Package cz.metacentrum.perun.core.impl
Class AuthzResolverImpl
java.lang.Object
cz.metacentrum.perun.core.impl.AuthzResolverImpl
- All Implemented Interfaces:
AuthzResolverImplApi
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidaddAdmin(PerunSession sess, Facility facility, Group group) Add group of users role admin for the facilityvoidaddAdmin(PerunSession sess, Facility facility, User user) Add user role admin for the facilityvoidaddAdmin(PerunSession sess, Group group, Group authorizedGroup) Add group of users role admin for the groupvoidaddAdmin(PerunSession sess, Group group, User user) Add user role admin for the groupvoidaddAdmin(PerunSession sess, Resource resource, Group group) Add group of users role admin for the resourcevoidaddAdmin(PerunSession sess, Resource resource, User user) Add user role admin for the resourcevoidaddAdmin(PerunSession sess, User sponsoredUser, Group group) Add group of users role admin for the sponsored uservoidaddAdmin(PerunSession sess, User sponsoredUser, User user) Add user role admin for the sponsored uservoidaddResourceRole(PerunSession sess, Group group, String role, Resource resource) Sets role to given group for given resource.voidaddResourceRole(PerunSession sess, User user, String role, Resource resource) Sets role to given user for given resource.voidaddVoRole(PerunSession sess, String role, Vo vo, Group group) Adds role for group in a VO.voidaddVoRole(PerunSession sess, String role, Vo vo, User user) Adds role for user in VO.static List<PerunPolicy> fetchPolicyWithAllIncludedPolicies(String policyName) Get the policy according the policy name and all its inlcuded policies (without cycle).getAdminGroups(Map<String, Integer> mappingOfValues) Get all authorizedGroups for complementary object and role.Get all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.static List<PerunPolicy> Return all loaded perun policies.static List<RoleManagementRules> Return all loaded roles management rules.getFacilitiesWhereUserIsInRoles(User user, List<String> roles) Get all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.getGroupsWhereUserIsInRoles(User user, List<String> roles) Get all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.getMembersWhereUserIsInRoles(User user, List<String> roles) Get all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.static PerunPolicygetPerunPolicy(String policyName) Get PerunPolicy for the policy name from the PerunPoliciesContainergetResourcesWhereUserIsInRoles(User user, List<String> roles) Get all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.Returns map of role name and map of corresponding role complementary objects (perun beans) distinguished by type. * together with list of authorized groups where user is member: * Mapinvalid input: '<' RoleName, Mapinvalid input: '<' BeanName, Mapinvalid input: '<' BeanID, List>>> Fetch the identification of the role from the table roles in the database;intgetRoleIdByName(String name) Returns role id based on its namestatic RoleManagementRulesgetRoleManagementRules(String roleName) Get RoleManagementRules for the role name from the PerunPoliciesContainerReturns all group's roles.Returns user's direct roles, can also include roles resulting from being a VALID member of authorized groupsReturns user's roles resulting from being a VALID member of authorized groupsgetVoIdsForGroupInRole(PerunSession sess, Group group, String role) Gets list of VOs for which the group has the role.getVoIdsForUserInRole(PerunSession sess, User user, String role) Gets list of VOs for which the user has the role.getVosWhereUserIsInRoles(User user, List<String> roles) Get all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.booleangroupMatchesUserRolesFilter(PerunSession sess, User user, Group group, List<String> roles, List<RoleAssignmentType> types) Check if the given group passes the user's roles filter.voidLoad all authorization components to the database and to the PerunPoliciesContainerbooleanisGroupInRoleForVo(PerunSession session, Group group, String role, Vo vo) Checks whether the gruop is in role for Vo.booleanisUserInRoleForVo(PerunSession session, User user, String role, Vo vo) Checks whether the user is in role for Vo.booleanisVoAdminOrObserver(PerunSession sess, Vo vo) Returns true if the user in session is vo admin or vo observer of specific vovoidLoad perun roles and policies from the configuration file perun-roles.yml.voidmakeAuthorizedGroupPerunObserver(PerunSession sess, Group authorizedGroup) Make group Perun observervoidmakeUserCabinetAdmin(PerunSession sess, User user) Make user Cabinet manager.voidmakeUserPerunAdmin(PerunSession sess, User user) Make user to be perunAdminvoidmakeUserPerunObserver(PerunSession sess, User user) Make user Perun observervoidremoveAdmin(PerunSession sess, Facility facility, Group group) Remove group of users role admin for the facilityvoidremoveAdmin(PerunSession sess, Facility facility, User user) Remove user role admin for the facilityvoidremoveAdmin(PerunSession sess, Group group, Group authorizedGroup) Remove group of users role admin for the groupvoidremoveAdmin(PerunSession sess, Group group, User user) Remove user role admin for the groupvoidremoveAdmin(PerunSession sess, Resource resource, Group group) Remove group of users role admin for the resourcevoidremoveAdmin(PerunSession sess, Resource resource, User user) Remove user role admin for the resourcevoidremoveAdmin(PerunSession sess, User sponsoredUser, Group group) Remove group of users role admin for the sponsoredUservoidremoveAdmin(PerunSession sess, User sponsoredUser, User user) Remove user role admin for the sponsoredUservoidremoveAllAuthzForFacility(PerunSession sess, Facility facility) Removes all authz entries for the facilityvoidremoveAllAuthzForGroup(PerunSession sess, Group group) Removes all authz entries for the groupvoidremoveAllAuthzForResource(PerunSession sess, Resource resource) Removes all authz entries for the resourcevoidremoveAllAuthzForService(PerunSession sess, Service service) Removes all authz entries for the servicevoidremoveAllAuthzForVo(PerunSession sess, Vo vo) Removes all authz entries for the vovoidremoveAllSponsoredUserAuthz(PerunSession sess, User sponsoredUser) Removes all authz entries for the sponsoredUser.voidremoveAllUserAuthz(PerunSession sess, User user) Removes all authz entries for the user.voidremoveCabinetAdmin(PerunSession sess, User user) Remove role Cabinet manager from user.voidremovePerunAdmin(PerunSession sess, User user) Remove role perunAdmin for user.voidremovePerunObserver(PerunSession sess, User user) Remove role Perun observer from user.voidremovePerunObserverFromAuthorizedGroup(PerunSession sess, Group authorizedGroup) Remove role Perun observer from authorizedGroup.voidremoveResourceRole(PerunSession sess, String role, Resource resource, Group group) Remove role to group for resource.voidremoveResourceRole(PerunSession sess, String role, Resource resource, User user) Remove role to user for resource.voidremoveVoRole(PerunSession sess, String role, Vo vo, Group group) Removes role from group in a VO.voidremoveVoRole(PerunSession sess, String role, Vo vo, User user) Removes role from user in a VO.booleanroleExists(String role) Check if the given role exists in the database.voidsetPerunRolesLoader(PerunRolesLoader perunRolesLoader) voidSet a role according the mapping of valuesbooleansomeAdminExists(Map<String, Integer> mappingOfValues, boolean onlyDirectAdmins) Check if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).voidUnset a role according the mapping of values
-
Constructor Details
-
AuthzResolverImpl
-
-
Method Details
-
getPerunPolicy
Get PerunPolicy for the policy name from the PerunPoliciesContainer- Parameters:
policyName- for which will be the policy fetched- Returns:
- PerunPolicy for the role name
- Throws:
PolicyNotExistsException- of there is no policy for the policy name
-
fetchPolicyWithAllIncludedPolicies
public static List<PerunPolicy> fetchPolicyWithAllIncludedPolicies(String policyName) throws PolicyNotExistsException Get the policy according the policy name and all its inlcuded policies (without cycle).- Parameters:
policyName- from which will be the policies fetched- Returns:
- list of policies
- Throws:
PolicyNotExistsException- if policy or some included policies does not exists in PerunPoliciesContainer
-
getAllPolicies
Return all loaded perun policies.- Returns:
- all loaded policies
-
getAllRolesManagementRules
Return all loaded roles management rules.- Returns:
- all roles management rules
-
getRoleManagementRules
public static RoleManagementRules getRoleManagementRules(String roleName) throws RoleManagementRulesNotExistsException Get RoleManagementRules for the role name from the PerunPoliciesContainer- Parameters:
roleName- for which will be the rules fetched- Returns:
- RoleManagementRules for the role name
- Throws:
PolicyNotExistsException- of there are no rules for the role nameRoleManagementRulesNotExistsException
-
addAdmin
Description copied from interface:AuthzResolverImplApiAdd user role admin for the facility- Specified by:
addAdminin interfaceAuthzResolverImplApi- Parameters:
sess-facility-user-- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, Facility facility, Group group) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApiAdd group of users role admin for the facility- Specified by:
addAdminin interfaceAuthzResolverImplApi- Parameters:
sess-facility-group-- Throws:
AlreadyAdminException
-
addAdmin
Description copied from interface:AuthzResolverImplApiAdd user role admin for the resource- Specified by:
addAdminin interfaceAuthzResolverImplApi- Parameters:
sess-resource-user-- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, Resource resource, Group group) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApiAdd group of users role admin for the resource- Specified by:
addAdminin interfaceAuthzResolverImplApi- Parameters:
sess-resource-group-- Throws:
AlreadyAdminException
-
addAdmin
Description copied from interface:AuthzResolverImplApiAdd user role admin for the sponsored user- Specified by:
addAdminin interfaceAuthzResolverImplApi- Parameters:
sess-sponsoredUser-user-- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, User sponsoredUser, Group group) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApiAdd group of users role admin for the sponsored user- Specified by:
addAdminin interfaceAuthzResolverImplApi- Parameters:
sess-sponsoredUser-group-- Throws:
AlreadyAdminException
-
addAdmin
Description copied from interface:AuthzResolverImplApiAdd user role admin for the group- Specified by:
addAdminin interfaceAuthzResolverImplApi- Parameters:
sess-group-user-- Throws:
AlreadyAdminException
-
addAdmin
public void addAdmin(PerunSession sess, Group group, Group authorizedGroup) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApiAdd group of users role admin for the group- Specified by:
addAdminin interfaceAuthzResolverImplApi- Parameters:
sess-group-authorizedGroup-- Throws:
AlreadyAdminException
-
addResourceRole
public void addResourceRole(PerunSession sess, User user, String role, Resource resource) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApiSets role to given user for given resource.- Specified by:
addResourceRolein interfaceAuthzResolverImplApi- Parameters:
sess- sessionuser- userrole- roleresource- resource- Throws:
AlreadyAdminException- when already in role
-
addResourceRole
public void addResourceRole(PerunSession sess, Group group, String role, Resource resource) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApiSets role to given group for given resource.- Specified by:
addResourceRolein interfaceAuthzResolverImplApi- Parameters:
sess- sessiongroup- grouprole- roleresource- resource- Throws:
AlreadyAdminException- when already in role
-
addVoRole
public void addVoRole(PerunSession sess, String role, Vo vo, User user) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApiAdds role for user in VO.- Specified by:
addVoRolein interfaceAuthzResolverImplApi- Parameters:
sess- perun sessionrole- role of user in VOvo- virtual organizationuser- user- Throws:
AlreadyAdminException
-
addVoRole
public void addVoRole(PerunSession sess, String role, Vo vo, Group group) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApiAdds role for group in a VO.- Specified by:
addVoRolein interfaceAuthzResolverImplApi- Parameters:
sess- perun sessionrole- role of group in VOvo- virtual organizationgroup- group- Throws:
AlreadyAdminException
-
getAdminGroups
Description copied from interface:AuthzResolverImplApiGet all authorizedGroups for complementary object and role.- Specified by:
getAdminGroupsin interfaceAuthzResolverImplApi- Parameters:
mappingOfValues- according to which will be the role selected- Returns:
- list of authorizedGroups
-
getAdmins
Description copied from interface:AuthzResolverImplApiGet all valid richUser administrators (for group-based rights, status must be VALID for both Vo and group) for complementary object and role with specified attributes.- Specified by:
getAdminsin interfaceAuthzResolverImplApi- Parameters:
mappingOfValues- from which will be the query created (keys are column names and values are their ids)onlyDirectAdmins- if we do not want to include also members of authorized groups.- Returns:
- list of user administrators for complementary object and role with specified attributes.
-
someAdminExists
Description copied from interface:AuthzResolverImplApiCheck if some valid user with specific role exists for given complementary object (for group-based rights, status must be VALID for both Vo and group).- Specified by:
someAdminExistsin interfaceAuthzResolverImplApi- Parameters:
mappingOfValues- from which will be the query created (keys are column names and values are their ids)onlyDirectAdmins- if true, search only direct user administrators (if false, search both direct and indirect)- Returns:
- true, if some user with required role exists, false otherwise.
-
getFacilitiesWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApiGet all Facilities where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.- Specified by:
getFacilitiesWhereUserIsInRolesin interfaceAuthzResolverImplApi- Parameters:
user- for who Facilities are retrievedroles- for which Facilities are retrieved- Returns:
- Set of Facilities
-
getGroupsWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApiGet all Groups where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.Method does not return subgroups of the fetched groups.
- Specified by:
getGroupsWhereUserIsInRolesin interfaceAuthzResolverImplApi- Parameters:
user- for who Groups are retrievedroles- for which Groups are retrieved- Returns:
- Set of Groups
-
getMembersWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApiGet all Members where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.- Specified by:
getMembersWhereUserIsInRolesin interfaceAuthzResolverImplApi- Parameters:
user- for who Members are retrievedroles- for which Members are retrieved- Returns:
- Set of Members
-
getResourcesWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApiGet all Resources where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.- Specified by:
getResourcesWhereUserIsInRolesin interfaceAuthzResolverImplApi- Parameters:
user- for who Resources are retrievedroles- for which Resources are retrieved- Returns:
- Set of Resources
-
getRoleComplementaryObjectsWithAuthorizedGroups
public Map<String,Map<String, getRoleComplementaryObjectsWithAuthorizedGroupsMap<Integer, List<Group>>>> (User user) Description copied from interface:AuthzResolverImplApiReturns map of role name and map of corresponding role complementary objects (perun beans) distinguished by type. * together with list of authorized groups where user is member: * Mapinvalid input: '<' RoleName, Mapinvalid input: '<' BeanName, Mapinvalid input: '<' BeanID, List>>> - Specified by:
getRoleComplementaryObjectsWithAuthorizedGroupsin interfaceAuthzResolverImplApi- Parameters:
user-- Returns:
- Mapinvalid input: '<'String, Map invalid input: '<' String, Map invalid input: '<' Integer, List invalid input: '<' Group>>>> complementary objects with associated authorized groups
-
getRoleId
Description copied from interface:AuthzResolverImplApiFetch the identification of the role from the table roles in the database;- Specified by:
getRoleIdin interfaceAuthzResolverImplApi- Returns:
- identification of the role
-
getRoleIdByName
Returns role id based on its name- Specified by:
getRoleIdByNamein interfaceAuthzResolverImplApi- Parameters:
name- - name of the role- Returns:
- role id
-
getRoles
Description copied from interface:AuthzResolverImplApiReturns user's direct roles, can also include roles resulting from being a VALID member of authorized groups- Specified by:
getRolesin interfaceAuthzResolverImplApi- Parameters:
user-getAuthorizedGroupBasedRoles-- Returns:
- AuthzRoles object which contains all roles with perunbeans
-
getRoles
Description copied from interface:AuthzResolverImplApiReturns all group's roles.- Specified by:
getRolesin interfaceAuthzResolverImplApi- Parameters:
group-- Returns:
- AuthzRoles object which contains all roles with perunbeans
-
getRolesObtainedFromAuthorizedGroupMemberships
Description copied from interface:AuthzResolverImplApiReturns user's roles resulting from being a VALID member of authorized groups- Specified by:
getRolesObtainedFromAuthorizedGroupMembershipsin interfaceAuthzResolverImplApi- Parameters:
user- user- Returns:
- AuthzRoles object which contains roles with perunbeans
-
getVoIdsForGroupInRole
Description copied from interface:AuthzResolverImplApiGets list of VOs for which the group has the role.- Specified by:
getVoIdsForGroupInRolein interfaceAuthzResolverImplApi- Parameters:
sess- perun sessiongroup- grouprole- role of group- Returns:
- list of VOs from which the group has the role
-
getVoIdsForUserInRole
Description copied from interface:AuthzResolverImplApiGets list of VOs for which the user has the role.- Specified by:
getVoIdsForUserInRolein interfaceAuthzResolverImplApi- Parameters:
sess- perun sessionuser- userrole- role of user- Returns:
- list of VOs for which the user has the role.
-
getVosWhereUserIsInRoles
Description copied from interface:AuthzResolverImplApiGet all Vos where the given user has set one of the given roles or the given user is a member of an authorized group with such roles.- Specified by:
getVosWhereUserIsInRolesin interfaceAuthzResolverImplApi- Parameters:
user- for who Vos are retrievedroles- for which Vos are retrieved- Returns:
- Set of Vos
-
groupMatchesUserRolesFilter
public boolean groupMatchesUserRolesFilter(PerunSession sess, User user, Group group, List<String> roles, List<RoleAssignmentType> types) Description copied from interface:AuthzResolverImplApiCheck if the given group passes the user's roles filter.- Specified by:
groupMatchesUserRolesFilterin interfaceAuthzResolverImplApi- Parameters:
sess- sessionuser- usergroup- grouproles- list of selected roles (if empty, then return groups by all roles)types- list of selected types of roles (if empty, then return by roles of all types)- Returns:
- list of groups
-
initialize
public void initialize()Load all authorization components to the database and to the PerunPoliciesContainer- Throws:
InternalErrorException
-
isGroupInRoleForVo
Description copied from interface:AuthzResolverImplApiChecks whether the gruop is in role for Vo.- Specified by:
isGroupInRoleForVoin interfaceAuthzResolverImplApi- Parameters:
session- perun sessiongroup- grouprole- role of groupvo- virtual organization- Returns:
- true if group is in role for VO, otherwise false.
-
isUserInRoleForVo
Description copied from interface:AuthzResolverImplApiChecks whether the user is in role for Vo.- Specified by:
isUserInRoleForVoin interfaceAuthzResolverImplApi- Parameters:
session- perun sessionuser- userrole- role of uservo- virtual organisation- Returns:
- true if user is in role for VO, otherwise false.
-
isVoAdminOrObserver
Returns true if the user in session is vo admin or vo observer of specific vo- Specified by:
isVoAdminOrObserverin interfaceAuthzResolverImplApi- Parameters:
sess- - sessionvo- - vo- Returns:
-
loadAuthorizationComponents
public void loadAuthorizationComponents()Description copied from interface:AuthzResolverImplApiLoad perun roles and policies from the configuration file perun-roles.yml. Roles are loaded to the database and policies are loaded to the PerunPoliciesContainer.- Specified by:
loadAuthorizationComponentsin interfaceAuthzResolverImplApi
-
makeAuthorizedGroupPerunObserver
public void makeAuthorizedGroupPerunObserver(PerunSession sess, Group authorizedGroup) throws AlreadyAdminException Description copied from interface:AuthzResolverImplApiMake group Perun observer- Specified by:
makeAuthorizedGroupPerunObserverin interfaceAuthzResolverImplApi- Parameters:
sess- the perunSessionauthorizedGroup- authorizedGroup to be promoted to perunObserver- Throws:
AlreadyAdminException
-
makeUserCabinetAdmin
Description copied from interface:AuthzResolverImplApiMake user Cabinet manager.- Specified by:
makeUserCabinetAdminin interfaceAuthzResolverImplApi- Parameters:
sess- PerunSessionuser- User to add Cabinet manager role.
-
makeUserPerunAdmin
Description copied from interface:AuthzResolverImplApiMake user to be perunAdmin- Specified by:
makeUserPerunAdminin interfaceAuthzResolverImplApi- Parameters:
sess-user-- Throws:
AlreadyAdminException
-
makeUserPerunObserver
Description copied from interface:AuthzResolverImplApiMake user Perun observer- Specified by:
makeUserPerunObserverin interfaceAuthzResolverImplApi- Parameters:
sess- the perunSessionuser- user to be promoted to perunObserver- Throws:
AlreadyAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Facility facility, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApiRemove user role admin for the facility- Specified by:
removeAdminin interfaceAuthzResolverImplApi- Parameters:
sess-facility-user-- Throws:
UserNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Facility facility, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApiRemove group of users role admin for the facility- Specified by:
removeAdminin interfaceAuthzResolverImplApi- Parameters:
sess-facility-group-- Throws:
GroupNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Resource resource, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApiRemove user role admin for the resource- Specified by:
removeAdminin interfaceAuthzResolverImplApi- Parameters:
sess-resource-user-- Throws:
UserNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Resource resource, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApiRemove group of users role admin for the resource- Specified by:
removeAdminin interfaceAuthzResolverImplApi- Parameters:
sess-resource-group-- Throws:
GroupNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, User sponsoredUser, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApiRemove user role admin for the sponsoredUser- Specified by:
removeAdminin interfaceAuthzResolverImplApi- Parameters:
sess-sponsoredUser-user-- Throws:
UserNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, User sponsoredUser, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApiRemove group of users role admin for the sponsoredUser- Specified by:
removeAdminin interfaceAuthzResolverImplApi- Parameters:
sess-sponsoredUser-group-- Throws:
GroupNotAdminException
-
removeAdmin
Description copied from interface:AuthzResolverImplApiRemove user role admin for the group- Specified by:
removeAdminin interfaceAuthzResolverImplApi- Parameters:
sess-group-user-- Throws:
UserNotAdminException
-
removeAdmin
public void removeAdmin(PerunSession sess, Group group, Group authorizedGroup) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApiRemove group of users role admin for the group- Specified by:
removeAdminin interfaceAuthzResolverImplApi- Parameters:
sess-group-authorizedGroup-- Throws:
GroupNotAdminException
-
removeAllAuthzForFacility
Description copied from interface:AuthzResolverImplApiRemoves all authz entries for the facility- Specified by:
removeAllAuthzForFacilityin interfaceAuthzResolverImplApi- Parameters:
sess-facility-
-
removeAllAuthzForGroup
Description copied from interface:AuthzResolverImplApiRemoves all authz entries for the group- Specified by:
removeAllAuthzForGroupin interfaceAuthzResolverImplApi- Parameters:
sess-group-
-
removeAllAuthzForResource
Description copied from interface:AuthzResolverImplApiRemoves all authz entries for the resource- Specified by:
removeAllAuthzForResourcein interfaceAuthzResolverImplApi- Parameters:
sess-resource-
-
removeAllAuthzForService
Description copied from interface:AuthzResolverImplApiRemoves all authz entries for the service- Specified by:
removeAllAuthzForServicein interfaceAuthzResolverImplApi- Parameters:
sess-service-
-
removeAllAuthzForVo
Description copied from interface:AuthzResolverImplApiRemoves all authz entries for the vo- Specified by:
removeAllAuthzForVoin interfaceAuthzResolverImplApi- Parameters:
sess-vo-
-
removeAllSponsoredUserAuthz
Description copied from interface:AuthzResolverImplApiRemoves all authz entries for the sponsoredUser.- Specified by:
removeAllSponsoredUserAuthzin interfaceAuthzResolverImplApi- Parameters:
sess-sponsoredUser-
-
removeAllUserAuthz
Description copied from interface:AuthzResolverImplApiRemoves all authz entries for the user.- Specified by:
removeAllUserAuthzin interfaceAuthzResolverImplApi- Parameters:
sess-user-
-
removeCabinetAdmin
Description copied from interface:AuthzResolverImplApiRemove role Cabinet manager from user.- Specified by:
removeCabinetAdminin interfaceAuthzResolverImplApi- Parameters:
sess- PerunSessionuser- User to have cabinet manager role removed- Throws:
UserNotAdminException- If user was not cabinet admin
-
removePerunAdmin
Description copied from interface:AuthzResolverImplApiRemove role perunAdmin for user.- Specified by:
removePerunAdminin interfaceAuthzResolverImplApi- Parameters:
sess-user-- Throws:
UserNotAdminException
-
removePerunObserver
Description copied from interface:AuthzResolverImplApiRemove role Perun observer from user.- Specified by:
removePerunObserverin interfaceAuthzResolverImplApi- Parameters:
sess-user-- Throws:
UserNotAdminException
-
removePerunObserverFromAuthorizedGroup
public void removePerunObserverFromAuthorizedGroup(PerunSession sess, Group authorizedGroup) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApiRemove role Perun observer from authorizedGroup.- Specified by:
removePerunObserverFromAuthorizedGroupin interfaceAuthzResolverImplApi- Parameters:
sess-authorizedGroup-- Throws:
GroupNotAdminException
-
removeResourceRole
public void removeResourceRole(PerunSession sess, String role, Resource resource, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApiRemove role to user for resource.- Specified by:
removeResourceRolein interfaceAuthzResolverImplApi- Parameters:
sess- sessionrole- roleresource- resourceuser- user- Throws:
UserNotAdminException- user was not admin
-
removeResourceRole
public void removeResourceRole(PerunSession sess, String role, Resource resource, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApiRemove role to group for resource.- Specified by:
removeResourceRolein interfaceAuthzResolverImplApi- Parameters:
sess- sessionrole- roleresource- resourcegroup- group- Throws:
GroupNotAdminException- group was not admin
-
removeVoRole
public void removeVoRole(PerunSession sess, String role, Vo vo, User user) throws UserNotAdminException Description copied from interface:AuthzResolverImplApiRemoves role from user in a VO.- Specified by:
removeVoRolein interfaceAuthzResolverImplApi- Parameters:
sess- perun sessionrole- role of user in a VOvo- virtual organizationuser- user- Throws:
UserNotAdminException
-
removeVoRole
public void removeVoRole(PerunSession sess, String role, Vo vo, Group group) throws GroupNotAdminException Description copied from interface:AuthzResolverImplApiRemoves role from group in a VO.- Specified by:
removeVoRolein interfaceAuthzResolverImplApi- Parameters:
sess- perun sessionrole- role of group in a VOvo- virtual organizationgroup- group- Throws:
GroupNotAdminException
-
roleExists
Description copied from interface:AuthzResolverImplApiCheck if the given role exists in the database. Check is case insensitive.- Specified by:
roleExistsin interfaceAuthzResolverImplApi- Parameters:
role- which will be checked- Returns:
- true if role exists, false otherwise.
-
setPerunRolesLoader
-
setRole
public void setRole(PerunSession sess, Map<String, Integer> mappingOfValues, String role) throws RoleAlreadySetExceptionDescription copied from interface:AuthzResolverImplApiSet a role according the mapping of values- Specified by:
setRolein interfaceAuthzResolverImplApi- Parameters:
sess-mappingOfValues- from which will be the query created (keys are column names and values are their ids)role- which will be set (just information for exception)- Throws:
RoleAlreadySetException
-
unsetRole
public void unsetRole(PerunSession sess, Map<String, Integer> mappingOfValues, String role) throws RoleNotSetExceptionDescription copied from interface:AuthzResolverImplApiUnset a role according the mapping of values- Specified by:
unsetRolein interfaceAuthzResolverImplApi- Parameters:
sess-mappingOfValues- from which will be the query created (keys are column names and values are their ids)role- which will be unset (just information for exception)- Throws:
RoleNotSetException
-