Context Navigation

source: branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs @ 15527

Visit:

Last change on this file since 15527 was 15527, checked in by jzenisek, 6 years ago

updated dbml (removed ResourcePermission and ResourceIds in Job-Table)
updated Resource and Project Daos

File size: 50.1 KB

Line
1	#region License Information
2	/* HeuristicLab
3	* Copyright (C) 2002-2016 Heuristic and Evolutionary Algorithms Laboratory (HEAL)
4	*
5	* This file is part of HeuristicLab.
6	*
7	* HeuristicLab is free software: you can redistribute it and/or modify
8	* it under the terms of the GNU General Public License as published by
9	* the Free Software Foundation, either version 3 of the License, or
10	* (at your option) any later version.
11	*
12	* HeuristicLab is distributed in the hope that it will be useful,
13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	* GNU General Public License for more details.
16	*
17	* You should have received a copy of the GNU General Public License
18	* along with HeuristicLab. If not, see <http://www.gnu.org/licenses/>.
19	*/
20	#endregion
21
22	using System;
23	using System.Collections.Generic;
24	using System.Linq;
25	using System.Security;
26	using System.ServiceModel;
27	using HeuristicLab.Services.Access;
28	using HeuristicLab.Services.Hive.DataAccess.Interfaces;
29	using HeuristicLab.Services.Hive.DataTransfer;
30	using HeuristicLab.Services.Hive.Manager;
31	using HeuristicLab.Services.Hive.ServiceContracts;
32	using DA = HeuristicLab.Services.Hive.DataAccess;
33	using DT = HeuristicLab.Services.Hive.DataTransfer;
34
35	namespace HeuristicLab.Services.Hive {
36	/// <summary>
37	/// Implementation of the Hive service (interface <see cref="IHiveService"/>).
38	/// We need 'IgnoreExtensionDataObject' Attribute for the slave to work.
39	/// </summary>
40	[ServiceBehavior(InstanceContextMode = InstanceContextMode.PerCall, IgnoreExtensionDataObject = true)]
41	[HiveOperationContextBehavior]
42	public class HiveService : IHiveService {
43	private const string NOT_AUTHORIZED_RESOURCE = "Current user is not authorized to access the requested resource";
44	private const string NOT_AUTHORIZED_PROJECT = "Current user is not authorized to access the requested project";
45
46	private static readonly DA.TaskState[] CompletedStates = { DA.TaskState.Finished, DA.TaskState.Aborted, DA.TaskState.Failed };
47
48	private IPersistenceManager PersistenceManager {
49	get { return ServiceLocator.Instance.PersistenceManager; }
50	}
51
52	private IUserManager UserManager {
53	get { return ServiceLocator.Instance.UserManager; }
54	}
55
56	private IRoleVerifier RoleVerifier {
57	get { return ServiceLocator.Instance.RoleVerifier; }
58	}
59
60	private IAuthorizationManager AuthorizationManager {
61	get { return ServiceLocator.Instance.AuthorizationManager; }
62	}
63	private IEventManager EventManager {
64	get { return ServiceLocator.Instance.EventManager; }
65	}
66	private HeartbeatManager HeartbeatManager {
67	get { return ServiceLocator.Instance.HeartbeatManager; }
68	}
69
70	#region Task Methods
71	public Guid AddTask(DT.Task task, DT.TaskData taskData, IEnumerable<Guid> resourceIds) {
72	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
73	var pm = PersistenceManager;
74	using (new PerformanceLogger("AddTask")) {
75	var taskDao = pm.TaskDao;
76	var stateLogDao = pm.StateLogDao;
77
78	pm.UseTransaction(() => {
79	CheckTaskPermissions(pm, task, resourceIds);
80	});
81
82	var newTask = task.ToEntity();
83	newTask.JobData = taskData.ToEntity();
84	newTask.JobData.LastUpdate = DateTime.Now;
85	newTask.AssignedTaskResources.AddRange(resourceIds.Select(
86	x => new DA.AssignedTaskResource {
87	ResourceId = x
88	}));
89	newTask.State = DA.TaskState.Waiting;
90	return pm.UseTransaction(() => {
91	taskDao.Save(newTask);
92	pm.SubmitChanges();
93	stateLogDao.Save(new DA.StateLog {
94	State = DA.TaskState.Waiting,
95	DateTime = DateTime.Now,
96	TaskId = newTask.TaskId,
97	UserId = UserManager.CurrentUserId,
98	SlaveId = null,
99	Exception = null
100	});
101	pm.SubmitChanges();
102	return newTask.TaskId;
103	}, false, true);
104	}
105	}
106
107	public Guid AddChildTask(Guid parentTaskId, DT.Task task, DT.TaskData taskData) {
108	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
109	IEnumerable<Guid> resourceIds;
110	var pm = PersistenceManager;
111	using (new PerformanceLogger("AddChildTask")) {
112	var assignedTaskResourceDao = pm.AssignedTaskResourceDao;
113	resourceIds = pm.UseTransaction(() => {
114	return assignedTaskResourceDao.GetByTaskId(parentTaskId)
115	.Select(x => x.ResourceId)
116	.ToList();
117	});
118	}
119	task.ParentTaskId = parentTaskId;
120	return AddTask(task, taskData, resourceIds);
121	}
122
123	public DT.Task GetTask(Guid taskId) {
124	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
125	AuthorizationManager.AuthorizeForTask(taskId, Permission.Read);
126	var pm = PersistenceManager;
127	using (new PerformanceLogger("GetTask")) {
128	var taskDao = pm.TaskDao;
129	return pm.UseTransaction(() => {
130	var task = taskDao.GetById(taskId);
131	return task.ToDto();
132	});
133	}
134	}
135
136	public IEnumerable<DT.LightweightTask> GetLightweightJobTasks(Guid jobId) {
137	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
138	AuthorizationManager.AuthorizeForJob(jobId, Permission.Read);
139	var pm = PersistenceManager;
140	using (new PerformanceLogger("GetLightweightJobTasks")) {
141	var taskDao = pm.TaskDao;
142	return pm.UseTransaction(() => {
143	return taskDao.GetByJobId(jobId)
144	.ToList()
145	.Select(x => new DT.LightweightTask {
146	Id = x.TaskId,
147	ExecutionTime = TimeSpan.FromMilliseconds(x.ExecutionTimeMs),
148	ParentTaskId = x.ParentTaskId,
149	StateLog = x.StateLogs.OrderBy(y => y.DateTime)
150	.Select(z => z.ToDto())
151	.ToList(),
152	State = x.State.ToDto(),
153	Command = x.Command.ToDto(),
154	LastTaskDataUpdate = x.JobData.LastUpdate
155	})
156	.ToList();
157	}, false, true);
158	}
159	}
160
161	public IEnumerable<DT.LightweightTask> GetLightweightJobTasksWithoutStateLog(Guid jobId) {
162	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
163	AuthorizationManager.AuthorizeForJob(jobId, Permission.Read);
164	var pm = PersistenceManager;
165	using (new PerformanceLogger("GetLightweightJobTasksWithoutStateLog")) {
166	var taskDao = pm.TaskDao;
167	return pm.UseTransaction(() => {
168	return taskDao.GetByJobId(jobId)
169	.ToList()
170	.Select(x => new DT.LightweightTask {
171	Id = x.TaskId,
172	ExecutionTime = TimeSpan.FromMilliseconds(x.ExecutionTimeMs),
173	ParentTaskId = x.ParentTaskId,
174	StateLog = new List<DT.StateLog>(),
175	State = x.State.ToDto(),
176	Command = x.Command.ToDto(),
177	LastTaskDataUpdate = x.JobData.LastUpdate
178	})
179	.ToList();
180	}, false, true);
181	}
182	}
183
184	public DT.TaskData GetTaskData(Guid taskId) {
185	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
186	AuthorizationManager.AuthorizeForTask(taskId, Permission.Read);
187	var pm = PersistenceManager;
188	using (new PerformanceLogger("GetTaskData")) {
189	var taskDataDao = pm.TaskDataDao;
190	return pm.UseTransaction(() => taskDataDao.GetById(taskId).ToDto());
191	}
192	}
193
194	public void UpdateTask(DT.Task taskDto) {
195	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
196	AuthorizationManager.AuthorizeForTask(taskDto.Id, Permission.Full);
197	var pm = PersistenceManager;
198	using (new PerformanceLogger("UpdateTask")) {
199	var taskDao = pm.TaskDao;
200	pm.UseTransaction(() => {
201	var task = taskDao.GetById(taskDto.Id);
202	taskDto.CopyToEntity(task);
203	pm.SubmitChanges();
204	});
205	}
206	}
207
208	public void UpdateTaskData(DT.Task taskDto, DT.TaskData taskDataDto) {
209	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
210	AuthorizationManager.AuthorizeForTask(taskDto.Id, Permission.Full);
211	var pm = PersistenceManager;
212	using (new PerformanceLogger("UpdateTaskData")) {
213	var taskDao = pm.TaskDao;
214	var taskDataDao = pm.TaskDataDao;
215	pm.UseTransaction(() => {
216	var task = taskDao.GetById(taskDto.Id);
217	var taskData = taskDataDao.GetById(taskDataDto.TaskId);
218	taskDto.CopyToEntity(task);
219	taskDataDto.CopyToEntity(taskData);
220	taskData.LastUpdate = DateTime.Now;
221	pm.SubmitChanges();
222	});
223	}
224	}
225
226	public DT.Task UpdateTaskState(Guid taskId, DT.TaskState taskState, Guid? slaveId, Guid? userId, string exception) {
227	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
228	AuthorizationManager.AuthorizeForTask(taskId, Permission.Full);
229	var pm = PersistenceManager;
230	using (new PerformanceLogger("UpdateTaskState")) {
231	var taskDao = pm.TaskDao;
232	return pm.UseTransaction(() => {
233	var task = taskDao.GetById(taskId);
234	UpdateTaskState(pm, task, taskState, slaveId, userId, exception);
235	pm.SubmitChanges();
236	return task.ToDto();
237	});
238	}
239	}
240	#endregion
241
242	#region Task Control Methods
243	public void StopTask(Guid taskId) {
244	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
245	AuthorizationManager.AuthorizeForTask(taskId, Permission.Full);
246	var pm = PersistenceManager;
247	using (new PerformanceLogger("StopTask")) {
248	var taskDao = pm.TaskDao;
249	pm.UseTransaction(() => {
250	var task = taskDao.GetById(taskId);
251	if (task.State == DA.TaskState.Calculating \|\| task.State == DA.TaskState.Transferring) {
252	task.Command = DA.Command.Stop;
253	} else if (task.State != DA.TaskState.Aborted
254	&& task.State != DA.TaskState.Finished
255	&& task.State != DA.TaskState.Failed) {
256	UpdateTaskState(pm, task, DT.TaskState.Aborted, null, null, string.Empty);
257	}
258	pm.SubmitChanges();
259	});
260	}
261	}
262
263	public void PauseTask(Guid taskId) {
264	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
265	AuthorizationManager.AuthorizeForTask(taskId, Permission.Full);
266	var pm = PersistenceManager;
267	using (new PerformanceLogger("PauseTask")) {
268	var taskDao = pm.TaskDao;
269	pm.UseTransaction(() => {
270	var task = taskDao.GetById(taskId);
271	if (task.State == DA.TaskState.Calculating \|\| task.State == DA.TaskState.Transferring) {
272	task.Command = DA.Command.Pause;
273	} else if (task.State != DA.TaskState.Paused
274	&& task.State != DA.TaskState.Aborted
275	&& task.State != DA.TaskState.Finished
276	&& task.State != DA.TaskState.Failed) {
277	UpdateTaskState(pm, task, DT.TaskState.Paused, null, null, string.Empty);
278	}
279	pm.SubmitChanges();
280	});
281	}
282	}
283
284	public void RestartTask(Guid taskId) {
285	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
286	AuthorizationManager.AuthorizeForTask(taskId, Permission.Full);
287	var pm = PersistenceManager;
288	using (new PerformanceLogger("RestartTask")) {
289	var taskDao = pm.TaskDao;
290	pm.UseTransaction(() => {
291	var task = taskDao.GetById(taskId);
292	task.Command = null;
293	UpdateTaskState(pm, task, DT.TaskState.Waiting, null, UserManager.CurrentUserId, string.Empty);
294	pm.SubmitChanges();
295	});
296	}
297	}
298	#endregion
299
300	#region Job Methods
301	public DT.Job GetJob(Guid id) {
302	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
303	AuthorizationManager.AuthorizeForJob(id, DT.Permission.Read);
304	var pm = PersistenceManager;
305	using (new PerformanceLogger("GetJob")) {
306	var jobDao = pm.JobDao;
307	var jobPermissionDao = pm.JobPermissionDao;
308	var taskDao = pm.TaskDao;
309	var currentUserId = UserManager.CurrentUserId;
310	return pm.UseTransaction(() => {
311	var job = jobDao.GetById(id).ToDto();
312	if (job != null) {
313	var statistics = taskDao.GetByJobId(job.Id)
314	.GroupBy(x => x.JobId)
315	.Select(x => new {
316	TotalCount = x.Count(),
317	CalculatingCount = x.Count(y => y.State == DA.TaskState.Calculating),
318	FinishedCount = x.Count(y => CompletedStates.Contains(y.State))
319	}).FirstOrDefault();
320	if (statistics != null) {
321	job.JobCount = statistics.TotalCount;
322	job.CalculatingCount = statistics.CalculatingCount;
323	job.FinishedCount = statistics.FinishedCount;
324	}
325	job.OwnerUsername = UserManager.GetUserNameById(job.OwnerUserId);
326	if (currentUserId == job.OwnerUserId) {
327	job.Permission = Permission.Full;
328	} else {
329	var jobPermission = jobPermissionDao.GetByJobAndUserId(job.Id, currentUserId);
330	job.Permission = jobPermission == null ? Permission.NotAllowed : jobPermission.Permission.ToDto();
331	}
332	}
333	return job;
334	});
335	}
336	}
337
338	public IEnumerable<DT.Job> GetJobs() {
339	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
340	var pm = PersistenceManager;
341	using (new PerformanceLogger("GetJobs")) {
342	var jobDao = pm.JobDao;
343	var jobPermissionDao = pm.JobPermissionDao;
344	var taskDao = pm.TaskDao;
345	var currentUserId = UserManager.CurrentUserId;
346	return pm.UseTransaction(() => {
347	var jobs = jobDao.GetAll()
348	.Where(x => x.OwnerUserId == currentUserId
349	\|\| x.JobPermissions.Count(y => y.Permission != DA.Permission.NotAllowed
350	&& y.GrantedUserId == currentUserId) > 0)
351	.Select(x => x.ToDto())
352	.ToList();
353	var statistics = taskDao.GetAll()
354	.GroupBy(x => x.JobId)
355	.Select(x => new {
356	x.Key,
357	TotalCount = x.Count(),
358	CalculatingCount = x.Count(y => y.State == DA.TaskState.Calculating),
359	FinishedCount = x.Count(y => CompletedStates.Contains(y.State))
360	})
361	.ToList();
362	foreach (var job in jobs) {
363	var statistic = statistics.FirstOrDefault(x => x.Key == job.Id);
364	if (statistic != null) {
365	job.JobCount = statistic.TotalCount;
366	job.CalculatingCount = statistic.CalculatingCount;
367	job.FinishedCount = statistic.FinishedCount;
368	}
369	job.OwnerUsername = UserManager.GetUserNameById(job.OwnerUserId);
370	if (currentUserId == job.OwnerUserId) {
371	job.Permission = Permission.Full;
372	} else {
373	var jobPermission = jobPermissionDao.GetByJobAndUserId(job.Id, currentUserId);
374	job.Permission = jobPermission == null ? Permission.NotAllowed : jobPermission.Permission.ToDto();
375	}
376	}
377	return jobs;
378	});
379	}
380	}
381
382	public Guid AddJob(DT.Job jobDto) {
383	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
384	var pm = PersistenceManager;
385	using (new PerformanceLogger("AddJob")) {
386	var jobDao = pm.JobDao;
387	var userPriorityDao = pm.UserPriorityDao;
388	return pm.UseTransaction(() => {
389	jobDto.OwnerUserId = UserManager.CurrentUserId;
390	jobDto.DateCreated = DateTime.Now;
391	var job = jobDao.Save(jobDto.ToEntity());
392	if (userPriorityDao.GetById(jobDto.OwnerUserId) == null) {
393	userPriorityDao.Save(new DA.UserPriority {
394	UserId = jobDto.OwnerUserId,
395	DateEnqueued = jobDto.DateCreated
396	});
397	}
398	pm.SubmitChanges();
399	return job.JobId;
400	});
401	}
402	}
403
404	public void UpdateJob(DT.Job jobDto) {
405	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
406	AuthorizationManager.AuthorizeForJob(jobDto.Id, DT.Permission.Full);
407	var pm = PersistenceManager;
408	using (new PerformanceLogger("UpdateJob")) {
409	bool exists = true;
410	var jobDao = pm.JobDao;
411	pm.UseTransaction(() => {
412	var job = jobDao.GetById(jobDto.Id);
413	if (job == null) {
414	exists = false;
415	job = new DA.Job();
416	}
417	jobDto.CopyToEntity(job);
418	if (!exists) {
419	jobDao.Save(job);
420	}
421	pm.SubmitChanges();
422	});
423	}
424	}
425
426	public void DeleteJob(Guid jobId) {
427	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
428	AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full);
429	var pm = PersistenceManager;
430	using (new PerformanceLogger("DeleteJob")) {
431	var jobDao = pm.JobDao;
432	pm.UseTransaction(() => {
433	// child task will be deleted by db-trigger
434	jobDao.Delete(jobId);
435	pm.SubmitChanges();
436	});
437	}
438	}
439	#endregion
440
441	#region JobPermission Methods
442	public void GrantPermission(Guid jobId, Guid grantedUserId, DT.Permission permission) {
443	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
444	AuthorizationManager.AuthorizeForJob(jobId, Permission.Full);
445	var pm = PersistenceManager;
446	using (new PerformanceLogger("GrantPermission")) {
447	var jobPermissionDao = pm.JobPermissionDao;
448	var currentUserId = UserManager.CurrentUserId;
449	pm.UseTransaction(() => {
450	jobPermissionDao.SetJobPermission(jobId, currentUserId, grantedUserId, permission.ToEntity());
451	pm.SubmitChanges();
452	});
453	}
454	}
455
456	public void RevokePermission(Guid jobId, Guid grantedUserId) {
457	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
458	AuthorizationManager.AuthorizeForJob(jobId, Permission.Full);
459	var pm = PersistenceManager;
460	using (new PerformanceLogger("RevokePermission")) {
461	var jobPermissionDao = pm.JobPermissionDao;
462	var currentUserId = UserManager.CurrentUserId;
463	pm.UseTransaction(() => {
464	jobPermissionDao.SetJobPermission(jobId, currentUserId, grantedUserId, DA.Permission.NotAllowed);
465	pm.SubmitChanges();
466	});
467	}
468	}
469
470	public IEnumerable<JobPermission> GetJobPermissions(Guid jobId) {
471	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
472	AuthorizationManager.AuthorizeForJob(jobId, Permission.Full);
473	var pm = PersistenceManager;
474	using (new PerformanceLogger("GetJobPermissions")) {
475	var jobPermissionDao = pm.JobPermissionDao;
476	return pm.UseTransaction(() => jobPermissionDao.GetByJobId(jobId)
477	.Select(x => x.ToDto())
478	.ToList()
479	);
480	}
481	}
482
483	// BackwardsCompatibility3.3
484	#region Backwards compatible code, remove with 3.4
485	public bool IsAllowedPrivileged() {
486	return true;
487	}
488	#endregion
489	#endregion
490
491	#region Login Methods
492	public void Hello(DT.Slave slaveInfo) {
493	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Slave);
494	if (UserManager.CurrentUser.UserName != "hiveslave") {
495	slaveInfo.OwnerUserId = UserManager.CurrentUserId;
496	}
497	var pm = PersistenceManager;
498	using (new PerformanceLogger("Hello")) {
499	var slaveDao = pm.SlaveDao;
500	pm.UseTransaction(() => {
501	var slave = slaveDao.GetById(slaveInfo.Id);
502	if (slave == null) {
503	slaveDao.Save(slaveInfo.ToEntity());
504	} else {
505	bool oldIsAllowedToCalculate = slave.IsAllowedToCalculate;
506	Guid? oldParentResourceId = slave.ParentResourceId;
507	slaveInfo.CopyToEntity(slave);
508	slave.IsAllowedToCalculate = oldIsAllowedToCalculate;
509	slave.ParentResourceId = oldParentResourceId;
510	slave.LastHeartbeat = DateTime.Now;
511	slave.SlaveState = DA.SlaveState.Idle;
512	}
513	pm.SubmitChanges();
514	});
515	}
516	}
517
518	public void GoodBye(Guid slaveId) {
519	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Slave);
520	var pm = PersistenceManager;
521	using (new PerformanceLogger("GoodBye")) {
522	var slaveDao = pm.SlaveDao;
523	pm.UseTransaction(() => {
524	var slave = slaveDao.GetById(slaveId);
525	if (slave != null) {
526	slave.SlaveState = DA.SlaveState.Offline;
527	pm.SubmitChanges();
528	}
529	});
530	}
531	}
532	#endregion
533
534	#region Heartbeat Methods
535	public List<MessageContainer> Heartbeat(DT.Heartbeat heartbeat) {
536	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Slave);
537	List<MessageContainer> result = new List<MessageContainer>();
538	try {
539	using (new PerformanceLogger("ProcessHeartbeat")) {
540	result = HeartbeatManager.ProcessHeartbeat(heartbeat);
541	}
542	} catch (Exception ex) {
543	DA.LogFactory.GetLogger(this.GetType().Namespace).Log(string.Format("Exception processing Heartbeat: {0}", ex));
544	}
545	if (HeuristicLab.Services.Hive.Properties.Settings.Default.TriggerEventManagerInHeartbeat) {
546	TriggerEventManager(false);
547	}
548	return result;
549	}
550	#endregion
551
552	#region Plugin Methods
553	public DT.Plugin GetPlugin(Guid pluginId) {
554	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
555	var pm = PersistenceManager;
556	using (new PerformanceLogger("GetPlugin")) {
557	var pluginDao = pm.PluginDao;
558	return pm.UseTransaction(() => pluginDao.GetById(pluginId).ToDto());
559	}
560	}
561
562	public Guid AddPlugin(DT.Plugin plugin, List<DT.PluginData> pluginData) {
563	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
564	var pm = PersistenceManager;
565	using (new PerformanceLogger("AddPlugin")) {
566	var pluginDao = pm.PluginDao;
567	plugin.UserId = UserManager.CurrentUserId;
568	plugin.DateCreated = DateTime.Now;
569	return pm.UseTransaction(() => {
570	var pluginEntity = pluginDao.GetByHash(plugin.Hash).SingleOrDefault();
571	if (pluginEntity != null) {
572	throw new FaultException<PluginAlreadyExistsFault>(new PluginAlreadyExistsFault(pluginEntity.PluginId));
573	}
574	pluginEntity = plugin.ToEntity();
575	foreach (var data in pluginData) {
576	data.PluginId = default(Guid); // real id will be assigned from linq2sql
577	pluginEntity.PluginData.Add(data.ToEntity());
578	}
579	pluginDao.Save(pluginEntity);
580	pm.SubmitChanges();
581	return pluginEntity.PluginId;
582	});
583	}
584	}
585
586	public IEnumerable<DT.Plugin> GetPlugins() {
587	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
588	var pm = PersistenceManager;
589	using (new PerformanceLogger("GetPlugins")) {
590	var pluginDao = pm.PluginDao;
591	return pm.UseTransaction(() => pluginDao.GetAll()
592	.Where(x => x.Hash != null)
593	.Select(x => x.ToDto())
594	.ToList()
595	);
596	}
597	}
598
599	public IEnumerable<DT.PluginData> GetPluginDatas(List<Guid> pluginIds) {
600	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave);
601	var pm = PersistenceManager;
602	using (new PerformanceLogger("GetPluginDatas")) {
603	var pluginDataDao = pm.PluginDataDao;
604	return pm.UseTransaction(() => pluginDataDao.GetAll()
605	.Where(x => pluginIds.Contains(x.PluginId))
606	.Select(x => x.ToDto())
607	.ToList()
608	);
609	}
610	}
611	#endregion
612
613	#region Project Methods
614	public Guid AddProject(DT.Project projectDto) {
615	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
616	var pm = PersistenceManager;
617	using (new PerformanceLogger("AddProject")) {
618	var projectDao = pm.ProjectDao;
619	return pm.UseTransaction(() => {
620	var project = projectDao.Save(projectDto.ToEntity());
621	pm.SubmitChanges();
622	return project.ProjectId;
623	});
624	}
625	}
626
627	public void UpdateProject(DT.Project projectDto) {
628	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
629	var pm = PersistenceManager;
630	using (new PerformanceLogger("UpdateProject")) {
631	var projectDao = pm.ProjectDao;
632	pm.UseTransaction(() => {
633	var project = projectDao.GetById(projectDto.Id);
634	if (project != null) {
635	projectDto.CopyToEntity(project);
636	} else {
637	projectDao.Save(projectDto.ToEntity());
638	}
639	pm.SubmitChanges();
640	});
641	}
642	}
643
644	public void DeleteProject(Guid projectId) {
645	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
646	AuthorizationManager.AuthorizeForProjectAdministration(projectId);
647	var pm = PersistenceManager;
648	using (new PerformanceLogger("DeleteProject")) {
649	var projectDao = pm.ProjectDao;
650	pm.UseTransaction(() => {
651	projectDao.Delete(projectId);
652	pm.SubmitChanges();
653	});
654	}
655	}
656
657	public DT.Project GetProject(Guid projectId) {
658	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
659	var pm = PersistenceManager;
660	using (new PerformanceLogger("GetProject")) {
661	var projectDao = pm.ProjectDao;
662	return pm.UseTransaction(() => projectDao.GetById(projectId).ToDto());
663	}
664	}
665
666	public IEnumerable<DT.Project> GetProjects() {
667	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
668	bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
669	var pm = PersistenceManager;
670	using (new PerformanceLogger("GetProjects")) {
671	var projectDao = pm.ProjectDao;
672	var projectPermissionDao = pm.ProjectPermissionDao;
673	var currentUserId = UserManager.CurrentUserId;
674	return pm.UseTransaction(() => {
675	var projectPermissions = projectPermissionDao.GetAll();
676	return projectDao.GetAll().ToList()
677	.Where(x => isAdministrator
678	\|\| x.OwnerUserId == currentUserId
679	\|\| UserManager.VerifyUser(currentUserId, projectPermissions
680	.Where(y => y.ProjectId == x.ProjectId)
681	.Select(z => z.GrantedUserId)
682	.ToList())
683	)
684	.Select(x => x.ToDto())
685	.ToList();
686	});
687	}
688	}
689	#endregion
690
691	#region ProjectPermission Methods
692	public void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds) {
693	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
694	AuthorizationManager.AuthorizeForProjectAdministration(projectId);
695	var pm = PersistenceManager;
696	using (new PerformanceLogger("GrantProjectPermissions")) {
697	var projectDao = pm.ProjectDao;
698	pm.UseTransaction(() => {
699	var project = projectDao.GetById(projectId);
700	var projectPermissions = project.ProjectPermissions.ToList();
701	foreach (var id in grantedUserIds) {
702	if (projectPermissions.All(x => x.GrantedUserId != id)) {
703	project.ProjectPermissions.Add(new DA.ProjectPermission {
704	GrantedUserId = id,
705	GrantedByUserId = UserManager.CurrentUserId
706	});
707	}
708	}
709	pm.SubmitChanges();
710	});
711	}
712	}
713
714	public void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds) {
715	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
716	AuthorizationManager.AuthorizeForProjectAdministration(projectId);
717	var pm = PersistenceManager;
718	using (new PerformanceLogger("RevokeProjectPermissions")) {
719	var projectPermissionDao = pm.ProjectPermissionDao;
720	pm.UseTransaction(() => {
721	projectPermissionDao.DeleteByProjectAndGrantedUserId(projectId, grantedUserIds);
722	pm.SubmitChanges();
723	});
724	}
725	}
726
727	public IEnumerable<DT.ProjectPermission> GetProjectPermissions(Guid projectId) {
728	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
729	var pm = PersistenceManager;
730	using (new PerformanceLogger("GetProjectPermissions")) {
731	var projectPermissionDao = pm.ProjectPermissionDao;
732	return pm.UseTransaction(() => projectPermissionDao.GetByProjectId(projectId)
733	.Select(x => x.ToDto())
734	.ToList()
735	);
736	}
737	}
738	#endregion
739
740	#region AssignedProjectResource Methods
741	public void AssignProjectResources(Guid projectId, Guid[] resourceIds) {
742	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
743	AuthorizationManager.AuthorizeForProjectAdministration(projectId);
744	var pm = PersistenceManager;
745	using (new PerformanceLogger("AssignProjectResources")) {
746	var projectDao = pm.ProjectDao;
747	pm.UseTransaction(() => {
748	var project = projectDao.GetById(projectId);
749	var assignedProjectResources = project.AssignedProjectResources.ToList();
750
751	if (!RoleVerifier.IsInRole(HiveRoles.Administrator))
752	AuthorizeForResources(pm, project, resourceIds);
753
754	foreach (var id in resourceIds) {
755	if (assignedProjectResources.All(x => x.ResourceId != id)) {
756	project.AssignedProjectResources.Add(new DA.AssignedProjectResource {
757	ResourceId = id
758	});
759	}
760	}
761	pm.SubmitChanges();
762	});
763	}
764	}
765
766	public void UnassignProjectResources(Guid projectId, Guid[] resourceIds) {
767	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
768	AuthorizationManager.AuthorizeForProjectAdministration(projectId);
769	var pm = PersistenceManager;
770	using (new PerformanceLogger("UnassignProjectResources")) {
771	var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
772	pm.UseTransaction(() => {
773	assignedProjectResourceDao.DeleteByProjectAndGrantedUserId(projectId, resourceIds);
774	pm.SubmitChanges();
775	});
776	}
777	}
778
779	public IEnumerable<AssignedProjectResource> GetAssignedResourcesForProject(Guid projectId) {
780	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
781	var pm = PersistenceManager;
782	using (new PerformanceLogger("GetAssignedResourcesForProject")) {
783	var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
784	return pm.UseTransaction(() => assignedProjectResourceDao.GetByProjectId(projectId)
785	.Select(x => x.ToDto())
786	.ToList()
787	);
788	}
789	}
790	#endregion
791
792	#region Slave Methods
793	public Guid AddSlave(DT.Slave slaveDto) {
794	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
795	var pm = PersistenceManager;
796	using (new PerformanceLogger("AddSlave")) {
797	var slaveDao = pm.SlaveDao;
798	return pm.UseTransaction(() => {
799	var slave = slaveDao.Save(slaveDto.ToEntity());
800	pm.SubmitChanges();
801	return slave.ResourceId;
802	});
803	}
804	}
805
806	public Guid AddSlaveGroup(DT.SlaveGroup slaveGroupDto) {
807	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
808	var pm = PersistenceManager;
809	using (new PerformanceLogger("AddSlaveGroup")) {
810	var slaveGroupDao = pm.SlaveGroupDao;
811	return pm.UseTransaction(() => {
812	if (slaveGroupDto.Id == Guid.Empty) {
813	slaveGroupDto.Id = Guid.NewGuid();
814	}
815	var slaveGroup = slaveGroupDao.Save(slaveGroupDto.ToEntity());
816	pm.SubmitChanges();
817	return slaveGroup.ResourceId;
818	});
819	}
820	}
821
822	public DT.Slave GetSlave(Guid slaveId) {
823	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
824	var pm = PersistenceManager;
825	using (new PerformanceLogger("GetSlave")) {
826	var slaveDao = pm.SlaveDao;
827	return pm.UseTransaction(() => slaveDao.GetById(slaveId).ToDto());
828	}
829	}
830
831	public IEnumerable<DT.Slave> GetSlaves() {
832	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
833	bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
834	var pm = PersistenceManager;
835	using (new PerformanceLogger("GetSlaves")) {
836	var slaveDao = pm.SlaveDao;
837	var resourcePermissionDao = pm.ProjectPermissionDao;
838	var currentUserId = UserManager.CurrentUserId;
839	return pm.UseTransaction(() => {
840	var resourcePermissions = resourcePermissionDao.GetAll();
841	return slaveDao.GetAll().ToList()
842	.Where(x => isAdministrator
843	\|\| x.OwnerUserId == null
844	\|\| x.OwnerUserId == currentUserId
845	\|\| UserManager.VerifyUser(currentUserId, resourcePermissions
846	//.Where(y => y.ResourceId == x.ResourceId)
847	.Select(z => z.GrantedUserId)
848	.ToList())
849	)
850	.Select(x => x.ToDto())
851	.ToList();
852	});
853	}
854	}
855
856	public IEnumerable<DT.SlaveGroup> GetSlaveGroups() {
857	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
858	bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
859	var pm = PersistenceManager;
860	using (new PerformanceLogger("GetSlaveGroups")) {
861	var slaveGroupDao = pm.SlaveGroupDao;
862	var resourcePermissionDao = pm.ProjectPermissionDao;
863	var currentUserId = UserManager.CurrentUserId;
864	return pm.UseTransaction(() => {
865	var resourcePermissions = resourcePermissionDao.GetAll();
866	return slaveGroupDao.GetAll().ToList()
867	.Where(x => isAdministrator
868	\|\| x.OwnerUserId == null
869	\|\| x.OwnerUserId == currentUserId
870	\|\| UserManager.VerifyUser(currentUserId, resourcePermissions
871	//.Where(y => y.ResourceId == x.ResourceId)
872	.Select(z => z.GrantedUserId)
873	.ToList())
874	)
875	.Select(x => x.ToDto())
876	.ToList();
877	});
878	}
879	}
880
881	public void UpdateSlave(DT.Slave slaveDto) {
882	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
883	var pm = PersistenceManager;
884	using (new PerformanceLogger("UpdateSlave")) {
885	var slaveDao = pm.SlaveDao;
886	pm.UseTransaction(() => {
887	var slave = slaveDao.GetById(slaveDto.Id);
888	if (slave != null) {
889	slaveDto.CopyToEntity(slave);
890	} else {
891	slaveDao.Save(slaveDto.ToEntity());
892	}
893	pm.SubmitChanges();
894	});
895	}
896	}
897
898	public void UpdateSlaveGroup(DT.SlaveGroup slaveGroupDto) {
899	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
900	var pm = PersistenceManager;
901	using (new PerformanceLogger("UpdateSlaveGroup")) {
902	var slaveGroupDao = pm.SlaveGroupDao;
903	pm.UseTransaction(() => {
904	var slaveGroup = slaveGroupDao.GetById(slaveGroupDto.Id);
905	if (slaveGroup != null) {
906	slaveGroupDto.CopyToEntity(slaveGroup);
907	} else {
908	slaveGroupDao.Save(slaveGroupDto.ToEntity());
909	}
910	pm.SubmitChanges();
911	});
912	}
913	}
914
915	public void DeleteSlave(Guid slaveId) {
916	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
917	AuthorizationManager.AuthorizeForResourceAdministration(slaveId);
918	var pm = PersistenceManager;
919	using (new PerformanceLogger("DeleteSlave")) {
920	var slaveDao = pm.SlaveDao;
921	pm.UseTransaction(() => {
922	slaveDao.Delete(slaveId);
923	pm.SubmitChanges();
924	});
925	}
926	}
927
928	public void DeleteSlaveGroup(Guid slaveGroupId) {
929	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
930	AuthorizationManager.AuthorizeForResourceAdministration(slaveGroupId);
931	var pm = PersistenceManager;
932	using (new PerformanceLogger("DeleteSlaveGroup")) {
933	var slaveGroupDao = pm.SlaveGroupDao;
934	pm.UseTransaction(() => {
935	slaveGroupDao.Delete(slaveGroupId);
936	pm.SubmitChanges();
937	});
938	}
939	}
940
941	public void AddResourceToGroup(Guid slaveGroupId, Guid resourceId) {
942	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
943	var pm = PersistenceManager;
944	using (new PerformanceLogger("AddResourceToGroup")) {
945	var resourceDao = pm.ResourceDao;
946	pm.UseTransaction(() => {
947	var resource = resourceDao.GetById(resourceId);
948	resource.ParentResourceId = slaveGroupId;
949	pm.SubmitChanges();
950	});
951	}
952	}
953
954	public void RemoveResourceFromGroup(Guid slaveGroupId, Guid resourceId) {
955	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
956	var pm = PersistenceManager;
957	using (new PerformanceLogger("RemoveResourceFromGroup")) {
958	var resourceDao = pm.ResourceDao;
959	pm.UseTransaction(() => {
960	var resource = resourceDao.GetById(resourceId);
961	resource.ParentResourceId = null;
962	pm.SubmitChanges();
963	});
964	}
965	}
966
967	public Guid GetResourceId(string resourceName) {
968	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
969	var pm = PersistenceManager;
970	using (new PerformanceLogger("GetResourceId")) {
971	var resourceDao = pm.ResourceDao;
972	return pm.UseTransaction(() => {
973	var resource = resourceDao.GetByName(resourceName);
974	return resource != null ? resource.ResourceId : Guid.Empty;
975	});
976	}
977	}
978
979	public void TriggerEventManager(bool force) {
980	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
981	// use a serializable transaction here to ensure not two threads execute this simultaniously (mutex-lock would not work since IIS may use multiple AppDomains)
982	bool cleanup;
983	var pm = PersistenceManager;
984	using (new PerformanceLogger("TriggerEventManager")) {
985	cleanup = false;
986	var lifecycleDao = pm.LifecycleDao;
987	pm.UseTransaction(() => {
988	var lastLifecycle = lifecycleDao.GetLastLifecycle();
989	DateTime lastCleanup = lastLifecycle != null ? lastLifecycle.LastCleanup : DateTime.MinValue;
990	if (force \|\| DateTime.Now - lastCleanup > HeuristicLab.Services.Hive.Properties.Settings.Default.CleanupInterval) {
991	lifecycleDao.UpdateLifecycle();
992	cleanup = true;
993	pm.SubmitChanges();
994	}
995	}, true);
996	}
997	if (cleanup) {
998	EventManager.Cleanup();
999	}
1000	}
1001
1002	public int GetNewHeartbeatInterval(Guid slaveId) {
1003	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Slave);
1004	var pm = PersistenceManager;
1005	using (new PerformanceLogger("GetNewHeartbeatInterval")) {
1006	var slaveDao = pm.SlaveDao;
1007	return pm.UseTransaction(() => {
1008	var slave = slaveDao.GetById(slaveId);
1009	if (slave != null) {
1010	return slave.HbInterval;
1011	}
1012	return -1;
1013	});
1014	}
1015	}
1016	#endregion
1017
1018	#region Downtime Methods
1019	public Guid AddDowntime(DT.Downtime downtimeDto) {
1020	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
1021	AuthorizationManager.AuthorizeForResourceAdministration(downtimeDto.ResourceId);
1022	var pm = PersistenceManager;
1023	using (new PerformanceLogger("AddDowntime")) {
1024	var downtimeDao = pm.DowntimeDao;
1025	return pm.UseTransaction(() => {
1026	var downtime = downtimeDao.Save(downtimeDto.ToEntity());
1027	pm.SubmitChanges();
1028	return downtime.ResourceId;
1029	});
1030	}
1031	}
1032
1033	public void DeleteDowntime(Guid downtimeId) {
1034	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
1035	var pm = PersistenceManager;
1036	using (new PerformanceLogger("DeleteDowntime")) {
1037	var downtimeDao = pm.DowntimeDao;
1038	pm.UseTransaction(() => {
1039	downtimeDao.Delete(downtimeId);
1040	pm.SubmitChanges();
1041	});
1042	}
1043	}
1044
1045	public void UpdateDowntime(DT.Downtime downtimeDto) {
1046	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
1047	AuthorizationManager.AuthorizeForResourceAdministration(downtimeDto.ResourceId);
1048	var pm = PersistenceManager;
1049	using (new PerformanceLogger("UpdateDowntime")) {
1050	var downtimeDao = pm.DowntimeDao;
1051	pm.UseTransaction(() => {
1052	var downtime = downtimeDao.GetById(downtimeDto.Id);
1053	if (downtime != null) {
1054	downtimeDto.CopyToEntity(downtime);
1055	} else {
1056	downtimeDao.Save(downtimeDto.ToEntity());
1057	}
1058	pm.SubmitChanges();
1059	});
1060	}
1061	}
1062
1063	public IEnumerable<DT.Downtime> GetDowntimesForResource(Guid resourceId) {
1064	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
1065	var pm = PersistenceManager;
1066	using (new PerformanceLogger("GetDowntimesForResource")) {
1067	var downtimeDao = pm.DowntimeDao;
1068	return pm.UseTransaction(() => downtimeDao.GetByResourceId(resourceId)
1069	.Select(x => x.ToDto())
1070	.ToList()
1071	);
1072	}
1073	}
1074	#endregion
1075
1076	#region User Methods
1077	public string GetUsernameByUserId(Guid userId) {
1078	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
1079	var user = UserManager.GetUserById(userId);
1080	return user != null ? user.UserName : null;
1081	}
1082
1083	public Guid GetUserIdByUsername(string username) {
1084	RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
1085	var user = ServiceLocator.Instance.UserManager.GetUserByName(username);
1086	return user != null ? (Guid?)user.ProviderUserKey ?? Guid.Empty : Guid.Empty;
1087	}
1088	#endregion
1089
1090	#region UserPriorities Methods
1091	public IEnumerable<DT.UserPriority> GetUserPriorities() {
1092	var pm = PersistenceManager;
1093	using (new PerformanceLogger("GetUserPriorities")) {
1094	var userPriorityDao = pm.UserPriorityDao;
1095	return pm.UseTransaction(() => userPriorityDao.GetAll()
1096	.Select(x => x.ToDto())
1097	.ToList()
1098	);
1099	}
1100	}
1101	#endregion
1102
1103	#region Private Helper Methods
1104	private void UpdateTaskState(IPersistenceManager pm, DA.Task task, DT.TaskState taskState, Guid? slaveId, Guid? userId, string exception) {
1105	var stateLogDao = pm.StateLogDao;
1106	var taskStateEntity = taskState.ToEntity();
1107
1108	if (task.State == DA.TaskState.Transferring && taskStateEntity == DA.TaskState.Paused && task.Command == null) {
1109	// slave paused and uploaded the task (no user-command) -> set waiting.
1110	taskStateEntity = DA.TaskState.Waiting;
1111	}
1112
1113	stateLogDao.Save(new DA.StateLog {
1114	State = taskStateEntity,
1115	DateTime = DateTime.Now,
1116	TaskId = task.TaskId,
1117	UserId = userId,
1118	SlaveId = slaveId,
1119	Exception = exception
1120	});
1121
1122	task.State = taskStateEntity;
1123
1124	if (task.Command == DA.Command.Pause && task.State == DA.TaskState.Paused
1125	\|\| task.Command == DA.Command.Abort && task.State == DA.TaskState.Aborted
1126	\|\| task.Command == DA.Command.Stop && task.State == DA.TaskState.Aborted) {
1127	task.Command = null;
1128	}
1129	}
1130
1131	// OBSOLETE
1132	// reason: only used for double checking! AuthorizationManager.AuthorizeForProjectAdministration(..) does the same!
1133	//private DA.Project AuthorizeForProject(IPersistenceManager pm, Guid projectId) {
1134	// var projectDao = pm.ProjectDao;
1135	// var project = projectDao.GetById(projectId);
1136	// if (project == null) throw new SecurityException(NOT_AUTHORIZED_PROJECT);
1137	// if (project.OwnerUserId != UserManager.CurrentUserId
1138	// && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
1139	// throw new SecurityException(NOT_AUTHORIZED_PROJECT);
1140	// }
1141	// return project;
1142	//}
1143
1144	private void CheckTaskPermissions(IPersistenceManager pm, DT.Task task, IEnumerable<Guid> resourceIds) {
1145	var jobDao = pm.JobDao;
1146	var projectDao = pm.ProjectDao;
1147	var resourceDao = pm.ResourceDao;
1148	var projectPermissionDao = pm.ProjectPermissionDao;
1149	var currentUserId = UserManager.CurrentUserId;
1150
1151	// PART 2: user-project permission check
1152	var job = jobDao.GetById(task.JobId);
1153	var project = projectDao.GetById(job.ProjectId);
1154	AuthorizeForProjectTask(pm, project);
1155
1156	// PART 3: project-resource permission check
1157	var assignedResourceIds = project.AssignedProjectResources.Select(x => x.ResourceId).ToList();
1158	var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetChildResourceIdsById(x));
1159	assignedResourceIds.AddRange(assignedChildResourceIds);
1160	if (resourceIds.Except(assignedResourceIds).Any()) {
1161	throw new SecurityException(NOT_AUTHORIZED_PROJECT);
1162	}
1163	}
1164
1165	// Check if current user is authorized to add a task on a explicit project
1166	// case 1: user is administrator
1167	// case 2: user is owner of project or parent project
1168	// case 3: user has explicit permission on project or parent project
1169	private void AuthorizeForProjectTask(IPersistenceManager pm, DA.Project project) {
1170	if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // case 1
1171
1172	// case 2
1173	var projectDao = pm.ProjectDao;
1174	var projectBranch = new List<DA.Project>() { project };
1175	projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId));
1176	if (projectBranch
1177	.Select(x => x.OwnerUserId)
1178	.Contains(UserManager.CurrentUserId)) {
1179	return;
1180	}
1181
1182	// case 3
1183	if (project.ProjectPermissions
1184	.Select(x => x.GrantedUserId)
1185	.Contains(UserManager.CurrentUserId)) {
1186	return;
1187	}
1188	if (projectBranch
1189	.SelectMany(x => x.ProjectPermissions)
1190	.Select(x => x.GrantedUserId)
1191	.Contains(UserManager.CurrentUserId)) {
1192	return;
1193	}
1194
1195	throw new SecurityException(NOT_AUTHORIZED_PROJECT);
1196	}
1197
1198	// Check if the current user is authorized to administer resourceIds
1199	private void AuthorizeForResources(IPersistenceManager pm, DA.Project project, Guid[] resourceIds) {
1200	var projectDao = pm.ProjectDao;
1201	var resourceDao = pm.ResourceDao;
1202
1203	var projectBranch = new List<DA.Project> { project };
1204	projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId));
1205	var ownedProjects = projectBranch.Where(x => x.OwnerUserId == UserManager.CurrentUserId).ToList();
1206
1207	// get all assigned resourceIds (including children) of owned projects in this branch
1208	var assignedResourceIds = ownedProjects.SelectMany(x => x.AssignedProjectResources).Select(x => x.ResourceId).ToList();
1209	var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetParentResourceIdsById(x));
1210	assignedResourceIds.AddRange(assignedChildResourceIds);
1211
1212	// look up if all resourceIds are among the assigned ones
1213	if (resourceIds.Except(assignedResourceIds).Any()) {
1214	throw new SecurityException(NOT_AUTHORIZED_RESOURCE);
1215	}
1216	}
1217
1218	// Check if the current user is authorized (i.e. is owner of the (sub)project) to set permissions
1219	// for a certain resource (resourceId) in the context of a certain project (projectId)
1220	private DA.Resource AuthorizeForResource(IPersistenceManager pm, Guid resourceId, Guid projectId) {
1221	var projectDao = pm.ProjectDao;
1222	var project = projectDao.GetById(projectId);
1223	if (project == null) throw new SecurityException(NOT_AUTHORIZED_PROJECT); // if project does not exist
1224
1225	var resourceDao = pm.ResourceDao;
1226	var resource = resourceDao.GetById(resourceId);
1227	if (resource == null) throw new SecurityException(NOT_AUTHORIZED_RESOURCE); // if resource does not exist
1228
1229
1230	// check if user is administrator, owner of the project or any parent project
1231	var projectTree = new List<DA.Project> { project };
1232	projectTree.AddRange(projectDao.GetParentProjectsById(projectId));
1233	if (!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
1234	&& !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
1235	throw new SecurityException(NOT_AUTHORIZED_PROJECT);
1236	}
1237
1238	// look up if resourceId is amongst the assigned ones
1239	var assignedResources = project.AssignedProjectResources.ToList();
1240	if (assignedResources.Select(x => x.ResourceId).Contains(resourceId)) {
1241	return resource;
1242	}
1243
1244	// look up if one of the parent resourceIds is amongst the assigned ones
1245	// note: this should be faster than checking all children of the assigned
1246	// resource(-groups) for the certain resourceId
1247	var parentResourceIds = resourceDao.GetParentResourceIdsById(resourceId);
1248	if (assignedResources.Select(x => x.ResourceId)
1249	.Intersect(parentResourceIds).Count() > 0) {
1250	return resource;
1251	}
1252
1253	throw new SecurityException(NOT_AUTHORIZED_PROJECT);
1254	}
1255	#endregion
1256	}
1257	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Update cookies preferences