Changeset 15500

Timestamp:

12/07/17 14:41:47 (6 years ago)

Author:

jzenisek

Message:

#2839 worked on resource permission checks (v2 = accelerated verison)

Location:

branches/HiveProjectManagement

Files:

• HeuristicLab.Services.Access/3.3/Interfaces/IUserManager.cs (modified) (1 diff)
• HeuristicLab.Services.Access/3.3/UserManager.cs (modified) (1 diff)
• HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ResourcePermissionDao.cs (modified) (1 diff)
• HeuristicLab.Services.Hive/3.3/HiveService.cs (modified) (1 diff)

branches/HiveProjectManagement/HeuristicLab.Services.Access/3.3/Interfaces/IUserManager.cs

@@ -31 +31 @@
     MembershipUser GetUserById(Guid userId);
     string GetUserNameById(Guid userId);
+    IEnumerable<Guid> GetUserGroupIdsOfUser(Guid userId);
     bool VerifyUser(Guid userId, List<Guid> allowedUserGroups);
   }

branches/HiveProjectManagement/HeuristicLab.Services.Access/3.3/UserManager.cs

@@ -54 +54 @@
     }
 
+    public IEnumerable<Guid> GetUserGroupIdsOfUser(Guid userId) {
+      using (DA.AccessServiceDataContext context = new DA.AccessServiceDataContext()) {
+        var groupIds = from g in context.UserGroupUserGroups
+                       where g.UserGroupId == userId
+                       select g.UserGroupUserGroupId;
+
+        var query = from g in context.UserGroupBases.OfType<DA.UserGroup>()
+                    where groupIds.Contains(g.Id)
+                    select g.Id;
+
+        return query.ToList();
+      }
+    }
+
     public bool VerifyUser(Guid userId, List<Guid> allowedUserGroups) {
       List<DA.UserGroupUserGroup> userGroupBases;

branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ResourcePermissionDao.cs

@@ -34 +34 @@
     }
 
-    public IEnumerable<Guid> GetByGrantedUserId(IEnumerable<Guid> grantedUserId) {
-      string paramIds = string.Join(",", grantedUserId.Select(x => string.Format("'{0}'", x)));
+    public IEnumerable<Guid> GetByUserAndGroupIds(IEnumerable<Guid> userAndGroupIds) {
+      string paramIds = string.Join(",", userAndGroupIds.Select(x => string.Format("'{0}'", x)));
       if (!string.IsNullOrWhiteSpace(paramIds)) {
         string query = string.Format(GetGrantedResourcesQuery, paramIds);

branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

@@ -75 +75 @@
         var resourceDao = pm.ResourceDao;
         var resourcePermissionDao = pm.ResourcePermissionDao;
-
         var currentUserId = UserManager.CurrentUserId;
 
-        // V1 (without child check; with resourcePermission-oriented check for user grants)
-        // granted (parent) resources
-        var userGrantedResources = resourcePermissionDao.GetAll().ToList()
-          .Where(x => x.GrantedUserId == currentUserId
-          || UserManager.VerifyUser(currentUserId, new List<Guid> { x.GrantedUserId })
-          )
-          .Select(x => x.Resource)
-          .ToList();
-
-        //// children
-        //var userGrantedResourceChildren = userGrantedResources
-        //  .SelectMany(x => resourceDao.GetResourcesByParentId(x.ResourceId));
-        //// join parent and child resources
-        //userGrantedResources.AddRange(userGrantedResourceChildren);
-
-        var userGrantedResourceIds = resourceIds
-          .Where(x => userGrantedResources
-            .Select(y => y.ResourceId)
-            .Contains(x))
-          .Distinct().ToList();
+        //// V1 user grant check
+        //// get granted (parent) resources
+        //var userGrantedResourceIds = pm.UseTransaction(() => {
+        //  return resourcePermissionDao.GetAll().ToList()
+        //    .Where(x => x.GrantedUserId == currentUserId
+        //      || UserManager.VerifyUser(currentUserId, new List<Guid> { x.GrantedUserId }))
+        //    .Select(y => y.ResourceId)
+        //    .ToList();
+        //});
+
+        //// get children of granted parent resources
+        //var userGrantedChildResourceIds = pm.UseTransaction(() => {
+        //  return userGrantedResourceIds
+        //  .SelectMany(x => resourceDao.GetResourcesByParentId(x))
+        //  .Select(y => y.ResourceId);
+        //});
+
+        //// join list of parent and child resources
+        //userGrantedResourceIds.AddRange(userGrantedChildResourceIds);
+
+        //// filter initial resourceId list with the list of the granted ones
+        //var allUserGrantedResourceIds = resourceIds
+        //  .Where(x => userGrantedResourceIds.Contains(x))
+        //  .Distinct().ToList();
+
+        // V2 user grant check
+        var allUserGrantedResourceIds = pm.UseTransaction(() => {
+          var groupAndGroupIds = new List<Guid> { currentUserId };
+          groupAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(currentUserId));
+          return resourcePermissionDao.GetByUserAndGroupIds(groupAndGroupIds);
+        });
 
         var newTask = task.ToEntity();
         newTask.JobData = taskData.ToEntity();
         newTask.JobData.LastUpdate = DateTime.Now;
-        newTask.AssignedTaskResources.AddRange(resourceIds.Select(
+        newTask.AssignedTaskResources.AddRange(allUserGrantedResourceIds.Select(
           x => new DA.AssignedTaskResource {
             ResourceId = x