- Timestamp:
- 12/14/17 15:08:38 (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs
r15508 r15527 1016 1016 #endregion 1017 1017 1018 #region ResourcePermission Methods1019 // only for authorized Administrator/ResourceOwner1020 public void GrantResourcePermissions(Guid resourceId, Guid[] grantedUserIds) {1021 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);1022 AuthorizationManager.AuthorizeForResourceAdministration(resourceId);1023 var pm = PersistenceManager;1024 using(new PerformanceLogger("GrantResourcePermissions")) {1025 pm.UseTransaction(() => {1026 var resourceDao = pm.ResourceDao;1027 var resource = resourceDao.GetById(resourceId);1028 var resourcePermissions = resource.ResourcePermissions.ToList();1029 foreach(var id in grantedUserIds) {1030 if(resourcePermissions.All(x => x.GrantedUserId != id)) {1031 resource.ResourcePermissions.Add(new DA.ResourcePermission {1032 GrantedUserId = id,1033 GrantedByUserId = UserManager.CurrentUserId1034 });1035 }1036 }1037 pm.SubmitChanges();1038 });1039 }1040 }1041 1042 1043 // only for authorized Administrator/ResourceOwner1044 public void RevokeResourcePermissions(Guid resourceId, Guid[] grantedUserIds) {1045 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);1046 AuthorizationManager.AuthorizeForResourceAdministration(resourceId);1047 var pm = PersistenceManager;1048 using(new PerformanceLogger("RevokeResourcePermission")) {1049 pm.UseTransaction(() => {1050 var resourcePermissionDao = pm.ResourcePermissionDao;1051 resourcePermissionDao.DeleteByResourceIdAndGrantedUserId(resourceId, grantedUserIds);1052 pm.SubmitChanges();1053 });1054 }1055 }1056 1057 1058 // OBSOLETE (change to public if...)1059 // only for authorized Administrator/ResourceOwner/(Sub)ProjectOwner to which the Resource (i.e. resourceId) is assigned1060 private void GrantResourcePermissions(Guid resourceId, Guid projectId, Guid[] grantedUserIds) {1061 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);1062 //AuthorizationManager.AuthorizeForResourceAdministration(resourceId);1063 var pm = PersistenceManager;1064 using (new PerformanceLogger("GrantResourcePermissions")) {1065 pm.UseTransaction(() => {1066 // TODO-JAN1067 pm.SubmitChanges();1068 });1069 }1070 }1071 1072 // OBSOLETE (change to public if...)1073 // only for authorized Administrator/ResourceOwner/(Sub)ProjectOwner to which the Resource (i.e. resourceId) is assigned1074 private void RevokeResourcePermissions(Guid resourceId, Guid projectId, Guid[] grantedUserIds) {1075 // TODO-JAN1076 }1077 1078 #endregion1079 1080 1018 #region Downtime Methods 1081 1019 public Guid AddDowntime(DT.Downtime downtimeDto) { … … 1204 1142 //} 1205 1143 1206 private void CheckTaskPermissions(IPersistenceManager pm, DT.Task task, IEnumerable<Guid> resourceIds) {1144 private void CheckTaskPermissions(IPersistenceManager pm, DT.Task task, IEnumerable<Guid> resourceIds) { 1207 1145 var jobDao = pm.JobDao; 1208 1146 var projectDao = pm.ProjectDao; 1209 1147 var resourceDao = pm.ResourceDao; 1210 var resourcePermissionDao = pm.ResourcePermissionDao;1211 1148 var projectPermissionDao = pm.ProjectPermissionDao; 1212 1149 var currentUserId = UserManager.CurrentUserId; 1213 1214 //// PART 1: user-resource permission check (V1)1215 //// get granted (parent) resources1216 //var allGrantedResourceIds = pm.UseTransaction(() => {1217 // return resourcePermissionDao.GetAll().ToList()1218 // .Where(x => x.GrantedUserId == currentUserId1219 // || UserManager.VerifyUser(currentUserId, new List<Guid> { x.GrantedUserId }))1220 // .Select(y => y.ResourceId)1221 // .ToList();1222 //});1223 1224 //// get children of granted parent resources1225 //var userGrantedChildResourceIds = pm.UseTransaction(() => {1226 // return allGrantedResourceIds1227 // .SelectMany(x => resourceDao.GetResourcesByParentId(x))1228 // .Select(y => y.ResourceId);1229 //});1230 1231 //// join list of parent and child resources1232 //allGrantedResourceIds.AddRange(userGrantedChildResourceIds);1233 1234 // PART 1: user-resource permission check (V2)1235 // collect the current currentUserId and all Ids of affiliated groups1236 var userAndGroupIds = new List<Guid> { currentUserId };1237 userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(currentUserId));1238 1239 // get all granted resourceIds1240 var allGrantedResourceIds = resourcePermissionDao.GetByUserAndGroupIds(userAndGroupIds).ToList();1241 1242 // get all owned resourceIds (including child resourceIds)1243 var ownedResourceIds = resourceDao.GetAll()1244 .Where(x => x.OwnerUserId == currentUserId)1245 .Select(x => x.ResourceId).ToList();1246 var ownedChildResourceIds = ownedResourceIds.SelectMany(x => resourceDao.GetResourceIdsByParentId(x));1247 ownedResourceIds.AddRange(ownedChildResourceIds);1248 1249 // join list of owned into the list with granted resourceIds1250 allGrantedResourceIds.AddRange(ownedResourceIds);1251 1252 // check the argument resourceIds against the list of granted (and owned) ones1253 if (resourceIds.Except(allGrantedResourceIds).Any()) {1254 throw new SecurityException(NOT_AUTHORIZED_RESOURCE);1255 }1256 1150 1257 1151 // PART 2: user-project permission check … … 1262 1156 // PART 3: project-resource permission check 1263 1157 var assignedResourceIds = project.AssignedProjectResources.Select(x => x.ResourceId).ToList(); 1264 var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.Get ResourceIdsByParentId(x));1158 var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetChildResourceIdsById(x)); 1265 1159 assignedResourceIds.AddRange(assignedChildResourceIds); 1266 1160 if (resourceIds.Except(assignedResourceIds).Any()) { … … 1279 1173 var projectDao = pm.ProjectDao; 1280 1174 var projectBranch = new List<DA.Project>() { project }; 1281 projectBranch.AddRange(projectDao.GetP rojectsByChildId(project.ProjectId));1175 projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId)); 1282 1176 if (projectBranch 1283 1177 .Select(x => x.OwnerUserId) 1284 1178 .Contains(UserManager.CurrentUserId)) { 1285 return; 1179 return; 1286 1180 } 1287 1181 1288 1182 // case 3 1289 if (project.ProjectPermissions1183 if (project.ProjectPermissions 1290 1184 .Select(x => x.GrantedUserId) 1291 1185 .Contains(UserManager.CurrentUserId)) { 1292 1186 return; 1293 1187 } 1294 if (projectBranch1188 if (projectBranch 1295 1189 .SelectMany(x => x.ProjectPermissions) 1296 1190 .Select(x => x.GrantedUserId) … … 1308 1202 1309 1203 var projectBranch = new List<DA.Project> { project }; 1310 projectBranch.AddRange(projectDao.GetP rojectsByChildId(project.ProjectId));1204 projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId)); 1311 1205 var ownedProjects = projectBranch.Where(x => x.OwnerUserId == UserManager.CurrentUserId).ToList(); 1312 1206 1313 1207 // get all assigned resourceIds (including children) of owned projects in this branch 1314 1208 var assignedResourceIds = ownedProjects.SelectMany(x => x.AssignedProjectResources).Select(x => x.ResourceId).ToList(); 1315 var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.Get ResourceIdsByChildId(x));1209 var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetParentResourceIdsById(x)); 1316 1210 assignedResourceIds.AddRange(assignedChildResourceIds); 1317 1211 1318 1212 // look up if all resourceIds are among the assigned ones 1319 if (resourceIds.Except(assignedResourceIds).Any()) {1213 if (resourceIds.Except(assignedResourceIds).Any()) { 1320 1214 throw new SecurityException(NOT_AUTHORIZED_RESOURCE); 1321 1215 } … … 1336 1230 // check if user is administrator, owner of the project or any parent project 1337 1231 var projectTree = new List<DA.Project> { project }; 1338 projectTree.AddRange(projectDao.GetP rojectsByChildId(projectId));1339 if (!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)1232 projectTree.AddRange(projectDao.GetParentProjectsById(projectId)); 1233 if (!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId) 1340 1234 && !RoleVerifier.IsInRole(HiveRoles.Administrator)) { 1341 1235 throw new SecurityException(NOT_AUTHORIZED_PROJECT); … … 1351 1245 // note: this should be faster than checking all children of the assigned 1352 1246 // resource(-groups) for the certain resourceId 1353 var parentResourceIds = resourceDao.Get ResourceIdsByChildId(resourceId);1354 if (assignedResources.Select(x => x.ResourceId)1247 var parentResourceIds = resourceDao.GetParentResourceIdsById(resourceId); 1248 if (assignedResources.Select(x => x.ResourceId) 1355 1249 .Intersect(parentResourceIds).Count() > 0) { 1356 1250 return resource;
Note: See TracChangeset
for help on using the changeset viewer.