Context Navigation

source: trunk/sources/HeuristicLab.Hive.Server.Core/3.2/Authorization/HivePermissionManager.cs @ 2067

Visit:

Last change on this file since 2067 was 2067, checked in by mbecirov, 15 years ago
#586: Changed some permissions.
File size: 3.8 KB

Line
1	using System;
2	using System.Collections.Generic;
3	using System.Linq;
4	using System.Text;
5	using HeuristicLab.Security.Contracts.Interfaces;
6	using HeuristicLab.DataAccess;
7	using HeuristicLab.Security.Contracts.BusinessObjects;
8	using HeuristicLab.Hive.Contracts.BusinessObjects;
9	using HeuristicLab.Hive.Contracts.Interfaces;
10	using HeuristicLab.Hive.Contracts;
11	using HeuristicLab.Hive.Server.Core.InternalInterfaces;
12	using System.ServiceModel;
13
14	namespace HeuristicLab.Hive.Server.Core {
15	public class HivePermissionManager : IHivePermissionManager {
16
17	private IJobManager jobManager = ServiceLocator.GetJobManager();
18
19	private IPermissionManager permManager = ServiceLocator.GetPermissionManager();
20
21	private IClientManager clientManager = ServiceLocator.GetClientManager();
22
23	private PermissionCollection permissions = HivePermissions.GetPermissions();
24	private PolicyCollection policyCollection = HivePermissions.GetPolicies();
25
26	/// <summary>
27	/// Authenticates an user and returns a valid guid if success.
28	/// </summary>
29	/// <param name="username"></param>
30	/// <param name="password"></param>
31	/// <returns></returns>
32	public Guid Login(string username, string password) {
33	return permManager.Authenticate(username, password);
34	}
35
36	/// <summary>
37	/// Checks user permission against predefined policy.
38	/// </summary>
39	/// <param name="policyName">Policy Name defines the action.</param>
40	/// <param name="sessionID">Session ID identifies a currently logged on user.</param>
41	/// <param name="entityID">Entity ID can be some resource or emtpy.</param>
42	public void Authorize(string policyName, Guid sessionID, Guid entityID) {
43	//check if this policy has a permission with 'ANY' scope defined
44	Permission p = policyCollection[policyName].GetPermissionByContext("Any");
45
46	//check if user has 'xxx.Any' permission
47	if (p != null)
48	if (CheckPermission(sessionID, p.Id, entityID)) return;
49
50	//check if this policy has a permission with 'PROJECT' scope defined
51	p = policyCollection[policyName].GetPermissionByContext("Project");
52	//check if user has 'xxx.Project' permission
53	if (p != null)
54	if (CheckPermission(sessionID, p.Id, jobManager.GetJobById(entityID).Obj.Project.Id)) return;
55
56	//check if this policy has a permission with 'OWNER' scope defined
57	p = policyCollection[policyName].GetPermissionByContext("User");
58	//check if user has 'xxx.Owner' permission
59	if (p != null)
60	if (CheckPermission(sessionID, p.Id, jobManager.GetJobById(entityID).Obj.UserId)) return;
61	//throw an exception when user access fails
62	throw new PermissionException(policyName);
63	}
64
65	/// <summary>
66	/// Checks if a user has permission for a specified action.
67	/// </summary>
68	/// <param name="sessionID">The current session.</param>
69	/// <param name="actionID">A pre-defined action that requires permission.</param>
70	/// <param name="entityID">A resource (Job,...)</param>
71	/// <returns></returns>
72	public bool CheckPermission(Guid sessionID, Guid actionID, Guid entityId) {
73	bool hasPerm = permManager.CheckPermission(sessionID, actionID, entityId);
74	PermissionCollection pc = HivePermissions.GetPermissions();
75	if (!hasPerm)
76	if (CheckPermissionHelper(sessionID, actionID, entityId)) return true;
77	return hasPerm;
78	}
79
80	private bool CheckPermissionHelper(Guid sessionId, Guid actionId, Guid entityId) {
81	if (entityId == Guid.Empty) return true;
82	IList<ClientGroup> groups = clientManager.GetAllGroupsOfResource(entityId).Obj;
83	foreach (ClientGroup group in groups)
84	if (CheckPermission(sessionId, actionId, group.Id)) return true;
85	return false;
86	}
87	}
88	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Update cookies preferences