Changeset 15530


Ignore:
Timestamp:
12/15/17 17:51:28 (20 months ago)
Author:
jzenisek
Message:

#2839

  • worked on Job operations add&update
  • worked on ProjectPermission handling
  • worked on Project-Resource assignment
Location:
branches/HiveProjectManagement
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/AssignedJobResourceDao.cs

    r15528 r15530  
    2222    }
    2323
    24     public bool CheckJobGrantedForResources(Guid jobId, Guid[] resourceIds) {
    25       return DataContext.ExecuteQuery<int>(CheckJobGrantedForResourcesQueryString).Count() > 0;
     24    public bool CheckJobGrantedForResources(Guid jobId, IEnumerable<Guid> resourceIds) {
     25      string paramResourceIds = string.Join(",", resourceIds.Select(x => string.Format("'{0}'", x)));
     26      if (!string.IsNullOrWhiteSpace(paramResourceIds)) {
     27        string queryString = string.Format(CheckJobGrantedForResourcesQueryString, jobId, paramResourceIds);
     28        return DataContext.ExecuteQuery<int>(queryString).Count() == 0;
     29      }
     30      return false;
    2631    }
    2732
     
    4348        SELECT ResourceId, ParentResourceId
    4449        FROM [Resource]
    45         WHERE ResourceId = {0}
     50        WHERE ResourceId = {1}
    4651        UNION ALL
    4752        SELECT r.ResourceId, r.ParentResourceId
     
    5257      FROM rbranch, AssignedJobResource ajr
    5358      WHERE rbranch.ResourceId = ajr.ResourceId
    54       AND ajr.JobId = {1}
     59      AND ajr.JobId = {0}
    5560    ";
    5661    private const string CheckTaskGrantedForResourceQueryString = @"
     
    5863        SELECT ResourceId, ParentResourceId
    5964        FROM [Resource]
    60         WHERE ResourceId = {0}
     65        WHERE ResourceId = {1}
    6166        UNION ALL
    6267        SELECT r.ResourceId, r.ParentResourceId
     
    6873      WHERE rbranch.ResourceId = ajr.ResourceId
    6974      AND ajr.JobId = t.JobId
    70       AND t.JobId = {1}
     75      AND t.JobId = {0}
    7176    ";
    7277    private const string CheckJobGrantedForResourcesQueryString = @"
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/AssignedProjectResourceDao.cs

    r15411 r15530  
    4545    }
    4646
     47    public bool CheckProjectGrantedForResources(Guid projectId, IEnumerable<Guid> resourceIds) {
     48      string paramResourceIds = string.Join(",", resourceIds.Select(x => string.Format("'{0}'", x)));
     49      if (!string.IsNullOrWhiteSpace(paramResourceIds)) {
     50        string queryString = string.Format(CheckProjectGrantedForResourcesQueryString, projectId, paramResourceIds);
     51        return DataContext.ExecuteQuery<int>(queryString).Count() == 0;
     52      }
     53      return false;
     54    }
     55
     56    public IEnumerable<Resource> GetAllGrantedResourcesByProjectId(Guid projectId) {
     57      return DataContext.ExecuteQuery<Resource>(GetAllGrantedResourcesByProjectIdQueryString, projectId);
     58    }
     59
     60    public IEnumerable<Guid> GetAllGrantedResourceIdsByProjectId(Guid projectId) {
     61      return DataContext.ExecuteQuery<Guid>(GetAllGrantedResourceIdsByProjectIdQueryString, projectId);
     62    }
     63
    4764    #region Compiled queries
    4865    private static readonly Func<DataContext, Guid, IEnumerable<AssignedProjectResource>> GetByProjectIdGetByIdQuery =
     
    5875         WHERE ProjectId = '{0}'
    5976           AND ResourceId IN ({1});";
     77    private const string CheckProjectGrantedForResourcesQueryString = @"
     78    WITH rtree AS
     79    (
     80      SELECT ResourceId, ParentResourceId
     81      FROM [Resource]
     82      UNION ALL
     83      SELECT rt.ResourceId, r.ParentResourceId
     84      FROM [Resource] r
     85      JOIN rtree rt ON rt.ParentResourceId = r.ResourceId
     86    )
     87    SELECT r.ResourceId
     88    FROM [Resource] r
     89    WHERE r.ResourceId IN ({1})
     90    EXCEPT
     91    (
     92      SELECT rtree.ResourceId
     93      FROM rtree, [AssignedProjectResource] apr
     94      WHERE rtree.ParentResourceId = apr.ResourceId
     95      AND apr.ProjectId = {0}
     96      UNION
     97      SELECT apr.ResourceId
     98      FROM [AssignedProjectResource] apr
     99      WHERE apr.ProjectId = {0}
     100    )
     101    ";
     102    private const string GetAllGrantedResourcesByProjectIdQueryString = @"
     103      WITH rtree AS
     104      (
     105        SELECT ResourceId, ParentResourceId
     106        FROM [Resource]
     107        UNION ALL
     108        SELECT rt.ResourceId, r.ParentResourceId
     109        FROM [Resource] r
     110        JOIN rtree rt ON rt.ParentResourceId = r.ResourceId
     111      )
     112      SELECT res.*
     113      FROM rtree, [AssignedProjectResource] apr, [Resource] res
     114      WHERE rtree.ParentResourceId = apr.ResourceId
     115      AND rtree.ResourceId = res.ResourceId
     116      AND apr.ProjectId = {0}
     117      UNION
     118      SELECT res.*
     119      FROM [AssignedProjectResource] apr, [Resource] res
     120      WHERE apr.ResourceId = res.ResourceId
     121      AND apr.ProjectId = {0}
     122    ";
     123    private const string GetAllGrantedResourceIdsByProjectIdQueryString = @"
     124    WITH rtree AS
     125    (
     126      SELECT ResourceId, ParentResourceId
     127      FROM [Resource]
     128      UNION ALL
     129      SELECT rt.ResourceId, r.ParentResourceId
     130      FROM [Resource] r
     131      JOIN rtree rt ON rt.ParentResourceId = r.ResourceId
     132    )
     133    SELECT rtree.ResourceId
     134    FROM rtree, [AssignedProjectResource] apr
     135    WHERE rtree.ParentResourceId = apr.ResourceId
     136    AND apr.ProjectId = {0}
     137    UNION
     138    SELECT apr.ResourceId
     139    FROM [AssignedProjectResource] apr
     140    WHERE apr.ProjectId = {0}
     141    ";
    60142    #endregion
    61143  }
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ProjectPermissionDao.cs

    r15379 r15530  
    3737    }
    3838
    39     public void DeleteByProjectAndGrantedUserId(Guid projectId, IEnumerable<Guid> grantedUserId) {
    40       string paramIds = string.Join(",", grantedUserId.Select(x => string.Format("'{0}'", x)));
     39    public bool CheckUserGrantedForProject(Guid projectId, IEnumerable<Guid> userAndGroupIds) {
     40      string paramUserAndGroupIds = string.Join(",", userAndGroupIds.Select(x => string.Format("'{0}'", x)));
     41      if(!string.IsNullOrWhiteSpace(paramUserAndGroupIds)) {
     42        string queryString = string.Format(CheckUserGrantedForProjectQueryString, projectId, paramUserAndGroupIds);
     43        return DataContext.ExecuteQuery<int>(queryString).First() > 0;
     44      }
     45      return false;
     46    }
     47
     48    public void DeleteByProjectIdAndGrantedUserIds(Guid projectId, IEnumerable<Guid> grantedUserIds) {
     49      string paramIds = string.Join(",", grantedUserIds.Select(x => string.Format("'{0}'", x)));
    4150      if (!string.IsNullOrWhiteSpace(paramIds)) {
    42         string query = string.Format(DeleteByGrantedUserQuery, projectId, paramIds);
     51        string query = string.Format(DeleteByProjectIdAndGrantedUserIdsQueryString, projectId, paramIds);
     52        DataContext.ExecuteCommand(query);
     53      }
     54    }
     55
     56    public void DeleteByProjectIdsAndGrantedUserIds(IEnumerable<Guid> projectIds, IEnumerable<Guid> grantedUserIds) {
     57      string paramProjectIds = string.Join(",", projectIds.Select(x => string.Format("'{0}'", x)));
     58      string paramUserIds = string.Join(",", grantedUserIds.Select(x => string.Format("'{0}'", x)));
     59      if (!string.IsNullOrWhiteSpace(paramProjectIds) && !string.IsNullOrWhiteSpace(paramUserIds)) {
     60        string query = string.Format(DeleteByProjectIdsAndGrantedUserIdsQueryString, paramProjectIds, paramUserIds);
    4361        DataContext.ExecuteCommand(query);
    4462      }
     
    5472
    5573    #region String queries
    56     private const string DeleteByGrantedUserQuery =
    57       @"DELETE FROM [ProjectPermission]
    58          WHERE ProjectId = '{0}'
    59            AND GrantedUserId IN ({1});";
     74    private const string DeleteByProjectIdAndGrantedUserIdsQueryString = @"
     75      DELETE FROM [ProjectPermission]
     76      WHERE ProjectId = '{0}'
     77      AND GrantedUserId IN ({1});
     78    ";
     79    private const string DeleteByProjectIdsAndGrantedUserIdsQueryString = @"
     80      DELETE FROM [ProjectPermission]
     81      WHERE ProjectId IN '({0})'
     82      AND GrantedUserId IN ({1});
     83    ";
     84    private const string CheckUserGrantedForProjectQueryString = @"
     85      SELECT COUNT(pp.ProjectId)
     86      FROM [ProjectPermission] pp
     87      WHERE pp.ProjectId = {0}
     88      AND pp.GrantedUserId IN ({1})
     89    ";
    6090    #endregion
    6191  }
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

    r15527 r15530  
    4141  [HiveOperationContextBehavior]
    4242  public class HiveService : IHiveService {
    43     private const string NOT_AUTHORIZED_RESOURCE = "Current user is not authorized to access the requested resource";
    44     private const string NOT_AUTHORIZED_PROJECT = "Current user is not authorized to access the requested project";
     43    private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
     44    private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project";
    4545
    4646    private static readonly DA.TaskState[] CompletedStates = { DA.TaskState.Finished, DA.TaskState.Aborted, DA.TaskState.Failed };
     
    7575        var taskDao = pm.TaskDao;
    7676        var stateLogDao = pm.StateLogDao;
    77 
    78         pm.UseTransaction(() => {
    79           CheckTaskPermissions(pm, task, resourceIds);
    80         });
    8177
    8278        var newTask = task.ToEntity();
     
    105101    }
    106102
     103    public Guid AddTask(DT.Task task, DT.TaskData taskData) {
     104      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     105      var pm = PersistenceManager;
     106      using (new PerformanceLogger("AddTask")) {
     107        var taskDao = pm.TaskDao;
     108        var stateLogDao = pm.StateLogDao;
     109        var newTask = task.ToEntity();
     110        newTask.JobData = taskData.ToEntity();
     111        newTask.JobData.LastUpdate = DateTime.Now;
     112        newTask.State = DA.TaskState.Waiting;
     113        return pm.UseTransaction(() => {
     114          taskDao.Save(newTask);
     115          pm.SubmitChanges();
     116          stateLogDao.Save(new DA.StateLog {
     117            State = DA.TaskState.Waiting,
     118            DateTime = DateTime.Now,
     119            TaskId = newTask.TaskId,
     120            UserId = UserManager.CurrentUserId,
     121            SlaveId = null,
     122            Exception = null
     123          });
     124          pm.SubmitChanges();
     125          return newTask.TaskId;
     126        }, false, true);
     127      }
     128    }
     129
    107130    public Guid AddChildTask(Guid parentTaskId, DT.Task task, DT.TaskData taskData) {
    108131      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    109       IEnumerable<Guid> resourceIds;
    110       var pm = PersistenceManager;
    111       using (new PerformanceLogger("AddChildTask")) {
    112         var assignedTaskResourceDao = pm.AssignedTaskResourceDao;
    113         resourceIds = pm.UseTransaction(() => {
    114           return assignedTaskResourceDao.GetByTaskId(parentTaskId)
    115             .Select(x => x.ResourceId)
    116             .ToList();
    117         });
    118       }
    119132      task.ParentTaskId = parentTaskId;
    120       return AddTask(task, taskData, resourceIds);
     133      return AddTask(task, taskData);
    121134    }
    122135
     
    402415    }
    403416
     417    public Guid AddJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) {
     418      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     419      // check user - project
     420      AuthorizationManager.AuthorizeUserForProjectUse(UserManager.CurrentUserId, jobDto.ProjectId);
     421      // check project - resources
     422      AuthorizationManager.AuthorizeProjectForResourcesUse(jobDto.ProjectId, resourceIds);
     423      var pm = PersistenceManager;
     424      using (new PerformanceLogger("AddJob")) {
     425        var jobDao = pm.JobDao;
     426        var userPriorityDao = pm.UserPriorityDao;
     427
     428        return pm.UseTransaction(() => {
     429          var newJob = jobDto.ToEntity();
     430          newJob.OwnerUserId = UserManager.CurrentUserId;
     431          newJob.DateCreated = DateTime.Now;
     432
     433          // add resource assignments
     434          newJob.AssignedJobResources.AddRange(resourceIds.Select(
     435            x => new DA.AssignedJobResource {
     436              ResourceId = x
     437          }));
     438 
     439          var job = jobDao.Save(newJob);
     440          if (userPriorityDao.GetById(jobDto.OwnerUserId) == null) {
     441            userPriorityDao.Save(new DA.UserPriority {
     442              UserId = jobDto.OwnerUserId,
     443              DateEnqueued = jobDto.DateCreated
     444            });
     445          }
     446          pm.SubmitChanges();
     447          return job.JobId;
     448        });
     449      }
     450    }
     451
    404452    public void UpdateJob(DT.Job jobDto) {
    405453      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     
    416464          }
    417465          jobDto.CopyToEntity(job);
     466          if (!exists) {
     467            jobDao.Save(job);
     468          }
     469          pm.SubmitChanges();
     470        });
     471      }
     472    }
     473
     474    public void UpdateJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) {
     475      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     476      AuthorizationManager.AuthorizeForJob(jobDto.Id, DT.Permission.Full);
     477      // check user - project permission
     478      AuthorizationManager.AuthorizeUserForProjectUse(UserManager.CurrentUserId, jobDto.ProjectId);
     479      // check project - resources permission
     480      AuthorizationManager.AuthorizeProjectForResourcesUse(jobDto.ProjectId, resourceIds);
     481
     482      var pm = PersistenceManager;
     483      using (new PerformanceLogger("UpdateJob")) {
     484        bool exists = true;
     485        var jobDao = pm.JobDao;
     486        pm.UseTransaction(() => {
     487          var job = jobDao.GetById(jobDto.Id);
     488          if (job == null) {
     489            exists = false;
     490            job = new DA.Job();
     491          }
     492          jobDto.CopyToEntity(job);
     493
     494          // remove former resource assignments
     495          job.AssignedJobResources.Clear();
     496          // add resource assignments
     497          job.AssignedJobResources.AddRange(resourceIds.Select(
     498            x => new DA.AssignedJobResource {
     499              ResourceId = x
     500          }));
     501
    418502          if (!exists) {
    419503            jobDao.Save(job);
     
    690774
    691775    #region ProjectPermission Methods
    692     public void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds) {
     776    public void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading) {
    693777      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    694778      AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     
    696780      using (new PerformanceLogger("GrantProjectPermissions")) {
    697781        var projectDao = pm.ProjectDao;
     782       
    698783        pm.UseTransaction(() => {
    699784          var project = projectDao.GetById(projectId);
    700785          var projectPermissions = project.ProjectPermissions.ToList();
    701786          foreach (var id in grantedUserIds) {
    702             if (projectPermissions.All(x => x.GrantedUserId != id)) {
     787            if (projectPermissions.All(x => x.GrantedUserId != id)) { 
    703788              project.ProjectPermissions.Add(new DA.ProjectPermission {
    704789                GrantedUserId = id,
     
    707792            }
    708793          }
    709           pm.SubmitChanges();
    710         });
    711       }
    712     }
    713 
    714     public void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds) {
     794          if(cascading) {
     795            var childProjects = projectDao.GetChildProjectsById(projectId);
     796            foreach (var p in childProjects) {
     797              p.ProjectPermissions.Clear();
     798              foreach (var id in grantedUserIds) {
     799                p.ProjectPermissions.Add(new DA.ProjectPermission {
     800                  GrantedUserId = id,
     801                  GrantedByUserId = UserManager.CurrentUserId
     802                });
     803              }
     804            }
     805          }
     806          pm.SubmitChanges();
     807        });
     808      }
     809    }
     810
     811    public void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading) {
    715812      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    716813      AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     
    718815      using (new PerformanceLogger("RevokeProjectPermissions")) {
    719816        var projectPermissionDao = pm.ProjectPermissionDao;
    720         pm.UseTransaction(() => {
    721           projectPermissionDao.DeleteByProjectAndGrantedUserId(projectId, grantedUserIds);
     817        var projectDao = pm.ProjectDao;
     818        pm.UseTransaction(() => {
     819          if(cascading) {
     820            var childProjectIds = projectDao.GetChildProjectIdsById(projectId);
     821            projectPermissionDao.DeleteByProjectIdsAndGrantedUserIds(childProjectIds, grantedUserIds);
     822          }
     823          projectPermissionDao.DeleteByProjectIdAndGrantedUserIds(projectId, grantedUserIds);
    722824          pm.SubmitChanges();
    723825        });
     
    749851          var assignedProjectResources = project.AssignedProjectResources.ToList();
    750852
     853          // TODO-JAN
    751854          if (!RoleVerifier.IsInRole(HiveRoles.Administrator))
    752855            AuthorizeForResources(pm, project, resourceIds);
     
    767870      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    768871      AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     872      // TODO-JAN: adjust Authorization Method
     873      // only users who are owners of a parent project of projectId are allowed to manage resources
     874      // these users can only those resources which are already assigned to
     875      // (1) the nearest parent they own
     876      // (2) to any of the parent they own
    769877      var pm = PersistenceManager;
    770878      using (new PerformanceLogger("UnassignProjectResources")) {
     
    11291237    }
    11301238
    1131     // OBSOLETE
    1132     // reason: only used for double checking! AuthorizationManager.AuthorizeForProjectAdministration(..) does the same!
    1133     //private DA.Project AuthorizeForProject(IPersistenceManager pm, Guid projectId) {
    1134     //  var projectDao = pm.ProjectDao;
    1135     //  var project = projectDao.GetById(projectId);
    1136     //  if (project == null) throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1137     //  if (project.OwnerUserId != UserManager.CurrentUserId
    1138     //      && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    1139     //    throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1140     //  }
    1141     //  return project;
    1142     //}
    1143 
    1144     private void CheckTaskPermissions(IPersistenceManager pm, DT.Task task, IEnumerable<Guid> resourceIds) {
    1145       var jobDao = pm.JobDao;
    1146       var projectDao = pm.ProjectDao;
    1147       var resourceDao = pm.ResourceDao;
    1148       var projectPermissionDao = pm.ProjectPermissionDao;
    1149       var currentUserId = UserManager.CurrentUserId;
    1150 
    1151       // PART 2: user-project permission check
    1152       var job = jobDao.GetById(task.JobId);
    1153       var project = projectDao.GetById(job.ProjectId);
    1154       AuthorizeForProjectTask(pm, project);
    1155 
    1156       // PART 3: project-resource permission check
    1157       var assignedResourceIds = project.AssignedProjectResources.Select(x => x.ResourceId).ToList();
    1158       var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetChildResourceIdsById(x));
    1159       assignedResourceIds.AddRange(assignedChildResourceIds);
    1160       if (resourceIds.Except(assignedResourceIds).Any()) {
    1161         throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1162       }
    1163     }
    1164 
    1165     // Check if current user is authorized to add a task on a explicit project
    1166     // case 1: user is administrator
    1167     // case 2: user is owner of project or parent project
    1168     // case 3: user has explicit permission on project or parent project
    1169     private void AuthorizeForProjectTask(IPersistenceManager pm, DA.Project project) {
    1170       if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // case 1
    1171 
    1172       // case 2
    1173       var projectDao = pm.ProjectDao;
    1174       var projectBranch = new List<DA.Project>() { project };
    1175       projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId));
    1176       if (projectBranch
    1177         .Select(x => x.OwnerUserId)
    1178         .Contains(UserManager.CurrentUserId)) {
    1179         return;
    1180       }
    1181 
    1182       // case 3
    1183       if (project.ProjectPermissions
    1184         .Select(x => x.GrantedUserId)
    1185         .Contains(UserManager.CurrentUserId)) {
    1186         return;
    1187       }
    1188       if (projectBranch
    1189         .SelectMany(x => x.ProjectPermissions)
    1190         .Select(x => x.GrantedUserId)
    1191         .Contains(UserManager.CurrentUserId)) {
    1192         return;
    1193       }
    1194 
    1195       throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1196     }
    1197 
    11981239    // Check if the current user is authorized to administer resourceIds
    1199     private void AuthorizeForResources(IPersistenceManager pm, DA.Project project, Guid[] resourceIds) {
     1240    private void AuthorizeForResource(IPersistenceManager pm, DA.Project project, Guid[] resourceIds) {
    12001241      var projectDao = pm.ProjectDao;
    12011242      var resourceDao = pm.ResourceDao;
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs

    r15380 r15530  
    2222using System;
    2323using HeuristicLab.Services.Hive.DataTransfer;
     24using System.Collections.Generic;
    2425
    2526namespace HeuristicLab.Services.Hive {
     
    3738
    3839    void AuthorizeForProjectAdministration(Guid projectId);
     40
     41    void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds);
     42
     43    void AuthorizeUserForProjectUse(Guid userId, Guid projectId);
    3944  }
    4045}
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r15508 r15530  
    3333  public class AuthorizationManager : IAuthorizationManager {
    3434
    35     private const string NOT_AUTHORIZED = "Current user is not authorized to access the requested resource";
     35    private const string NOT_AUTHORIZED_USERRESOURCE = "Current user is not authorized to access the requested resource";
     36    private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project";
     37    private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
     38
    3639    private IPersistenceManager PersistenceManager {
    3740      get { return ServiceLocator.Instance.PersistenceManager; }
     
    4851    public void Authorize(Guid userId) {
    4952      if (userId != ServiceLocator.Instance.UserManager.CurrentUserId)
    50         throw new SecurityException(NOT_AUTHORIZED);
     53        throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    5154    }
    5255
     
    5760      pm.UseTransaction(() => {
    5861        var task = taskDao.GetById(taskId);
    59         if (task == null) throw new SecurityException(NOT_AUTHORIZED);
     62        if (task == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    6063        AuthorizeJob(pm, task.JobId, requiredPermission);
    6164      });
     
    7477      pm.UseTransaction(() => {
    7578        var resource = resourceDao.GetById(resourceId);
    76         if (resource == null) throw new SecurityException(NOT_AUTHORIZED);
     79        if (resource == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    7780        if (resource.OwnerUserId != UserManager.CurrentUserId
    7881            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    79           throw new SecurityException(NOT_AUTHORIZED);
     82          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    8083        }
    8184      });
     
    8790      pm.UseTransaction(() => {
    8891        var project = projectDao.GetById(projectId);
    89         if (project == null) throw new SecurityException(NOT_AUTHORIZED);
     92        if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
    9093
    91         var projectTree = new List<Project>() { project };
    92         projectTree.AddRange(projectDao.GetProjectsByChildId(projectId));
     94        var projectTree = projectDao.GetCurrentAndParentProjectsById(projectId);
    9395        if(!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
    9496            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    95           throw new SecurityException(NOT_AUTHORIZED);
     97          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
    9698        }
    9799      });
     100    }
     101
     102    // Check if a project is authorized to use a list of resources
     103    public void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds) {
     104      var pm = PersistenceManager;
     105      var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
     106      if (!assignedProjectResourceDao.CheckProjectGrantedForResources(projectId, resourceIds))
     107        throw new SecurityException(NOT_AUTHORIZED_PROJECTRESOURCE);
     108    }
     109
     110    // Check if current user is authorized to use an explicit project (e.g. in order to add a job)
     111    // note: administrators and project owner are NOT automatically granted
     112    public void AuthorizeUserForProjectUse(Guid userId, Guid projectId) {
     113      var pm = PersistenceManager;
     114      // collect current and group membership Ids
     115      var userAndGroupIds = new List<Guid>() { userId };
     116      userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(userId));
     117      // perform the actual check
     118      var projectPermissionDao = pm.ProjectPermissionDao;
     119      if (!projectPermissionDao.CheckUserGrantedForProject(projectId, userAndGroupIds)) {
     120        throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
     121      }
    98122    }
    99123
     
    114138      if (permission == Permission.NotAllowed
    115139          || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) {
    116         throw new SecurityException(NOT_AUTHORIZED);
     140        throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    117141      }
    118142    }
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/ServiceContracts/IHiveService.cs

    r15411 r15530  
    151151    #region ProjectPermission Methods
    152152    [OperationContract]
    153     void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds);
    154 
    155     [OperationContract]
    156     void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds);
     153    void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading);
     154
     155    [OperationContract]
     156    void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading);
    157157
    158158    [OperationContract]
Note: See TracChangeset for help on using the changeset viewer.