Changeset 15992 for branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs
- Timestamp:
- 07/10/18 23:06:00 (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs
r15978 r15992 43 43 private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource"; 44 44 private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project"; 45 private const string NOT_AUTHORIZED_PROJECTOWNER = "The set user is not authorized to own the project"; 45 46 private const string NO_JOB_UPDATE_POSSIBLE = "This job has already been flagged for deletion, thus, it can not be updated anymore."; 46 47 … … 768 769 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 769 770 // check if current (non-admin) user is owner of one of projectDto's-parents 771 // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry) 770 772 if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) { 771 if(projectDto .ParentProjectId.HasValue) {773 if(projectDto != null && projectDto.ParentProjectId.HasValue) { 772 774 AuthorizationManager.AuthorizeForProjectAdministration(projectDto.ParentProjectId.Value, false); 773 775 } else { … … 775 777 } 776 778 } 777 779 780 // check that non-admins can not be set as owner of root projects 781 if (projectDto != null && !projectDto.ParentProjectId.HasValue) { 782 var owner = UserManager.GetUserById(projectDto.OwnerUserId); 783 if (owner == null || !RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)) { 784 throw new SecurityException(NOT_AUTHORIZED_PROJECTOWNER); 785 } 786 } 787 778 788 var pm = PersistenceManager; 779 789 using (new PerformanceLogger("AddProject")) { … … 797 807 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 798 808 // check if current (non-admin) user is owner of the project or the projectDto's-parents 809 // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry) 799 810 if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) { 800 AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id, false); 801 } 802 811 if (projectDto != null && projectDto.ParentProjectId.HasValue) { 812 AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id, false); 813 } else { 814 throw new SecurityException(NOT_AUTHORIZED_USERPROJECT); 815 } 816 } 817 818 // check that non-admins can not be set as owner of root projects 819 if(projectDto != null && !projectDto.ParentProjectId.HasValue) { 820 var owner = UserManager.GetUserById(projectDto.OwnerUserId); 821 if(owner == null || !RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)) { 822 throw new SecurityException(NOT_AUTHORIZED_PROJECTOWNER); 823 } 824 } 825 803 826 var pm = PersistenceManager; 804 827 using (new PerformanceLogger("UpdateProject")) { … … 863 886 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 864 887 // check if current (non-admin) user is owner of one of the projectDto's-parents 865 if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) { 888 // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry) 889 if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) { 866 890 AuthorizationManager.AuthorizeForProjectAdministration(projectId, true); 867 891 } … … 922 946 .Select(x => x.ToDto()).ToList(); 923 947 var now = DateTime.Now; 924 return projects.Where(x => x.StartDate <= now && x.EndDate >= now).ToList();948 return projects.Where(x => x.StartDate <= now && (x.EndDate == null || x.EndDate >= now)).ToList(); 925 949 }); 926 950 } … … 999 1023 if (project == null) return; 1000 1024 var projectPermissions = project.ProjectPermissions.Select(x => x.GrantedUserId).ToArray(); 1025 1026 // guarantee that project owner is always permitted 1027 if(!grantedUserIds.Contains(project.OwnerUserId)) { 1028 grantedUserIds.Add(project.OwnerUserId); 1029 } 1030 1001 1031 //var addedPermissions = grantedUserIds.Except(projectPermissions); 1002 1032 var removedPermissions = projectPermissions.Except(grantedUserIds); … … 1030 1060 1031 1061 // (3) get all Guids which are in removedPermissions but not in grantedUserIds 1032 var defin atelyNotPermittedGuids = notpermittedGuids.Except(permittedGuids);1062 var definitelyNotPermittedGuids = notpermittedGuids.Except(permittedGuids); 1033 1063 1034 1064 // (4) delete jobs of those 1035 assignedJobResourceDao.DeleteByProjectIdAndUserIds(project.ProjectId, defin atelyNotPermittedGuids);1065 assignedJobResourceDao.DeleteByProjectIdAndUserIds(project.ProjectId, definitelyNotPermittedGuids); 1036 1066 1037 1067 … … 1068 1098 1069 1099 foreach(var p in childProjects) { 1100 var cpAssignedPermissions = p.ProjectPermissions.Select(x => x.GrantedUserId).ToList(); 1101 // guarantee that project owner is always permitted 1102 if (!cpAssignedPermissions.Contains(p.OwnerUserId)) { 1103 cpAssignedPermissions.Add(p.OwnerUserId); 1104 } 1105 var cpRemovedPermissions = cpAssignedPermissions.Where(x => x != p.OwnerUserId).Except(grantedUserIds); 1106 1107 // remove left-over job assignments (for non-reassignments) 1108 if(!reassignCascading) { 1109 assignedJobResourceDao.DeleteByProjectIdAndUserIds(p.ProjectId, cpRemovedPermissions); 1110 } 1111 1070 1112 // remove project permissions 1071 if (reassignCascading) {1113 if (reassignCascading) { 1072 1114 p.ProjectPermissions.Clear(); 1073 1115 } else { 1074 1116 foreach(var item in p.ProjectPermissions 1075 .Where(x => removedPermissions.Contains(x.GrantedUserId)) 1117 .Where(x => x.GrantedUserId != p.OwnerUserId 1118 && (removedPermissions.Contains(x.GrantedUserId) || cpRemovedPermissions.Contains(x.GrantedUserId))) 1076 1119 .ToList()) { 1077 1120 p.ProjectPermissions.Remove(item); … … 1081 1124 1082 1125 // add project permissions 1083 foreach (var id in grantedUserIds) { 1126 var cpGrantedUserIds = new HashSet<Guid>(grantedUserIds); 1127 cpGrantedUserIds.Add(p.OwnerUserId); 1128 1129 foreach (var id in cpGrantedUserIds) { 1084 1130 if (p.ProjectPermissions.All(x => x.GrantedUserId != id)) { 1085 1131 p.ProjectPermissions.Add(new DA.ProjectPermission { … … 1181 1227 if (cascading) { 1182 1228 var childProjects = projectDao.GetChildProjectsById(projectId).ToList(); 1229 var childProjectIds = childProjects.Select(x => x.ProjectId).ToList(); 1183 1230 1184 1231 // remove job assignments 1185 1232 if (reassignCascading) { 1186 assignedJobResourceDao.DeleteByProjectIds(childProject s.Select(x => x.ProjectId).ToList());1233 assignedJobResourceDao.DeleteByProjectIds(childProjectIds); 1187 1234 } else { 1188 var childProjectIds = childProjects.Select(x => x.ProjectId).ToList();1189 1235 assignedJobResourceDao.DeleteByProjectIdsAndResourceIds(childProjectIds, removedAssignments); 1190 1236 } 1191 1237 foreach (var p in childProjects) { 1238 var cpAssignedResources = p.AssignedProjectResources.Select(x => x.ResourceId).ToArray(); 1239 var cpRemovedAssignments = cpAssignedResources.Except(resourceIds); 1240 1241 // remove left-over job assignments (for non-reassignments) 1242 if(!reassignCascading) { 1243 assignedJobResourceDao.DeleteByProjectIdAndResourceIds(p.ProjectId, cpRemovedAssignments); 1244 } 1245 1192 1246 // remove project assignments 1193 1247 if (reassignCascading) { … … 1195 1249 } else { 1196 1250 foreach (var item in p.AssignedProjectResources 1197 .Where(x => removedAssignments.Contains(x.ResourceId) )1251 .Where(x => removedAssignments.Contains(x.ResourceId) || cpRemovedAssignments.Contains(x.ResourceId)) 1198 1252 .ToList()) { 1199 1253 p.AssignedProjectResources.Remove(item); … … 1780 1834 if (project != null) { 1781 1835 if (project.StartDate > date) throw new ArgumentException("Cannot add job to specified project. The start date of the project is still in the future."); 1782 else if (project.EndDate < date) throw new ArgumentException("Cannot add job to specified project. The end date of the project is already in the past.");1836 else if (project.EndDate != null && project.EndDate < date) throw new ArgumentException("Cannot add job to specified project. The end date of the project is already reached."); 1783 1837 } else { 1784 1838 throw new ArgumentException("Cannot add job to specified project. The project seems not to be available anymore.");
Note: See TracChangeset
for help on using the changeset viewer.