Changeset 16040


Ignore:
Timestamp:
08/02/18 16:58:48 (13 months ago)
Author:
jzenisek
Message:

#2839: fixed handling of project related updates for project owners, who are no admins and do not own parent projects

Location:
branches/2839_HiveProjectManagement
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • branches/2839_HiveProjectManagement/HeuristicLab.Clients.Hive.Administrator/3.3/Views/ProjectResourcesView.cs

    r15995 r16040  
    159159        || newIncludedResources.Contains(checkedResource)) {
    160160        e.Cancel = true;
    161       } else if (!HiveRoles.CheckAdminUserPermissions()) {
    162           if (!HiveAdminClient.Instance.GetAvailableProjectAncestors(Content.Id).Any() || projectExclusiveResources.Contains(checkedResource)) {
     161      } else if (!IsAdmin()) {
     162          if (!HiveAdminClient.Instance.CheckOwnershipOfParentProject(Content, UserInformation.Instance.User.Id)
     163            || !HiveAdminClient.Instance.GetAvailableProjectAncestors(Content.Id).Any()
     164            || projectExclusiveResources.Contains(checkedResource)) {
    163165            e.Cancel = true;
    164166          }
     
    367369          newNode.Checked = true;
    368370          if(!HiveRoles.CheckAdminUserPermissions()) {
    369             if (!HiveAdminClient.Instance.GetAvailableProjectAncestors(Content.Id).Any()
     371            if (!HiveAdminClient.Instance.CheckOwnershipOfParentProject(Content, UserInformation.Instance.User.Id)
     372              || !HiveAdminClient.Instance.GetAvailableProjectAncestors(Content.Id).Any()
    370373              || projectExclusiveResources.Contains(newResource)) {
    371374              newNode.ForeColor = SystemColors.GrayText;
  • branches/2839_HiveProjectManagement/HeuristicLab.Clients.Hive.Administrator/3.3/Views/ProjectView.cs

    r15992 r16040  
    111111      endDateTimePicker.Enabled = enabled && Content.EndDate.HasValue;
    112112      indefiniteCheckBox.Enabled = enabled;
     113
     114      if (!IsAdmin() && !HiveAdminClient.Instance.CheckOwnershipOfParentProject(Content, UserInformation.Instance.User.Id)) {
     115        ownerComboBox.Enabled = false;
     116        startDateTimePicker.Enabled = false;
     117        endDateTimePicker.Enabled = false;
     118        indefiniteCheckBox.Enabled = false;
     119      }
    113120    }
    114121    #endregion
     
    198205    private void startDateTimePicker_ValueChanged(object sender, EventArgs e) {
    199206      if (Content == null) return;
     207 
    200208      if (!Content.EndDate.HasValue || startDateTimePicker.Value > Content.EndDate)
    201209        endDateTimePicker.Value = startDateTimePicker.Value;
     
    206214    private void endDateTimePicker_ValueChanged(object sender, EventArgs e) {
    207215      if (Content == null) return;
     216
    208217      if (endDateTimePicker.Value < startDateTimePicker.Value)
    209218        endDateTimePicker.Value = startDateTimePicker.Value;
     
    214223    private void indefiniteCheckBox_CheckedChanged(object sender, EventArgs e) {
    215224      if (Content == null) return;
     225
    216226      var newEndDate = indefiniteCheckBox.Checked ? (DateTime?)null : endDateTimePicker.Value;
    217227      endDateTimePicker.Enabled = !indefiniteCheckBox.Checked;
     
    233243    }
    234244
     245    private bool IsAdmin() {
     246      return HiveRoles.CheckAdminUserPermissions();
     247    }
     248
    235249    private void ShowHiveInformationDialog() {
    236250      if (InvokeRequired) Invoke((Action)ShowHiveInformationDialog);
  • branches/2839_HiveProjectManagement/HeuristicLab.Clients.Hive.Administrator/3.3/Views/ProjectsView.cs

    r15995 r16040  
    233233
    234234      lock (locker) {
     235        // for details go to ChangeSelectedProject(..)
    235236        if (!removeButton.Enabled) return;
    236237        removeButton.Enabled = false;
    237238      }
    238239
    239       if (Content.Any(x => x.ParentProjectId == selectedProject.Id)) {
     240      // double check of ChangeSelectedProject(..):
     241      // if the user is no admin nor owner of a parent project
     242      if (!IsAdmin() && !HiveAdminClient.Instance.CheckOwnershipOfParentProject(selectedProject, UserInformation.Instance.User.Id)) {
     243        MessageBox.Show(
     244          "Only admins and owners of parent projects are allowed to delete this project.",
     245          "HeuristicLab Hive Administrator",
     246          MessageBoxButtons.OK,
     247          MessageBoxIcon.Error);
     248        return;
     249      }           
     250
     251
     252      if (Content.Any(x => x.ParentProjectId == selectedProject.Id)
     253          || HiveAdminClient.Instance.ProjectDescendants[selectedProject.Id].Any()) {
    240254        MessageBox.Show(
    241255          "Only empty projects can be deleted.",
  • branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

    r15995 r16040  
    831831          var project = projectDao.GetById(projectDto.Id);
    832832          if (project != null) { // update existent project
     833            var owner = UserManager.GetUserById(projectDto.OwnerUserId);
     834            var parentProjects = projectDao.GetParentProjectsById(project.ProjectId);
     835            bool parentalOwnership = RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)
     836                                      || parentProjects.Select(x => x.OwnerUserId == project.OwnerUserId).Any();
     837
    833838            var formerOwnerId = project.OwnerUserId;
     839            var formerStartDate = project.StartDate;
     840            var formerEndDate = project.EndDate;
    834841            projectDto.CopyToEntity(project);
    835842
    836             // if owner has changed...
    837             if(formerOwnerId != projectDto.OwnerUserId) {
    838               // OBSOLETE: former owner looses permission and project-related jobs
    839               //var formerPermissionItem = project.ProjectPermissions.Where(x => x.GrantedUserId == formerOwnerId).FirstOrDefault();
    840               //if (formerPermissionItem != null) {
    841               //  // remove permissions
    842               //  project.ProjectPermissions.Remove(formerPermissionItem);
    843               //  // remove jobs if former owner is no member of a still permitted group
    844               //  var ugt = GetUserGroupTree();
    845               //  var permittedGuids = new HashSet<Guid>(); // User- and Group-Guids
    846               //  // get all member-Guids of all still permitted groups
    847               //  foreach (var item in project.ProjectPermissions) {
    848               //    permittedGuids.Add(item.GrantedUserId);
    849               //    if(ugt.ContainsKey(item.GrantedUserId)) {
    850               //      ugt[item.GrantedUserId].ToList().ForEach(x => permittedGuids.Add(x));
    851               //    }
    852 
    853               //    // check if former owner Guid is in Member-Guids
    854               //    // if yes: do nothing, if not do:
    855               //    if (!permittedGuids.Contains(formerOwnerId)) {
    856               //      assignedJobResourceDao.DeleteByProjectIdAndUserIds(project.ProjectId, new List<Guid> { formerOwnerId });
    857               //    }
    858               //  }
    859               //}
    860               // Add permission for new owner if not already done
    861               if(!project.ProjectPermissions
    862                 .Select(pp => pp.GrantedUserId)
    863                 .Contains(projectDto.OwnerUserId)) {
    864                 project.ProjectPermissions.Add(new DA.ProjectPermission {
    865                   GrantedUserId = projectDto.OwnerUserId,
    866                   GrantedByUserId = UserManager.CurrentUserId
    867                 });
     843            if(parentalOwnership) {
     844              // if owner has changed...
     845              if (formerOwnerId != projectDto.OwnerUserId) {
     846                // OBSOLETE: former owner looses permission and project-related jobs
     847                //var formerPermissionItem = project.ProjectPermissions.Where(x => x.GrantedUserId == formerOwnerId).FirstOrDefault();
     848                //if (formerPermissionItem != null) {
     849                //  // remove permissions
     850                //  project.ProjectPermissions.Remove(formerPermissionItem);
     851                //  // remove jobs if former owner is no member of a still permitted group
     852                //  var ugt = GetUserGroupTree();
     853                //  var permittedGuids = new HashSet<Guid>(); // User- and Group-Guids
     854                //  // get all member-Guids of all still permitted groups
     855                //  foreach (var item in project.ProjectPermissions) {
     856                //    permittedGuids.Add(item.GrantedUserId);
     857                //    if(ugt.ContainsKey(item.GrantedUserId)) {
     858                //      ugt[item.GrantedUserId].ToList().ForEach(x => permittedGuids.Add(x));
     859                //    }
     860
     861                //    // check if former owner Guid is in Member-Guids
     862                //    // if yes: do nothing, if not do:
     863                //    if (!permittedGuids.Contains(formerOwnerId)) {
     864                //      assignedJobResourceDao.DeleteByProjectIdAndUserIds(project.ProjectId, new List<Guid> { formerOwnerId });
     865                //    }
     866                //  }
     867                //}
     868                // Add permission for new owner if not already done
     869                if (!project.ProjectPermissions
     870                  .Select(pp => pp.GrantedUserId)
     871                  .Contains(projectDto.OwnerUserId)) {
     872                  project.ProjectPermissions.Add(new DA.ProjectPermission {
     873                    GrantedUserId = projectDto.OwnerUserId,
     874                    GrantedByUserId = UserManager.CurrentUserId
     875                  });
     876                }
    868877              }
     878            } else {
     879              project.OwnerUserId = formerOwnerId;
     880              project.StartDate = formerStartDate;
     881              project.EndDate = formerEndDate;
    869882            }
    870883
     
    11981211        pm.UseTransaction(() => {
    11991212          var project = projectDao.GetById(projectId);
     1213
     1214          var owner = UserManager.GetUserById(project.OwnerUserId);
     1215          var parentProjects = projectDao.GetParentProjectsById(project.ProjectId);
     1216          bool parentalOwnership = RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)
     1217                                    || parentProjects.Select(x => x.OwnerUserId == project.OwnerUserId).Any();
     1218
    12001219          var assignedResources = project.AssignedProjectResources.Select(x => x.ResourceId).ToArray();
     1220          if (!parentalOwnership) resourceIds = assignedResources.ToList();
    12011221          var removedAssignments = assignedResources.Except(resourceIds);
    12021222
    1203           // remove job and project assignments
    1204           if (reassign) {
    1205             assignedJobResourceDao.DeleteByProjectId(project.ProjectId);
    1206             project.AssignedProjectResources.Clear();
    1207           } else {
    1208             assignedJobResourceDao.DeleteByProjectIdAndResourceIds(projectId, removedAssignments);
    1209             foreach (var item in project.AssignedProjectResources
    1210               .Where(x => removedAssignments.Contains(x.ResourceId))
    1211               .ToList()) {
    1212               project.AssignedProjectResources.Remove(item);
     1223          // if user is admin or owner of parent project(s)
     1224          if(parentalOwnership) {
     1225            // remove job and project assignments
     1226            if (reassign) {
     1227              assignedJobResourceDao.DeleteByProjectId(project.ProjectId);
     1228              project.AssignedProjectResources.Clear();
     1229            } else {
     1230              assignedJobResourceDao.DeleteByProjectIdAndResourceIds(projectId, removedAssignments);
     1231              foreach (var item in project.AssignedProjectResources
     1232                .Where(x => removedAssignments.Contains(x.ResourceId))
     1233                .ToList()) {
     1234                project.AssignedProjectResources.Remove(item);
     1235              }
    12131236            }
    1214           }
    1215           pm.SubmitChanges();
    1216 
    1217           // add project assignments
    1218           foreach (var id in resourceIds) {
    1219             if (project.AssignedProjectResources.All(x => x.ResourceId != id)) {
    1220               project.AssignedProjectResources.Add(new DA.AssignedProjectResource {
    1221                 ResourceId = id
    1222               });
     1237            pm.SubmitChanges();
     1238
     1239            // add project assignments
     1240            foreach (var id in resourceIds) {
     1241              if (project.AssignedProjectResources.All(x => x.ResourceId != id)) {
     1242                project.AssignedProjectResources.Add(new DA.AssignedProjectResource {
     1243                  ResourceId = id
     1244                });
     1245              }
    12231246            }
    1224           }
    1225           pm.SubmitChanges();
    1226 
     1247            pm.SubmitChanges();
     1248          }
     1249
     1250          // if user is admin, project owner or owner of parent projects
    12271251          if (cascading) {
    12281252            var childProjects = projectDao.GetChildProjectsById(projectId).ToList();
  • branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r15992 r16040  
    137137        if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return;
    138138
    139         // check if user is owner of a parent project
    140         var projectBranch = projectDao.GetParentProjectsById(projectId).ToList();
     139        // check if user is owner of the project or a parent project
     140        var projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId).ToList();
    141141        if (!projectBranch.Select(x => x.OwnerUserId).Contains(currentUserId)
    142142            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
Note: See TracChangeset for help on using the changeset viewer.