Changeset 15992 for branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

Timestamp:

07/10/18 23:06:00 (6 years ago)

Author:

jzenisek

Message:

#2839: fixed couple of minor issues

• changed tags in resource selector
• added project information in job list and adapted sortation
• fixed hand-down save by withdrawing additional offset-rights (permissions, resources),...

File:

• branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs (modified) (13 diffs)

branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

@@ -43 +43 @@
     private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
     private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project";
+    private const string NOT_AUTHORIZED_PROJECTOWNER = "The set user is not authorized to own the project";
     private const string NO_JOB_UPDATE_POSSIBLE = "This job has already been flagged for deletion, thus, it can not be updated anymore.";
 
@@ -768 +769 @@
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
       // check if current (non-admin) user is owner of one of projectDto's-parents
+      // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry)
       if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {
-        if(projectDto.ParentProjectId.HasValue) {
+        if(projectDto != null && projectDto.ParentProjectId.HasValue) {
           AuthorizationManager.AuthorizeForProjectAdministration(projectDto.ParentProjectId.Value, false);
         } else {
@@ -775 +777 @@
         }
       }
-      
+
+      // check that non-admins can not be set as owner of root projects
+      if (projectDto != null && !projectDto.ParentProjectId.HasValue) {
+        var owner = UserManager.GetUserById(projectDto.OwnerUserId);
+        if (owner == null || !RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)) {
+          throw new SecurityException(NOT_AUTHORIZED_PROJECTOWNER);
+        }
+      }
+
       var pm = PersistenceManager;
       using (new PerformanceLogger("AddProject")) {
@@ -797 +807 @@
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
       // check if current (non-admin) user is owner of the project or the projectDto's-parents
+      // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry)
       if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {
-        AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id, false);
-      }
-
+        if (projectDto != null && projectDto.ParentProjectId.HasValue) {
+          AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id, false);
+        } else {
+          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
+        }
+      }
+
+      // check that non-admins can not be set as owner of root projects
+      if(projectDto != null && !projectDto.ParentProjectId.HasValue) {
+        var owner = UserManager.GetUserById(projectDto.OwnerUserId);
+        if(owner == null || !RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)) {
+          throw new SecurityException(NOT_AUTHORIZED_PROJECTOWNER);
+        }
+      }
+      
       var pm = PersistenceManager;
       using (new PerformanceLogger("UpdateProject")) {
@@ -863 +886 @@
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
       // check if current (non-admin) user is owner of one of the projectDto's-parents
-      if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {
+      // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry)
+      if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {        
         AuthorizationManager.AuthorizeForProjectAdministration(projectId, true);
       }
@@ -922 +946 @@
             .Select(x => x.ToDto()).ToList();
           var now = DateTime.Now;
-          return projects.Where(x => x.StartDate <= now && x.EndDate >= now).ToList();
+          return projects.Where(x => x.StartDate <= now && (x.EndDate == null || x.EndDate >= now)).ToList();
         });
       }
@@ -999 +1023 @@
           if (project == null) return;
           var projectPermissions = project.ProjectPermissions.Select(x => x.GrantedUserId).ToArray();
+
+          // guarantee that project owner is always permitted
+          if(!grantedUserIds.Contains(project.OwnerUserId)) {
+            grantedUserIds.Add(project.OwnerUserId);
+          }
+
           //var addedPermissions = grantedUserIds.Except(projectPermissions);
           var removedPermissions = projectPermissions.Except(grantedUserIds);
@@ -1030 +1060 @@
 
             // (3) get all Guids which are in removedPermissions but not in grantedUserIds
-            var definatelyNotPermittedGuids = notpermittedGuids.Except(permittedGuids);
+            var definitelyNotPermittedGuids = notpermittedGuids.Except(permittedGuids);
 
             // (4) delete jobs of those
-            assignedJobResourceDao.DeleteByProjectIdAndUserIds(project.ProjectId, definatelyNotPermittedGuids);
+            assignedJobResourceDao.DeleteByProjectIdAndUserIds(project.ProjectId, definitelyNotPermittedGuids);
 
 
@@ -1068 +1098 @@
 
             foreach(var p in childProjects) {
+              var cpAssignedPermissions = p.ProjectPermissions.Select(x => x.GrantedUserId).ToList();
+              // guarantee that project owner is always permitted
+              if (!cpAssignedPermissions.Contains(p.OwnerUserId)) {
+                cpAssignedPermissions.Add(p.OwnerUserId);
+              }
+              var cpRemovedPermissions = cpAssignedPermissions.Where(x => x != p.OwnerUserId).Except(grantedUserIds);
+
+              // remove left-over job assignments (for non-reassignments)
+              if(!reassignCascading) {
+                assignedJobResourceDao.DeleteByProjectIdAndUserIds(p.ProjectId, cpRemovedPermissions);
+              }
+
               // remove project permissions
-              if(reassignCascading) {
+              if (reassignCascading) {
                 p.ProjectPermissions.Clear();
               } else {
                 foreach(var item in p.ProjectPermissions
-                  .Where(x => removedPermissions.Contains(x.GrantedUserId))
+                  .Where(x => x.GrantedUserId != p.OwnerUserId 
+                    && (removedPermissions.Contains(x.GrantedUserId) || cpRemovedPermissions.Contains(x.GrantedUserId)))
                   .ToList()) {
                   p.ProjectPermissions.Remove(item);
@@ -1081 +1124 @@
 
               // add project permissions
-              foreach (var id in grantedUserIds) {
+              var cpGrantedUserIds = new HashSet<Guid>(grantedUserIds);
+              cpGrantedUserIds.Add(p.OwnerUserId);
+
+              foreach (var id in cpGrantedUserIds) {
                 if (p.ProjectPermissions.All(x => x.GrantedUserId != id)) {
                   p.ProjectPermissions.Add(new DA.ProjectPermission {
@@ -1181 +1227 @@
           if (cascading) {
             var childProjects = projectDao.GetChildProjectsById(projectId).ToList();
+            var childProjectIds = childProjects.Select(x => x.ProjectId).ToList();
 
             // remove job assignments
             if (reassignCascading) {
-              assignedJobResourceDao.DeleteByProjectIds(childProjects.Select(x => x.ProjectId).ToList());
+              assignedJobResourceDao.DeleteByProjectIds(childProjectIds);
             } else {
-              var childProjectIds = childProjects.Select(x => x.ProjectId).ToList();
               assignedJobResourceDao.DeleteByProjectIdsAndResourceIds(childProjectIds, removedAssignments);
             }
             foreach (var p in childProjects) {
+              var cpAssignedResources = p.AssignedProjectResources.Select(x => x.ResourceId).ToArray();
+              var cpRemovedAssignments = cpAssignedResources.Except(resourceIds);
+
+              // remove left-over job assignments (for non-reassignments)
+              if(!reassignCascading) {
+                assignedJobResourceDao.DeleteByProjectIdAndResourceIds(p.ProjectId, cpRemovedAssignments);
+              }
+
               // remove project assignments
               if (reassignCascading) {
@@ -1195 +1249 @@
               } else {
                 foreach (var item in p.AssignedProjectResources
-                  .Where(x => removedAssignments.Contains(x.ResourceId))
+                  .Where(x => removedAssignments.Contains(x.ResourceId) || cpRemovedAssignments.Contains(x.ResourceId))
                   .ToList()) {
                   p.AssignedProjectResources.Remove(item);
@@ -1780 +1834 @@
         if (project != null) {
           if (project.StartDate > date) throw new ArgumentException("Cannot add job to specified project. The start date of the project is still in the future.");
-          else if (project.EndDate < date) throw new ArgumentException("Cannot add job to specified project. The end date of the project is already in the past.");
+          else if (project.EndDate != null && project.EndDate < date) throw new ArgumentException("Cannot add job to specified project. The end date of the project is already reached.");
         } else {
           throw new ArgumentException("Cannot add job to specified project. The project seems not to be available anymore.");