Changeset 15527 for branches/HiveProjectManagement/HeuristicLab.Services.Hive

Timestamp:

12/14/17 15:08:38 (7 years ago)

Author:

jzenisek

Message:

#2839

• updated dbml (removed ResourcePermission and ResourceIds in Job-Table)
• updated Resource and Project Daos

File:

• branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs (modified) (7 diffs)

branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

@@ -1016 +1016 @@
     #endregion
 
-    #region ResourcePermission Methods
-    // only for authorized Administrator/ResourceOwner
-    public void GrantResourcePermissions(Guid resourceId, Guid[] grantedUserIds) {
-      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
-      AuthorizationManager.AuthorizeForResourceAdministration(resourceId);
-      var pm = PersistenceManager;
-      using(new PerformanceLogger("GrantResourcePermissions")) {
-        pm.UseTransaction(() => {
-          var resourceDao = pm.ResourceDao;
-          var resource = resourceDao.GetById(resourceId);
-          var resourcePermissions = resource.ResourcePermissions.ToList();
-          foreach(var id in grantedUserIds) {
-            if(resourcePermissions.All(x => x.GrantedUserId != id)) {
-              resource.ResourcePermissions.Add(new DA.ResourcePermission {
-                GrantedUserId = id,
-                GrantedByUserId = UserManager.CurrentUserId
-              });
-            }
-          }
-          pm.SubmitChanges();
-        });
-      }
-    }
-
-
-    // only for authorized Administrator/ResourceOwner
-    public void RevokeResourcePermissions(Guid resourceId, Guid[] grantedUserIds) {
-      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
-      AuthorizationManager.AuthorizeForResourceAdministration(resourceId);
-      var pm = PersistenceManager;
-      using(new PerformanceLogger("RevokeResourcePermission")) {
-        pm.UseTransaction(() => {
-          var resourcePermissionDao = pm.ResourcePermissionDao;
-          resourcePermissionDao.DeleteByResourceIdAndGrantedUserId(resourceId, grantedUserIds);
-          pm.SubmitChanges();
-        });
-      }
-    }
-
-
-    // OBSOLETE (change to public if...)
-    // only for authorized Administrator/ResourceOwner/(Sub)ProjectOwner to which the Resource (i.e. resourceId) is assigned
-    private void GrantResourcePermissions(Guid resourceId, Guid projectId, Guid[] grantedUserIds) {
-      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
-      //AuthorizationManager.AuthorizeForResourceAdministration(resourceId);
-      var pm = PersistenceManager;
-      using (new PerformanceLogger("GrantResourcePermissions")) {
-        pm.UseTransaction(() => {
-          // TODO-JAN
-          pm.SubmitChanges();
-        });
-      }
-    }
-
-    // OBSOLETE (change to public if...)
-    // only for authorized Administrator/ResourceOwner/(Sub)ProjectOwner to which the Resource (i.e. resourceId) is assigned
-    private void RevokeResourcePermissions(Guid resourceId, Guid projectId, Guid[] grantedUserIds) {
-      // TODO-JAN
-    }
-
-    #endregion
-
     #region Downtime Methods
     public Guid AddDowntime(DT.Downtime downtimeDto) {
@@ -1204 +1142 @@
     //}
 
-   private void CheckTaskPermissions(IPersistenceManager pm, DT.Task task, IEnumerable<Guid> resourceIds) {
+    private void CheckTaskPermissions(IPersistenceManager pm, DT.Task task, IEnumerable<Guid> resourceIds) {
       var jobDao = pm.JobDao;
       var projectDao = pm.ProjectDao;
       var resourceDao = pm.ResourceDao;
-      var resourcePermissionDao = pm.ResourcePermissionDao;
       var projectPermissionDao = pm.ProjectPermissionDao;
       var currentUserId = UserManager.CurrentUserId;
-
-      //// PART 1: user-resource permission check (V1)
-      //// get granted (parent) resources
-      //var allGrantedResourceIds = pm.UseTransaction(() => {
-      //  return resourcePermissionDao.GetAll().ToList()
-      //    .Where(x => x.GrantedUserId == currentUserId
-      //      || UserManager.VerifyUser(currentUserId, new List<Guid> { x.GrantedUserId }))
-      //    .Select(y => y.ResourceId)
-      //    .ToList();
-      //});
-
-      //// get children of granted parent resources
-      //var userGrantedChildResourceIds = pm.UseTransaction(() => {
-      //  return allGrantedResourceIds
-      //  .SelectMany(x => resourceDao.GetResourcesByParentId(x))
-      //  .Select(y => y.ResourceId);
-      //});
-
-      //// join list of parent and child resources
-      //allGrantedResourceIds.AddRange(userGrantedChildResourceIds);
-
-      // PART 1: user-resource permission check (V2)
-      // collect the current currentUserId and all Ids of affiliated groups
-      var userAndGroupIds = new List<Guid> { currentUserId };
-      userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(currentUserId));
-
-      // get all granted resourceIds
-      var allGrantedResourceIds = resourcePermissionDao.GetByUserAndGroupIds(userAndGroupIds).ToList();
-
-      // get all owned resourceIds (including child resourceIds)
-      var ownedResourceIds = resourceDao.GetAll()
-        .Where(x => x.OwnerUserId == currentUserId)
-        .Select(x => x.ResourceId).ToList();
-      var ownedChildResourceIds = ownedResourceIds.SelectMany(x => resourceDao.GetResourceIdsByParentId(x));
-      ownedResourceIds.AddRange(ownedChildResourceIds);
-
-      // join list of owned into the list with granted resourceIds
-      allGrantedResourceIds.AddRange(ownedResourceIds);
-
-      // check the argument resourceIds against the list of granted (and owned) ones
-      if (resourceIds.Except(allGrantedResourceIds).Any()) {
-        throw new SecurityException(NOT_AUTHORIZED_RESOURCE);
-      }
 
       // PART 2: user-project permission check
@@ -1262 +1156 @@
       // PART 3: project-resource permission check
       var assignedResourceIds = project.AssignedProjectResources.Select(x => x.ResourceId).ToList();
-      var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetResourceIdsByParentId(x));
+      var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetChildResourceIdsById(x));
       assignedResourceIds.AddRange(assignedChildResourceIds);
       if (resourceIds.Except(assignedResourceIds).Any()) {
@@ -1279 +1173 @@
       var projectDao = pm.ProjectDao;
       var projectBranch = new List<DA.Project>() { project };
-      projectBranch.AddRange(projectDao.GetProjectsByChildId(project.ProjectId));
+      projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId));
       if (projectBranch
         .Select(x => x.OwnerUserId)
         .Contains(UserManager.CurrentUserId)) {
-        return;  
+        return;
       }
 
       // case 3
-      if(project.ProjectPermissions
+      if (project.ProjectPermissions
         .Select(x => x.GrantedUserId)
         .Contains(UserManager.CurrentUserId)) {
         return;
       }
-      if(projectBranch
+      if (projectBranch
         .SelectMany(x => x.ProjectPermissions)
         .Select(x => x.GrantedUserId)
@@ -1308 +1202 @@
 
       var projectBranch = new List<DA.Project> { project };
-      projectBranch.AddRange(projectDao.GetProjectsByChildId(project.ProjectId));
+      projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId));
       var ownedProjects = projectBranch.Where(x => x.OwnerUserId == UserManager.CurrentUserId).ToList();
 
       // get all assigned resourceIds (including children) of owned projects in this branch
       var assignedResourceIds = ownedProjects.SelectMany(x => x.AssignedProjectResources).Select(x => x.ResourceId).ToList();
-      var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetResourceIdsByChildId(x));
+      var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetParentResourceIdsById(x));
       assignedResourceIds.AddRange(assignedChildResourceIds);
 
       // look up if all resourceIds are among the assigned ones
-      if(resourceIds.Except(assignedResourceIds).Any()) {
+      if (resourceIds.Except(assignedResourceIds).Any()) {
         throw new SecurityException(NOT_AUTHORIZED_RESOURCE);
       }
@@ -1336 +1230 @@
       // check if user is administrator, owner of the project or any parent project
       var projectTree = new List<DA.Project> { project };
-      projectTree.AddRange(projectDao.GetProjectsByChildId(projectId));
-      if(!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
+      projectTree.AddRange(projectDao.GetParentProjectsById(projectId));
+      if (!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
         && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
         throw new SecurityException(NOT_AUTHORIZED_PROJECT);
@@ -1351 +1245 @@
       // note: this should be faster than checking all children of the assigned 
       // resource(-groups) for the certain resourceId
-      var parentResourceIds = resourceDao.GetResourceIdsByChildId(resourceId);
-      if(assignedResources.Select(x => x.ResourceId)
+      var parentResourceIds = resourceDao.GetParentResourceIdsById(resourceId);
+      if (assignedResources.Select(x => x.ResourceId)
         .Intersect(parentResourceIds).Count() > 0) {
         return resource;