Free cookie consent management tool by TermsFeed Policy Generator

Ignore:
Timestamp:
08/30/18 11:32:56 (6 years ago)
Author:
jkarder
Message:

#2839: merged [15377-16116/branches/2839_HiveProjectManagement] into trunk

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk

  • trunk/HeuristicLab.Services.Hive

  • trunk/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r15583 r16117  
    2727using DA = HeuristicLab.Services.Hive.DataAccess;
    2828using DT = HeuristicLab.Services.Hive.DataTransfer;
    29 
     29using System.Collections.Generic;
     30using System.Linq;
    3031
    3132namespace HeuristicLab.Services.Hive {
    3233  public class AuthorizationManager : IAuthorizationManager {
    3334
    34     private const string NOT_AUTHORIZED = "Current user is not authorized to access the requested resource";
     35    private const string NOT_AUTHORIZED_USERRESOURCE = "Current user is not authorized to access the requested resource";
     36    private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project";
     37    private const string NOT_AUTHORIZED_USERJOB = "Current user is not authorized to access the requested job";
     38    private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
     39    private const string USER_NOT_IDENTIFIED = "User could not be identified";
     40    private const string TASK_NOT_EXISTENT = "Queried task could not be found";
     41    private const string PROJECT_NOT_EXISTENT = "Queried project could not be found";
     42
    3543    private IPersistenceManager PersistenceManager {
    3644      get { return ServiceLocator.Instance.PersistenceManager; }
     
    4755    public void Authorize(Guid userId) {
    4856      if (userId != ServiceLocator.Instance.UserManager.CurrentUserId)
    49         throw new SecurityException(NOT_AUTHORIZED);
     57        throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
    5058    }
    5159
     
    5664      pm.UseTransaction(() => {
    5765        var task = taskDao.GetById(taskId);
    58         if (task == null) throw new SecurityException(NOT_AUTHORIZED);
     66        if (task == null) throw new SecurityException(TASK_NOT_EXISTENT);
    5967        AuthorizeJob(pm, task.JobId, requiredPermission);
    6068      });
     
    6876    }
    6977
     78    // authorize if user is admin or resource owner
    7079    public void AuthorizeForResourceAdministration(Guid resourceId) {
     80      var currentUserId = UserManager.CurrentUserId;
    7181      var pm = PersistenceManager;
    7282      var resourceDao = pm.ResourceDao;
    7383      pm.UseTransaction(() => {
    7484        var resource = resourceDao.GetById(resourceId);
    75         if (resource == null) throw new SecurityException(NOT_AUTHORIZED);
    76         if (resource.OwnerUserId != UserManager.CurrentUserId
     85        if (resource == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
     86
     87        if (resource.OwnerUserId != currentUserId
    7788            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
    78           throw new SecurityException(NOT_AUTHORIZED);
    79         }
    80       });
     89          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
     90        }
     91      });
     92    }
     93
     94    // authorize if user is admin, project owner or owner of a parent project
     95    public void AuthorizeForProjectAdministration(Guid projectId, bool parentalOwnership) {
     96      if (projectId == null || projectId == Guid.Empty) return;
     97      var currentUserId = UserManager.CurrentUserId;
     98      var pm = PersistenceManager;
     99      var projectDao = pm.ProjectDao;
     100      pm.UseTransaction(() => {
     101        var project = projectDao.GetById(projectId);
     102        if (project == null) throw new ArgumentException(PROJECT_NOT_EXISTENT);
     103        if(!RoleVerifier.IsInRole(HiveRoles.Administrator)
     104          && !project.ParentProjectId.HasValue) {
     105          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
     106        }
     107
     108        List<Project> projectBranch = null;
     109        if(parentalOwnership) projectBranch = projectDao.GetParentProjectsById(projectId).ToList();
     110        else projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId).ToList();
     111
     112        if(!RoleVerifier.IsInRole(HiveRoles.Administrator)
     113            && !projectBranch.Select(x => x.OwnerUserId).Contains(currentUserId)) {
     114          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
     115        }
     116      });
     117    }
     118
     119    // authorize if user is admin, or owner of a project or parent project, for which the resources are assigned to
     120    public void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds) {
     121      if (projectId == null || projectId == Guid.Empty) return;
     122      var currentUserId = UserManager.CurrentUserId;
     123      var pm = PersistenceManager;
     124      var projectDao = pm.ProjectDao;
     125      var resourceDao = pm.ResourceDao;
     126      var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
     127      pm.UseTransaction(() => {
     128        // check if project exists (not necessary)
     129        var project = projectDao.GetById(projectId);
     130        if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
     131
     132        // check if resourceIds exist
     133        if (resourceIds != null && resourceIds.Any() && !resourceDao.CheckExistence(resourceIds))
     134          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
     135
     136        // check if user is admin
     137        if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return;
     138
     139        // check if user is owner of the project or a parent project
     140        var projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId).ToList();
     141        if (!projectBranch.Select(x => x.OwnerUserId).Contains(currentUserId)
     142            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
     143          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
     144        }
     145
     146        // check if the all argument resourceIds are among the assigned resources of the owned projects
     147        var grantedResourceIds = assignedProjectResourceDao.GetAllGrantedResourceIdsOfOwnedParentProjects(projectId, currentUserId).ToList();
     148        if(resourceIds.Except(grantedResourceIds).Any()) {
     149          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
     150        }
     151      });
     152    }
     153
     154    // Check if a project is authorized to use a list of resources
     155    public void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds) {
     156      if (projectId == null || projectId == Guid.Empty || resourceIds == null || !resourceIds.Any()) return;
     157      var pm = PersistenceManager;
     158      var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
     159      if (!assignedProjectResourceDao.CheckProjectGrantedForResources(projectId, resourceIds))
     160        throw new SecurityException(NOT_AUTHORIZED_PROJECTRESOURCE);
     161    }
     162
     163    // Check if current user is authorized to use an explicit project (e.g. in order to add a job)
     164    // note: administrators and project owner are NOT automatically granted
     165    public void AuthorizeUserForProjectUse(Guid userId, Guid projectId) {
     166      if(userId == null || userId == Guid.Empty) {
     167        throw new SecurityException(USER_NOT_IDENTIFIED);
     168      }
     169      if(projectId == null) return;
     170
     171      var pm = PersistenceManager;
     172      // collect current and group membership Ids
     173      var userAndGroupIds = new List<Guid>() { userId };
     174      userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(userId));
     175      // perform the actual check
     176      var projectPermissionDao = pm.ProjectPermissionDao;
     177      if (!projectPermissionDao.CheckUserGrantedForProject(projectId, userAndGroupIds)) {
     178        throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
     179      }
    81180    }
    82181
     
    93192
    94193    private void AuthorizeJob(IPersistenceManager pm, Guid jobId, DT.Permission requiredPermission) {
     194      var currentUserId = UserManager.CurrentUserId;
    95195      var requiredPermissionEntity = requiredPermission.ToEntity();
    96       DA.Permission permission = GetPermissionForJob(pm, jobId, UserManager.CurrentUserId);
     196      DA.Permission permission = GetPermissionForJob(pm, jobId, currentUserId);
    97197      if (permission == Permission.NotAllowed
    98198          || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) {
    99         throw new SecurityException(NOT_AUTHORIZED);
     199        throw new SecurityException(NOT_AUTHORIZED_USERJOB);
    100200      }
    101201    }
  • trunk/HeuristicLab.Services.Hive/3.3/Manager/EventManager.cs

    r15583 r16117  
    3434    public void Cleanup() {
    3535      var pm = PersistenceManager;
     36
     37      pm.UseTransaction(() => {
     38        FinishJobDeletion(pm);
     39        pm.SubmitChanges();
     40      });
     41
    3642      pm.UseTransaction(() => {
    3743        SetTimeoutSlavesOffline(pm);
     
    4551        pm.SubmitChanges();
    4652      });
     53    }
     54
     55    /// <summary>
     56    /// Deletes all jobs which are in state "DeletionPending" (this will include all corresponding tasks).
     57    /// The state "DeletionPending" is set by HiveJanitor > StatisticsGenerator
     58    /// </summary>
     59    private void FinishJobDeletion(IPersistenceManager pm) {
     60      var jobDao = pm.JobDao;
     61      jobDao.DeleteByState(JobState.DeletionPending);
    4762    }
    4863
  • trunk/HeuristicLab.Services.Hive/3.3/Manager/HeartbeatManager.cs

    r15583 r16117  
    142142    private IEnumerable<MessageContainer> UpdateTasks(IPersistenceManager pm, Heartbeat heartbeat, bool isAllowedToCalculate) {
    143143      var taskDao = pm.TaskDao;
    144       var assignedResourceDao = pm.AssignedResourceDao;
     144      var jobDao = pm.JobDao;
     145      var assignedJobResourceDao = pm.AssignedJobResourceDao;
    145146      var actions = new List<MessageContainer>();
    146147      if (heartbeat.JobProgress == null || !heartbeat.JobProgress.Any())
    147148        return actions;
    148149
    149       if (!isAllowedToCalculate && heartbeat.JobProgress.Count != 0) {
    150         actions.Add(new MessageContainer(MessageContainer.MessageType.PauseAll));
    151       } else {
    152         // select all tasks and statelogs with one query
    153         var taskIds = heartbeat.JobProgress.Select(x => x.Key).ToList();
    154         var taskInfos = pm.UseTransaction(() =>
    155           (from task in taskDao.GetAll()
    156            where taskIds.Contains(task.TaskId)
    157            let lastStateLog = task.StateLogs.OrderByDescending(x => x.DateTime).FirstOrDefault()
    158            select new {
    159              TaskId = task.TaskId,
    160              Command = task.Command,
    161              SlaveId = lastStateLog != null ? lastStateLog.SlaveId : default(Guid)
    162            }).ToList()
    163         );
    164 
    165         // process the jobProgresses
    166         foreach (var jobProgress in heartbeat.JobProgress) {
    167           var progress = jobProgress;
    168           var curTask = taskInfos.SingleOrDefault(x => x.TaskId == progress.Key);
    169           if (curTask == null) {
    170             actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, progress.Key));
    171             LogFactory.GetLogger(this.GetType().Namespace).Log("Task on slave " + heartbeat.SlaveId + " does not exist in DB: " + jobProgress.Key);
    172           } else {
    173             var slaveId = curTask.SlaveId;
    174             if (slaveId == Guid.Empty || slaveId != heartbeat.SlaveId) {
    175               // assigned slave does not match heartbeat
     150      var jobIdsWithStatisticsPending = jobDao.GetJobIdsByState(DA.JobState.StatisticsPending).ToList();
     151
     152      // select all tasks and statelogs with one query
     153      var taskIds = heartbeat.JobProgress.Select(x => x.Key).ToList();
     154      var taskInfos = pm.UseTransaction(() =>
     155        (from task in taskDao.GetAll()
     156          where taskIds.Contains(task.TaskId)
     157          let lastStateLog = task.StateLogs.OrderByDescending(x => x.DateTime).FirstOrDefault()
     158          select new {
     159            TaskId = task.TaskId,
     160            JobId = task.JobId,
     161            State = task.State,
     162            Command = task.Command,
     163            SlaveId = lastStateLog != null ? lastStateLog.SlaveId : default(Guid)
     164          }).ToList()
     165      );
     166
     167      // process the jobProgresses
     168      foreach (var jobProgress in heartbeat.JobProgress) {
     169        var progress = jobProgress;
     170        var curTask = taskInfos.SingleOrDefault(x => x.TaskId == progress.Key);
     171        if (curTask == null) {
     172          actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, progress.Key));
     173          LogFactory.GetLogger(this.GetType().Namespace).Log("Task on slave " + heartbeat.SlaveId + " does not exist in DB: " + jobProgress.Key);
     174        } else if (jobIdsWithStatisticsPending.Contains(curTask.JobId)) {
     175          // parenting job of current task has been requested for deletion (indicated by job state "Statistics Pending")
     176          // update task execution time
     177          pm.UseTransaction(() => {
     178            taskDao.UpdateExecutionTime(curTask.TaskId, progress.Value.TotalMilliseconds);
     179          });
     180          actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, curTask.TaskId));
     181          LogFactory.GetLogger(this.GetType().Namespace).Log("Abort task " + curTask.TaskId + " on slave " + heartbeat.SlaveId + ". The parenting job " + curTask.JobId + " was requested to be deleted.");
     182        } else if (curTask.SlaveId == Guid.Empty || curTask.SlaveId != heartbeat.SlaveId) {
     183          // assigned slave does not match heartbeat
     184          actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, curTask.TaskId));
     185          LogFactory.GetLogger(this.GetType().Namespace).Log("The slave " + heartbeat.SlaveId + " is not supposed to calculate task: " + curTask.TaskId);
     186        } else if (!isAllowedToCalculate) {
     187          actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
     188          LogFactory.GetLogger(this.GetType().Namespace).Log("The slave " + heartbeat.SlaveId + " is not allowed to calculate any tasks tue to a downtime. The task is paused.");
     189        } else if (!assignedJobResourceDao.CheckJobGrantedForResource(curTask.JobId, heartbeat.SlaveId)) {
     190          // slaveId (and parent resourceGroupIds) are not among the assigned resources ids for task-parenting job
     191          // this might happen when (a) job-resource assignment has been changed (b) slave is moved to different group
     192          actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
     193          LogFactory.GetLogger(this.GetType().Namespace).Log("The slave " + heartbeat.SlaveId + " is not granted to calculate task: " + curTask.TaskId + " of job: " + curTask.JobId);
     194        } else {
     195          // update task execution time
     196          pm.UseTransaction(() => {
     197            taskDao.UpdateExecutionTime(curTask.TaskId, progress.Value.TotalMilliseconds);
     198          });
     199          switch (curTask.Command) {
     200            case DA.Command.Stop:
     201              actions.Add(new MessageContainer(MessageContainer.MessageType.StopTask, curTask.TaskId));
     202              break;
     203            case DA.Command.Pause:
     204              actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
     205              break;
     206            case DA.Command.Abort:
    176207              actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, curTask.TaskId));
    177               LogFactory.GetLogger(this.GetType().Namespace).Log("The slave " + heartbeat.SlaveId + " is not supposed to calculate task: " + curTask.TaskId);
    178             } else if (!assignedResourceDao.TaskIsAllowedToBeCalculatedBySlave(curTask.TaskId, heartbeat.SlaveId)) {
    179               // assigned resources ids of task do not match with slaveId (and parent resourceGroupIds); this might happen when slave is moved to different group
    180               actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
    181             } else {
    182               // update task execution time
    183               pm.UseTransaction(() => {
    184                 taskDao.UpdateExecutionTime(curTask.TaskId, progress.Value.TotalMilliseconds);
    185               });
    186               switch (curTask.Command) {
    187                 case DA.Command.Stop:
    188                   actions.Add(new MessageContainer(MessageContainer.MessageType.StopTask, curTask.TaskId));
    189                   break;
    190                 case DA.Command.Pause:
    191                   actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
    192                   break;
    193                 case DA.Command.Abort:
    194                   actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, curTask.TaskId));
    195                   break;
    196               }
    197             }
    198           }
    199         }
    200       }
     208              break;
     209          }
     210        }
     211       
     212      }
    201213      return actions;
    202214    }
Note: See TracChangeset for help on using the changeset viewer.