Package cz.metacentrum.perun.core.implApi

Interface AuthzResolverImplApi

All Known Implementing Classes:

AuthzResolverImpl

public interface AuthzResolverImplApi

This interface represents AuthzResolver methods.

Author:

Michal Prochazka

Method Summary

Modifier and Type	Method	Description
void	addAdmin(PerunSession sess, Facility facility, Group group)	Add group of users role admin for the facility
void	addAdmin(PerunSession sess, Facility facility, User user)	Add user role admin for the facility
void	addAdmin(PerunSession sess, Group group, Group authorizedGroup)	Add group of users role admin for the group
void	addAdmin(PerunSession sess, Group group, User user)	Add user role admin for the group
void	addAdmin(PerunSession sess, Resource resource, Group group)	Add group of users role admin for the resource
void	addAdmin(PerunSession sess, Resource resource, User user)	Add user role admin for the resource
void	addAdmin(PerunSession sess, SecurityTeam securityTeam, Group group)
void	addAdmin(PerunSession sess, SecurityTeam securityTeam, User user)
void	addAdmin(PerunSession sess, User sponsoredUser, Group group)	Add group of users role admin for the sponsored user
void	addAdmin(PerunSession sess, User sponsoredUser, User user)	Add user role admin for the sponsored user
void	addResourceRole(PerunSession sess, Group group, String role, Resource resource)	Sets role to given group for given resource.
void	addResourceRole(PerunSession sess, User user, String role, Resource resource)	Sets role to given user for given resource.
void	addVoRole(PerunSession sess, String role, Vo vo, Group group)	Adds role for group in a VO.
void	addVoRole(PerunSession sess, String role, Vo vo, User user)	Adds role for user in VO.
List<Group>	getAdminGroups(Map<String,Integer> mappingOfValues)	Get all authorizedGroups for complementary object and role.
List<User>	getAdmins(Map<String,Integer> mappingOfValues, boolean onlyDirectAdmins)	Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.
Set<Facility>	getFacilitiesWhereUserIsInRoles(User user, List<String> roles)	Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
Set<Group>	getGroupsWhereUserIsInRoles(User user, List<String> roles)	Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
Set<Member>	getMembersWhereUserIsInRoles(User user, List<String> roles)	Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
Set<Resource>	getResourcesWhereUserIsInRoles(User user, List<String> roles)	Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
Map<String,Map<String,Map<Integer,List<Group>>>>	getRoleComplementaryObjectsWithAuthorizedGroups(User user)	Returns map of role name and map of corresponding role complementary objects (perun beans) distinguished by type.
Integer	getRoleId(String role)	Fetch the identification of the role from the table roles in the database;
int	getRoleIdByName(String name)	Get role id by its name, returns -1 if role does not exist.
AuthzRoles	getRoles(Group group)	Returns all group's roles.
AuthzRoles	getRoles(User user, boolean getAuthorizedGroupBasedRoles)	Returns user's direct roles, can also include roles resulting from being a VALID member of authorized groups
AuthzRoles	getRolesObtainedFromAuthorizedGroupMemberships(User user)	Returns user's roles resulting from being a VALID member of authorized groups
Set<SecurityTeam>	getSecurityTeamsWhereUserIsInRoles(User user, List<String> roles)	Get all SecurityTeams where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
List<Integer>	getVoIdsForGroupInRole(PerunSession sess, Group group, String role)	Gets list of VOs for which the group has the role.
List<Integer>	getVoIdsForUserInRole(PerunSession sess, User user, String role)	Gets list of VOs for which the user has the role.
Set<Vo>	getVosWhereUserIsInRoles(User user, List<String> roles)	Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.
boolean	groupMatchesUserRolesFilter(PerunSession sess, User user, Group group, List<String> roles, List<RoleAssignmentType> types)	Check if the given group passes the user's roles filter.
boolean	isGroupInRoleForVo(PerunSession session, Group group, String role, Vo vo)	Checks whether the gruop is in role for Vo.
boolean	isUserInRoleForVo(PerunSession session, User user, String role, Vo vo)	Checks whether the user is in role for Vo.
boolean	isVoAdminOrObserver(PerunSession sess, Vo vo)	Returns true if the user in session is vo admin or vo observer of specific Vo.
void	loadAuthorizationComponents()	Load perun roles and policies from the configuration file perun-roles.yml.
void	makeAuthorizedGroupPerunObserver(PerunSession sess, Group authorizedGroup)	Make group Perun observer
void	makeUserCabinetAdmin(PerunSession sess, User user)	Make user Cabinet manager.
void	makeUserPerunAdmin(PerunSession sess, User user)	Make user to be perunAdmin
void	makeUserPerunObserver(PerunSession sess, User user)	Make user Perun observer
void	removeAdmin(PerunSession sess, Facility facility, Group group)	Remove group of users role admin for the facility
void	removeAdmin(PerunSession sess, Facility facility, User user)	Remove user role admin for the facility
void	removeAdmin(PerunSession sess, Group group, Group authorizedGroup)	Remove group of users role admin for the group
void	removeAdmin(PerunSession sess, Group group, User user)	Remove user role admin for the group
void	removeAdmin(PerunSession sess, Resource resource, Group group)	Remove group of users role admin for the resource
void	removeAdmin(PerunSession sess, Resource resource, User user)	Remove user role admin for the resource
void	removeAdmin(PerunSession sess, SecurityTeam securityTeam, Group group)
void	removeAdmin(PerunSession sess, SecurityTeam securityTeam, User user)
void	removeAdmin(PerunSession sess, User sponsoredUser, Group group)	Remove group of users role admin for the sponsoredUser
void	removeAdmin(PerunSession sess, User sponsoredUser, User user)	Remove user role admin for the sponsoredUser
void	removeAllAuthzForFacility(PerunSession sess, Facility facility)	Removes all authz entries for the facility
void	removeAllAuthzForGroup(PerunSession sess, Group group)	Removes all authz entries for the group
void	removeAllAuthzForResource(PerunSession sess, Resource resource)	Removes all authz entries for the resource
void	removeAllAuthzForSecurityTeam(PerunSession sess, SecurityTeam securityTeam)	Removes all authz entries for the securityTeam
void	removeAllAuthzForService(PerunSession sess, Service service)	Removes all authz entries for the service
void	removeAllAuthzForVo(PerunSession sess, Vo vo)	Removes all authz entries for the vo
void	removeAllSponsoredUserAuthz(PerunSession sess, User sponsoredUser)	Removes all authz entries for the sponsoredUser.
void	removeAllUserAuthz(PerunSession sess, User user)	Removes all authz entries for the user.
void	removeCabinetAdmin(PerunSession sess, User user)	Remove role Cabinet manager from user.
void	removePerunAdmin(PerunSession sess, User user)	Remove role perunAdmin for user.
void	removePerunObserver(PerunSession sess, User user)	Remove role Perun observer from user.
void	removePerunObserverFromAuthorizedGroup(PerunSession sess, Group authorizedGroup)	Remove role Perun observer from authorizedGroup.
void	removeResourceRole(PerunSession sess, String role, Resource resource, Group group)	Remove role to group for resource.
void	removeResourceRole(PerunSession sess, String role, Resource resource, User user)	Remove role to user for resource.
void	removeVoRole(PerunSession sess, String role, Vo vo, Group group)	Removes role from group in a VO.
void	removeVoRole(PerunSession sess, String role, Vo vo, User user)	Removes role from user in a VO.
boolean	roleExists(String role)	Check if the given role exists in the database.
void	setRole(PerunSession sess, Map<String,Integer> mappingOfValues, String role)	Set a role according the mapping of values
boolean	someAdminExists(Map<String,Integer> mappingOfValues, boolean onlyDirectAdmins)	Check if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).
void	unsetRole(PerunSession sess, Map<String,Integer> mappingOfValues, String role)	Unset a role according the mapping of values

Method Details

addAdmin

void addAdmin(PerunSession sess,
 Facility facility,
 User user)
       throws AlreadyAdminException

Add user role admin for the facility

Parameters:

sess -

facility -

user -

Throws:

InternalErrorException

AlreadyAdminException

addAdmin

void addAdmin(PerunSession sess,
 Facility facility,
 Group group)
       throws AlreadyAdminException

Add group of users role admin for the facility

Parameters:

sess -

facility -

group -

Throws:

InternalErrorException

AlreadyAdminException

addAdmin

void addAdmin(PerunSession sess,
 Resource resource,
 User user)
       throws AlreadyAdminException

Add user role admin for the resource

Parameters:

sess -

resource -

user -

Throws:

InternalErrorException

AlreadyAdminException

addAdmin

void addAdmin(PerunSession sess,
 Resource resource,
 Group group)
       throws AlreadyAdminException

Add group of users role admin for the resource

Parameters:

sess -

resource -

group -

Throws:

InternalErrorException

AlreadyAdminException

addAdmin

void addAdmin(PerunSession sess,
 User sponsoredUser,
 User user)
       throws AlreadyAdminException

Add user role admin for the sponsored user

Parameters:

sess -

sponsoredUser -

user -

Throws:

InternalErrorException

AlreadyAdminException

addAdmin

void addAdmin(PerunSession sess,
 User sponsoredUser,
 Group group)
       throws AlreadyAdminException

Add group of users role admin for the sponsored user

Parameters:

sess -

sponsoredUser -

group -

Throws:

InternalErrorException

AlreadyAdminException

addAdmin

void addAdmin(PerunSession sess,
 Group group,
 User user)
       throws AlreadyAdminException

Add user role admin for the group

Parameters:

sess -

group -

user -

Throws:

InternalErrorException

AlreadyAdminException

addAdmin

void addAdmin(PerunSession sess,
 Group group,
 Group authorizedGroup)
       throws AlreadyAdminException

Add group of users role admin for the group

Parameters:

sess -

group -

authorizedGroup -

Throws:

InternalErrorException

AlreadyAdminException

addAdmin

void addAdmin(PerunSession sess,
 SecurityTeam securityTeam,
 User user)
       throws AlreadyAdminException

Throws:

AlreadyAdminException

addAdmin

void addAdmin(PerunSession sess,
 SecurityTeam securityTeam,
 Group group)
       throws AlreadyAdminException

Throws:

AlreadyAdminException

addResourceRole

void addResourceRole(PerunSession sess,
 User user,
 String role,
 Resource resource)
              throws AlreadyAdminException

Sets role to given user for given resource.

Parameters:

sess - session

user - user

role - role

resource - resource

Throws:

InternalErrorException - internal error

AlreadyAdminException - when already in role

addResourceRole

void addResourceRole(PerunSession sess,
 Group group,
 String role,
 Resource resource)
              throws AlreadyAdminException

Sets role to given group for given resource.

Parameters:

sess - session

group - group

role - role

resource - resource

Throws:

InternalErrorException - internal error

AlreadyAdminException - when already in role

addVoRole

void addVoRole(PerunSession sess,
 String role,
 Vo vo,
 User user)
        throws AlreadyAdminException

Adds role for user in VO.

Parameters:

sess - perun session

role - role of user in VO

vo - virtual organization

user - user

Throws:

InternalErrorException

AlreadyAdminException

addVoRole

void addVoRole(PerunSession sess,
 String role,
 Vo vo,
 Group group)
        throws AlreadyAdminException

Adds role for group in a VO.

Parameters:

sess - perun session

role - role of group in VO

vo - virtual organization

group - group

Throws:

InternalErrorException

AlreadyAdminException

getAdminGroups

List<Group> getAdminGroups(Map<String,Integer> mappingOfValues)

Get all authorizedGroups for complementary object and role.

Parameters:

mappingOfValues - according to which will be the role selected

Returns:

list of authorizedGroups

getAdmins

List<User> getAdmins(Map<String,Integer> mappingOfValues,
 boolean onlyDirectAdmins)

Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.

Parameters:

mappingOfValues - from which will be the query created (keys are column names and values are their ids)

onlyDirectAdmins - if we do not want to include also members of authorized groups.

Returns:

list of user administrators for complementary object and role with specified attributes.

someAdminExists

boolean someAdminExists(Map<String,Integer> mappingOfValues,
 boolean onlyDirectAdmins)

Check if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).

Parameters:

mappingOfValues - from which will be the query created (keys are column names and values are their ids)

onlyDirectAdmins - if true, search only direct user administrators (if false, search both direct and indirect)

Returns:

true, if some user with required role exists, false otherwise.

getFacilitiesWhereUserIsInRoles

Set<Facility> getFacilitiesWhereUserIsInRoles(User user,
 List<String> roles)

Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameters:

user - for who Facilities are retrieved

roles - for which Facilities are retrieved

Returns:

Set of Facilities

getGroupsWhereUserIsInRoles

Set<Group> getGroupsWhereUserIsInRoles(User user,
 List<String> roles)

Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Method does not return subgroups of the fetched groups.

Parameters:

user - for who Groups are retrieved

roles - for which Groups are retrieved

Returns:

Set of Groups

getMembersWhereUserIsInRoles

Set<Member> getMembersWhereUserIsInRoles(User user,
 List<String> roles)

Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameters:

user - for who Members are retrieved

roles - for which Members are retrieved

Returns:

Set of Members

getResourcesWhereUserIsInRoles

Set<Resource> getResourcesWhereUserIsInRoles(User user,
 List<String> roles)

Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameters:

user - for who Resources are retrieved

roles - for which Resources are retrieved

Returns:

Set of Resources

getRoleComplementaryObjectsWithAuthorizedGroups

Map<String,Map<String,Map<Integer,List<Group>>>> getRoleComplementaryObjectsWithAuthorizedGroups(User user)

Returns map of role name and map of corresponding role complementary objects (perun beans) distinguished by type. * together with list of authorized groups where user is member: * Map< RoleName, Map< BeanName, Map< BeanID, List >>>

Parameters:

user -

Returns:

Map<String, Map < String, Map < Integer, List < Group>>>> complementary objects with associated authorized groups

getRoleId

Integer getRoleId(String role)

Fetch the identification of the role from the table roles in the database;

Returns:

identification of the role

getRoleIdByName

int getRoleIdByName(String name)

Get role id by its name, returns -1 if role does not exist.

Parameters:

name - - name of the role

Returns:

- role id with the given name

getRoles

AuthzRoles getRoles(User user,
 boolean getAuthorizedGroupBasedRoles)

Returns user's direct roles, can also include roles resulting from being a VALID member of authorized groups

Parameters:

user -

getAuthorizedGroupBasedRoles -

Returns:

AuthzRoles object which contains all roles with perunbeans

getRoles

AuthzRoles getRoles(Group group)

Returns all group's roles.

Parameters:

group -

Returns:

AuthzRoles object which contains all roles with perunbeans

getRolesObtainedFromAuthorizedGroupMemberships

AuthzRoles getRolesObtainedFromAuthorizedGroupMemberships(User user)

Returns user's roles resulting from being a VALID member of authorized groups

Parameters:

user - user

Returns:

AuthzRoles object which contains roles with perunbeans

getSecurityTeamsWhereUserIsInRoles

Set<SecurityTeam> getSecurityTeamsWhereUserIsInRoles(User user,
 List<String> roles)

Get all SecurityTeams where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameters:

user - for who SecurityTeams are retrieved

roles - for which SecurityTeams are retrieved

Returns:

Set of SecurityTeams

getVoIdsForGroupInRole

List<Integer> getVoIdsForGroupInRole(PerunSession sess,
 Group group,
 String role)

Gets list of VOs for which the group has the role.

Parameters:

sess - perun session

group - group

role - role of group

Returns:

list of VOs from which the group has the role

Throws:

InternalErrorException

getVoIdsForUserInRole

List<Integer> getVoIdsForUserInRole(PerunSession sess,
 User user,
 String role)

Gets list of VOs for which the user has the role.

Parameters:

sess - perun session

user - user

role - role of user

Returns:

list of VOs for which the user has the role.

Throws:

InternalErrorException

getVosWhereUserIsInRoles

Set<Vo> getVosWhereUserIsInRoles(User user,
 List<String> roles)

Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.

Parameters:

user - for who Vos are retrieved

roles - for which Vos are retrieved

Returns:

Set of Vos

groupMatchesUserRolesFilter

boolean groupMatchesUserRolesFilter(PerunSession sess,
 User user,
 Group group,
 List<String> roles,
 List<RoleAssignmentType> types)

Check if the given group passes the user's roles filter.

Parameters:

sess - session

user - user

group - group

roles - list of selected roles (if empty, then return groups by all roles)

types - list of selected types of roles (if empty, then return by roles of all types)

Returns:

list of groups

isGroupInRoleForVo

boolean isGroupInRoleForVo(PerunSession session,
 Group group,
 String role,
 Vo vo)

Checks whether the gruop is in role for Vo.

Parameters:

session - perun session

group - group

role - role of group

vo - virtual organization

Returns:

true if group is in role for VO, otherwise false.

isUserInRoleForVo

boolean isUserInRoleForVo(PerunSession session,
 User user,
 String role,
 Vo vo)

Checks whether the user is in role for Vo.

Parameters:

session - perun session

user - user

role - role of user

vo - virtual organisation

Returns:

true if user is in role for VO, otherwise false.

isVoAdminOrObserver

boolean isVoAdminOrObserver(PerunSession sess,
 Vo vo)

Returns true if the user in session is vo admin or vo observer of specific Vo.

Parameters:

sess - - session

vo - - vo

Returns:

bolean

loadAuthorizationComponents

void loadAuthorizationComponents()

Load perun roles and policies from the configuration file perun-roles.yml. Roles are loaded to the database and policies are loaded to the PerunPoliciesContainer.

makeAuthorizedGroupPerunObserver

void makeAuthorizedGroupPerunObserver(PerunSession sess,
 Group authorizedGroup)
                               throws AlreadyAdminException

Make group Perun observer

Parameters:

sess - the perunSession

authorizedGroup - authorizedGroup to be promoted to perunObserver

Throws:

InternalErrorException

AlreadyAdminException

makeUserCabinetAdmin

void makeUserCabinetAdmin(PerunSession sess,
 User user)

Make user Cabinet manager.

Parameters:

sess - PerunSession

user - User to add Cabinet manager role.

Throws:

InternalErrorException - When implementation fails

makeUserPerunAdmin

void makeUserPerunAdmin(PerunSession sess,
 User user)
                 throws AlreadyAdminException

Make user to be perunAdmin

Parameters:

sess -

user -

Throws:

InternalErrorException

AlreadyAdminException

makeUserPerunObserver

void makeUserPerunObserver(PerunSession sess,
 User user)
                    throws AlreadyAdminException

Make user Perun observer

Parameters:

sess - the perunSession

user - user to be promoted to perunObserver

Throws:

InternalErrorException

AlreadyAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 Facility facility,
 User user)
          throws UserNotAdminException

Remove user role admin for the facility

Parameters:

sess -

facility -

user -

Throws:

InternalErrorException

UserNotAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 Facility facility,
 Group group)
          throws GroupNotAdminException

Remove group of users role admin for the facility

Parameters:

sess -

facility -

group -

Throws:

InternalErrorException

GroupNotAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 Resource resource,
 User user)
          throws UserNotAdminException

Remove user role admin for the resource

Parameters:

sess -

resource -

user -

Throws:

InternalErrorException

UserNotAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 Resource resource,
 Group group)
          throws GroupNotAdminException

Remove group of users role admin for the resource

Parameters:

sess -

resource -

group -

Throws:

InternalErrorException

GroupNotAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 User sponsoredUser,
 User user)
          throws UserNotAdminException

Remove user role admin for the sponsoredUser

Parameters:

sess -

sponsoredUser -

user -

Throws:

InternalErrorException

UserNotAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 User sponsoredUser,
 Group group)
          throws GroupNotAdminException

Remove group of users role admin for the sponsoredUser

Parameters:

sess -

sponsoredUser -

group -

Throws:

InternalErrorException

GroupNotAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 Group group,
 User user)
          throws UserNotAdminException

Remove user role admin for the group

Parameters:

sess -

group -

user -

Throws:

InternalErrorException

UserNotAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 Group group,
 Group authorizedGroup)
          throws GroupNotAdminException

Remove group of users role admin for the group

Parameters:

sess -

group -

authorizedGroup -

Throws:

InternalErrorException

GroupNotAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 SecurityTeam securityTeam,
 User user)
          throws UserNotAdminException

Throws:

UserNotAdminException

removeAdmin

void removeAdmin(PerunSession sess,
 SecurityTeam securityTeam,
 Group group)
          throws GroupNotAdminException

Throws:

GroupNotAdminException

removeAllAuthzForFacility

void removeAllAuthzForFacility(PerunSession sess,
 Facility facility)

Removes all authz entries for the facility

Parameters:

sess -

facility -

Throws:

InternalErrorException

removeAllAuthzForGroup

void removeAllAuthzForGroup(PerunSession sess,
 Group group)

Removes all authz entries for the group

Parameters:

sess -

group -

Throws:

InternalErrorException

removeAllAuthzForResource

void removeAllAuthzForResource(PerunSession sess,
 Resource resource)

Removes all authz entries for the resource

Parameters:

sess -

resource -

Throws:

InternalErrorException

removeAllAuthzForSecurityTeam

void removeAllAuthzForSecurityTeam(PerunSession sess,
 SecurityTeam securityTeam)

Removes all authz entries for the securityTeam

Parameters:

sess -

securityTeam -

Throws:

InternalErrorException

removeAllAuthzForService

void removeAllAuthzForService(PerunSession sess,
 Service service)

Removes all authz entries for the service

Parameters:

sess -

service -

Throws:

InternalErrorException

removeAllAuthzForVo

void removeAllAuthzForVo(PerunSession sess,
 Vo vo)

Removes all authz entries for the vo

Parameters:

sess -

vo -

Throws:

InternalErrorException

removeAllSponsoredUserAuthz

void removeAllSponsoredUserAuthz(PerunSession sess,
 User sponsoredUser)

Removes all authz entries for the sponsoredUser.

Parameters:

sess -

sponsoredUser -

Throws:

InternalErrorException

removeAllUserAuthz

void removeAllUserAuthz(PerunSession sess,
 User user)

Removes all authz entries for the user.

Parameters:

sess -

user -

Throws:

InternalErrorException

removeCabinetAdmin

void removeCabinetAdmin(PerunSession sess,
 User user)
                 throws UserNotAdminException

Remove role Cabinet manager from user.

Parameters:

sess - PerunSession

user - User to have cabinet manager role removed

Throws:

InternalErrorException - If implementation fails

UserNotAdminException - If user was not cabinet admin

removePerunAdmin

void removePerunAdmin(PerunSession sess,
 User user)
               throws UserNotAdminException

Remove role perunAdmin for user.

Parameters:

sess -

user -

Throws:

InternalErrorException

UserNotAdminException

removePerunObserver

void removePerunObserver(PerunSession sess,
 User user)
                  throws UserNotAdminException

Remove role Perun observer from user.

Parameters:

sess -

user -

Throws:

InternalErrorException

UserNotAdminException

removePerunObserverFromAuthorizedGroup

void removePerunObserverFromAuthorizedGroup(PerunSession sess,
 Group authorizedGroup)
                                     throws GroupNotAdminException

Remove role Perun observer from authorizedGroup.

Parameters:

sess -

authorizedGroup -

Throws:

InternalErrorException

GroupNotAdminException

removeResourceRole

void removeResourceRole(PerunSession sess,
 String role,
 Resource resource,
 User user)
                 throws UserNotAdminException

Remove role to user for resource.

Parameters:

sess - session

role - role

resource - resource

user - user

Throws:

InternalErrorException - internal error

UserNotAdminException - user was not admin

removeResourceRole

void removeResourceRole(PerunSession sess,
 String role,
 Resource resource,
 Group group)
                 throws GroupNotAdminException

Remove role to group for resource.

Parameters:

sess - session

role - role

resource - resource

group - group

Throws:

InternalErrorException - internal error

GroupNotAdminException - group was not admin

removeVoRole

void removeVoRole(PerunSession sess,
 String role,
 Vo vo,
 User user)
           throws UserNotAdminException

Removes role from user in a VO.

Parameters:

sess - perun session

role - role of user in a VO

vo - virtual organization

user - user

Throws:

InternalErrorException

UserNotAdminException

removeVoRole

void removeVoRole(PerunSession sess,
 String role,
 Vo vo,
 Group group)
           throws GroupNotAdminException

Removes role from group in a VO.

Parameters:

sess - perun session

role - role of group in a VO

vo - virtual organization

group - group

Throws:

InternalErrorException

GroupNotAdminException

roleExists

boolean roleExists(String role)

Check if the given role exists in the database. Check is case insensitive.

Parameters:

role - which will be checked

Returns:

true if role exists, false otherwise.

setRole

void setRole(PerunSession sess,
 Map<String,Integer> mappingOfValues,
 String role)
      throws RoleAlreadySetException

Set a role according the mapping of values

Parameters:

sess -

mappingOfValues - from which will be the query created (keys are column names and values are their ids)

role - which will be set (just information for exception)

Throws:

InternalErrorException

RoleAlreadySetException

unsetRole

void unsetRole(PerunSession sess,
 Map<String,Integer> mappingOfValues,
 String role)
        throws RoleNotSetException

Unset a role according the mapping of values

Parameters:

sess -

mappingOfValues - from which will be the query created (keys are column names and values are their ids)

role - which will be unset (just information for exception)

Throws:

InternalErrorException

RoleNotSetException