Changeset 15530 for branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
- Timestamp:
- 12/15/17 17:51:28 (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
r15508 r15530 33 33 public class AuthorizationManager : IAuthorizationManager { 34 34 35 private const string NOT_AUTHORIZED = "Current user is not authorized to access the requested resource"; 35 private const string NOT_AUTHORIZED_USERRESOURCE = "Current user is not authorized to access the requested resource"; 36 private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project"; 37 private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource"; 38 36 39 private IPersistenceManager PersistenceManager { 37 40 get { return ServiceLocator.Instance.PersistenceManager; } … … 48 51 public void Authorize(Guid userId) { 49 52 if (userId != ServiceLocator.Instance.UserManager.CurrentUserId) 50 throw new SecurityException(NOT_AUTHORIZED );53 throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 51 54 } 52 55 … … 57 60 pm.UseTransaction(() => { 58 61 var task = taskDao.GetById(taskId); 59 if (task == null) throw new SecurityException(NOT_AUTHORIZED );62 if (task == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 60 63 AuthorizeJob(pm, task.JobId, requiredPermission); 61 64 }); … … 74 77 pm.UseTransaction(() => { 75 78 var resource = resourceDao.GetById(resourceId); 76 if (resource == null) throw new SecurityException(NOT_AUTHORIZED );79 if (resource == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 77 80 if (resource.OwnerUserId != UserManager.CurrentUserId 78 81 && !RoleVerifier.IsInRole(HiveRoles.Administrator)) { 79 throw new SecurityException(NOT_AUTHORIZED );82 throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 80 83 } 81 84 }); … … 87 90 pm.UseTransaction(() => { 88 91 var project = projectDao.GetById(projectId); 89 if (project == null) throw new SecurityException(NOT_AUTHORIZED );92 if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 90 93 91 var projectTree = new List<Project>() { project }; 92 projectTree.AddRange(projectDao.GetProjectsByChildId(projectId)); 94 var projectTree = projectDao.GetCurrentAndParentProjectsById(projectId); 93 95 if(!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId) 94 96 && !RoleVerifier.IsInRole(HiveRoles.Administrator)) { 95 throw new SecurityException(NOT_AUTHORIZED );97 throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 96 98 } 97 99 }); 100 } 101 102 // Check if a project is authorized to use a list of resources 103 public void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds) { 104 var pm = PersistenceManager; 105 var assignedProjectResourceDao = pm.AssignedProjectResourceDao; 106 if (!assignedProjectResourceDao.CheckProjectGrantedForResources(projectId, resourceIds)) 107 throw new SecurityException(NOT_AUTHORIZED_PROJECTRESOURCE); 108 } 109 110 // Check if current user is authorized to use an explicit project (e.g. in order to add a job) 111 // note: administrators and project owner are NOT automatically granted 112 public void AuthorizeUserForProjectUse(Guid userId, Guid projectId) { 113 var pm = PersistenceManager; 114 // collect current and group membership Ids 115 var userAndGroupIds = new List<Guid>() { userId }; 116 userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(userId)); 117 // perform the actual check 118 var projectPermissionDao = pm.ProjectPermissionDao; 119 if (!projectPermissionDao.CheckUserGrantedForProject(projectId, userAndGroupIds)) { 120 throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 121 } 98 122 } 99 123 … … 114 138 if (permission == Permission.NotAllowed 115 139 || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) { 116 throw new SecurityException(NOT_AUTHORIZED );140 throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 117 141 } 118 142 }
Note: See TracChangeset
for help on using the changeset viewer.