Free cookie consent management tool by TermsFeed Policy Generator

Ignore:
Timestamp:
12/15/17 17:51:28 (5 years ago)
Author:
jzenisek
Message:

#2839

  • worked on Job operations add&update
  • worked on ProjectPermission handling
  • worked on Project-Resource assignment
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r15508 r15530  
    3333  public class AuthorizationManager : IAuthorizationManager {
    3434
    35     private const string NOT_AUTHORIZED = "Current user is not authorized to access the requested resource";
     35    private const string NOT_AUTHORIZED_USERRESOURCE = "Current user is not authorized to access the requested resource";
     36    private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project";
     37    private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
     38
    3639    private IPersistenceManager PersistenceManager {
    3740      get { return ServiceLocator.Instance.PersistenceManager; }
     
    4851    public void Authorize(Guid userId) {
    4952      if (userId != ServiceLocator.Instance.UserManager.CurrentUserId)
    50         throw new SecurityException(NOT_AUTHORIZED);
     53        throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    5154    }
    5255
     
    5760      pm.UseTransaction(() => {
    5861        var task = taskDao.GetById(taskId);
    59         if (task == null) throw new SecurityException(NOT_AUTHORIZED);
     62        if (task == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    6063        AuthorizeJob(pm, task.JobId, requiredPermission);
    6164      });
     
    7477      pm.UseTransaction(() => {
    7578        var resource = resourceDao.GetById(resourceId);
    76         if (resource == null) throw new SecurityException(NOT_AUTHORIZED);
     79        if (resource == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    7780        if (resource.OwnerUserId != UserManager.CurrentUserId
    7881            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    79           throw new SecurityException(NOT_AUTHORIZED);
     82          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    8083        }
    8184      });
     
    8790      pm.UseTransaction(() => {
    8891        var project = projectDao.GetById(projectId);
    89         if (project == null) throw new SecurityException(NOT_AUTHORIZED);
     92        if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
    9093
    91         var projectTree = new List<Project>() { project };
    92         projectTree.AddRange(projectDao.GetProjectsByChildId(projectId));
     94        var projectTree = projectDao.GetCurrentAndParentProjectsById(projectId);
    9395        if(!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
    9496            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    95           throw new SecurityException(NOT_AUTHORIZED);
     97          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
    9698        }
    9799      });
     100    }
     101
     102    // Check if a project is authorized to use a list of resources
     103    public void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds) {
     104      var pm = PersistenceManager;
     105      var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
     106      if (!assignedProjectResourceDao.CheckProjectGrantedForResources(projectId, resourceIds))
     107        throw new SecurityException(NOT_AUTHORIZED_PROJECTRESOURCE);
     108    }
     109
     110    // Check if current user is authorized to use an explicit project (e.g. in order to add a job)
     111    // note: administrators and project owner are NOT automatically granted
     112    public void AuthorizeUserForProjectUse(Guid userId, Guid projectId) {
     113      var pm = PersistenceManager;
     114      // collect current and group membership Ids
     115      var userAndGroupIds = new List<Guid>() { userId };
     116      userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(userId));
     117      // perform the actual check
     118      var projectPermissionDao = pm.ProjectPermissionDao;
     119      if (!projectPermissionDao.CheckUserGrantedForProject(projectId, userAndGroupIds)) {
     120        throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
     121      }
    98122    }
    99123
     
    114138      if (permission == Permission.NotAllowed
    115139          || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) {
    116         throw new SecurityException(NOT_AUTHORIZED);
     140        throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    117141      }
    118142    }
Note: See TracChangeset for help on using the changeset viewer.