Free cookie consent management tool by TermsFeed Policy Generator

Ignore:
Timestamp:
12/15/17 17:51:28 (5 years ago)
Author:
jzenisek
Message:

#2839

  • worked on Job operations add&update
  • worked on ProjectPermission handling
  • worked on Project-Resource assignment
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

    r15527 r15530  
    4141  [HiveOperationContextBehavior]
    4242  public class HiveService : IHiveService {
    43     private const string NOT_AUTHORIZED_RESOURCE = "Current user is not authorized to access the requested resource";
    44     private const string NOT_AUTHORIZED_PROJECT = "Current user is not authorized to access the requested project";
     43    private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
     44    private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project";
    4545
    4646    private static readonly DA.TaskState[] CompletedStates = { DA.TaskState.Finished, DA.TaskState.Aborted, DA.TaskState.Failed };
     
    7575        var taskDao = pm.TaskDao;
    7676        var stateLogDao = pm.StateLogDao;
    77 
    78         pm.UseTransaction(() => {
    79           CheckTaskPermissions(pm, task, resourceIds);
    80         });
    8177
    8278        var newTask = task.ToEntity();
     
    105101    }
    106102
     103    public Guid AddTask(DT.Task task, DT.TaskData taskData) {
     104      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     105      var pm = PersistenceManager;
     106      using (new PerformanceLogger("AddTask")) {
     107        var taskDao = pm.TaskDao;
     108        var stateLogDao = pm.StateLogDao;
     109        var newTask = task.ToEntity();
     110        newTask.JobData = taskData.ToEntity();
     111        newTask.JobData.LastUpdate = DateTime.Now;
     112        newTask.State = DA.TaskState.Waiting;
     113        return pm.UseTransaction(() => {
     114          taskDao.Save(newTask);
     115          pm.SubmitChanges();
     116          stateLogDao.Save(new DA.StateLog {
     117            State = DA.TaskState.Waiting,
     118            DateTime = DateTime.Now,
     119            TaskId = newTask.TaskId,
     120            UserId = UserManager.CurrentUserId,
     121            SlaveId = null,
     122            Exception = null
     123          });
     124          pm.SubmitChanges();
     125          return newTask.TaskId;
     126        }, false, true);
     127      }
     128    }
     129
    107130    public Guid AddChildTask(Guid parentTaskId, DT.Task task, DT.TaskData taskData) {
    108131      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    109       IEnumerable<Guid> resourceIds;
    110       var pm = PersistenceManager;
    111       using (new PerformanceLogger("AddChildTask")) {
    112         var assignedTaskResourceDao = pm.AssignedTaskResourceDao;
    113         resourceIds = pm.UseTransaction(() => {
    114           return assignedTaskResourceDao.GetByTaskId(parentTaskId)
    115             .Select(x => x.ResourceId)
    116             .ToList();
    117         });
    118       }
    119132      task.ParentTaskId = parentTaskId;
    120       return AddTask(task, taskData, resourceIds);
     133      return AddTask(task, taskData);
    121134    }
    122135
     
    402415    }
    403416
     417    public Guid AddJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) {
     418      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     419      // check user - project
     420      AuthorizationManager.AuthorizeUserForProjectUse(UserManager.CurrentUserId, jobDto.ProjectId);
     421      // check project - resources
     422      AuthorizationManager.AuthorizeProjectForResourcesUse(jobDto.ProjectId, resourceIds);
     423      var pm = PersistenceManager;
     424      using (new PerformanceLogger("AddJob")) {
     425        var jobDao = pm.JobDao;
     426        var userPriorityDao = pm.UserPriorityDao;
     427
     428        return pm.UseTransaction(() => {
     429          var newJob = jobDto.ToEntity();
     430          newJob.OwnerUserId = UserManager.CurrentUserId;
     431          newJob.DateCreated = DateTime.Now;
     432
     433          // add resource assignments
     434          newJob.AssignedJobResources.AddRange(resourceIds.Select(
     435            x => new DA.AssignedJobResource {
     436              ResourceId = x
     437          }));
     438 
     439          var job = jobDao.Save(newJob);
     440          if (userPriorityDao.GetById(jobDto.OwnerUserId) == null) {
     441            userPriorityDao.Save(new DA.UserPriority {
     442              UserId = jobDto.OwnerUserId,
     443              DateEnqueued = jobDto.DateCreated
     444            });
     445          }
     446          pm.SubmitChanges();
     447          return job.JobId;
     448        });
     449      }
     450    }
     451
    404452    public void UpdateJob(DT.Job jobDto) {
    405453      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     
    416464          }
    417465          jobDto.CopyToEntity(job);
     466          if (!exists) {
     467            jobDao.Save(job);
     468          }
     469          pm.SubmitChanges();
     470        });
     471      }
     472    }
     473
     474    public void UpdateJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) {
     475      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     476      AuthorizationManager.AuthorizeForJob(jobDto.Id, DT.Permission.Full);
     477      // check user - project permission
     478      AuthorizationManager.AuthorizeUserForProjectUse(UserManager.CurrentUserId, jobDto.ProjectId);
     479      // check project - resources permission
     480      AuthorizationManager.AuthorizeProjectForResourcesUse(jobDto.ProjectId, resourceIds);
     481
     482      var pm = PersistenceManager;
     483      using (new PerformanceLogger("UpdateJob")) {
     484        bool exists = true;
     485        var jobDao = pm.JobDao;
     486        pm.UseTransaction(() => {
     487          var job = jobDao.GetById(jobDto.Id);
     488          if (job == null) {
     489            exists = false;
     490            job = new DA.Job();
     491          }
     492          jobDto.CopyToEntity(job);
     493
     494          // remove former resource assignments
     495          job.AssignedJobResources.Clear();
     496          // add resource assignments
     497          job.AssignedJobResources.AddRange(resourceIds.Select(
     498            x => new DA.AssignedJobResource {
     499              ResourceId = x
     500          }));
     501
    418502          if (!exists) {
    419503            jobDao.Save(job);
     
    690774
    691775    #region ProjectPermission Methods
    692     public void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds) {
     776    public void GrantProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading) {
    693777      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    694778      AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     
    696780      using (new PerformanceLogger("GrantProjectPermissions")) {
    697781        var projectDao = pm.ProjectDao;
     782       
    698783        pm.UseTransaction(() => {
    699784          var project = projectDao.GetById(projectId);
    700785          var projectPermissions = project.ProjectPermissions.ToList();
    701786          foreach (var id in grantedUserIds) {
    702             if (projectPermissions.All(x => x.GrantedUserId != id)) {
     787            if (projectPermissions.All(x => x.GrantedUserId != id)) { 
    703788              project.ProjectPermissions.Add(new DA.ProjectPermission {
    704789                GrantedUserId = id,
     
    707792            }
    708793          }
    709           pm.SubmitChanges();
    710         });
    711       }
    712     }
    713 
    714     public void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds) {
     794          if(cascading) {
     795            var childProjects = projectDao.GetChildProjectsById(projectId);
     796            foreach (var p in childProjects) {
     797              p.ProjectPermissions.Clear();
     798              foreach (var id in grantedUserIds) {
     799                p.ProjectPermissions.Add(new DA.ProjectPermission {
     800                  GrantedUserId = id,
     801                  GrantedByUserId = UserManager.CurrentUserId
     802                });
     803              }
     804            }
     805          }
     806          pm.SubmitChanges();
     807        });
     808      }
     809    }
     810
     811    public void RevokeProjectPermissions(Guid projectId, Guid[] grantedUserIds, bool cascading) {
    715812      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    716813      AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     
    718815      using (new PerformanceLogger("RevokeProjectPermissions")) {
    719816        var projectPermissionDao = pm.ProjectPermissionDao;
    720         pm.UseTransaction(() => {
    721           projectPermissionDao.DeleteByProjectAndGrantedUserId(projectId, grantedUserIds);
     817        var projectDao = pm.ProjectDao;
     818        pm.UseTransaction(() => {
     819          if(cascading) {
     820            var childProjectIds = projectDao.GetChildProjectIdsById(projectId);
     821            projectPermissionDao.DeleteByProjectIdsAndGrantedUserIds(childProjectIds, grantedUserIds);
     822          }
     823          projectPermissionDao.DeleteByProjectIdAndGrantedUserIds(projectId, grantedUserIds);
    722824          pm.SubmitChanges();
    723825        });
     
    749851          var assignedProjectResources = project.AssignedProjectResources.ToList();
    750852
     853          // TODO-JAN
    751854          if (!RoleVerifier.IsInRole(HiveRoles.Administrator))
    752855            AuthorizeForResources(pm, project, resourceIds);
     
    767870      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    768871      AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     872      // TODO-JAN: adjust Authorization Method
     873      // only users who are owners of a parent project of projectId are allowed to manage resources
     874      // these users can only those resources which are already assigned to
     875      // (1) the nearest parent they own
     876      // (2) to any of the parent they own
    769877      var pm = PersistenceManager;
    770878      using (new PerformanceLogger("UnassignProjectResources")) {
     
    11291237    }
    11301238
    1131     // OBSOLETE
    1132     // reason: only used for double checking! AuthorizationManager.AuthorizeForProjectAdministration(..) does the same!
    1133     //private DA.Project AuthorizeForProject(IPersistenceManager pm, Guid projectId) {
    1134     //  var projectDao = pm.ProjectDao;
    1135     //  var project = projectDao.GetById(projectId);
    1136     //  if (project == null) throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1137     //  if (project.OwnerUserId != UserManager.CurrentUserId
    1138     //      && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    1139     //    throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1140     //  }
    1141     //  return project;
    1142     //}
    1143 
    1144     private void CheckTaskPermissions(IPersistenceManager pm, DT.Task task, IEnumerable<Guid> resourceIds) {
    1145       var jobDao = pm.JobDao;
    1146       var projectDao = pm.ProjectDao;
    1147       var resourceDao = pm.ResourceDao;
    1148       var projectPermissionDao = pm.ProjectPermissionDao;
    1149       var currentUserId = UserManager.CurrentUserId;
    1150 
    1151       // PART 2: user-project permission check
    1152       var job = jobDao.GetById(task.JobId);
    1153       var project = projectDao.GetById(job.ProjectId);
    1154       AuthorizeForProjectTask(pm, project);
    1155 
    1156       // PART 3: project-resource permission check
    1157       var assignedResourceIds = project.AssignedProjectResources.Select(x => x.ResourceId).ToList();
    1158       var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetChildResourceIdsById(x));
    1159       assignedResourceIds.AddRange(assignedChildResourceIds);
    1160       if (resourceIds.Except(assignedResourceIds).Any()) {
    1161         throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1162       }
    1163     }
    1164 
    1165     // Check if current user is authorized to add a task on a explicit project
    1166     // case 1: user is administrator
    1167     // case 2: user is owner of project or parent project
    1168     // case 3: user has explicit permission on project or parent project
    1169     private void AuthorizeForProjectTask(IPersistenceManager pm, DA.Project project) {
    1170       if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // case 1
    1171 
    1172       // case 2
    1173       var projectDao = pm.ProjectDao;
    1174       var projectBranch = new List<DA.Project>() { project };
    1175       projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId));
    1176       if (projectBranch
    1177         .Select(x => x.OwnerUserId)
    1178         .Contains(UserManager.CurrentUserId)) {
    1179         return;
    1180       }
    1181 
    1182       // case 3
    1183       if (project.ProjectPermissions
    1184         .Select(x => x.GrantedUserId)
    1185         .Contains(UserManager.CurrentUserId)) {
    1186         return;
    1187       }
    1188       if (projectBranch
    1189         .SelectMany(x => x.ProjectPermissions)
    1190         .Select(x => x.GrantedUserId)
    1191         .Contains(UserManager.CurrentUserId)) {
    1192         return;
    1193       }
    1194 
    1195       throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1196     }
    1197 
    11981239    // Check if the current user is authorized to administer resourceIds
    1199     private void AuthorizeForResources(IPersistenceManager pm, DA.Project project, Guid[] resourceIds) {
     1240    private void AuthorizeForResource(IPersistenceManager pm, DA.Project project, Guid[] resourceIds) {
    12001241      var projectDao = pm.ProjectDao;
    12011242      var resourceDao = pm.ResourceDao;
Note: See TracChangeset for help on using the changeset viewer.