Examples of org.rhq.enterprise.server.authz.PermissionException

• org.rhq.enterprise.server.authz.PermissionException
  This exception is thrown when some operation cannot be performed because the user is not authorized to do so. @author John Mazzitelli

        boolean hasResourceGroupView = authorizationManager.canViewGroup(subject, resourceGroupId);

        if (!hasResourceGroupView) {
            String msg = "Subject [" + subject.getName() + "] requires VIEW permission on resource group  ["
                + resourceGroupId + "].";
            throw new PermissionException(msg);
        }

        Set<Permission> globalPerms = authorizationManager.getExplicitGlobalPermissions(subject);
        boolean hasGlobalDeployBundles = globalPerms.contains(Permission.DEPLOY_BUNDLES);
        boolean hasGlobalViewBundles = globalPerms.contains(Permission.VIEW_BUNDLES);

        if (hasGlobalDeployBundles && hasGlobalViewBundles) {
            return;
        }

        boolean hasResourceGroupDeploy = hasGlobalDeployBundles
            || authorizationManager.hasGroupPermission(subject, Permission.DEPLOY_BUNDLES_TO_GROUP, resourceGroupId);
        boolean hasBundleView = hasGlobalViewBundles || authorizationManager.canViewBundle(subject, bundleId);

        if (!(hasResourceGroupDeploy && hasBundleView)) {
            String msg = "Subject [" + subject.getName()
                + "] requires DEPLOY permission (global or on for resource group [" + resourceGroupId
                + "] and VIEW permission for bundle [" + bundleId + "]";
            throw new PermissionException(msg);
        }
    }

        String msg = "Subject ["
            + subject.getName()
            + "] requires either Global.DELETE_BUNDLES + BundleGroup.VIEW_BUNDLES_IN_GROUP, or BundleGroup.DELETE_BUNDLES_FROM_GROUP, to delete bundle ["
            + bundleId + "].";
        throw new PermissionException(msg);
    }

            permFilter.add(Permission.CREATE_BUNDLES_IN_GROUP);

        } else {
            // if necessary, make sure the bundle is viewable
            if (!hasViewBundles && !authorizationManager.canViewBundle(assigningSubject, bundleId)) {
                throw new PermissionException("Bundle ID [" + bundleId + "] is not viewable by subject ["
                    + assigningSubject.getName() + "]");
            }

            // can assign to bundle groups for which he has create_bundles_in_group or assign_bundles_to_group
            permFilter.add(Permission.CREATE_BUNDLES_IN_GROUP);

        int parentResourceId = importResourceRequest.getParentResourceId();

        if (!this.authorizationManager.hasResourcePermission(subject, Permission.CREATE_CHILD_RESOURCES,
            parentResourceId)) {
            throw new PermissionException("You do not have permission on resource with id " + parentResourceId
                + " to manually add child resources.");
        }

        ResourceType resourceType = this.resourceTypeManager.getResourceTypeById(subject,
            importResourceRequest.getResourceTypeId());

    @RequiredPermission(Permission.MANAGE_INVENTORY)
    public PageList<GroupDefinition> findGroupDefinitionsByCriteria(Subject subject,
        ResourceGroupDefinitionCriteria criteria) {
        if (authorizationManager.isInventoryManager(subject) == false) {
            if (criteria.isInventoryManagerRequired()) {
                throw new PermissionException("Subject [" + subject.getName()
                    + "] requires InventoryManager permission for requested query criteria.");
            }
        }

        CriteriaQueryGenerator generator = new CriteriaQueryGenerator(subject, criteria);

        Resource parentResource = entityManager.find(Resource.class, parentResourceId);

        // Check permissions first
        if (!authorizationManager
            .hasResourcePermission(user, Permission.CREATE_CHILD_RESOURCES, parentResource.getId())) {
            throw new PermissionException("User [" + user.getName()
                + "] does not have permission to create a child resource for resource [" + parentResource + "]");
        }

        ResourceType newResourceType = entityManager.find(ResourceType.class, newResourceTypeId);
        PackageType newPackageType = contentManager.getResourceCreationPackageType(newResourceTypeId);

        Agent agent = parentResource.getAgent();

        // Check permissions first
        if (!authorizationManager
            .hasResourcePermission(user, Permission.CREATE_CHILD_RESOURCES, parentResource.getId())) {
            throw new PermissionException("User [" + user.getName()
                + "] does not have permission to create a child resource for resource [" + parentResource + "]");
        }

        if (!resourceType.isCreatable()
            || (resourceType.getCreationDataType() != ResourceCreationDataType.CONFIGURATION)) {

        Resource parentResource = entityManager.find(Resource.class, parentResourceId);

        // Check permissions first
        if (!authorizationManager.hasResourcePermission(subject, Permission.CREATE_CHILD_RESOURCES,
            parentResource.getId())) {
            throw new PermissionException("User [" + subject.getName()
                + "] does not have permission to create a child resource for resource [" + parentResource + "]");
        }

        ResourceType newResourceType = entityManager.find(ResourceType.class, newResourceTypeId);
        PackageVersion packageVersion = entityManager.find(PackageVersion.class, packageVersionId);

        Resource resource = entityManager.find(Resource.class, resourceId);
        Agent agent = resource.getAgent();

        // Check permissions first
        if (!authorizationManager.hasResourcePermission(subject, Permission.DELETE_RESOURCE, resource.getId())) {
            throw new PermissionException("User [" + subject.getName()
                + "] does not have permission to delete resource [" + resource + "]");
        }

        // Persist in separate transaction so it is committed immediately, before the request is sent to the agent
        DeleteResourceHistory persistedHistory = resourceFactoryManager.persistDeleteHistory(subject, resourceId);

            return data;
        }

        if (context.type == EntityContext.Type.Resource) {
            if (authorizationManager.canViewResource(subject, context.resourceId) == false) {
                throw new PermissionException("User [" + subject.getName()
                    + "] does not have permission to view metric display summaries for resource[id="
                    + context.resourceId + "]");
            }
        } else if (context.type == EntityContext.Type.ResourceGroup) {
            if (authorizationManager.canViewGroup(subject, context.groupId) == false) {
                throw new PermissionException("User [" + subject.getName()
                    + "] does not have permission to view metric display summaries for resourceGroup[id="
                    + context.groupId + "]");
            }
        } else if (context.type == EntityContext.Type.AutoGroup) {
            if (authorizationManager.canViewAutoGroup(subject, context.parentResourceId, context.resourceTypeId) == false) {
                throw new PermissionException("User [" + subject.getName()
                    + "] does not have permission to view metric display summaries for autoGroup[parentResourceId="
                    + context.parentResourceId + ", resourceTypeId=" + context.resourceTypeId + "]");
            }
        }