- Timestamp:
- 12/15/17 17:51:28 (6 years ago)
- Location:
- branches/HiveProjectManagement
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/AssignedJobResourceDao.cs
r15528 r15530 22 22 } 23 23 24 public bool CheckJobGrantedForResources(Guid jobId, Guid[] resourceIds) { 25 return DataContext.ExecuteQuery<int>(CheckJobGrantedForResourcesQueryString).Count() > 0; 24 public bool CheckJobGrantedForResources(Guid jobId, IEnumerable<Guid> resourceIds) { 25 string paramResourceIds = string.Join(",", resourceIds.Select(x => string.Format("'{0}'", x))); 26 if (!string.IsNullOrWhiteSpace(paramResourceIds)) { 27 string queryString = string.Format(CheckJobGrantedForResourcesQueryString, jobId, paramResourceIds); 28 return DataContext.ExecuteQuery<int>(queryString).Count() == 0; 29 } 30 return false; 26 31 } 27 32 … … 43 48 SELECT ResourceId, ParentResourceId 44 49 FROM [Resource] 45 WHERE ResourceId = { 0}50 WHERE ResourceId = {1} 46 51 UNION ALL 47 52 SELECT r.ResourceId, r.ParentResourceId … … 52 57 FROM rbranch, AssignedJobResource ajr 53 58 WHERE rbranch.ResourceId = ajr.ResourceId 54 AND ajr.JobId = { 1}59 AND ajr.JobId = {0} 55 60 "; 56 61 private const string CheckTaskGrantedForResourceQueryString = @" … … 58 63 SELECT ResourceId, ParentResourceId 59 64 FROM [Resource] 60 WHERE ResourceId = { 0}65 WHERE ResourceId = {1} 61 66 UNION ALL 62 67 SELECT r.ResourceId, r.ParentResourceId … … 68 73 WHERE rbranch.ResourceId = ajr.ResourceId 69 74 AND ajr.JobId = t.JobId 70 AND t.JobId = { 1}75 AND t.JobId = {0} 71 76 "; 72 77 private const string CheckJobGrantedForResourcesQueryString = @" -
branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/AssignedProjectResourceDao.cs
r15411 r15530 45 45 } 46 46 47 public bool CheckProjectGrantedForResources(Guid projectId, IEnumerable<Guid> resourceIds) { 48 string paramResourceIds = string.Join(",", resourceIds.Select(x => string.Format("'{0}'", x))); 49 if (!string.IsNullOrWhiteSpace(paramResourceIds)) { 50 string queryString = string.Format(CheckProjectGrantedForResourcesQueryString, projectId, paramResourceIds); 51 return DataContext.ExecuteQuery<int>(queryString).Count() == 0; 52 } 53 return false; 54 } 55 56 public IEnumerable<Resource> GetAllGrantedResourcesByProjectId(Guid projectId) { 57 return DataContext.ExecuteQuery<Resource>(GetAllGrantedResourcesByProjectIdQueryString, projectId); 58 } 59 60 public IEnumerable<Guid> GetAllGrantedResourceIdsByProjectId(Guid projectId) { 61 return DataContext.ExecuteQuery<Guid>(GetAllGrantedResourceIdsByProjectIdQueryString, projectId); 62 } 63 47 64 #region Compiled queries 48 65 private static readonly Func<DataContext, Guid, IEnumerable<AssignedProjectResource>> GetByProjectIdGetByIdQuery = … … 58 75 WHERE ProjectId = '{0}' 59 76 AND ResourceId IN ({1});"; 77 private const string CheckProjectGrantedForResourcesQueryString = @" 78 WITH rtree AS 79 ( 80 SELECT ResourceId, ParentResourceId 81 FROM [Resource] 82 UNION ALL 83 SELECT rt.ResourceId, r.ParentResourceId 84 FROM [Resource] r 85 JOIN rtree rt ON rt.ParentResourceId = r.ResourceId 86 ) 87 SELECT r.ResourceId 88 FROM [Resource] r 89 WHERE r.ResourceId IN ({1}) 90 EXCEPT 91 ( 92 SELECT rtree.ResourceId 93 FROM rtree, [AssignedProjectResource] apr 94 WHERE rtree.ParentResourceId = apr.ResourceId 95 AND apr.ProjectId = {0} 96 UNION 97 SELECT apr.ResourceId 98 FROM [AssignedProjectResource] apr 99 WHERE apr.ProjectId = {0} 100 ) 101 "; 102 private const string GetAllGrantedResourcesByProjectIdQueryString = @" 103 WITH rtree AS 104 ( 105 SELECT ResourceId, ParentResourceId 106 FROM [Resource] 107 UNION ALL 108 SELECT rt.ResourceId, r.ParentResourceId 109 FROM [Resource] r 110 JOIN rtree rt ON rt.ParentResourceId = r.ResourceId 111 ) 112 SELECT res.* 113 FROM rtree, [AssignedProjectResource] apr, [Resource] res 114 WHERE rtree.ParentResourceId = apr.ResourceId 115 AND rtree.ResourceId = res.ResourceId 116 AND apr.ProjectId = {0} 117 UNION 118 SELECT res.* 119 FROM [AssignedProjectResource] apr, [Resource] res 120 WHERE apr.ResourceId = res.ResourceId 121 AND apr.ProjectId = {0} 122 "; 123 private const string GetAllGrantedResourceIdsByProjectIdQueryString = @" 124 WITH rtree AS 125 ( 126 SELECT ResourceId, ParentResourceId 127 FROM [Resource] 128 UNION ALL 129 SELECT rt.ResourceId, r.ParentResourceId 130 FROM [Resource] r 131 JOIN rtree rt ON rt.ParentResourceId = r.ResourceId 132 ) 133 SELECT rtree.ResourceId 134 FROM rtree, [AssignedProjectResource] apr 135 WHERE rtree.ParentResourceId = apr.ResourceId 136 AND apr.ProjectId = {0} 137 UNION 138 SELECT apr.ResourceId 139 FROM [AssignedProjectResource] apr 140 WHERE apr.ProjectId = {0} 141 "; 60 142 #endregion 61 143 } -
branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ProjectPermissionDao.cs
r15379 r15530 37 37 } 38 38 39 public void DeleteByProjectAndGrantedUserId(Guid projectId, IEnumerable<Guid> grantedUserId) { 40 string paramIds = string.Join(",", grantedUserId.Select(x => string.Format("'{0}'", x))); 39 public bool CheckUserGrantedForProject(Guid projectId, IEnumerable<Guid> userAndGroupIds) { 40 string paramUserAndGroupIds = string.Join(",", userAndGroupIds.Select(x => string.Format("'{0}'", x))); 41 if(!string.IsNullOrWhiteSpace(paramUserAndGroupIds)) { 42 string queryString = string.Format(CheckUserGrantedForProjectQueryString, projectId, paramUserAndGroupIds); 43 return DataContext.ExecuteQuery<int>(queryString).First() > 0; 44 } 45 return false; 46 } 47 48 public void DeleteByProjectIdAndGrantedUserIds(Guid projectId, IEnumerable<Guid> grantedUserIds) { 49 string paramIds = string.Join(",", grantedUserIds.Select(x => string.Format("'{0}'", x))); 41 50 if (!string.IsNullOrWhiteSpace(paramIds)) { 42 string query = string.Format(DeleteByGrantedUserQuery, projectId, paramIds); 51 string query = string.Format(DeleteByProjectIdAndGrantedUserIdsQueryString, projectId, paramIds); 52 DataContext.ExecuteCommand(query); 53 } 54 } 55 56 public void DeleteByProjectIdsAndGrantedUserIds(IEnumerable<Guid> projectIds, IEnumerable<Guid> grantedUserIds) { 57 string paramProjectIds = string.Join(",", projectIds.Select(x => string.Format("'{0}'", x))); 58 string paramUserIds = string.Join(",", grantedUserIds.Select(x => string.Format("'{0}'", x))); 59 if (!string.IsNullOrWhiteSpace(paramProjectIds) && !string.IsNullOrWhiteSpace(paramUserIds)) { 60 string query = string.Format(DeleteByProjectIdsAndGrantedUserIdsQueryString, paramProjectIds, paramUserIds); 43 61 DataContext.ExecuteCommand(query); 44 62 } … … 54 72 55 73 #region String queries 56 private const string DeleteByGrantedUserQuery = 57 @"DELETE FROM [ProjectPermission] 58 WHERE ProjectId = '{0}' 59 AND GrantedUserId IN ({1});"; 74 private const string DeleteByProjectIdAndGrantedUserIdsQueryString = @" 75 DELETE FROM [ProjectPermission] 76 WHERE ProjectId = '{0}' 77 AND GrantedUserId IN ({1}); 78 "; 79 private const string DeleteByProjectIdsAndGrantedUserIdsQueryString = @" 80 DELETE FROM [ProjectPermission] 81 WHERE ProjectId IN '({0})' 82 AND GrantedUserId IN ({1}); 83 "; 84 private const string CheckUserGrantedForProjectQueryString = @" 85 SELECT COUNT(pp.ProjectId) 86 FROM [ProjectPermission] pp 87 WHERE pp.ProjectId = {0} 88 AND pp.GrantedUserId IN ({1}) 89 "; 60 90 #endregion 61 91 } -
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs
r15527 r15530 41 41 [HiveOperationContextBehavior] 42 42 public class HiveService : IHiveService { 43 private const string NOT_AUTHORIZED_ RESOURCE = "Current useris not authorized to access the requested resource";44 private const string NOT_AUTHORIZED_ PROJECT = "Current user is not authorized to access the requested project";43 private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource"; 44 private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project"; 45 45 46 46 private static readonly DA.TaskState[] CompletedStates = { DA.TaskState.Finished, DA.TaskState.Aborted, DA.TaskState.Failed }; … … 75 75 var taskDao = pm.TaskDao; 76 76 var stateLogDao = pm.StateLogDao; 77 78 pm.UseTransaction(() => {79 CheckTaskPermissions(pm, task, resourceIds);80 });81 77 82 78 var newTask = task.ToEntity(); … … 105 101 } 106 102 103 public Guid AddTask(DT.Task task, DT.TaskData taskData) { 104 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 105 var pm = PersistenceManager; 106 using (new PerformanceLogger("AddTask")) { 107 var taskDao = pm.TaskDao; 108 var stateLogDao = pm.StateLogDao; 109 var newTask = task.ToEntity(); 110 newTask.JobData = taskData.ToEntity(); 111 newTask.JobData.LastUpdate = DateTime.Now; 112 newTask.State = DA.TaskState.Waiting; 113 return pm.UseTransaction(() => { 114 taskDao.Save(newTask); 115 pm.SubmitChanges(); 116 stateLogDao.Save(new DA.StateLog { 117 State = DA.TaskState.Waiting, 118 DateTime = DateTime.Now, 119 TaskId = newTask.TaskId, 120 UserId = UserManager.CurrentUserId, 121 SlaveId = null, 122 Exception = null 123 }); 124 pm.SubmitChanges(); 125 return newTask.TaskId; 126 }, false, true); 127 } 128 } 129 107 130 public Guid AddChildTask(Guid parentTaskId, DT.Task task, DT.TaskData taskData) { 108 131 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 109 IEnumerable<Guid> resourceIds;110 var pm = PersistenceManager;111 using (new PerformanceLogger("AddChildTask")) {112 var assignedTaskResourceDao = pm.AssignedTaskResourceDao;113 resourceIds = pm.UseTransaction(() => {114 return assignedTaskResourceDao.GetByTaskId(parentTaskId)115 .Select(x => x.ResourceId)116 .ToList();117 });118 }119 132 task.ParentTaskId = parentTaskId; 120 return AddTask(task, taskData , resourceIds);133 return AddTask(task, taskData); 121 134 } 122 135 … … 402 415 } 403 416 417 public Guid AddJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) { 418 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 419 // check user - project 420 AuthorizationManager.AuthorizeUserForProjectUse(UserManager.CurrentUserId, jobDto.ProjectId); 421 // check project - resources 422 AuthorizationManager.AuthorizeProjectForResourcesUse(jobDto.ProjectId, resourceIds); 423 var pm = PersistenceManager; 424 using (new PerformanceLogger("AddJob")) { 425 var jobDao = pm.JobDao; 426 var userPriorityDao = pm.UserPriorityDao; 427 428 return pm.UseTransaction(() => { 429 var newJob = jobDto.ToEntity(); 430 newJob.OwnerUserId = UserManager.CurrentUserId; 431 newJob.DateCreated = DateTime.Now; 432 433 // add resource assignments 434 newJob.AssignedJobResources.AddRange(resourceIds.Select( 435 x => new DA.AssignedJobResource { 436 ResourceId = x 437 })); 438 439 var job = jobDao.Save(newJob); 440 if (userPriorityDao.GetById(jobDto.OwnerUserId) == null) { 441 userPriorityDao.Save(new DA.UserPriority { 442 UserId = jobDto.OwnerUserId, 443 DateEnqueued = jobDto.DateCreated 444 }); 445 } 446 pm.SubmitChanges(); 447 return job.JobId; 448 }); 449 } 450 } 451 404 452 public void UpdateJob(DT.Job jobDto) { 405 453 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); … … 416 464 } 417 465 jobDto.CopyToEntity(job); 466 if (!exists) { 467 jobDao.Save(job); 468 } 469 pm.SubmitChanges(); 470 }); 471 } 472 } 473 474 public void UpdateJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) { 475 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 476 AuthorizationManager.AuthorizeForJob(jobDto.Id, DT.Permission.Full); 477 // check user - project permission 478 AuthorizationManager.AuthorizeUserForProjectUse(UserManager.CurrentUserId, jobDto.ProjectId); 479 // check project - resources permission 480 AuthorizationManager.AuthorizeProjectForResourcesUse(jobDto.ProjectId, resourceIds); 481 482 var pm = PersistenceManager; 483 using (new PerformanceLogger("UpdateJob")) { 484 bool exists = true; 485 var jobDao = pm.JobDao; 486 pm.UseTransaction(() => { 487 var job = jobDao.GetById(jobDto.Id); 488 if (job == null) { 489 exists = false; 490 job = new DA.Job(); 491 } 492 jobDto.CopyToEntity(job); 493 494 // remove former resource assignments 495 job.AssignedJobResources.Clear(); 496 // add resource assignments 497 job.AssignedJobResources.AddRange(resourceIds.Select( 498 x => new DA.AssignedJobResource { 499 ResourceId = x 500 })); 501 418 502 if (!exists) { 419 503 jobDao.Save(job); … … 690 774 691 775 #region ProjectPermission Methods 692 public void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds ) {776 public void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading) { 693 777 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 694 778 AuthorizationManager.AuthorizeForProjectAdministration(projectId); … … 696 780 using (new PerformanceLogger("GrantProjectPermissions")) { 697 781 var projectDao = pm.ProjectDao; 782 698 783 pm.UseTransaction(() => { 699 784 var project = projectDao.GetById(projectId); 700 785 var projectPermissions = project.ProjectPermissions.ToList(); 701 786 foreach (var id in grantedUserIds) { 702 if (projectPermissions.All(x => x.GrantedUserId != id)) { 787 if (projectPermissions.All(x => x.GrantedUserId != id)) { 703 788 project.ProjectPermissions.Add(new DA.ProjectPermission { 704 789 GrantedUserId = id, … … 707 792 } 708 793 } 709 pm.SubmitChanges(); 710 }); 711 } 712 } 713 714 public void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds) { 794 if(cascading) { 795 var childProjects = projectDao.GetChildProjectsById(projectId); 796 foreach (var p in childProjects) { 797 p.ProjectPermissions.Clear(); 798 foreach (var id in grantedUserIds) { 799 p.ProjectPermissions.Add(new DA.ProjectPermission { 800 GrantedUserId = id, 801 GrantedByUserId = UserManager.CurrentUserId 802 }); 803 } 804 } 805 } 806 pm.SubmitChanges(); 807 }); 808 } 809 } 810 811 public void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading) { 715 812 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 716 813 AuthorizationManager.AuthorizeForProjectAdministration(projectId); … … 718 815 using (new PerformanceLogger("RevokeProjectPermissions")) { 719 816 var projectPermissionDao = pm.ProjectPermissionDao; 720 pm.UseTransaction(() => { 721 projectPermissionDao.DeleteByProjectAndGrantedUserId(projectId, grantedUserIds); 817 var projectDao = pm.ProjectDao; 818 pm.UseTransaction(() => { 819 if(cascading) { 820 var childProjectIds = projectDao.GetChildProjectIdsById(projectId); 821 projectPermissionDao.DeleteByProjectIdsAndGrantedUserIds(childProjectIds, grantedUserIds); 822 } 823 projectPermissionDao.DeleteByProjectIdAndGrantedUserIds(projectId, grantedUserIds); 722 824 pm.SubmitChanges(); 723 825 }); … … 749 851 var assignedProjectResources = project.AssignedProjectResources.ToList(); 750 852 853 // TODO-JAN 751 854 if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) 752 855 AuthorizeForResources(pm, project, resourceIds); … … 767 870 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 768 871 AuthorizationManager.AuthorizeForProjectAdministration(projectId); 872 // TODO-JAN: adjust Authorization Method 873 // only users who are owners of a parent project of projectId are allowed to manage resources 874 // these users can only those resources which are already assigned to 875 // (1) the nearest parent they own 876 // (2) to any of the parent they own 769 877 var pm = PersistenceManager; 770 878 using (new PerformanceLogger("UnassignProjectResources")) { … … 1129 1237 } 1130 1238 1131 // OBSOLETE1132 // reason: only used for double checking! AuthorizationManager.AuthorizeForProjectAdministration(..) does the same!1133 //private DA.Project AuthorizeForProject(IPersistenceManager pm, Guid projectId) {1134 // var projectDao = pm.ProjectDao;1135 // var project = projectDao.GetById(projectId);1136 // if (project == null) throw new SecurityException(NOT_AUTHORIZED_PROJECT);1137 // if (project.OwnerUserId != UserManager.CurrentUserId1138 // && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {1139 // throw new SecurityException(NOT_AUTHORIZED_PROJECT);1140 // }1141 // return project;1142 //}1143 1144 private void CheckTaskPermissions(IPersistenceManager pm, DT.Task task, IEnumerable<Guid> resourceIds) {1145 var jobDao = pm.JobDao;1146 var projectDao = pm.ProjectDao;1147 var resourceDao = pm.ResourceDao;1148 var projectPermissionDao = pm.ProjectPermissionDao;1149 var currentUserId = UserManager.CurrentUserId;1150 1151 // PART 2: user-project permission check1152 var job = jobDao.GetById(task.JobId);1153 var project = projectDao.GetById(job.ProjectId);1154 AuthorizeForProjectTask(pm, project);1155 1156 // PART 3: project-resource permission check1157 var assignedResourceIds = project.AssignedProjectResources.Select(x => x.ResourceId).ToList();1158 var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetChildResourceIdsById(x));1159 assignedResourceIds.AddRange(assignedChildResourceIds);1160 if (resourceIds.Except(assignedResourceIds).Any()) {1161 throw new SecurityException(NOT_AUTHORIZED_PROJECT);1162 }1163 }1164 1165 // Check if current user is authorized to add a task on a explicit project1166 // case 1: user is administrator1167 // case 2: user is owner of project or parent project1168 // case 3: user has explicit permission on project or parent project1169 private void AuthorizeForProjectTask(IPersistenceManager pm, DA.Project project) {1170 if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // case 11171 1172 // case 21173 var projectDao = pm.ProjectDao;1174 var projectBranch = new List<DA.Project>() { project };1175 projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId));1176 if (projectBranch1177 .Select(x => x.OwnerUserId)1178 .Contains(UserManager.CurrentUserId)) {1179 return;1180 }1181 1182 // case 31183 if (project.ProjectPermissions1184 .Select(x => x.GrantedUserId)1185 .Contains(UserManager.CurrentUserId)) {1186 return;1187 }1188 if (projectBranch1189 .SelectMany(x => x.ProjectPermissions)1190 .Select(x => x.GrantedUserId)1191 .Contains(UserManager.CurrentUserId)) {1192 return;1193 }1194 1195 throw new SecurityException(NOT_AUTHORIZED_PROJECT);1196 }1197 1198 1239 // Check if the current user is authorized to administer resourceIds 1199 private void AuthorizeForResource s(IPersistenceManager pm, DA.Project project, Guid[] resourceIds) {1240 private void AuthorizeForResource(IPersistenceManager pm, DA.Project project, Guid[] resourceIds) { 1200 1241 var projectDao = pm.ProjectDao; 1201 1242 var resourceDao = pm.ResourceDao; -
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs
r15380 r15530 22 22 using System; 23 23 using HeuristicLab.Services.Hive.DataTransfer; 24 using System.Collections.Generic; 24 25 25 26 namespace HeuristicLab.Services.Hive { … … 37 38 38 39 void AuthorizeForProjectAdministration(Guid projectId); 40 41 void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds); 42 43 void AuthorizeUserForProjectUse(Guid userId, Guid projectId); 39 44 } 40 45 } -
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
r15508 r15530 33 33 public class AuthorizationManager : IAuthorizationManager { 34 34 35 private const string NOT_AUTHORIZED = "Current user is not authorized to access the requested resource"; 35 private const string NOT_AUTHORIZED_USERRESOURCE = "Current user is not authorized to access the requested resource"; 36 private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project"; 37 private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource"; 38 36 39 private IPersistenceManager PersistenceManager { 37 40 get { return ServiceLocator.Instance.PersistenceManager; } … … 48 51 public void Authorize(Guid userId) { 49 52 if (userId != ServiceLocator.Instance.UserManager.CurrentUserId) 50 throw new SecurityException(NOT_AUTHORIZED );53 throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 51 54 } 52 55 … … 57 60 pm.UseTransaction(() => { 58 61 var task = taskDao.GetById(taskId); 59 if (task == null) throw new SecurityException(NOT_AUTHORIZED );62 if (task == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 60 63 AuthorizeJob(pm, task.JobId, requiredPermission); 61 64 }); … … 74 77 pm.UseTransaction(() => { 75 78 var resource = resourceDao.GetById(resourceId); 76 if (resource == null) throw new SecurityException(NOT_AUTHORIZED );79 if (resource == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 77 80 if (resource.OwnerUserId != UserManager.CurrentUserId 78 81 && !RoleVerifier.IsInRole(HiveRoles.Administrator)) { 79 throw new SecurityException(NOT_AUTHORIZED );82 throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 80 83 } 81 84 }); … … 87 90 pm.UseTransaction(() => { 88 91 var project = projectDao.GetById(projectId); 89 if (project == null) throw new SecurityException(NOT_AUTHORIZED );92 if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 90 93 91 var projectTree = new List<Project>() { project }; 92 projectTree.AddRange(projectDao.GetProjectsByChildId(projectId)); 94 var projectTree = projectDao.GetCurrentAndParentProjectsById(projectId); 93 95 if(!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId) 94 96 && !RoleVerifier.IsInRole(HiveRoles.Administrator)) { 95 throw new SecurityException(NOT_AUTHORIZED );97 throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 96 98 } 97 99 }); 100 } 101 102 // Check if a project is authorized to use a list of resources 103 public void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds) { 104 var pm = PersistenceManager; 105 var assignedProjectResourceDao = pm.AssignedProjectResourceDao; 106 if (!assignedProjectResourceDao.CheckProjectGrantedForResources(projectId, resourceIds)) 107 throw new SecurityException(NOT_AUTHORIZED_PROJECTRESOURCE); 108 } 109 110 // Check if current user is authorized to use an explicit project (e.g. in order to add a job) 111 // note: administrators and project owner are NOT automatically granted 112 public void AuthorizeUserForProjectUse(Guid userId, Guid projectId) { 113 var pm = PersistenceManager; 114 // collect current and group membership Ids 115 var userAndGroupIds = new List<Guid>() { userId }; 116 userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(userId)); 117 // perform the actual check 118 var projectPermissionDao = pm.ProjectPermissionDao; 119 if (!projectPermissionDao.CheckUserGrantedForProject(projectId, userAndGroupIds)) { 120 throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 121 } 98 122 } 99 123 … … 114 138 if (permission == Permission.NotAllowed 115 139 || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) { 116 throw new SecurityException(NOT_AUTHORIZED );140 throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 117 141 } 118 142 } -
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/ServiceContracts/IHiveService.cs
r15411 r15530 151 151 #region ProjectPermission Methods 152 152 [OperationContract] 153 void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds );154 155 [OperationContract] 156 void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds );153 void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading); 154 155 [OperationContract] 156 void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading); 157 157 158 158 [OperationContract]
Note: See TracChangeset
for help on using the changeset viewer.