Examples of org.rhq.enterprise.server.authz.PermissionException

• org.rhq.enterprise.server.authz.PermissionException
  This exception is thrown when some operation cannot be performed because the user is not authorized to do so. @author John Mazzitelli

            if (parent == null) {
                throw new ResourceNotFoundException("Intended parent for new resource does not exist.");
            }

            if (!authorizationManager.hasResourcePermission(user, Permission.CREATE_CHILD_RESOURCES, parent.getId())) {
                throw new PermissionException("You do not have permission to add this resource as a child.");
            }

            if (getResourceByParentAndKey(user, parent, resource.getResourceKey(), resource.getResourceType()
                .getPlugin(), resource.getResourceType().getName()) != null) {
                throw new ResourceAlreadyExistsException("Resource with key '" + resource.getResourceKey()

        if (persistedResource == null) {
            throw new ResourceNotFoundException(resource.getId());
        }

        if (!authorizationManager.hasResourcePermission(user, Permission.MODIFY_RESOURCE, resource.getId())) {
            throw new PermissionException("You do not have permission to modify Resource with id " + resource.getId()
                + ".");
        }

        /*if (getResourceByParentAndKey(user, resource.getParentResource(), resource.getResourceKey()) != null)
         * { throw new ResourceAlreadyExistsException("Resource with key '" + resource.getName() + "' already

        // TODO: There is a pretty good argument for this being replaced with MANAGE_INVENTORY.  It takes an
        // inventory manager to import resources, so why not to remove them?  But, since no one has complained
        // we're timid about making a change that may hamstring existing setups.

        if (!authorizationManager.hasResourcePermission(user, Permission.DELETE_RESOURCE, resourceId)) {
            throw new PermissionException("You do not have permission to uninventory resource [" + resourceId + "]");
        }

        return resourceManager.uninventoryResourceInNewTransaction(resourceId);
    }

        if (resources.size() != 1) {
            throw new ResourceNotFoundException(resourceId);
        }

        if (!authorizationManager.canViewResource(user, resourceId)) {
            throw new PermissionException("User [" + user + "] does not have permission to view resource ["
                + resourceId + "]");
        }

        return resources.get(0);
    }

        } catch (NoResultException e) {
            return null;
        }

        if (!authorizationManager.canViewResource(user, resource.getId())) {
            throw new PermissionException("You do not have permission to get this resource by parent and key.");
        }

        return resource;
    }

    @NotNull
    @SuppressWarnings("unchecked")
    public List<ResourceError> findResourceErrors(Subject user, int resourceId, ResourceErrorType errorType) {
        // do authz check
        if (!authorizationManager.canViewResource(user, resourceId)) {
            throw new PermissionException("User [" + user + "] does not have permission to view resource ["
                + resourceId + "]");
        }

        // we passed authz check, now get the errors
        Query query = entityManager.createNamedQuery(ResourceError.QUERY_FIND_BY_RESOURCE_ID_AND_ERROR_TYPE);

    @NotNull
    @SuppressWarnings("unchecked")
    public List<ResourceError> findResourceErrors(Subject user, int resourceId) {
        // do authz check
        if (!authorizationManager.canViewResource(user, resourceId)) {
            throw new PermissionException("User [" + user + "] does not have permission to view resource ["
                + resourceId + "]");
        }

        // we passed authz check, now get the errors
        Query query = entityManager.createNamedQuery(ResourceError.QUERY_FIND_BY_RESOURCE_ID);

    @Override
    @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
    public int clearResourceConfigErrorByType(Subject subject, int resourceId, ResourceErrorType resourceErrorType) {

        if (!authorizationManager.canViewResource(subject, resourceId)) {
            throw new PermissionException("Cannot delete resource errors of type [" + resourceErrorType + "]. User ["
                + subject.getName() + "] does not have permission to operate on resource ID [" + resourceId + "].");
        }

        Query q = entityManager
            .createQuery("DELETE FROM ResourceError e WHERE e.resource.id = :resourceId AND e.errorType = :type");

        ResourceError error = entityManager.find(ResourceError.class, resourceErrorId);

        if (error != null) {
            if (!authorizationManager.hasResourcePermission(user, Permission.MODIFY_RESOURCE, error.getResource()
                .getId())) {
                throw new PermissionException("Cannot delete Resource error [" + resourceErrorId + "]. User [" + user
                    + "] does not have permission to modify Resource [" + error.getResource().getName() + "].");
            }

            entityManager.remove(error);
        }

    @Override
    @SuppressWarnings("unchecked")
    public ResourceAvailabilitySummary getAvailabilitySummary(Subject user, int resourceId) {
        if (!authorizationManager.canViewResource(user, resourceId)) {
            throw new PermissionException("Cannot view resource availability. User [" + user
                + "] does not have permission to view the resource [" + resourceId + "].");
        }

        Query query = entityManager.createNamedQuery(Availability.FIND_BY_RESOURCE);
        query.setParameter("resourceId", resourceId);