Changeset 15540 for branches/HiveProjectManagement
- Timestamp:
- 12/18/17 17:38:05 (7 years ago)
- Location:
- branches/HiveProjectManagement
- Files:
-
- 6 edited
-
HeuristicLab.Services.Hive.DataAccess/3.3/Daos/AssignedProjectResourceDao.cs (modified) (2 diffs)
-
HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ProjectDao.cs (modified) (1 diff)
-
HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ResourceDao.cs (modified) (2 diffs)
-
HeuristicLab.Services.Hive.DataAccess/3.3/HeuristicLab.Services.Hive.DataAccess-3.3.csproj (modified) (2 diffs)
-
HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs (modified) (1 diff)
-
HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/AssignedProjectResourceDao.cs
r15530 r15540 61 61 return DataContext.ExecuteQuery<Guid>(GetAllGrantedResourceIdsByProjectIdQueryString, projectId); 62 62 } 63 64 public IEnumerable<Guid> GetAllGrantedResourceIdsOfOwnedParentProjects(Guid projectId, Guid userId) { 65 return DataContext.ExecuteQuery<Guid>(GetAllGrantedResourceIdsOfOwnedParentProjectsQueryString, projectId, userId); 66 } 67 63 68 64 69 #region Compiled queries … … 140 145 WHERE apr.ProjectId = {0} 141 146 "; 147 private const string GetAllGrantedResourceIdsOfOwnedParentProjectsQueryString = @" 148 WITH pbranch AS 149 ( 150 SELECT ProjectId, ParentProjectId 151 FROM [Project] 152 UNION ALL 153 SELECT pb.ProjectId, p.ParentProjectId 154 FROM [Project] p 155 JOIN pbranch pb ON pb.ParentProjectId = p.ProjectId AND p.ParentProjectId <> p.ProjectId AND pb.ParentProjectId <> pb.ProjectId 156 ), 157 rtree AS 158 ( 159 SELECT ResourceId, ParentResourceId 160 FROM [Resource] 161 UNION ALL 162 SELECT rt.ResourceId, r.ParentResourceId 163 FROM [Resource] r 164 JOIN rtree rt ON rt.ParentResourceId = r.ResourceId AND r.ParentResourceId <> r.ResourceId AND rt.ParentResourceId <> rt.ResourceId 165 ) 166 SELECT DISTINCT rtree.ResourceId 167 FROM pbranch, rtree, [Project] pro, [AssignedProjectResource] apr 168 WHERE pbranch.ProjectId = {0} 169 AND pbranch.ParentProjectId = pro.ProjectId 170 AND pro.OwnerUserId = {1} 171 AND pbranch.ParentProjectId = apr.ProjectId 172 AND apr.ResourceId = rtree.ParentResourceId 173 "; 142 174 #endregion 143 175 } -
branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ProjectDao.cs
r15527 r15540 153 153 FROM pbranch 154 154 "; 155 private const string GetNearestOwnedParentProjectByIdQuery = @" 156 WITH pbranch AS 157 ( 158 SELECT ProjectId, ParentProjectId, CAST(ProjectId AS NVARCHAR(MAX)) Path, 1 Distance 159 FROM [Project] 160 WHERE ProjectId = {0} 161 UNION ALL 162 SELECT pb.ProjectId, p.ParentProjectId, pb.Path + N', ' + CAST(pb.ProjectId AS NVARCHAR(MAX)), pb.Distance + 1 163 FROM [Project] p 164 JOIN pbranch pb ON pb.ParentProjectId = p.ProjectId AND p.ParentProjectId <> p.ProjectId AND pb.ParentProjectId <> pb.ProjectId 165 ) 166 SELECT TOP(1) pro.* 167 FROM pbranch, [Project] pro 168 WHERE pbranch.ParentProjectId = pro.ProjectId 169 AND pro.OwnerUserId = {1} 170 ORDER BY pbranch.Distance 171 "; 172 private const string GetFarestOwnedParentProjectIdByIdQuery = @" 173 WITH pbranch AS 174 ( 175 SELECT ProjectId, ParentProjectId, CAST(ProjectId AS NVARCHAR(MAX)) Path, 1 Distance 176 FROM [Project] 177 WHERE ProjectId = {0} 178 UNION ALL 179 SELECT pb.ProjectId, p.ParentProjectId, pb.Path + N', ' + CAST(pb.ProjectId AS NVARCHAR(MAX)), pb.Distance + 1 180 FROM [Project] p 181 JOIN pbranch pb ON pb.ParentProjectId = p.ProjectId AND p.ParentProjectId <> p.ProjectId AND pb.ParentProjectId <> pb.ProjectId 182 ) 183 SELECT TOP(1) pro.* 184 FROM pbranch, [Project] pro 185 WHERE pbranch.ParentProjectId = pro.ProjectId 186 AND pro.OwnerUserId = {1} 187 ORDER BY pbranch.Distance DESC 188 "; 155 189 #endregion 156 190 } -
branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/ResourceDao.cs
r15527 r15540 35 35 public Resource GetByName(string name) { 36 36 return GetByNameQuery(DataContext, name); 37 } 38 39 public bool CheckExistence(IEnumerable<Guid> ids) { 40 string paramResourceIds = string.Join(",", ids.Select(x => string.Format("'{0}'", x))); 41 if (!string.IsNullOrWhiteSpace(paramResourceIds)) { 42 string queryString = string.Format(CountExistenceQuery, paramResourceIds); 43 return DataContext.ExecuteQuery<int>(queryString).Count() == ids.Count(); 44 } 45 return false; 37 46 } 38 47 … … 80 89 81 90 #region String queries 91 private const string CountExistenceQuery = @" 92 SELECT COUNT(DISTINCT r.ResourceId) 93 FROM [Resource] r 94 WHERE r.ResourceId IN ({0}) 95 "; 82 96 private const string GetChildResourcesByIdQuery = @" 83 97 WITH rtree AS -
branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/HeuristicLab.Services.Hive.DataAccess-3.3.csproj
r15508 r15540 104 104 <ItemGroup> 105 105 <None Include="Plugin.cs.frame" /> 106 <Compile Include="Daos\AssignedJobResourceDao.cs" /> 106 107 <Compile Include="Daos\AssignedProjectResourceDao.cs" /> 107 108 <Compile Include="Daos\AssignedTaskResourceDao.cs" /> … … 123 124 <Compile Include="Daos\RequiredPluginDao.cs" /> 124 125 <Compile Include="Daos\ResourceDao.cs" /> 125 <Compile Include="Daos\ResourcePermissionDao.cs" />126 126 <Compile Include="Daos\SlaveDao.cs" /> 127 127 <Compile Include="Daos\SlaveGroupDao.cs" /> -
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs
r15530 r15540 39 39 void AuthorizeForProjectAdministration(Guid projectId); 40 40 41 void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds); 42 41 43 void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds); 42 44 -
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
r15530 r15540 72 72 } 73 73 74 // authorize if user is admin or resource owner 74 75 public void AuthorizeForResourceAdministration(Guid resourceId) { 75 76 var pm = PersistenceManager; … … 78 79 var resource = resourceDao.GetById(resourceId); 79 80 if (resource == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 81 80 82 if (resource.OwnerUserId != UserManager.CurrentUserId 81 83 && !RoleVerifier.IsInRole(HiveRoles.Administrator)) { … … 85 87 } 86 88 89 // authorize if user is admin, project owner or owner of a parent project 87 90 public void AuthorizeForProjectAdministration(Guid projectId) { 88 91 var pm = PersistenceManager; 89 92 var projectDao = pm.ProjectDao; 90 93 pm.UseTransaction(() => { 94 // check if project exists (not necessary) 91 95 var project = projectDao.GetById(projectId); 92 96 if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 93 97 94 var project Tree= projectDao.GetCurrentAndParentProjectsById(projectId);95 if(!project Tree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)98 var projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId); 99 if(!projectBranch.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId) 96 100 && !RoleVerifier.IsInRole(HiveRoles.Administrator)) { 97 101 throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 102 } 103 }); 104 } 105 106 // authorize if user is admin, or owner of a parent project, for which the resources are assigned to 107 public void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds) { 108 var pm = PersistenceManager; 109 var projectDao = pm.ProjectDao; 110 var resourceDao = pm.ResourceDao; 111 var assignedProjectResourceDao = pm.AssignedProjectResourceDao; 112 pm.UseTransaction(() => { 113 // check if project exists (not necessary) 114 var project = projectDao.GetById(projectId); 115 if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 116 117 // check if resourceIds exist 118 if (!resourceDao.CheckExistence(resourceIds)) 119 throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 120 121 // check if user is admin 122 if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return; 123 124 // check if user is owner of a parent project and... 125 // check if the all argument resourceIds are among the assigned resources of the owned projects 126 var grantedResourceIds = assignedProjectResourceDao.GetAllGrantedResourceIdsOfOwnedParentProjects(projectId, UserManager.CurrentUserId); 127 if(resourceIds.Except(grantedResourceIds).Any()) { 128 throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE); 98 129 } 99 130 });
Note: See TracChangeset
for help on using the changeset viewer.
