Free cookie consent management tool by TermsFeed Policy Generator

source: branches/OaaS/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs @ 8384

Last change on this file since 8384 was 8051, checked in by jkarder, 12 years ago

#1859: manually merged branch "HiveResourcePermissionManagement (trunk integration)" into trunk

File size: 2.8 KB
Line 
1#region License Information
2/* HeuristicLab
3 * Copyright (C) 2002-2012 Heuristic and Evolutionary Algorithms Laboratory (HEAL)
4 *
5 * This file is part of HeuristicLab.
6 *
7 * HeuristicLab is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * HeuristicLab is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with HeuristicLab. If not, see <http://www.gnu.org/licenses/>.
19 */
20#endregion
21
22using System;
23using System.Security;
24using HeuristicLab.Services.Hive.DataAccess;
25using DT = HeuristicLab.Services.Hive.DataTransfer;
26
27
28namespace HeuristicLab.Services.Hive {
29  public class AuthorizationManager : IAuthorizationManager {
30    public void Authorize(Guid userId) {
31      if (userId != ServiceLocator.Instance.UserManager.CurrentUserId)
32        throw new SecurityException("Current user is not authorized to access object");
33    }
34
35    public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) {
36      if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks
37
38      Permission permission = ServiceLocator.Instance.HiveDao.GetPermissionForTask(taskId, ServiceLocator.Instance.UserManager.CurrentUserId);
39      if (permission == Permission.NotAllowed || (permission != DT.Convert.ToEntity(requiredPermission) && DT.Convert.ToEntity(requiredPermission) == Permission.Full))
40        throw new SecurityException("Current user is not authorized to access task");
41    }
42
43    public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission) {
44      Permission permission = ServiceLocator.Instance.HiveDao.GetPermissionForJob(jobId, ServiceLocator.Instance.UserManager.CurrentUserId);
45      if (permission == Permission.NotAllowed || (permission != DT.Convert.ToEntity(requiredPermission) && DT.Convert.ToEntity(requiredPermission) == Permission.Full))
46        throw new SecurityException("Current user is not authorized to access task");
47    }
48
49    public void AuthorizeForResourceAdministration(Guid resourceId) {
50      Resource resource = DT.Convert.ToEntity(ServiceLocator.Instance.HiveDao.GetResource(resourceId));
51      if (resource.OwnerUserId != ServiceLocator.Instance.UserManager.CurrentUserId && !ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator))
52        throw new SecurityException("Current user is not authorized to access resource");
53    }
54  }
55}
Note: See TracBrowser for help on using the repository browser.