sponsoredUser.- Specified by:
removeAllSponsoredUserAuthz
in interfaceAuthzResolverImplApi
- Parameters:
sess
-sponsoredUser
-
-
removeAllUserAuthz
Description copied from interface:AuthzResolverImplApi
Removes all authz entries for the user.- Specified by:
removeAllUserAuthz
in interfaceAuthzResolverImplApi
- Parameters:
sess
-user
-
-
removeCabinetAdmin
Description copied from interface:AuthzResolverImplApi
Remove role Cabinet manager from user.- Specified by:
removeCabinetAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
- PerunSessionuser
- User to have cabinet manager role removed- Throws:
UserNotAdminException
- If user was not cabinet admin
-
removePerunAdmin
Description copied from interface:AuthzResolverImplApi
Remove role perunAdmin for user.- Specified by:
removePerunAdmin
in interfaceAuthzResolverImplApi
- Parameters:
sess
-user
-- Throws:
UserNotAdminException
-
removePerunObserver
Description copied from interface:AuthzResolverImplApi
Remove role Perun observer from user.- Specified by:
removePerunObserver
in interfaceAuthzResolverImplApi
- Parameters:
sess
-user
-- Throws:
UserNotAdminException
-
removePerunObserverFromAuthorizedGroup
public void removePerunObserverFromAuthorizedGroup(PerunSession sess, Group authorizedGroup) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApi
Remove role Perun observer from authorizedGroup.- Specified by:
removePerunObserverFromAuthorizedGroup
in interfaceAuthzResolverImplApi
- Parameters:
sess
-authorizedGroup
-- Throws:
GroupNotAdminException
-
removeResourceRole
public void removeResourceRole(PerunSession sess, String role, Resource resource, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApi
Remove role to user for resource.- Specified by:
removeResourceRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- sessionrole
- roleresource
- resourceuser
- user- Throws:
UserNotAdminException
- user was not admin
-
removeResourceRole
public void removeResourceRole(PerunSession sess, String role, Resource resource, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApi
Remove role to group for resource.- Specified by:
removeResourceRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- sessionrole
- roleresource
- resourcegroup
- group- Throws:
GroupNotAdminException
- group was not admin
-
removeVoRole
public void removeVoRole(PerunSession sess, String role, Vo vo, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApi
Removes role from user in a VO.- Specified by:
removeVoRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- perun sessionrole
- role of user in a VOvo
- virtual organizationuser
- user- Throws:
UserNotAdminException
-
removeVoRole
public void removeVoRole(PerunSession sess, String role, Vo vo, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApi
Removes role from group in a VO.- Specified by:
removeVoRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
- perun sessionrole
- role of group in a VOvo
- virtual organizationgroup
- group- Throws:
GroupNotAdminException
-
roleExists
Description copied from interface:AuthzResolverImplApi
Check if the given role exists in the database. Check is case insensitive.- Specified by:
roleExists
in interfaceAuthzResolverImplApi
- Parameters:
role
- which will be checked- Returns:
- true if role exists, false otherwise.
-
setPerunRolesLoader
-
setRole
public void setRole(PerunSession sess, Map<String, Integer> mappingOfValues, String role) throws RoleAlreadySetExceptionDescription copied from interface:AuthzResolverImplApi
Set a role according the mapping of values- Specified by:
setRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
-mappingOfValues
- from which will be the query created (keys are column names and values are their ids)role
- which will be set (just information for exception)- Throws:
RoleAlreadySetException
-
unsetRole
public void unsetRole(PerunSession sess, Map<String, Integer> mappingOfValues, String role) throws RoleNotSetExceptionDescription copied from interface:AuthzResolverImplApi
Unset a role according the mapping of values- Specified by:
unsetRole
in interfaceAuthzResolverImplApi
- Parameters:
sess
-mappingOfValues
- from which will be the query created (keys are column names and values are their ids)role
- which will be unset (just information for exception)- Throws:
RoleNotSetException
-