Changeset 15715 for branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager

Timestamp:

02/02/18 20:19:43 (7 years ago)

Author:

jzenisek

Message:

#2839 improved permission checking of HiveService methods

File:

• branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs (modified) (3 diffs)

branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

@@ -37 +37 @@
     private const string NOT_AUTHORIZED_USERJOB = "Current user is not authorized to access the requested job";
     private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
+    private const string USER_NOT_IDENTIFIED = "User could not be identified";
+    private const string TASK_NOT_EXISTENT = "Queried task could not be found";
 
     private IPersistenceManager PersistenceManager {
@@ -61 +63 @@
       pm.UseTransaction(() => {
         var task = taskDao.GetById(taskId);
-        if (task == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
+        if (task == null) throw new SecurityException(TASK_NOT_EXISTENT);
         AuthorizeJob(pm, task.JobId, requiredPermission);
       });
@@ -151 +153 @@
     // note: administrators and project owner are NOT automatically granted
     public void AuthorizeUserForProjectUse(Guid userId, Guid projectId) {
-      if (userId == null || projectId == null) return;
+      if(userId == null || userId == Guid.Empty) {
+        throw new SecurityException(USER_NOT_IDENTIFIED);
+      }
+      if(projectId == null) return;
+
       var pm = PersistenceManager;
       // collect current and group membership Ids