- Timestamp:
- 02/02/18 20:19:43 (7 years ago)
- Location:
- branches/HiveProjectManagement
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/HiveProjectManagement/HeuristicLab.Services.Hive.DataAccess/3.3/Daos/AssignedProjectResourceDao.cs
r15658 r15715 116 116 WHERE ProjectId IN ({0}) 117 117 "; 118 // tested119 118 private const string CheckProjectGrantedForResourcesQueryString = @" 120 119 WITH rtree AS -
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs
r15658 r15715 72 72 public Guid AddTask(DT.Task task, DT.TaskData taskData) { 73 73 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 74 AuthorizationManager.AuthorizeForJob(task.JobId, DT.Permission.Full); 74 75 var pm = PersistenceManager; 75 76 using (new PerformanceLogger("AddTask")) { … … 322 323 var pm = PersistenceManager; 323 324 using (new PerformanceLogger("GetJobs")) { 324 // TODO-JAN: optimization potential - avoid using too many joins in linq325 325 var jobDao = pm.JobDao; 326 326 var jobPermissionDao = pm.JobPermissionDao; … … 336 336 .Select(x => x.ToDto()) 337 337 .ToList(); 338 // calculate stats only for owned & permitted jobs; TODO: query only needed ones, not all339 338 var statistics = taskDao.GetAll() 340 339 .Where(x => jobs.Select(y => y.Id).Contains(x.JobId)) … … 367 366 } 368 367 369 public Guid AddJob(DT.Job jobDto) {370 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);371 var pm = PersistenceManager;372 using (new PerformanceLogger("AddJob")) {373 var jobDao = pm.JobDao;374 var userPriorityDao = pm.UserPriorityDao;375 return pm.UseTransaction(() => {376 jobDto.OwnerUserId = UserManager.CurrentUserId;377 jobDto.DateCreated = DateTime.Now;378 var job = jobDao.Save(jobDto.ToEntity());379 if (userPriorityDao.GetById(jobDto.OwnerUserId) == null) {380 userPriorityDao.Save(new DA.UserPriority {381 UserId = jobDto.OwnerUserId,382 DateEnqueued = jobDto.DateCreated383 });384 }385 pm.SubmitChanges();386 return job.JobId;387 });388 }389 }390 391 368 public Guid AddJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) { 392 369 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); … … 406 383 407 384 // add resource assignments 408 newJob.AssignedJobResources.AddRange(resourceIds.Select( 409 x => new DA.AssignedJobResource { 410 ResourceId = x 411 })); 385 if (resourceIds != null && resourceIds.Any()) { 386 newJob.AssignedJobResources.AddRange(resourceIds.Select( 387 x => new DA.AssignedJobResource { 388 ResourceId = x 389 })); 390 } 412 391 413 392 var job = jobDao.Save(newJob); … … 424 403 } 425 404 426 public void UpdateJob(DT.Job jobDto) {427 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);428 AuthorizationManager.AuthorizeForJob(jobDto.Id, DT.Permission.Full);429 var pm = PersistenceManager;430 using (new PerformanceLogger("UpdateJob")) {431 bool exists = true;432 var jobDao = pm.JobDao;433 pm.UseTransaction(() => {434 var job = jobDao.GetById(jobDto.Id);435 if (job == null) {436 exists = false;437 job = new DA.Job();438 }439 jobDto.CopyToEntity(job);440 if (!exists) {441 jobDao.Save(job);442 }443 pm.SubmitChanges();444 });445 }446 }447 448 405 public void UpdateJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) { 449 406 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); … … 468 425 if (!exists) { 469 426 // add resource assignments 470 job.AssignedJobResources.AddRange(resourceIds.Select( 471 x => new DA.AssignedJobResource { 472 ResourceId = x 427 if (resourceIds != null && resourceIds.Any()) { 428 job.AssignedJobResources.AddRange(resourceIds.Select( 429 x => new DA.AssignedJobResource { 430 ResourceId = x 473 431 })); 432 } 474 433 jobDao.Save(job); 475 } else {434 } else if(resourceIds != null) { 476 435 var addedJobResourceIds = resourceIds.Except(job.AssignedJobResources.Select(x => x.ResourceId)); 477 436 var removedJobResourceIds = job.AssignedJobResources … … 716 675 #region Project Methods 717 676 public Guid AddProject(DT.Project projectDto) { 718 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator); 677 if (projectDto == null) return Guid.Empty; 678 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 679 // check if current (non-admin) user is owner of one of projectDto's-parents 680 if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) { 681 if(projectDto.ParentProjectId.HasValue) { 682 AuthorizationManager.AuthorizeForProjectAdministration(projectDto.ParentProjectId.Value); 683 } else { 684 throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 685 } 686 } 687 719 688 var pm = PersistenceManager; 720 689 using (new PerformanceLogger("AddProject")) { … … 729 698 730 699 public void UpdateProject(DT.Project projectDto) { 731 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator); 700 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 701 // check if current (non-admin) user is owner of the project or the projectDto's-parents 702 if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) { 703 AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id); 704 } 705 732 706 var pm = PersistenceManager; 733 707 using (new PerformanceLogger("UpdateProject")) { … … 746 720 747 721 public void DeleteProject(Guid projectId) { 748 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator); 722 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 723 // check if current (non-admin) user is owner of the project or the projectDto's-parents 724 if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) { 725 AuthorizationManager.AuthorizeForProjectAdministration(projectId); 726 } 727 749 728 var pm = PersistenceManager; 750 729 using (new PerformanceLogger("DeleteProject")) { … … 759 738 } 760 739 740 // query granted project for use (i.e. to calculate on) 761 741 public DT.Project GetProject(Guid projectId) { 762 742 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); … … 764 744 using (new PerformanceLogger("GetProject")) { 765 745 var projectDao = pm.ProjectDao; 766 return pm.UseTransaction(() => projectDao.GetById(projectId).ToDto());767 }768 }769 770 // query granted projects for use (i.e. to calculate on)771 public IEnumerable<DT.Project> GetProjects() {772 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);773 //bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);774 var pm = PersistenceManager;775 using (new PerformanceLogger("GetProjects")) {776 var projectDao = pm.ProjectDao;777 //var projectPermissionDao = pm.ProjectPermissionDao;778 746 var currentUserId = UserManager.CurrentUserId; 779 747 var userAndGroupIds = new List<Guid> { currentUserId }; … … 781 749 return pm.UseTransaction(() => { 782 750 return projectDao.GetUsageGrantedProjectsForUser(userAndGroupIds) 751 .Where(x => x.ProjectId == projectId) 752 .Select(x => x.ToDto()) 753 .SingleOrDefault(); 754 }); 755 } 756 } 757 758 // query granted projects for use (i.e. to calculate on) 759 public IEnumerable<DT.Project> GetProjects() { 760 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 761 var pm = PersistenceManager; 762 using (new PerformanceLogger("GetProjects")) { 763 var projectDao = pm.ProjectDao; 764 var currentUserId = UserManager.CurrentUserId; 765 var userAndGroupIds = new List<Guid> { currentUserId }; 766 userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(currentUserId)); 767 return pm.UseTransaction(() => { 768 return projectDao.GetUsageGrantedProjectsForUser(userAndGroupIds) 783 769 .Select(x => x.ToDto()).ToList(); 784 770 }); … … 792 778 using (new PerformanceLogger("GetProjectsForAdministration")) { 793 779 var projectDao = pm.ProjectDao; 794 //var projectPermissionDao = pm.ProjectPermissionDao;795 780 796 781 return pm.UseTransaction(() => { … … 803 788 804 789 } 805 806 //var projectPermissions = projectPermissionDao.GetAll();807 //return projectDao.GetAll().ToList()808 // .Where(x => isAdministrator809 // || x.OwnerUserId == currentUserId810 // || UserManager.VerifyUser(currentUserId, projectPermissions811 // .Where(y => y.ProjectId == x.ProjectId)812 // .Select(z => z.GrantedUserId)813 // .ToList())814 // )815 // .Select(x => x.ToDto())816 // .ToList();817 790 }); 818 791 } … … 903 876 } 904 877 905 p ublicvoid GrantProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading) {878 private void GrantProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading) { 906 879 throw new NotImplementedException(); 907 880 } 908 881 909 p ublicvoid RevokeProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading) {882 private void RevokeProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading) { 910 883 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 911 884 if (projectId == null || grantedUserIds == null || !grantedUserIds.Any()) return; … … 960 933 var project = projectDao.GetById(projectId); 961 934 var assignedResources = project.AssignedProjectResources.Select(x => x.ResourceId).ToArray(); 962 //var addedAssignments = resourceIds.Except(assignedResources);963 935 var removedAssignments = assignedResources.Except(resourceIds); 964 936 … … 1000 972 // remove project assignments 1001 973 if (reassignCascading) { 1002 //assignedProjectResourceDao.DeleteByProjectIds(new List<Guid> { p.ProjectId });1003 974 p.AssignedProjectResources.Clear(); 1004 975 } else { 1005 //assignedProjectResourceDao.DeleteByProjectIdAndResourceIds(p.ProjectId, removedAssignments);1006 //for(int i = p.AssignedProjectResources.Count -1; i >= 0; i--) {1007 // if(removedAssignments.Contains(p.AssignedProjectResources[i].ResourceId)) {1008 // p.AssignedProjectResources.RemoveAt(i);1009 // }1010 //}1011 976 foreach (var item in p.AssignedProjectResources 1012 977 .Where(x => removedAssignments.Contains(x.ResourceId)) … … 1032 997 } 1033 998 1034 p ublicvoid AssignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading) {999 private void AssignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading) { 1035 1000 throw new NotImplementedException(); 1036 1001 } … … 1038 1003 // basic: unassign resourceIds from project and depending jobs 1039 1004 // cascading: unassign resourceIds from all child-projects and their depending jobs 1040 p ublicvoid UnassignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading) {1005 private void UnassignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading) { 1041 1006 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 1042 1007 if (projectId == null || resourceIds == null || !resourceIds.Any()) return; … … 1103 1068 1104 1069 public Guid AddSlaveGroup(DT.SlaveGroup slaveGroupDto) { 1105 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);1070 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator); 1106 1071 var pm = PersistenceManager; 1107 1072 using (new PerformanceLogger("AddSlaveGroup")) { … … 1127 1092 } 1128 1093 1094 // query granted slaves for use (i.e. to calculate on) 1129 1095 public IEnumerable<DT.Slave> GetSlaves() { 1130 1096 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); … … 1158 1124 } 1159 1125 1126 // query granted slave groups for use (i.e. to calculate on) 1160 1127 public IEnumerable<DT.SlaveGroup> GetSlaveGroups() { 1161 1128 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); … … 1189 1156 } 1190 1157 1158 // query granted slaves for resource administration 1191 1159 public IEnumerable<DT.Slave> GetSlavesForAdministration() { 1192 1160 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); … … 1222 1190 } 1223 1191 1192 // query granted slave groups for resource administration 1224 1193 public IEnumerable<DT.SlaveGroup> GetSlaveGroupsForAdministration() { 1225 1194 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); … … 1257 1226 public void UpdateSlave(DT.Slave slaveDto) { 1258 1227 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 1228 if (slaveDto == null) return; 1259 1229 AuthorizationManager.AuthorizeForResourceAdministration(slaveDto.Id); 1260 1230 var pm = PersistenceManager; … … 1275 1245 public void UpdateSlaveGroup(DT.SlaveGroup slaveGroupDto) { 1276 1246 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 1247 if (slaveGroupDto == null) return; 1277 1248 AuthorizationManager.AuthorizeForResourceAdministration(slaveGroupDto.Id); 1278 1249 var pm = PersistenceManager; -
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
r15628 r15715 37 37 private const string NOT_AUTHORIZED_USERJOB = "Current user is not authorized to access the requested job"; 38 38 private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource"; 39 private const string USER_NOT_IDENTIFIED = "User could not be identified"; 40 private const string TASK_NOT_EXISTENT = "Queried task could not be found"; 39 41 40 42 private IPersistenceManager PersistenceManager { … … 61 63 pm.UseTransaction(() => { 62 64 var task = taskDao.GetById(taskId); 63 if (task == null) throw new SecurityException( NOT_AUTHORIZED_USERRESOURCE);65 if (task == null) throw new SecurityException(TASK_NOT_EXISTENT); 64 66 AuthorizeJob(pm, task.JobId, requiredPermission); 65 67 }); … … 151 153 // note: administrators and project owner are NOT automatically granted 152 154 public void AuthorizeUserForProjectUse(Guid userId, Guid projectId) { 153 if (userId == null || projectId == null) return; 155 if(userId == null || userId == Guid.Empty) { 156 throw new SecurityException(USER_NOT_IDENTIFIED); 157 } 158 if(projectId == null) return; 159 154 160 var pm = PersistenceManager; 155 161 // collect current and group membership Ids -
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/ServiceContracts/IHiveService.cs
r15658 r15715 78 78 IEnumerable<Job> GetJobs(); 79 79 80 //[OperationContract]81 //Guid AddJob(Job jobDto);82 83 80 [OperationContract] 84 81 Guid AddJob(Job jobDto, IEnumerable<Guid> resourceIds); 85 86 //[OperationContract]87 //void UpdateJob(Job jobDto);88 82 89 83 [OperationContract] … … 166 160 void SaveProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool reassign, bool cascading, bool reassignCascading); 167 161 168 [OperationContract]169 void GrantProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading);170 171 [OperationContract]172 void RevokeProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading);162 //[OperationContract] 163 //void GrantProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading); 164 165 //[OperationContract] 166 //void RevokeProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading); 173 167 174 168 [OperationContract] … … 180 174 void SaveProjectResourceAssignments(Guid projectId, List<Guid> resourceIds, bool reassign, bool cascading, bool reassignCascading); 181 175 182 [OperationContract]183 void AssignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading);184 185 [OperationContract]186 void UnassignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading);176 //[OperationContract] 177 //void AssignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading); 178 179 //[OperationContract] 180 //void UnassignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading); 187 181 188 182 [OperationContract]
Note: See TracChangeset
for help on using the changeset viewer.