Merge branch 'master' into production

Author: HejdaJakub

package-lock.json

@@ -2,13 +2,13 @@
 	"name": "perun",
 	"version": "0.0.0-development",
 	"devDependencies": {
-		"@commitlint/cli": "17.7.1",
+		"@commitlint/cli": "17.7.2",
 		"@commitlint/config-conventional": "17.7.0",
-		"@commitlint/cz-commitlint": "17.7.1",
+		"@commitlint/cz-commitlint": "17.7.2",
 		"@semantic-release/changelog": "6.0.3",
 		"@semantic-release/exec": "6.0.3",
 		"@semantic-release/git": "10.0.1",
-		"@semantic-release/github": "9.0.7",
+		"@semantic-release/github": "9.2.1",
 		"commitizen": "4.3.0",
 		"conventional-changelog-conventionalcommits": "6.1.0",
 		"inquirer": "8.2.6",

package.json

@@ -6209,6 +6209,15 @@ perun_policies:
     include_policies:
       - default_policy
 
+  getAssociatedResources_Facility_User_policy:
+    policy_roles:
+      - FACILITYADMIN: Facility
+      - FACILITYOBSERVER: Facility
+      - SELF: User
+      - PERUNOBSERVER:
+    include_policies:
+      - default_policy
+
   findUsers_String_policy:
     policy_roles:
       - PERUNOBSERVER:
@@ -7924,6 +7933,7 @@ perun_policies:
       - PERUNOBSERVER:
       - GROUPADMIN: Group
       - GROUPOBSERVER: Group
+      - GROUPMEMBERSHIPMANAGER: Group
     include_policies:
       - default_policy
 

perun-base/src/main/resources/perun-roles.yml

@@ -716,6 +716,21 @@ UserExtSource getUserExtSourceByExtLogin(PerunSession perunSession, ExtSource so
 	 */
 	List<RichResource> getAssignedRichResources(PerunSession sess, User user) throws UserNotExistsException, PrivilegeException;
 
+	/**
+	 * Return all resources of specified facility with which user is associated through all his members.
+	 * Does not require ACTIVE group-resource assignment.
+	 *
+	 * @param sess
+	 * @param facility
+	 * @param user
+	 * @return All resources with which user is associated
+	 *
+	 * @throws UserNotExistsException
+	 * @throws FacilityNotExistsException
+	 * @throws PrivilegeException
+	 */
+	List<Resource> getAssociatedResources(PerunSession sess, Facility facility, User user) throws UserNotExistsException, FacilityNotExistsException, PrivilegeException;
+
 	/**
 	 * Returns list of users who matches the searchString, searching name, id, uuid, email, logins.
 	 *

perun-core/src/main/java/cz/metacentrum/perun/core/api/UsersManager.java

@@ -103,6 +103,7 @@
 import cz.metacentrum.perun.core.impl.Utils;
 import cz.metacentrum.perun.core.impl.modules.attributes.urn_perun_entityless_attribute_def_def_identityAlertsTemplates;
 import cz.metacentrum.perun.core.impl.modules.attributes.urn_perun_entityless_attribute_def_def_namespace_GIDRanges;
+import cz.metacentrum.perun.core.impl.modules.attributes.urn_perun_facility_attribute_def_def_unixGID_namespace;
 import cz.metacentrum.perun.core.impl.modules.attributes.urn_perun_facility_attribute_def_virt_GIDRanges;
 import cz.metacentrum.perun.core.impl.modules.attributes.urn_perun_group_attribute_def_def_applicationAutoRejectMessages;
 import cz.metacentrum.perun.core.impl.modules.attributes.urn_perun_group_attribute_def_def_groupStructureResources;
@@ -7904,6 +7905,18 @@ protected void initialize() {
 		policies.add(Triple.of(Role.PROXY, READ, RoleObject.None));
 		attributes.put(attr, createInitialPolicyCollections(policies));
 
+		//urn:perun:facility:attribute-def:def:unixGID-namespace
+		attr = new AttributeDefinition( (new urn_perun_facility_attribute_def_def_unixGID_namespace()).getAttributeDefinition());
+		//set attribute rights (with dummy id of attribute - not known yet)
+		policies = new ArrayList<>();
+		policies.add(Triple.of(Role.MEMBERSHIP, READ, RoleObject.Facility));
+		policies.add(Triple.of(Role.VOADMIN, READ, RoleObject.Vo));
+		policies.add(Triple.of(Role.GROUPADMIN, READ, RoleObject.Group));
+		policies.add(Triple.of(Role.FACILITYADMIN, READ, RoleObject.Facility));
+		policies.add(Triple.of(Role.FACILITYADMIN, WRITE, RoleObject.Facility));
+		policies.add(Triple.of(Role.PROXY, READ, RoleObject.None));
+		attributes.put(attr, createInitialPolicyCollections(policies));
+
 		//urn:perun:resource:attribute-def:def:userSettingsName
 		attr = new AttributeDefinition();
 		attr.setNamespace(AttributesManager.NS_RESOURCE_ATTR_DEF);

perun-core/src/main/java/cz/metacentrum/perun/core/blImpl/AttributesManagerBlImpl.java

@@ -839,6 +839,20 @@ public List<RichResource> getAssignedRichResources(PerunSession sess, User user)
 		return getUsersManagerBl().getAssignedRichResources(sess, user);
 	}
 
+	@Override
+	public List<Resource> getAssociatedResources(PerunSession sess, Facility facility, User user) throws UserNotExistsException, FacilityNotExistsException, PrivilegeException {
+		Utils.checkPerunSession(sess);
+
+		if(!AuthzResolver.authorizedInternal(sess, "getAssociatedResources_Facility_User_policy", facility, user)) {
+			throw new PrivilegeException(sess, "getAssociatedResources");
+		}
+
+		getUsersManagerBl().checkUserExists(sess, user);
+		perunBl.getFacilitiesManagerBl().checkFacilityExists(sess, facility);
+
+		return getUsersManagerBl().getAssociatedResources(sess, facility, user);
+	}
+
 	@Override
 	public List<User> findUsers(PerunSession sess, String searchString) throws PrivilegeException {
 		Utils.checkPerunSession(sess);

perun-core/src/main/java/cz/metacentrum/perun/core/entry/UsersManagerEntry.java

@@ -41,7 +41,7 @@ public AttributeDefinition getAttributeDefinition() {
 		attr.setFriendlyName("unixGID-namespace");
 		attr.setDisplayName("GID namespace");
 		attr.setType(String.class.getName());
-		attr.setDescription("Namespace of UnixGID.");
+		attr.setDescription("Define namespace for unix groups GIDs on Facility.");
 		return attr;
 	}
 }

perun-core/src/main/java/cz/metacentrum/perun/core/impl/modules/attributes/urn_perun_facility_attribute_def_def_unixGID_namespace.java

@@ -149,8 +149,9 @@ public void checkAttributeSemantics(PerunSessionImpl perunSession, User user, At
 
 		Attribute mfaCategory = null;
 		try {
-			Map<String, Attribute> mfaCategories = perunSession.getPerunBl().getAttributesManagerBl().getEntitylessAttributesWithKeys(perunSession, AttributesManager.NS_ENTITYLESS_ATTR_DEF + ":mfaCategories", Collections.singletonList("categories"));
-			mfaCategory = mfaCategories.get("categories");
+			String param = attribute.getFriendlyNameParameter();
+			Map<String, Attribute> mfaCategories = perunSession.getPerunBl().getAttributesManagerBl().getEntitylessAttributesWithKeys(perunSession, AttributesManager.NS_ENTITYLESS_ATTR_DEF + ":mfaCategories", Collections.singletonList(param));
+			mfaCategory = mfaCategories.get(param);
 		} catch (AttributeNotExistsException e) {
 			throw new WrongReferenceAttributeValueException("Attribute mfa categories does not exist.");
 		}

perun-core/src/main/java/cz/metacentrum/perun/core/impl/modules/attributes/urn_perun_user_attribute_def_def_mfaEnforceSettings.java

@@ -0,0 +1,63 @@
+package cz.metacentrum.perun.core.impl.modules.attributes;
+
+import cz.metacentrum.perun.core.api.Attribute;
+import cz.metacentrum.perun.core.api.AttributeDefinition;
+import cz.metacentrum.perun.core.api.AttributesManager;
+import cz.metacentrum.perun.core.api.User;
+import cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException;
+import cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException;
+import cz.metacentrum.perun.core.impl.PerunSessionImpl;
+import cz.metacentrum.perun.core.impl.Utils;
+import cz.metacentrum.perun.core.implApi.modules.attributes.SkipValueCheckDuringDependencyCheck;
+import cz.metacentrum.perun.core.implApi.modules.attributes.UserVirtualAttributesModuleAbstract;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Contains login in the MU namespace concatenated with @muni.cz if it is available, null otherwise
+ */
+@SkipValueCheckDuringDependencyCheck
+public class urn_perun_user_attribute_def_virt_scopedLogin_namespace_mu extends UserVirtualAttributesModuleAbstract {
+	private final static Logger log = LoggerFactory.getLogger(urn_perun_user_attribute_def_virt_scopedLogin_namespace_mu.class);
+
+	private static final String A_U_D_loginNamespace_mu = AttributesManager.NS_USER_ATTR_DEF + ":login-namespace:mu";
+
+	@Override
+	public Attribute getAttributeValue(PerunSessionImpl perunSession, User user, AttributeDefinition attribute) {
+		Attribute attr = new Attribute(attribute);
+		try {
+			Attribute defLogin = perunSession.getPerunBl().getAttributesManagerBl().getAttribute(perunSession, user, A_U_D_loginNamespace_mu);
+			Utils.copyAttributeToVirtualAttributeWithValue(defLogin, attr);
+		} catch (AttributeNotExistsException e) {
+			// We log the non-existing attribute, but we don't throw an exception.
+			log.warn("Attribute {} does not exist.", A_U_D_loginNamespace_mu);
+		} catch (WrongAttributeAssignmentException e) {
+			// It's OK, we just return attribute with value null
+		}
+		if (attr.getValue() != null) {
+			attr.setValue(attr.getValue() + "@muni.cz");
+		}
+		return attr;
+	}
+
+	@Override
+	public List<String> getStrongDependencies() {
+		List<String> strongDependencies = new ArrayList<>();
+		strongDependencies.add(A_U_D_loginNamespace_mu);
+		return strongDependencies;
+	}
+
+	@Override
+	public AttributeDefinition getAttributeDefinition() {
+		AttributeDefinition attr = new AttributeDefinition();
+		attr.setNamespace(AttributesManager.NS_USER_ATTR_VIRT);
+		attr.setFriendlyName("scopedLogin-namespace:mu");
+		attr.setDisplayName("Login + @muni.cz in namespace: mu");
+		attr.setType(String.class.getName());
+		attr.setDescription("Contains an optional login (UCO) concatenated with domain (@muni.cz) in namespace mu if the user has it.");
+		return attr;
+	}
+}

perun-core/src/main/java/cz/metacentrum/perun/core/impl/modules/attributes/urn_perun_user_attribute_def_virt_scopedLogin_namespace_mu.java

@@ -47,6 +47,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.regex.Pattern;
+import java.util.stream.Collectors;
 
 /**
  * All affiliations collected from:
@@ -125,8 +126,18 @@ public Attribute getAttributeValue(PerunSessionImpl sess, User user, AttributeDe
 		valuesWithoutDuplicities.addAll(getAffiliationsManuallyAssigned(sess, user));
 		valuesWithoutDuplicities.addAll(getAffiliationsFromGroups(sess, user));
 
+		// remove duplicities, by accepting only the first occurrence of each value (other occurences, case-insensitive, will be removed)
+		Set<String> valuesWithoutDuplicitiesCaseInsensitive = new HashSet<>();
+		for (String value: valuesWithoutDuplicities) {
+			boolean isDuplicity = valuesWithoutDuplicitiesCaseInsensitive.stream().anyMatch(value::equalsIgnoreCase);
+			if (isDuplicity) {
+				continue;
+			}
+			valuesWithoutDuplicitiesCaseInsensitive.add(value);
+		}
+
 		//convert set to list (values in list will be without duplicities)
-		destinationAttribute.setValue(new ArrayList<>(valuesWithoutDuplicities));
+		destinationAttribute.setValue(new ArrayList<>(valuesWithoutDuplicitiesCaseInsensitive));
 		return destinationAttribute;
 	}