source: trunk/sources/HeuristicLab.Security.Core/3.2/PermissionManager.cs @ 1738

Last change on this file since 1738 was 1738, checked in by asimon, 12 years ago

error correction (ticket #537)

File size: 4.7 KB
Line 
1using System;
2using System.Collections.Generic;
3using System.Text;
4using System.Threading;
5using HeuristicLab.Security.Contracts.Interfaces;
6using HeuristicLab.Security.Contracts.BusinessObjects;
7using HeuristicLab.Security.DataAccess;
8using HeuristicLab.DataAccess.Interfaces;
9using HeuristicLab.PluginInfrastructure;
10using System.Security.Cryptography;
11using System.ServiceModel;
12
13namespace HeuristicLab.Security.Core {
14  public class PermissionManager : IPermissionManager{
15
16    private static ISessionFactory factory = ServiceLocator.GetSessionFactory();
17
18    private static ISession session;
19   
20    private static IDictionary<Guid,string> currentSessions = new Dictionary<Guid, string>();
21    Object locker = new Object();
22
23    private static string getMd5Hash(string input) {
24      // Create a new instance of the MD5CryptoServiceProvider object.
25      MD5 md5Hasher = MD5.Create();
26
27      // Convert the input string to a byte array and compute the hash.
28      byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
29
30      // Create a new Stringbuilder to collect the bytes
31      // and create a string.
32      StringBuilder sBuilder = new StringBuilder();
33
34      // Loop through each byte of the hashed data
35      // and format each one as a hexadecimal string.
36      for (int i = 0; i < data.Length; i++) {
37        sBuilder.Append(data[i].ToString("x2"));
38      }
39
40      // Return the hexadecimal string.
41      return sBuilder.ToString();
42    }
43
44   /// <summary>
45   /// If a session exists for this userName then it is returned, otherwise the given password
46   /// is checked and a new session is created.
47   /// </summary>
48   /// <param name="userName"></param>
49   /// <param name="password"></param>
50   /// <returns></returns>
51    public Guid Authenticate(String userName, String password) {
52      lock (locker)
53        if (currentSessions.Values.Contains(userName))
54          return GetGuid(userName);
55      try {
56        session = factory.GetSessionForCurrentThread();
57
58        password = getMd5Hash(password);
59
60        IUserAdapter userAdapter = session.GetDataAdapter<User, IUserAdapter>();
61        User user = userAdapter.GetByLogin(userName);
62
63        if (user != null &&
64            user.Password.Equals(password)) {
65          Guid newSessionId = Guid.NewGuid();
66          lock (locker)
67            currentSessions.Add(newSessionId, userName);
68          return newSessionId;
69        } else return Guid.Empty;
70      }
71      catch (Exception ex) { throw new FaultException("Server: " + ex.Message); }
72      finally {
73        if (session != null)
74          session.EndSession();
75      }
76    }
77
78    /// <summary>
79    /// Checks if the owner of the given session has the given permission.
80    /// </summary>
81    /// <param name="sessionId"></param>
82    /// <param name="permissionId"></param>
83    /// <param name="entityId"></param>
84    /// <returns></returns>
85    public bool CheckPermission(Guid sessionId, Guid permissionId, Guid entityId) {
86      string userName;
87      bool existsSession;
88      lock (locker)
89        existsSession = currentSessions.TryGetValue(sessionId, out userName);
90      if (existsSession) {
91        try {
92          session = factory.GetSessionForCurrentThread();
93         
94          IPermissionOwnerAdapter permOwnerAdapter = session.GetDataAdapter<PermissionOwner, IPermissionOwnerAdapter>();
95          PermissionOwner permOwner = permOwnerAdapter.GetByName(userName);
96
97          IPermissionAdapter permissionAdapter = session.GetDataAdapter<Permission, IPermissionAdapter>();
98          Permission permission = permissionAdapter.GetById(permissionId);
99         
100          if ((permission != null) && (permOwner != null))
101            return (permissionAdapter.getPermission(permOwner.Id, permission.Id, entityId) != null);
102          else return false;
103        }
104        catch (Exception ex) { throw new FaultException("Server: " + ex.Message); }
105        finally {
106          if (session != null)
107            session.EndSession();
108        }
109      } else return false;
110    }
111
112    /// <summary>
113    /// Removes the given session.
114    /// </summary>
115    /// <param name="sessionId"></param>
116    public void EndSession(Guid sessionId) {
117      lock (locker) {
118        if (currentSessions.Keys.Contains(sessionId))
119          currentSessions.Remove(sessionId);
120      }
121    }
122
123    /// <summary>
124    /// Gets the sessionId for a user.
125    /// </summary>
126    /// <param name="userName"></param>
127    /// <returns></returns>
128    public Guid GetGuid(string userName) {
129      foreach (Guid guid in currentSessions.Keys)
130        if (currentSessions[guid].CompareTo(userName) == 0)
131          return guid;
132      return Guid.Empty;
133    }
134  }
135}
Note: See TracBrowser for help on using the repository browser.