Package org.rhq.enterprise.server.authz

Examples of org.rhq.enterprise.server.authz.PermissionException

2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
    public List<Resource> findResourceLineage(Subject subject, int resourceId) {
        List<Resource> result = getResourceLineage(resourceId);

        for (Resource resource : result) {
            if (!authorizationManager.canViewResource(subject, resource.getId())) {
                throw new PermissionException("User [" + subject + "] does not have permission to view resource ["
                    + resource.getId() + "]");
            }
        }

        return result;
View Full Code Here
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
        CriteriaQueryGenerator generator = new CriteriaQueryGenerator(subject, criteria);
        generator.alterProjection(compositeProjection);

        if (isInventoryManager == false) {
            if (criteria.isInventoryManagerRequired()) {
                throw new PermissionException("Subject [" + subject.getName()
                    + "] requires InventoryManager permission for requested query criteria.");
            }

            generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.RESOURCE, null,
                subject.getId());
View Full Code Here
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
    public PageList<Resource> findResourcesByCriteria(Subject subject, ResourceCriteria criteria) {
        CriteriaQueryGenerator generator = new CriteriaQueryGenerator(subject, criteria);

        if (authorizationManager.isInventoryManager(subject) == false) {
            if (criteria.isInventoryManagerRequired()) {
                throw new PermissionException("Subject [" + subject.getName()
                    + "] requires InventoryManager permission for requested query criteria.");
            }

            generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.RESOURCE, null,
                subject.getId());
View Full Code Here
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
            }

        } while (parent != null);
        if (resource != null) {
            if (!authorizationManager.canViewResource(subject, resource.getId())) {
                throw new PermissionException("User [" + subject + "] does not have permission to view resource ["
                    + resource.getId() + "]");
            }
        }
        return resource;
    }
View Full Code Here
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
    @Override
    public Resource getParentResource(Subject subject, int resourceId) {
        Resource resource = getParentResource(resourceId);

        if (!authorizationManager.canViewResource(subject, resource.getId())) {
            throw new PermissionException("User [" + subject + "] does not have permission to view resource ["
                + resource.getId() + "]");
        }

        return resource;
    }
View Full Code Here
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
            // make sure the user is authorized to disable this resource (which implies you can disable all its children)
            // TODO: this may require its own permission, but until someone needs it we'll piggyback on DELETE, at least
            // that gives a resource-level permission option.
            if (!isInventoryManager
                && !authorizationManager.hasResourcePermission(subject, Permission.DELETE_RESOURCE, resourceId)) {
                throw new PermissionException("You do not have permission to disable resource [" + resourceId + "]");
            }

            Resource resource = entityManager.find(Resource.class, resourceId);

            if (null == resource) {
View Full Code Here
155
156
157
158
159
160
161
162
163
164
165
        if (alertDefinition == null) {
            return null; // fail-fast to avoid downstream NPEs
        }

        if (checkViewPermission(subject, alertDefinition) == false) {
            throw new PermissionException("User[" + subject.getName()
                + "] does not have permission to view alertDefinition[id=" + alertDefinitionId + "] for resource[id="
                + alertDefinition.getResource().getId() + "]");
        }

        alertDefinition.getConditions().size();
View Full Code Here
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
            // make sure the user is authorized to enable this resource (which implies you can enable all its children)
            // TODO: this may require its own permission, but until someone needs it we'll piggyback on DELETE, at least
            // that gives a resource-level permission option.
            if (!isInventoryManager
                && !authorizationManager.hasResourcePermission(subject, Permission.DELETE_RESOURCE, resourceId)) {
                throw new PermissionException("You do not have permission to enable resource [" + resourceId + "]");
            }

            Resource resource = entityManager.find(Resource.class, resourceId);
            if (null == resource) {
                LOG.info("Enable resource not possible, resource with id [" + resourceId + "] was not found");
View Full Code Here
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
        }

        // after the resource is set up (in the case of non-templates), we can use the checkPermission on it
        if (checkPerms && checkPermission(subject, alertDefinition) == false) {
            if (alertDefinition.getResourceType() != null) {
                throw new PermissionException("User [" + subject.getName()
                    + "] does not have permission to create alert templates for type ["
                    + alertDefinition.getResourceType() + "]");
            } else if (alertDefinition.getGroup() != null) {
                throw new PermissionException("User [" + subject.getName()
                    + "] does not have permission to create alert definitions for group [" + alertDefinition.getGroup()
                    + "]");
            } else {
                throw new PermissionException("User [" + subject.getName()
                    + "] does not have permission to create alert definitions for resource ["
                    + alertDefinition.getResource() + "]");
            }
        }
View Full Code Here
611
612
613
614
615
616
617
618
619
620
621
    @Override
    @SuppressWarnings("unchecked")
    public List<AlertDefinition> findAllRecoveryDefinitionsById(Subject subject, Integer alertDefinitionId) {
        if (authorizationManager.isOverlord(subject) == false) {
            throw new PermissionException("User [" + subject.getName() + "] does not have permission to call "
                + "getAllRecoveryDefinitionsById; only the overlord has that right");
        }

        Query query = entityManager.createNamedQuery(AlertDefinition.QUERY_FIND_ALL_BY_RECOVERY_DEFINITION_ID);
        query.setParameter("recoveryDefinitionId", alertDefinitionId);
View Full Code Here
TOP

Related Classes of org.rhq.enterprise.server.authz.PermissionException

  • org.rhq.coregui.server.gwt.LdapGWTServiceImpl
  • org.rhq.coregui.server.gwt.PluginFileUploadServlet
  • org.rhq.enterprise.gui.admin.plugin.AbstractPluginConfigurationUIBean
  • org.rhq.enterprise.gui.admin.plugin.InstalledPluginsUIBean
  • org.rhq.enterprise.gui.admin.role.ChangeOwnerFormPrepareAction
  • org.rhq.enterprise.gui.admin.role.RoleAdminPortalAction
  • org.rhq.enterprise.gui.ha.ViewAgentUIBean
  • org.rhq.enterprise.gui.ha.ViewServerUIBean
  • org.rhq.enterprise.server.alert.AlertConditionManagerBean
  • org.rhq.enterprise.server.alert.AlertDefinitionManagerBean
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.