Free cookie consent management tool by TermsFeed Policy Generator

Ignore:
Timestamp:
08/03/18 13:50:29 (6 years ago)
Author:
jzenisek
Message:

#2839: adapted handling of project start/end boundaries for non-admins

Location:
branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3/HiveService.cs

    r16040 r16043  
    770770      // check if current (non-admin) user is owner of one of projectDto's-parents
    771771      // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry)
    772       if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {
     772      bool isAdmin = RoleVerifier.IsInRole(HiveRoles.Administrator);
     773      if (!isAdmin) {
    773774        if(projectDto != null && projectDto.ParentProjectId.HasValue) {
    774775          AuthorizationManager.AuthorizeForProjectAdministration(projectDto.ParentProjectId.Value, false);
     
    792793        return pm.UseTransaction(() => {
    793794          var project = projectDao.Save(projectDto.ToEntity());
     795
     796          var parentProjects = projectDao.GetParentProjectsById(project.ProjectId);
     797          bool isParent = parentProjects.Select(x => x.OwnerUserId == UserManager.CurrentUserId).Any();
     798
     799          // if user is no admin, but owner of a parent project
     800          // check start/end date time boundaries of parent projects before updating child project
     801          if (!isAdmin) {
     802            var parentProject = parentProjects.Where(x => x.ProjectId == project.ParentProjectId).FirstOrDefault();
     803            if (parentProject != null) {
     804              if (project.StartDate < parentProject.StartDate) project.StartDate = parentProject.StartDate;
     805              if ((parentProject.EndDate.HasValue && project.EndDate.HasValue && project.EndDate > parentProject.EndDate)
     806              || (parentProject.EndDate.HasValue && !project.EndDate.HasValue))
     807                project.EndDate = parentProject.EndDate;
     808            }
     809          }
     810
     811
    794812          project.ProjectPermissions.Clear();
    795813          project.ProjectPermissions.Add(new DA.ProjectPermission {
     
    808826      // check if current (non-admin) user is owner of the project or the projectDto's-parents
    809827      // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry)
    810       if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {
     828      bool isAdmin = RoleVerifier.IsInRole(HiveRoles.Administrator);     
     829      if (!isAdmin) {
    811830        if (projectDto != null && projectDto.ParentProjectId.HasValue) {
    812           AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id, false);
     831          AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id, false);         
    813832        } else {
    814833          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
     
    830849        pm.UseTransaction(() => {
    831850          var project = projectDao.GetById(projectDto.Id);
    832           if (project != null) { // update existent project
    833             var owner = UserManager.GetUserById(projectDto.OwnerUserId);
     851          if (project != null) { // (1) update existent project
    834852            var parentProjects = projectDao.GetParentProjectsById(project.ProjectId);
    835             bool parentalOwnership = RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)
    836                                       || parentProjects.Select(x => x.OwnerUserId == project.OwnerUserId).Any();
     853            bool isParent = parentProjects.Select(x => x.OwnerUserId == UserManager.CurrentUserId).Any();
    837854
    838855            var formerOwnerId = project.OwnerUserId;
     
    841858            projectDto.CopyToEntity(project);
    842859
    843             if(parentalOwnership) {
     860            // if user is no admin, but owner of parent project(s)
     861            // check start/end date time boundaries of parent projects before updating child project
     862            if (!isAdmin && isParent) {
     863              var parentProject = parentProjects.Where(x => x.ProjectId == project.ParentProjectId).FirstOrDefault();
     864              if (parentProject != null) {
     865                if (project.StartDate < parentProject.StartDate) project.StartDate = formerStartDate;
     866                if ((parentProject.EndDate.HasValue && project.EndDate.HasValue && project.EndDate > parentProject.EndDate)
     867                || (parentProject.EndDate.HasValue && !project.EndDate.HasValue))
     868                  project.EndDate = formerEndDate;
     869              }
     870            }
     871
     872            // if user is admin or owner of parent project(s)
     873            if (isAdmin || isParent) {
    844874              // if owner has changed...
    845875              if (formerOwnerId != projectDto.OwnerUserId) {
    846                 // OBSOLETE: former owner looses permission and project-related jobs
    847                 //var formerPermissionItem = project.ProjectPermissions.Where(x => x.GrantedUserId == formerOwnerId).FirstOrDefault();
    848                 //if (formerPermissionItem != null) {
    849                 //  // remove permissions
    850                 //  project.ProjectPermissions.Remove(formerPermissionItem);
    851                 //  // remove jobs if former owner is no member of a still permitted group
    852                 //  var ugt = GetUserGroupTree();
    853                 //  var permittedGuids = new HashSet<Guid>(); // User- and Group-Guids
    854                 //  // get all member-Guids of all still permitted groups
    855                 //  foreach (var item in project.ProjectPermissions) {
    856                 //    permittedGuids.Add(item.GrantedUserId);
    857                 //    if(ugt.ContainsKey(item.GrantedUserId)) {
    858                 //      ugt[item.GrantedUserId].ToList().ForEach(x => permittedGuids.Add(x));
    859                 //    }
    860 
    861                 //    // check if former owner Guid is in Member-Guids
    862                 //    // if yes: do nothing, if not do:
    863                 //    if (!permittedGuids.Contains(formerOwnerId)) {
    864                 //      assignedJobResourceDao.DeleteByProjectIdAndUserIds(project.ProjectId, new List<Guid> { formerOwnerId });
    865                 //    }
    866                 //  }
    867                 //}
    868876                // Add permission for new owner if not already done
    869877                if (!project.ProjectPermissions
     
    876884                }
    877885              }
    878             } else {
     886            } else { // if user is only owner of current project, but no admin and no owner of parent project(s)
    879887              project.OwnerUserId = formerOwnerId;
    880888              project.StartDate = formerStartDate;
     
    882890            }
    883891
    884           } else { // save new project
     892          } else { // (2) save new project
    885893            var newProject = projectDao.Save(projectDto.ToEntity());
     894
     895            var parentProjects = projectDao.GetParentProjectsById(project.ProjectId);
     896            bool isParent = parentProjects.Select(x => x.OwnerUserId == UserManager.CurrentUserId).Any();
     897
     898            // if user is no admin, but owner of a parent project
     899            // check start/end date time boundaries of parent projects before updating child project
     900            if (!isAdmin) {
     901              var parentProject = parentProjects.Where(x => x.ProjectId == project.ParentProjectId).FirstOrDefault();
     902              if (parentProject != null) {
     903                if (project.StartDate < parentProject.StartDate) project.StartDate = parentProject.StartDate;
     904                if ((parentProject.EndDate.HasValue && project.EndDate.HasValue && project.EndDate > parentProject.EndDate)
     905                || (parentProject.EndDate.HasValue && !project.EndDate.HasValue))
     906                  project.EndDate = parentProject.EndDate;
     907              }
     908            }
     909
    886910            newProject.ProjectPermissions.Clear();
    887911            newProject.ProjectPermissions.Add(new DA.ProjectPermission {
     
    890914            });
    891915          }
     916
    892917          pm.SubmitChanges();
    893918        });
     
    12041229      if (projectId == null || resourceIds == null) return;
    12051230      AuthorizationManager.AuthorizeForProjectResourceAdministration(projectId, resourceIds);
     1231      bool isAdmin = RoleVerifier.IsInRole(HiveRoles.Administrator);
    12061232      var pm = PersistenceManager;
    12071233      using (new PerformanceLogger("SaveProjectResourceAssignments")) {
     
    12111237        pm.UseTransaction(() => {
    12121238          var project = projectDao.GetById(projectId);
    1213 
    1214           var owner = UserManager.GetUserById(project.OwnerUserId);
     1239         
    12151240          var parentProjects = projectDao.GetParentProjectsById(project.ProjectId);
    1216           bool parentalOwnership = RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)
    1217                                     || parentProjects.Select(x => x.OwnerUserId == project.OwnerUserId).Any();
     1241          bool isParent = parentProjects.Select(x => x.OwnerUserId == UserManager.CurrentUserId).Any();
    12181242
    12191243          var assignedResources = project.AssignedProjectResources.Select(x => x.ResourceId).ToArray();
    1220           if (!parentalOwnership) resourceIds = assignedResources.ToList();
     1244          if (!isParent) resourceIds = assignedResources.ToList();
    12211245          var removedAssignments = assignedResources.Except(resourceIds);
    12221246
    12231247          // if user is admin or owner of parent project(s)
    1224           if(parentalOwnership) {
     1248          if(isAdmin || isParent) {
    12251249            // remove job and project assignments
    12261250            if (reassign) {
  • branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r16040 r16043  
    117117    }
    118118
    119     // authorize if user is admin, or owner of a parent project, for which the resources are assigned to
     119    // authorize if user is admin, or owner of a project or parent project, for which the resources are assigned to
    120120    public void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds) {
    121121      if (projectId == null || projectId == Guid.Empty) return;
Note: See TracChangeset for help on using the changeset viewer.