Ignore:
Timestamp:
09/21/15 16:28:38 (7 years ago)
Author:
ascheibe
Message:

#2388 merged r12878, r12879, r12883, r12885, r12913, r12914, r12925, r12932, r12961 into stable

Location:
stable
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • stable

  • stable/HeuristicLab.Services.Hive

  • stable/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r12009 r12962  
    2222using System;
    2323using System.Security;
     24using HeuristicLab.Services.Access;
    2425using HeuristicLab.Services.Hive.DataAccess;
     26using HeuristicLab.Services.Hive.DataAccess.Interfaces;
     27using DA = HeuristicLab.Services.Hive.DataAccess;
    2528using DT = HeuristicLab.Services.Hive.DataTransfer;
    2629
     
    2831namespace HeuristicLab.Services.Hive {
    2932  public class AuthorizationManager : IAuthorizationManager {
     33
     34    private const string NOT_AUTHORIZED = "Current user is not authorized to access the requested resource";
     35    private IPersistenceManager PersistenceManager {
     36      get { return ServiceLocator.Instance.PersistenceManager; }
     37    }
     38
     39    private IUserManager UserManager {
     40      get { return ServiceLocator.Instance.UserManager; }
     41    }
     42
     43    private IRoleVerifier RoleVerifier {
     44      get { return ServiceLocator.Instance.RoleVerifier; }
     45    }
     46
    3047    public void Authorize(Guid userId) {
    3148      if (userId != ServiceLocator.Instance.UserManager.CurrentUserId)
    32         throw new SecurityException("Current user is not authorized to access object");
     49        throw new SecurityException(NOT_AUTHORIZED);
    3350    }
    3451
    3552    public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) {
    3653      if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks
    37 
    38       Permission permission = ServiceLocator.Instance.HiveDao.GetPermissionForTask(taskId, ServiceLocator.Instance.UserManager.CurrentUserId);
    39       if (permission == Permission.NotAllowed || (permission != DT.Convert.ToEntity(requiredPermission) && DT.Convert.ToEntity(requiredPermission) == Permission.Full))
    40         throw new SecurityException("Current user is not authorized to access task");
     54      var pm = PersistenceManager;
     55      var taskDao = pm.TaskDao;
     56      pm.UseTransaction(() => {
     57        var task = taskDao.GetById(taskId);
     58        if (task == null) throw new SecurityException(NOT_AUTHORIZED);
     59        AuthorizeJob(pm, task.JobId, requiredPermission);
     60      });
    4161    }
    4262
    4363    public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission) {
    44       Permission permission = ServiceLocator.Instance.HiveDao.GetPermissionForJob(jobId, ServiceLocator.Instance.UserManager.CurrentUserId);
    45       if (permission == Permission.NotAllowed || (permission != DT.Convert.ToEntity(requiredPermission) && DT.Convert.ToEntity(requiredPermission) == Permission.Full))
    46         throw new SecurityException("Current user is not authorized to access task");
     64      var pm = PersistenceManager;
     65      pm.UseTransaction(() => {
     66        AuthorizeJob(pm, jobId, requiredPermission);
     67      });
    4768    }
    4869
    4970    public void AuthorizeForResourceAdministration(Guid resourceId) {
    50       Resource resource = DT.Convert.ToEntity(ServiceLocator.Instance.HiveDao.GetResource(resourceId));
    51       if (resource.OwnerUserId != ServiceLocator.Instance.UserManager.CurrentUserId && !ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator))
    52         throw new SecurityException("Current user is not authorized to access resource");
     71      var pm = PersistenceManager;
     72      var resourceDao = pm.ResourceDao;
     73      pm.UseTransaction(() => {
     74        var resource = resourceDao.GetById(resourceId);
     75        if (resource == null) throw new SecurityException(NOT_AUTHORIZED);
     76        if (resource.OwnerUserId != UserManager.CurrentUserId
     77            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
     78          throw new SecurityException(NOT_AUTHORIZED);
     79        }
     80      });
     81    }
     82
     83    private DA.Permission GetPermissionForJob(IPersistenceManager pm, Guid jobId, Guid userId) {
     84      var jobDao = pm.JobDao;
     85      var jobPermissionDao = pm.JobPermissionDao;
     86      var job = jobDao.GetById(jobId);
     87      if (job == null) return DA.Permission.NotAllowed;
     88      if (job.OwnerUserId == userId) return DA.Permission.Full;
     89      var jobPermission = jobPermissionDao.GetByJobAndUserId(jobId, userId);
     90      if (jobPermission == null) return DA.Permission.NotAllowed;
     91      return jobPermission.Permission;
     92    }
     93
     94    private void AuthorizeJob(IPersistenceManager pm, Guid jobId, DT.Permission requiredPermission) {
     95      var requiredPermissionEntity = requiredPermission.ToEntity();
     96      DA.Permission permission = GetPermissionForJob(pm, jobId, UserManager.CurrentUserId);
     97      if (permission == Permission.NotAllowed
     98          || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) {
     99        throw new SecurityException(NOT_AUTHORIZED);
     100      }
    53101    }
    54102  }
Note: See TracChangeset for help on using the changeset viewer.