Changeset 15546 for branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

Timestamp:

12/19/17 13:22:47 (3 years ago)

Author:

jzenisek

Message:

#2839 worked on ProjectResource assignment: (cascading) assigning & unassigning

File:

• branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs (modified) (4 diffs)

branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

@@ -841 +841 @@
 
     #region AssignedProjectResource Methods
-    public void AssignProjectResources(Guid projectId, Guid[] resourceIds) {
-      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
-      AuthorizationManager.AuthorizeForProjectAdministration(projectId);
+    public void AssignProjectResources(Guid projectId, Guid[] resourceIds, bool cascading) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      AuthorizationManager.AuthorizeForProjectResourceAdministration(projectId, resourceIds);
       var pm = PersistenceManager;
       using (new PerformanceLogger("AssignProjectResources")) {
@@ -850 +850 @@
           var project = projectDao.GetById(projectId);
           var assignedProjectResources = project.AssignedProjectResources.ToList();
-
-          // TODO-JAN
-          if (!RoleVerifier.IsInRole(HiveRoles.Administrator))
-            AuthorizeForResources(pm, project, resourceIds);
 
           foreach (var id in resourceIds) {
@@ -862 +858 @@
             }
           }
-          pm.SubmitChanges();
-        });
-      }
-    }
-
-    public void UnassignProjectResources(Guid projectId, Guid[] resourceIds) {
-      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
-      AuthorizationManager.AuthorizeForProjectAdministration(projectId);
-      // TODO-JAN: adjust Authorization Method
-      // only users who are owners of a parent project of projectId are allowed to manage resources
-      // these users can only those resources which are already assigned to
-      // (1) the nearest parent they own
-      // (2) to any of the parent they own
+          if(cascading) {
+            var childProjects = projectDao.GetChildProjectsById(projectId);
+            foreach(var p in childProjects) {
+              p.AssignedProjectResources.Clear();
+              foreach(var id in resourceIds) {
+                p.AssignedProjectResources.Add(new DA.AssignedProjectResource {
+                  ResourceId = id
+                });
+              }
+            }
+          }
+          pm.SubmitChanges();
+        });
+      }
+    }
+
+    public void UnassignProjectResources(Guid projectId, Guid[] resourceIds, bool cascading) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      AuthorizationManager.AuthorizeForProjectResourceAdministration(projectId, resourceIds);
       var pm = PersistenceManager;
       using (new PerformanceLogger("UnassignProjectResources")) {
         var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
-        pm.UseTransaction(() => {
-          assignedProjectResourceDao.DeleteByProjectAndGrantedUserId(projectId, resourceIds);
+        var projectDao = pm.ProjectDao;
+        pm.UseTransaction(() => {
+          if(cascading) {
+            var childProjectIds = projectDao.GetChildProjectIdsById(projectId);
+            assignedProjectResourceDao.DeleteByProjectIdsAndResourceIds(childProjectIds, resourceIds);
+          }
+          assignedProjectResourceDao.DeleteByProjectIdAndResourceIds(projectId, resourceIds);
           pm.SubmitChanges();
         });
@@ -1236 +1243 @@
       }
     }
-
-    // Check if the current user is authorized to administer resourceIds
-    private void AuthorizeForResource(IPersistenceManager pm, DA.Project project, Guid[] resourceIds) {
-      var projectDao = pm.ProjectDao;
-      var resourceDao = pm.ResourceDao;
-
-      var projectBranch = new List<DA.Project> { project };
-      projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId));
-      var ownedProjects = projectBranch.Where(x => x.OwnerUserId == UserManager.CurrentUserId).ToList();
-
-      // get all assigned resourceIds (including children) of owned projects in this branch
-      var assignedResourceIds = ownedProjects.SelectMany(x => x.AssignedProjectResources).Select(x => x.ResourceId).ToList();
-      var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetParentResourceIdsById(x));
-      assignedResourceIds.AddRange(assignedChildResourceIds);
-
-      // look up if all resourceIds are among the assigned ones
-      if (resourceIds.Except(assignedResourceIds).Any()) {
-        throw new SecurityException(NOT_AUTHORIZED_RESOURCE);
-      }
-    }
-
-    // Check if the current user is authorized (i.e. is owner of the (sub)project) to set permissions 
-    // for a certain resource (resourceId) in the context of a certain project (projectId)
-    private DA.Resource AuthorizeForResource(IPersistenceManager pm, Guid resourceId, Guid projectId) {
-      var projectDao = pm.ProjectDao;
-      var project = projectDao.GetById(projectId);
-      if (project == null) throw new SecurityException(NOT_AUTHORIZED_PROJECT); // if project does not exist
-
-      var resourceDao = pm.ResourceDao;
-      var resource = resourceDao.GetById(resourceId);
-      if (resource == null) throw new SecurityException(NOT_AUTHORIZED_RESOURCE); // if resource does not exist
-
-
-      // check if user is administrator, owner of the project or any parent project
-      var projectTree = new List<DA.Project> { project };
-      projectTree.AddRange(projectDao.GetParentProjectsById(projectId));
-      if (!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
-        && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
-        throw new SecurityException(NOT_AUTHORIZED_PROJECT);
-      }
-
-      // look up if resourceId is amongst the assigned ones
-      var assignedResources = project.AssignedProjectResources.ToList();
-      if (assignedResources.Select(x => x.ResourceId).Contains(resourceId)) {
-        return resource;
-      }
-
-      // look up if one of the parent resourceIds is amongst the assigned ones
-      // note: this should be faster than checking all children of the assigned 
-      // resource(-groups) for the certain resourceId
-      var parentResourceIds = resourceDao.GetParentResourceIdsById(resourceId);
-      if (assignedResources.Select(x => x.ResourceId)
-        .Intersect(parentResourceIds).Count() > 0) {
-        return resource;
-      }
-
-      throw new SecurityException(NOT_AUTHORIZED_PROJECT);
-    }
+    
     #endregion
   }