Free cookie consent management tool by TermsFeed Policy Generator

Ignore:
Timestamp:
02/08/18 11:13:15 (7 years ago)
Author:
jzenisek
Message:

#2839

  • updated sql scripts (necessary foreign key option alterations & introduction of statistic tables)
  • updated HiveService according to changed client side (deletion-routine, permission checking,...)
Location:
branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

    r15715 r15737  
    680680      if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    681681        if(projectDto.ParentProjectId.HasValue) {
    682           AuthorizationManager.AuthorizeForProjectAdministration(projectDto.ParentProjectId.Value);
     682          AuthorizationManager.AuthorizeForProjectAdministration(projectDto.ParentProjectId.Value, false);
    683683        } else {
    684684          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
     
    701701      // check if current (non-admin) user is owner of the project or the projectDto's-parents
    702702      if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    703         AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id);
     703        AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id, false);
    704704      }
    705705
     
    720720
    721721    public void DeleteProject(Guid projectId) {
    722       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    723       // check if current (non-admin) user is owner of the project or the projectDto's-parents
     722      if (projectId == Guid.Empty) return;
     723      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     724      // check if current (non-admin) user is owner of one of the projectDto's-parents
    724725      if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    725         AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     726        AuthorizationManager.AuthorizeForProjectAdministration(projectId, true);
    726727      }
    727728
     
    731732        var assignedJobResourceDao = pm.AssignedJobResourceDao;
    732733        pm.UseTransaction(() => {
    733           assignedJobResourceDao.DeleteByProjectId(projectId);
    734           projectDao.Delete(projectId);
     734          var projectIds = new HashSet<Guid> { projectId };
     735          projectIds.Union(projectDao.GetChildProjectIdsById(projectId));
     736
     737          assignedJobResourceDao.DeleteByProjectIds(projectIds);
     738          projectDao.DeleteByIds(projectIds);
    735739          pm.SubmitChanges();
    736740        });
     
    797801      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    798802      if (projectId == null || grantedUserIds == null) return;
    799       AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     803      AuthorizationManager.AuthorizeForProjectAdministration(projectId, false);
    800804      var pm = PersistenceManager;
    801805      using (new PerformanceLogger("SaveProjectPermissions")) {
     
    883887      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    884888      if (projectId == null || grantedUserIds == null || !grantedUserIds.Any()) return;
    885       AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     889      AuthorizationManager.AuthorizeForProjectAdministration(projectId, false);
    886890      var pm = PersistenceManager;
    887891      using (new PerformanceLogger("RevokeProjectPermissions")) {
     
    904908    public IEnumerable<DT.ProjectPermission> GetProjectPermissions(Guid projectId) {
    905909      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    906       AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     910      AuthorizationManager.AuthorizeForProjectAdministration(projectId, false);
    907911      var pm = PersistenceManager;
    908912      using (new PerformanceLogger("GetProjectPermissions")) {
     
    10401044    public IEnumerable<DT.AssignedProjectResource> GetAssignedResourcesForProjectAdministration(Guid projectId) {
    10411045      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    1042       AuthorizationManager.AuthorizeForProjectAdministration(projectId);
     1046      AuthorizationManager.AuthorizeForProjectAdministration(projectId, false);
    10431047      var pm = PersistenceManager;
    10441048      using (new PerformanceLogger("GetAssignedResourcesForProject")) {
     
    12631267
    12641268    public void DeleteSlave(Guid slaveId) {
     1269      if (slaveId == Guid.Empty) return;
    12651270      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    12661271      AuthorizationManager.AuthorizeForResourceAdministration(slaveId);
     
    12761281
    12771282    public void DeleteSlaveGroup(Guid slaveGroupId) {
     1283      if (slaveGroupId == Guid.Empty) return;
    12781284      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    12791285      AuthorizationManager.AuthorizeForResourceAdministration(slaveGroupId);
    12801286      var pm = PersistenceManager;
    12811287      using (new PerformanceLogger("DeleteSlaveGroup")) {
    1282         var slaveGroupDao = pm.SlaveGroupDao;
    1283         pm.UseTransaction(() => {
    1284           slaveGroupDao.Delete(slaveGroupId);
     1288        var resourceDao = pm.ResourceDao;
     1289        pm.UseTransaction(() => {
     1290          var resourceIds = new HashSet<Guid> { slaveGroupId };
     1291          resourceIds.Union(resourceDao.GetChildResourceIdsById(slaveGroupId));
     1292          resourceDao.DeleteByIds(resourceIds);
    12851293          pm.SubmitChanges();
    12861294        });

  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs

    r15540 r15737  
    3737    void AuthorizeForResourceAdministration(Guid resourceId);
    3838
    39     void AuthorizeForProjectAdministration(Guid projectId);
     39    void AuthorizeForProjectAdministration(Guid projectId, bool parentalOwnership);
    4040
    4141    void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds);

  • branches/HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r15715 r15737  
    9292
    9393    // authorize if user is admin, project owner or owner of a parent project
    94     public void AuthorizeForProjectAdministration(Guid projectId) {
     94    public void AuthorizeForProjectAdministration(Guid projectId, bool parentalOwnership) {
    9595      if (projectId == null) return;
    9696      var currentUserId = UserManager.CurrentUserId;
     
    9898      var projectDao = pm.ProjectDao;
    9999      pm.UseTransaction(() => {
    100         var projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId).ToList();
    101         if(!projectBranch.Select(x => x.OwnerUserId).Contains(currentUserId)
    102             && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
     100        List<Project> projectBranch = null;
     101        if(parentalOwnership) projectDao.GetParentProjectsById(projectId).ToList();
     102        else projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId).ToList();
     103
     104        if(!RoleVerifier.IsInRole(HiveRoles.Administrator)
     105            && !projectBranch.Select(x => x.OwnerUserId).Contains(currentUserId)) {
    103106          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
    104107        }
Note: See TracChangeset for help on using the changeset viewer.