Changeset 15540


Ignore:
Timestamp:
12/18/17 17:38:05 (3 years ago)
Author:
jzenisek
Message:

#2839 added checks for the administration of project-resource assignments

Location:
branches/HiveProjectManagement
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/AssignedProjectResourceDao.cs

    r15530 r15540  
    6161      return DataContext.ExecuteQuery<Guid>(GetAllGrantedResourceIdsByProjectIdQueryString, projectId);
    6262    }
     63
     64    public IEnumerable<Guid> GetAllGrantedResourceIdsOfOwnedParentProjects(Guid projectId, Guid userId) {
     65      return DataContext.ExecuteQuery<Guid>(GetAllGrantedResourceIdsOfOwnedParentProjectsQueryString, projectId, userId);
     66    }
     67
    6368
    6469    #region Compiled queries
     
    140145    WHERE apr.ProjectId = {0}
    141146    ";
     147    private const string GetAllGrantedResourceIdsOfOwnedParentProjectsQueryString = @"
     148      WITH pbranch AS
     149      (
     150        SELECT ProjectId, ParentProjectId
     151        FROM [Project]
     152        UNION ALL
     153        SELECT pb.ProjectId, p.ParentProjectId
     154        FROM [Project] p
     155        JOIN pbranch pb ON pb.ParentProjectId = p.ProjectId AND p.ParentProjectId <> p.ProjectId AND pb.ParentProjectId <> pb.ProjectId
     156      ),
     157      rtree AS
     158      (
     159        SELECT ResourceId, ParentResourceId
     160        FROM [Resource]
     161        UNION ALL
     162        SELECT rt.ResourceId, r.ParentResourceId
     163        FROM [Resource] r
     164        JOIN rtree rt ON rt.ParentResourceId = r.ResourceId AND r.ParentResourceId <> r.ResourceId AND rt.ParentResourceId <> rt.ResourceId
     165      )
     166      SELECT DISTINCT rtree.ResourceId
     167      FROM pbranch, rtree, [Project] pro, [AssignedProjectResource] apr
     168      WHERE pbranch.ProjectId = {0}
     169      AND pbranch.ParentProjectId = pro.ProjectId
     170      AND pro.OwnerUserId = {1}
     171      AND pbranch.ParentProjectId = apr.ProjectId
     172      AND apr.ResourceId = rtree.ParentResourceId
     173    ";
    142174    #endregion
    143175  }
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ProjectDao.cs

    r15527 r15540  
    153153      FROM pbranch
    154154    ";
     155    private const string GetNearestOwnedParentProjectByIdQuery = @"
     156      WITH pbranch AS
     157      (
     158        SELECT ProjectId, ParentProjectId, CAST(ProjectId AS NVARCHAR(MAX)) Path, 1 Distance
     159        FROM [Project]
     160        WHERE ProjectId = {0}
     161        UNION ALL
     162        SELECT pb.ProjectId, p.ParentProjectId, pb.Path + N', ' + CAST(pb.ProjectId AS NVARCHAR(MAX)), pb.Distance + 1
     163        FROM [Project] p
     164        JOIN pbranch pb ON pb.ParentProjectId = p.ProjectId AND p.ParentProjectId <> p.ProjectId AND pb.ParentProjectId <> pb.ProjectId
     165      )
     166      SELECT TOP(1) pro.*
     167      FROM pbranch, [Project] pro
     168      WHERE pbranch.ParentProjectId = pro.ProjectId
     169      AND pro.OwnerUserId = {1}
     170      ORDER BY pbranch.Distance
     171    ";
     172    private const string GetFarestOwnedParentProjectIdByIdQuery = @"
     173      WITH pbranch AS
     174      (
     175        SELECT ProjectId, ParentProjectId, CAST(ProjectId AS NVARCHAR(MAX)) Path, 1 Distance
     176        FROM [Project]
     177        WHERE ProjectId = {0}
     178        UNION ALL
     179        SELECT pb.ProjectId, p.ParentProjectId, pb.Path + N', ' + CAST(pb.ProjectId AS NVARCHAR(MAX)), pb.Distance + 1
     180        FROM [Project] p
     181        JOIN pbranch pb ON pb.ParentProjectId = p.ProjectId AND p.ParentProjectId <> p.ProjectId AND pb.ParentProjectId <> pb.ProjectId
     182      )
     183      SELECT TOP(1) pro.*
     184      FROM pbranch, [Project] pro
     185      WHERE pbranch.ParentProjectId = pro.ProjectId
     186      AND pro.OwnerUserId = {1}
     187      ORDER BY pbranch.Distance DESC
     188    ";
    155189    #endregion
    156190  }
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ResourceDao.cs

    r15527 r15540  
    3535    public Resource GetByName(string name) {
    3636      return GetByNameQuery(DataContext, name);
     37    }
     38
     39    public bool CheckExistence(IEnumerable<Guid> ids) {
     40      string paramResourceIds = string.Join(",", ids.Select(x => string.Format("'{0}'", x)));
     41      if (!string.IsNullOrWhiteSpace(paramResourceIds)) {
     42        string queryString = string.Format(CountExistenceQuery, paramResourceIds);
     43        return DataContext.ExecuteQuery<int>(queryString).Count() == ids.Count();
     44      }
     45      return false;
    3746    }
    3847
     
    8089
    8190    #region String queries
     91    private const string CountExistenceQuery = @"
     92      SELECT COUNT(DISTINCT r.ResourceId)
     93      FROM [Resource] r
     94      WHERE r.ResourceId IN ({0})
     95    ";
    8296    private const string GetChildResourcesByIdQuery = @"
    8397      WITH rtree AS
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/HeuristicLab.Services.Hive.DataAccess-3.3.csproj

    r15508 r15540  
    104104  <ItemGroup>
    105105    <None Include="Plugin.cs.frame" />
     106    <Compile Include="Daos\AssignedJobResourceDao.cs" />
    106107    <Compile Include="Daos\AssignedProjectResourceDao.cs" />
    107108    <Compile Include="Daos\AssignedTaskResourceDao.cs" />
     
    123124    <Compile Include="Daos\RequiredPluginDao.cs" />
    124125    <Compile Include="Daos\ResourceDao.cs" />
    125     <Compile Include="Daos\ResourcePermissionDao.cs" />
    126126    <Compile Include="Daos\SlaveDao.cs" />
    127127    <Compile Include="Daos\SlaveGroupDao.cs" />
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs

    r15530 r15540  
    3939    void AuthorizeForProjectAdministration(Guid projectId);
    4040
     41    void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds);
     42
    4143    void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds);
    4244
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r15530 r15540  
    7272    }
    7373
     74    // authorize if user is admin or resource owner
    7475    public void AuthorizeForResourceAdministration(Guid resourceId) {
    7576      var pm = PersistenceManager;
     
    7879        var resource = resourceDao.GetById(resourceId);
    7980        if (resource == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
     81
    8082        if (resource.OwnerUserId != UserManager.CurrentUserId
    8183            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
     
    8587    }
    8688
     89    // authorize if user is admin, project owner or owner of a parent project
    8790    public void AuthorizeForProjectAdministration(Guid projectId) {
    8891      var pm = PersistenceManager;
    8992      var projectDao = pm.ProjectDao;
    9093      pm.UseTransaction(() => {
     94        // check if project exists (not necessary)
    9195        var project = projectDao.GetById(projectId);
    9296        if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
    9397
    94         var projectTree = projectDao.GetCurrentAndParentProjectsById(projectId);
    95         if(!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
     98        var projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId);
     99        if(!projectBranch.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
    96100            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    97101          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
     102        }
     103      });
     104    }
     105
     106    // authorize if user is admin, or owner of a parent project, for which the resources are assigned to
     107    public void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds) {
     108      var pm = PersistenceManager;
     109      var projectDao = pm.ProjectDao;
     110      var resourceDao = pm.ResourceDao;
     111      var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
     112      pm.UseTransaction(() => {
     113        // check if project exists (not necessary)
     114        var project = projectDao.GetById(projectId);
     115        if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
     116
     117        // check if resourceIds exist
     118        if (!resourceDao.CheckExistence(resourceIds))
     119          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
     120
     121        // check if user is admin
     122        if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return;
     123
     124        // check if user is owner of a parent project and...
     125        // check if the all argument resourceIds are among the assigned resources of the owned projects
     126        var grantedResourceIds = assignedProjectResourceDao.GetAllGrantedResourceIdsOfOwnedParentProjects(projectId, UserManager.CurrentUserId);
     127        if(resourceIds.Except(grantedResourceIds).Any()) {
     128          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    98129        }
    99130      });
Note: See TracChangeset for help on using the changeset viewer.