Free cookie consent management tool by TermsFeed Policy Generator

source: branches/HiveStatistics/sources/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs @ 12691

Last change on this file since 12691 was 12691, checked in by dglaser, 9 years ago

#2388:

HeuristicLab.Services.Access:
HeuristicLab.Services.Access.DataAccess:

  • Changed connection strings and certificates for local usage

HeuristicLab.Services.Hive.DataAccess:

  • Added compiled queries for frequently used queries
  • Integrated string queries from OptimizedHiveDao

HeuristicLab.Services.Hive:

  • Added NewHeartbeatManager.cs
  • Added NewRoundRobinTaskScheduler.cs
  • Added PerformanceLogger
  • Updated AuthoriziationManager
  • Updated NewHiveService
    • Added Regions
    • Implemented missing methods
    • Improved performance of several queries

HeuristicLab.Services.WebApp.Status:

  • Fixed a bug which caused an error when calculating the average waiting time.
File size: 4.2 KB
Line 
1#region License Information
2/* HeuristicLab
3 * Copyright (C) 2002-2015 Heuristic and Evolutionary Algorithms Laboratory (HEAL)
4 *
5 * This file is part of HeuristicLab.
6 *
7 * HeuristicLab is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * HeuristicLab is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with HeuristicLab. If not, see <http://www.gnu.org/licenses/>.
19 */
20#endregion
21
22using System;
23using System.Security;
24using HeuristicLab.Services.Access;
25using HeuristicLab.Services.Hive.DataAccess;
26using HeuristicLab.Services.Hive.DataAccess.Interfaces;
27using DA = HeuristicLab.Services.Hive.DataAccess;
28using DT = HeuristicLab.Services.Hive.DataTransfer;
29
30
31namespace HeuristicLab.Services.Hive {
32  public class AuthorizationManager : IAuthorizationManager {
33
34    private const string NOT_AUTHORIZED = "Current user is not authorized to access the requested resource";
35    private IPersistenceManager PersistenceManager {
36      get { return ServiceLocator.Instance.PersistenceManager; }
37    }
38
39    private IUserManager UserManager {
40      get { return ServiceLocator.Instance.UserManager; }
41    }
42
43    private IRoleVerifier RoleVerifier {
44      get { return ServiceLocator.Instance.RoleVerifier; }
45    }
46
47    public void Authorize(Guid userId) {
48      if (userId != ServiceLocator.Instance.UserManager.CurrentUserId)
49        throw new SecurityException(NOT_AUTHORIZED);
50    }
51
52    public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) {
53      if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks
54      using (var pm = PersistenceManager) {
55        var taskDao = pm.TaskDao;
56        pm.UseTransaction(() => {
57          var task = taskDao.GetById(taskId);
58          if (task == null) throw new SecurityException(NOT_AUTHORIZED);
59          AuthorizeJob(pm, task.JobId, requiredPermission);
60        });
61      }
62    }
63
64    public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission) {
65      using (var pm = PersistenceManager) {
66        pm.UseTransaction(() => {
67          AuthorizeJob(pm, jobId, requiredPermission);
68        });
69      }
70    }
71
72    public void AuthorizeForResourceAdministration(Guid resourceId) {
73      using (var pm = PersistenceManager) {
74        var resourceDao = pm.ResourceDao;
75        pm.UseTransaction(() => {
76          var resource = resourceDao.GetById(resourceId);
77          if (resource == null) throw new SecurityException(NOT_AUTHORIZED);
78          if (resource.OwnerUserId != UserManager.CurrentUserId
79              && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
80            throw new SecurityException(NOT_AUTHORIZED);
81          }
82        });
83      }
84    }
85
86    private DA.Permission GetPermissionForJob(IPersistenceManager pm, Guid jobId, Guid userId) {
87      var jobDao = pm.JobDao;
88      var jobPermissionDao = pm.JobPermissionDao;
89      var job = jobDao.GetById(jobId);
90      if (job == null) return DA.Permission.NotAllowed;
91      if (job.OwnerUserId == userId) return DA.Permission.Full;
92      var jobPermission = jobPermissionDao.GetByJobAndUserId(jobId, userId);
93      if (jobPermission == null) return DA.Permission.NotAllowed;
94      return jobPermission.Permission;
95    }
96
97    private void AuthorizeJob(IPersistenceManager pm, Guid jobId, DT.Permission requiredPermission) {
98      var requiredPermissionEntity = requiredPermission.ToEntity();
99      DA.Permission permission = GetPermissionForJob(pm, jobId, UserManager.CurrentUserId);
100      if (permission == Permission.NotAllowed
101          || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) {
102        throw new SecurityException(NOT_AUTHORIZED);
103      }
104    }
105  }
106}
Note: See TracBrowser for help on using the repository browser.