Changeset 15577 for branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager

Timestamp:

01/05/18 15:13:25 (7 years ago)

Author:

jzenisek

Message:

#2839 worked on service side mgmt of project-resource assignments and project-user permissions

File:

• branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs (modified) (10 diffs)

branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

@@ -75 +75 @@
     // authorize if user is admin or resource owner
     public void AuthorizeForResourceAdministration(Guid resourceId) {
+      var currentUserId = UserManager.CurrentUserId;
       var pm = PersistenceManager;
       var resourceDao = pm.ResourceDao;
@@ -81 +82 @@
         if (resource == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
 
-        if (resource.OwnerUserId != UserManager.CurrentUserId
+        if (resource.OwnerUserId != currentUserId
             && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
           throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
@@ -90 +91 @@
     // authorize if user is admin, project owner or owner of a parent project
     public void AuthorizeForProjectAdministration(Guid projectId) {
+      if (projectId == null) return;
+      var currentUserId = UserManager.CurrentUserId;
       var pm = PersistenceManager;
       var projectDao = pm.ProjectDao;
@@ -98 +101 @@
 
         var projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId);
-        if(!projectBranch.Select(x => x.OwnerUserId).Contains(UserManager.CurrentUserId)
+        if(!projectBranch.Select(x => x.OwnerUserId).Contains(currentUserId)
             && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
           throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
@@ -107 +110 @@
     // authorize if user is admin, or owner of a parent project, for which the resources are assigned to
     public void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds) {
+      if (projectId == null) return;
+      var currentUserId = UserManager.CurrentUserId;
       var pm = PersistenceManager;
       var projectDao = pm.ProjectDao;
@@ -117 +122 @@
 
         // check if resourceIds exist
-        if (!resourceDao.CheckExistence(resourceIds))
+        if (resourceIds != null && resourceIds.Any() && !resourceDao.CheckExistence(resourceIds))
           throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
 
@@ -123 +128 @@
         if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return;
 
-        // check if user is owner of a parent project and...
+        // check if user is owner of a parent project
+        var projectBranch = projectDao.GetParentProjectsById(projectId);
+        if (!projectBranch.Select(x => x.OwnerUserId).Contains(currentUserId)
+            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
+          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
+        }
+
         // check if the all argument resourceIds are among the assigned resources of the owned projects
-        var grantedResourceIds = assignedProjectResourceDao.GetAllGrantedResourceIdsOfOwnedParentProjects(projectId, UserManager.CurrentUserId);
+        var grantedResourceIds = assignedProjectResourceDao.GetAllGrantedResourceIdsOfOwnedParentProjects(projectId, currentUserId);
         if(resourceIds.Except(grantedResourceIds).Any()) {
           throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
@@ -134 +145 @@
     // Check if a project is authorized to use a list of resources
     public void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds) {
+      if (projectId == null || resourceIds == null || !resourceIds.Any()) return;
       var pm = PersistenceManager;
       var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
@@ -143 +155 @@
     // note: administrators and project owner are NOT automatically granted
     public void AuthorizeUserForProjectUse(Guid userId, Guid projectId) {
+      if (userId == null || projectId == null) return;
       var pm = PersistenceManager;
       // collect current and group membership Ids
@@ -166 +179 @@
 
     private void AuthorizeJob(IPersistenceManager pm, Guid jobId, DT.Permission requiredPermission) {
+      var currentUserId = UserManager.CurrentUserId;
       var requiredPermissionEntity = requiredPermission.ToEntity();
-      DA.Permission permission = GetPermissionForJob(pm, jobId, UserManager.CurrentUserId);
+      DA.Permission permission = GetPermissionForJob(pm, jobId, currentUserId);
       if (permission == Permission.NotAllowed
           || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) {