Ignore:
Timestamp:
12/19/17 13:22:47 (3 years ago)
Author:
jzenisek
Message:

#2839 worked on ProjectResource assignment: (cascading) assigning & unassigning

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

    r15530 r15546  
    841841
    842842    #region AssignedProjectResource Methods
    843     public void AssignProjectResources(Guid projectId, Guid[] resourceIds) {
    844       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    845       AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     843    public void AssignProjectResources(Guid projectId, Guid[] resourceIds, bool cascading) {
     844      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     845      AuthorizationManager.AuthorizeForProjectResourceAdministration(projectId, resourceIds);
    846846      var pm = PersistenceManager;
    847847      using (new PerformanceLogger("AssignProjectResources")) {
     
    850850          var project = projectDao.GetById(projectId);
    851851          var assignedProjectResources = project.AssignedProjectResources.ToList();
    852 
    853           // TODO-JAN
    854           if (!RoleVerifier.IsInRole(HiveRoles.Administrator))
    855             AuthorizeForResources(pm, project, resourceIds);
    856852
    857853          foreach (var id in resourceIds) {
     
    862858            }
    863859          }
    864           pm.SubmitChanges();
    865         });
    866       }
    867     }
    868 
    869     public void UnassignProjectResources(Guid projectId, Guid[] resourceIds) {
    870       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    871       AuthorizationManager.AuthorizeForProjectAdministration(projectId);
    872       // TODO-JAN: adjust Authorization Method
    873       // only users who are owners of a parent project of projectId are allowed to manage resources
    874       // these users can only those resources which are already assigned to
    875       // (1) the nearest parent they own
    876       // (2) to any of the parent they own
     860          if(cascading) {
     861            var childProjects = projectDao.GetChildProjectsById(projectId);
     862            foreach(var p in childProjects) {
     863              p.AssignedProjectResources.Clear();
     864              foreach(var id in resourceIds) {
     865                p.AssignedProjectResources.Add(new DA.AssignedProjectResource {
     866                  ResourceId = id
     867                });
     868              }
     869            }
     870          }
     871          pm.SubmitChanges();
     872        });
     873      }
     874    }
     875
     876    public void UnassignProjectResources(Guid projectId, Guid[] resourceIds, bool cascading) {
     877      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     878      AuthorizationManager.AuthorizeForProjectResourceAdministration(projectId, resourceIds);
    877879      var pm = PersistenceManager;
    878880      using (new PerformanceLogger("UnassignProjectResources")) {
    879881        var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
    880         pm.UseTransaction(() => {
    881           assignedProjectResourceDao.DeleteByProjectAndGrantedUserId(projectId, resourceIds);
     882        var projectDao = pm.ProjectDao;
     883        pm.UseTransaction(() => {
     884          if(cascading) {
     885            var childProjectIds = projectDao.GetChildProjectIdsById(projectId);
     886            assignedProjectResourceDao.DeleteByProjectIdsAndResourceIds(childProjectIds, resourceIds);
     887          }
     888          assignedProjectResourceDao.DeleteByProjectIdAndResourceIds(projectId, resourceIds);
    882889          pm.SubmitChanges();
    883890        });
     
    12361243      }
    12371244    }
    1238 
    1239     // Check if the current user is authorized to administer resourceIds
    1240     private void AuthorizeForResource(IPersistenceManager pm, DA.Project project, Guid[] resourceIds) {
    1241       var projectDao = pm.ProjectDao;
    1242       var resourceDao = pm.ResourceDao;
    1243 
    1244       var projectBranch = new List<DA.Project> { project };
    1245       projectBranch.AddRange(projectDao.GetParentProjectsById(project.ProjectId));
    1246       var ownedProjects = projectBranch.Where(x => x.OwnerUserId == UserManager.CurrentUserId).ToList();
    1247 
    1248       // get all assigned resourceIds (including children) of owned projects in this branch
    1249       var assignedResourceIds = ownedProjects.SelectMany(x => x.AssignedProjectResources).Select(x => x.ResourceId).ToList();
    1250       var assignedChildResourceIds = assignedResourceIds.SelectMany(x => resourceDao.GetParentResourceIdsById(x));
    1251       assignedResourceIds.AddRange(assignedChildResourceIds);
    1252 
    1253       // look up if all resourceIds are among the assigned ones
    1254       if (resourceIds.Except(assignedResourceIds).Any()) {
    1255         throw new SecurityException(NOT_AUTHORIZED_RESOURCE);
    1256       }
    1257     }
    1258 
    1259     // Check if the current user is authorized (i.e. is owner of the (sub)project) to set permissions
    1260     // for a certain resource (resourceId) in the context of a certain project (projectId)
    1261     private DA.Resource AuthorizeForResource(IPersistenceManager pm, Guid resourceId, Guid projectId) {
    1262       var projectDao = pm.ProjectDao;
    1263       var project = projectDao.GetById(projectId);
    1264       if (project == null) throw new SecurityException(NOT_AUTHORIZED_PROJECT); // if project does not exist
    1265 
    1266       var resourceDao = pm.ResourceDao;
    1267       var resource = resourceDao.GetById(resourceId);
    1268       if (resource == null) throw new SecurityException(NOT_AUTHORIZED_RESOURCE); // if resource does not exist
    1269 
    1270 
    1271       // check if user is administrator, owner of the project or any parent project
    1272       var projectTree = new List<DA.Project> { project };
    1273       projectTree.AddRange(projectDao.GetParentProjectsById(projectId));
    1274       if (!projectTree.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
    1275         && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    1276         throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1277       }
    1278 
    1279       // look up if resourceId is amongst the assigned ones
    1280       var assignedResources = project.AssignedProjectResources.ToList();
    1281       if (assignedResources.Select(x => x.ResourceId).Contains(resourceId)) {
    1282         return resource;
    1283       }
    1284 
    1285       // look up if one of the parent resourceIds is amongst the assigned ones
    1286       // note: this should be faster than checking all children of the assigned
    1287       // resource(-groups) for the certain resourceId
    1288       var parentResourceIds = resourceDao.GetParentResourceIdsById(resourceId);
    1289       if (assignedResources.Select(x => x.ResourceId)
    1290         .Intersect(parentResourceIds).Count() > 0) {
    1291         return resource;
    1292       }
    1293 
    1294       throw new SecurityException(NOT_AUTHORIZED_PROJECT);
    1295     }
     1245   
    12961246    #endregion
    12971247  }
Note: See TracChangeset for help on using the changeset viewer.