source: branches/HeuristicLab.Hive-3.4/sources/HeuristicLab.Services.Hive/3.4/AuthorizationManager.cs @ 5137

#region License Information
/* HeuristicLab
 * Copyright (C) 2002-2010 Heuristic and Evolutionary Algorithms Laboratory (HEAL)
 *
 * This file is part of HeuristicLab.
 *
 * HeuristicLab is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * HeuristicLab is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with HeuristicLab. If not, see <http://www.gnu.org/licenses/>.
 */
#endregion

using System;
using System.Linq;
using System.Security;
using System.Web.Security;

namespace HeuristicLab.Services.Hive {
  public class AuthorizationManager : IAuthorizationManager {
    private MembershipUser Identity {
      get { return Membership.GetUser(); }
    }

    public Guid UserId {
      get { return (Guid)Identity.ProviderUserKey; }
    }

    public void AuthorizeJobs(params Guid[] jobIds) {
      if (!IsAuthorizedForJobs(jobIds)) {
        throw new SecurityException("User '" + Identity.UserName + "' is not authorized to access job (Id: " + string.Join(", ", jobIds.Select(x => x.ToString()).ToArray()) + ")");
      }
    }
    
    private bool IsAuthorizedForJobs(params Guid[] jobIds) {
      return ServiceLocator.Instance.HiveDao.IsUserAuthorizedForJobs(UserId, jobIds);
    }

    public void Authorize(Guid userId) {
      if (userId != this.UserId) {
        throw new SecurityException("User '" + Identity.UserName + "' is not authorized to access object");
      }
    }
  }
}