- Timestamp:
- 09/02/15 13:16:18 (9 years ago)
- Location:
- branches/crossvalidation-2434
- Files:
-
- 3 edited
- 2 copied
Legend:
- Unmodified
- Added
- Removed
-
branches/crossvalidation-2434
- Property svn:mergeinfo changed
-
branches/crossvalidation-2434/HeuristicLab.Services.Hive
- Property svn:mergeinfo changed
-
branches/crossvalidation-2434/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
r12012 r12931 22 22 using System; 23 23 using System.Security; 24 using HeuristicLab.Services.Access; 24 25 using HeuristicLab.Services.Hive.DataAccess; 26 using HeuristicLab.Services.Hive.DataAccess.Interfaces; 27 using DA = HeuristicLab.Services.Hive.DataAccess; 25 28 using DT = HeuristicLab.Services.Hive.DataTransfer; 26 29 … … 28 31 namespace HeuristicLab.Services.Hive { 29 32 public class AuthorizationManager : IAuthorizationManager { 33 34 private const string NOT_AUTHORIZED = "Current user is not authorized to access the requested resource"; 35 private IPersistenceManager PersistenceManager { 36 get { return ServiceLocator.Instance.PersistenceManager; } 37 } 38 39 private IUserManager UserManager { 40 get { return ServiceLocator.Instance.UserManager; } 41 } 42 43 private IRoleVerifier RoleVerifier { 44 get { return ServiceLocator.Instance.RoleVerifier; } 45 } 46 30 47 public void Authorize(Guid userId) { 31 48 if (userId != ServiceLocator.Instance.UserManager.CurrentUserId) 32 throw new SecurityException( "Current user is not authorized to access object");49 throw new SecurityException(NOT_AUTHORIZED); 33 50 } 34 51 35 52 public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) { 36 53 if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks 37 38 Permission permission = ServiceLocator.Instance.HiveDao.GetPermissionForTask(taskId, ServiceLocator.Instance.UserManager.CurrentUserId); 39 if (permission == Permission.NotAllowed || (permission != DT.Convert.ToEntity(requiredPermission) && DT.Convert.ToEntity(requiredPermission) == Permission.Full)) 40 throw new SecurityException("Current user is not authorized to access task"); 54 var pm = PersistenceManager; 55 var taskDao = pm.TaskDao; 56 pm.UseTransaction(() => { 57 var task = taskDao.GetById(taskId); 58 if (task == null) throw new SecurityException(NOT_AUTHORIZED); 59 AuthorizeJob(pm, task.JobId, requiredPermission); 60 }); 41 61 } 42 62 43 63 public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission) { 44 Permission permission = ServiceLocator.Instance.HiveDao.GetPermissionForJob(jobId, ServiceLocator.Instance.UserManager.CurrentUserId); 45 if (permission == Permission.NotAllowed || (permission != DT.Convert.ToEntity(requiredPermission) && DT.Convert.ToEntity(requiredPermission) == Permission.Full)) 46 throw new SecurityException("Current user is not authorized to access task"); 64 var pm = PersistenceManager; 65 pm.UseTransaction(() => { 66 AuthorizeJob(pm, jobId, requiredPermission); 67 }); 47 68 } 48 69 49 70 public void AuthorizeForResourceAdministration(Guid resourceId) { 50 Resource resource = DT.Convert.ToEntity(ServiceLocator.Instance.HiveDao.GetResource(resourceId)); 51 if (resource.OwnerUserId != ServiceLocator.Instance.UserManager.CurrentUserId && !ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator)) 52 throw new SecurityException("Current user is not authorized to access resource"); 71 var pm = PersistenceManager; 72 var resourceDao = pm.ResourceDao; 73 pm.UseTransaction(() => { 74 var resource = resourceDao.GetById(resourceId); 75 if (resource == null) throw new SecurityException(NOT_AUTHORIZED); 76 if (resource.OwnerUserId != UserManager.CurrentUserId 77 && !RoleVerifier.IsInRole(HiveRoles.Administrator)) { 78 throw new SecurityException(NOT_AUTHORIZED); 79 } 80 }); 81 } 82 83 private DA.Permission GetPermissionForJob(IPersistenceManager pm, Guid jobId, Guid userId) { 84 var jobDao = pm.JobDao; 85 var jobPermissionDao = pm.JobPermissionDao; 86 var job = jobDao.GetById(jobId); 87 if (job == null) return DA.Permission.NotAllowed; 88 if (job.OwnerUserId == userId) return DA.Permission.Full; 89 var jobPermission = jobPermissionDao.GetByJobAndUserId(jobId, userId); 90 if (jobPermission == null) return DA.Permission.NotAllowed; 91 return jobPermission.Permission; 92 } 93 94 private void AuthorizeJob(IPersistenceManager pm, Guid jobId, DT.Permission requiredPermission) { 95 var requiredPermissionEntity = requiredPermission.ToEntity(); 96 DA.Permission permission = GetPermissionForJob(pm, jobId, UserManager.CurrentUserId); 97 if (permission == Permission.NotAllowed 98 || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) { 99 throw new SecurityException(NOT_AUTHORIZED); 100 } 53 101 } 54 102 }
Note: See TracChangeset
for help on using the changeset viewer.