Context Navigation

← Previous Change
Next Change →

HeuristicLab.Services.Hive

Timestamp:

09/13/18 13:18:45 (6 years ago)

Author:

ddorfmei

Message:

#2931: Merged [16046-16138/trunk] into branch

Location:

branches/2931_OR-Tools_LP_MIP

Files:

: 1 deleted
: 12 edited
: 5 copied

. (modified) (1 prop)
HeuristicLab.Services.Hive (modified) (1 prop)
HeuristicLab.Services.Hive/3.3/Converter.cs (modified) (5 diffs)
HeuristicLab.Services.Hive/3.3/DataTransfer/AssignedJobResource.cs (copied) (copied from trunk/HeuristicLab.Services.Hive/3.3/DataTransfer/AssignedJobResource.cs)
HeuristicLab.Services.Hive/3.3/DataTransfer/AssignedProjectResource.cs (copied) (copied from trunk/HeuristicLab.Services.Hive/3.3/DataTransfer/AssignedProjectResource.cs)
HeuristicLab.Services.Hive/3.3/DataTransfer/Job.cs (modified) (1 diff)
HeuristicLab.Services.Hive/3.3/DataTransfer/JobState.cs (copied) (copied from trunk/HeuristicLab.Services.Hive/3.3/DataTransfer/JobState.cs)
HeuristicLab.Services.Hive/3.3/DataTransfer/Project.cs (copied) (copied from trunk/HeuristicLab.Services.Hive/3.3/DataTransfer/Project.cs)
HeuristicLab.Services.Hive/3.3/DataTransfer/ProjectPermission.cs (copied) (copied from trunk/HeuristicLab.Services.Hive/3.3/DataTransfer/ProjectPermission.cs)
HeuristicLab.Services.Hive/3.3/DataTransfer/ResourcePermission.cs (deleted)
HeuristicLab.Services.Hive/3.3/HeuristicLab.Services.Hive-3.3.csproj (modified) (2 diffs)
HeuristicLab.Services.Hive/3.3/HiveService.cs (modified) (19 diffs)
HeuristicLab.Services.Hive/3.3/HiveStatisticsGenerator.cs (modified) (16 diffs)
HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs (modified) (2 diffs)
HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs (modified) (5 diffs)
HeuristicLab.Services.Hive/3.3/Manager/EventManager.cs (modified) (2 diffs)
HeuristicLab.Services.Hive/3.3/Manager/HeartbeatManager.cs (modified) (1 diff)
HeuristicLab.Services.Hive/3.3/ServiceContracts/IHiveService.cs (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/2931_OR-Tools_LP_MIP

Property svn:mergeinfo changed

/branches/2839_HiveProjectManagement (added)	merged: 15761,15767-15768,15777,15792,15813,15819,15908,15913-15914,15920,15922,15925,15933,15953-15956,15966,15969,15978,15992,15995,16040,16043-16044,16050,16057,16060,16062,16064,16066,16068,16072,16089,16091-16095,16116
/branches/HiveProjectManagement (added)	merged: 15377-15380,15399,15401,15411-15412,15422,15496-15497,15500,15503,15508,15523,15526-15528,15530,15540,15546-15547,15552,15557,15559,15567,15576-15577,15580,15627-15628,15630,15641-15644,15658-15659,15666,15671,15715-15716,15737,15742,15760
/stable (added)	merged: 15587-15588
/trunk (added)	merged: 16054,16059,16063,16071,16084-16086,16117-16118,16120,16122
/trunk/sources (added)	merged: 15383,15388,15390,15395-15398,15400,15402,15408-15409,15419,15427,15447-15448,15452,15461,15464,15478,15480-15481,15483,15486,15498-15499,15502,15505,15513,15517-15518,15532,15534,15545,15548,15551,15556,15560,15566,15581,15583,15589-15591,15594,15596,15598,15607,15610-15611,15619,15621-15623,15626,15637-15638,15645,15665,15667,15672-15674

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive

Property svn:mergeinfo changed

/branches/2839_HiveProjectManagement/HeuristicLab.Services.Hive (added)	merged: 15813,15819,15908,15913,15925,15954,15966,15969,15978,15992,15995,16040,16043,16057,16060
/branches/HiveProjectManagement/HeuristicLab.Services.Hive (added)	merged: 15379-15380,15399,15411,15497,15500,15503,15508,15527,15530,15540,15546-15547,15552,15577,15580,15628,15630,15641,15643-15644,15658-15659,15666,15715-15716,15737,15760
/trunk/HeuristicLab.Services.Hive (added)	merged: 16117

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/Converter.cs

-                      r15583
+                      r16139
         OwnerUserId = source.OwnerUserId,
         DateCreated = source.DateCreated,
+        ResourceNames = source.ResourceIds
+        ProjectId = source.ProjectId,
+        State = source.State.ToDto()
       };
+    }
 …
       target.OwnerUserId = source.OwnerUserId;
       target.DateCreated = source.DateCreated;
+      target.ResourceIds = source.ResourceNames;
+      target.ProjectId = source.ProjectId;
+      target.State = source.State.ToEntity();
+    }
+    #endregion
+    #region AssignedJobResource
+    public static DT.AssignedJobResource ToDto(this DA.AssignedJobResource source) {
+      if (source == null) return null;
+      return new DT.AssignedJobResource {
+        JobId = source.JobId,
+        ResourceId = source.ResourceId
+      };
+    }
+    public static DA.AssignedJobResource ToEntity(this DT.AssignedJobResource source) {
+      if (source == null) return null;
+      var result = new DA.AssignedJobResource();
+      source.CopyToEntity(result);
+      return result;
+    }
+    public static void CopyToEntity(this DT.AssignedJobResource source, DA.AssignedJobResource target) {
+      if ((source == null) || (target == null)) return;
+      target.JobId = source.JobId;
+      target.ResourceId = source.ResourceId;
+    }
     #endregion
 …
     #endregion
     #region State
+    #region TaskState
     public static DT.TaskState ToDto(this DA.TaskState source) {
       switch (source) {
 …
         case DT.TaskState.Waiting: return DA.TaskState.Waiting;
         default: return DA.TaskState.Failed;
+      }
+    }
+    #endregion
+    #region JobState
+    public static DT.JobState ToDto(this DA.JobState source) {
+      switch (source) {
+        case DA.JobState.Online: return DT.JobState.Online;
+        case DA.JobState.StatisticsPending: return DT.JobState.StatisticsPending;
+        case DA.JobState.DeletionPending: return DT.JobState.DeletionPending;
+        default: return DT.JobState.Online;
+      }
+    }
+    public static DA.JobState ToEntity(this DT.JobState source) {
+      switch (source) {
+        case DT.JobState.Online: return DA.JobState.Online;
+        case DT.JobState.StatisticsPending: return DA.JobState.StatisticsPending;
+        case DT.JobState.DeletionPending: return DA.JobState.DeletionPending;
+        default: return DA.JobState.Online;
+      }
+    }
 …
     #endregion
+    #region ResourcePermission
+    public static DT.ResourcePermission ToDto(this DA.ResourcePermission source) {
+      if (source == null) return null;
+      return new DT.ResourcePermission {
+        ResourceId = source.ResourceId,
+    #region Project
+    public static DT.Project ToDto(this DA.Project source) {
+      if (source == null) return null;
+      return new DT.Project {
+        Id = source.ProjectId,
+        ParentProjectId = source.ParentProjectId,
+        DateCreated = source.DateCreated,
+        Name = source.Name,
+        Description = source.Description,
+        OwnerUserId = source.OwnerUserId,
+        StartDate = source.StartDate,
+        EndDate = source.EndDate
+      };
+    }
+    public static DA.Project ToEntity(this DT.Project source) {
+      if (source == null) return null;
+      var result = new DA.Project();
+      source.CopyToEntity(result);
+      return result;
+    }
+    public static void CopyToEntity(this DT.Project source, DA.Project target) {
+      if ((source == null) || (target == null)) return;
+      target.ProjectId = source.Id;
+      target.ParentProjectId = source.ParentProjectId;
+      target.DateCreated = source.DateCreated;
+      target.Name = source.Name;
+      target.Description = source.Description;
+      target.OwnerUserId = source.OwnerUserId;
+      target.StartDate = source.StartDate;
+      target.EndDate = source.EndDate;
+    }
+    #endregion
+    #region ProjectPermission
+    public static DT.ProjectPermission ToDto(this DA.ProjectPermission source) {
+      if (source == null) return null;
+      return new DT.ProjectPermission {
+        ProjectId = source.ProjectId,
         GrantedUserId = source.GrantedUserId,
         GrantedByUserId = source.GrantedByUserId
       };
+    }
     public static DA.ResourcePermission ToEntity(this DT.ResourcePermission source) {
       if (source == null) return null;
       var result = new DA.ResourcePermission();
       source.CopyToEntity(result);
       return result;
+    }
     public static void CopyToEntity(this DT.ResourcePermission source, DA.ResourcePermission target) {
       if ((source == null) || (target == null)) return;
       target.ResourceId = source.ResourceId;
+    public static DA.ProjectPermission ToEntity(this DT.ProjectPermission source) {
+      if (source == null) return null;
+      var result = new DA.ProjectPermission();
+      source.CopyToEntity(result);
+      return result;
+    }
+    public static void CopyToEntity(this DT.ProjectPermission source, DA.ProjectPermission target) {
+      if ((source == null) || (target == null)) return;
+      target.ProjectId = source.ProjectId;
       target.GrantedUserId = source.GrantedUserId;
       target.GrantedByUserId = source.GrantedByUserId;
+    }
+    #endregion
+    #region AssignedProjectResource
+    public static DT.AssignedProjectResource ToDto(this DA.AssignedProjectResource source) {
+      if (source == null) return null;
+      return new DT.AssignedProjectResource {
+        ProjectId = source.ProjectId,
+        ResourceId = source.ResourceId
+      };
+    }
+    public static DA.AssignedProjectResource ToEntity(this DT.AssignedProjectResource source) {
+      if (source == null) return null;
+      var result = new DA.AssignedProjectResource();
+      source.CopyToEntity(result);
+      return result;
+    }
+    public static void CopyToEntity(this DT.AssignedProjectResource source, DA.AssignedProjectResource target) {
+      if ((source == null) || (target == null)) return;
+      target.ProjectId = source.ProjectId;
+      target.ResourceId = source.ResourceId;
+    }
     #endregion

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/DataTransfer/Job.cs

-                      r15583
+                      r16139
     public DateTime DateCreated { get; set; }
     [DataMember]
     public string ResourceNames { get; set; }
+    public Guid ProjectId { get; set; }
     [DataMember]
     public Permission Permission { get; set; } // the permission for the currently logged in user
     [DataMember]
     public string OwnerUsername { get; set; }
+    [DataMember]
+    public JobState State { get; set; }
     /* ==== some computed statistics ==== */

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/HeuristicLab.Services.Hive-3.3.csproj

-                      r16070
+                      r16139
   <ItemGroup>
     <Compile Include="Converter.cs" />
+    <Compile Include="DataTransfer\AssignedJobResource.cs" />
+    <Compile Include="DataTransfer\AssignedProjectResource.cs" />
     <Compile Include="DataTransfer\Command.cs" />
+    <Compile Include="DataTransfer\JobState.cs" />
+    <Compile Include="DataTransfer\Project.cs" />
+    <Compile Include="DataTransfer\ProjectPermission.cs" />
     <Compile Include="DataTransfer\UserPriority.cs" />
-    <Compile Include="DataTransfer\ResourcePermission.cs" />
     <Compile Include="DataTransfer\Downtime.cs" />
     <Compile Include="DataTransfer\Heartbeat.cs" />
 …
     <Compile Include="Scheduler\JobInfoForScheduler.cs" />
     <Compile Include="Scheduler\RoundRobinTaskScheduler.cs" />
+    <None Include="app.config" />
+    <None Include="app.config">
+      <SubType>Designer</SubType>
+    </None>
     <None Include="Plugin.cs.frame" />
     <None Include="Properties\AssemblyInfo.cs.frame" />

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/HiveService.cs

-                      r15583
+                      r16139
   [HiveOperationContextBehavior]
   public class HiveService : IHiveService {
+    private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
+    private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project";
+    private const string NOT_AUTHORIZED_PROJECTOWNER = "The set user is not authorized to own the project";
+    private const string NO_JOB_UPDATE_POSSIBLE = "This job has already been flagged for deletion, thus, it can not be updated anymore.";
     private static readonly DA.TaskState[] CompletedStates = { DA.TaskState.Finished, DA.TaskState.Aborted, DA.TaskState.Failed };
 …
     #region Task Methods
+    public Guid AddTask(DT.Task task, DT.TaskData taskData, IEnumerable<Guid> resourceIds) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+    public Guid AddTask(DT.Task task, DT.TaskData taskData) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      AuthorizationManager.AuthorizeForJob(task.JobId, DT.Permission.Full);
       var pm = PersistenceManager;
       using (new PerformanceLogger("AddTask")) {
 …
         newTask.JobData = taskData.ToEntity();
         newTask.JobData.LastUpdate = DateTime.Now;
-        newTask.AssignedResources.AddRange(resourceIds.Select(
-          x => new DA.AssignedResource {
-            ResourceId = x
-          }));
         newTask.State = DA.TaskState.Waiting;
         return pm.UseTransaction(() => {
 …
     public Guid AddChildTask(Guid parentTaskId, DT.Task task, DT.TaskData taskData) {
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
-      IEnumerable<Guid> resourceIds;
-      var pm = PersistenceManager;
-      using (new PerformanceLogger("AddChildTask")) {
-        var assignedResourceDao = pm.AssignedResourceDao;
-        resourceIds = pm.UseTransaction(() => {
-          return assignedResourceDao.GetByTaskId(parentTaskId)
-            .Select(x => x.ResourceId)
-            .ToList();
-        });
+      }
       task.ParentTaskId = parentTaskId;
       return AddTask(task, taskData, resourceIds);
+      return AddTask(task, taskData);
+    }
 …
         return pm.UseTransaction(() => {
           var jobs = jobDao.GetAll()
+            .Where(x => x.OwnerUserId == currentUserId
+                     || x.JobPermissions.Count(y => y.Permission != DA.Permission.NotAllowed
+                                                 && y.GrantedUserId == currentUserId) > 0)
+            .Where(x => x.State == DA.JobState.Online
+                          && (x.OwnerUserId == currentUserId
+                            || x.JobPermissions.Count(y => y.Permission != DA.Permission.NotAllowed
+                              && y.GrantedUserId == currentUserId) > 0)
+                          )
             .Select(x => x.ToDto())
             .ToList();
+          var statistics = taskDao.GetAll()
+              .GroupBy(x => x.JobId)
+              .Select(x => new {
+                x.Key,
+                TotalCount = x.Count(),
+                CalculatingCount = x.Count(y => y.State == DA.TaskState.Calculating),
+                FinishedCount = x.Count(y => CompletedStates.Contains(y.State))
+              })
+          EvaluateJobs(pm, jobs);
+          return jobs;
+        });
+      }
+    }
+    public IEnumerable<DT.Job> GetJobsByProjectId(Guid projectId) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetJobsByProjectId")) {
+        var currentUserId = UserManager.CurrentUserId;
+        var projectDao = pm.ProjectDao;
+        var jobDao = pm.JobDao;
+        return pm.UseTransaction(() => {
+          // check if user is granted to administer the requested projectId
+          var administrationGrantedProjects = projectDao
+            .GetAdministrationGrantedProjectsForUser(currentUserId)
+            .ToList();
+          if (administrationGrantedProjects.Select(x => x.ProjectId).Contains(projectId)) {
+            var jobs = jobDao.GetByProjectId(projectId)
+            .Select(x => x.ToDto())
+            .ToList();
+            EvaluateJobs(pm, jobs);
+            return jobs;
+          } else {
+            return Enumerable.Empty<DT.Job>();
+          }
+        });
+      }
+    }
+    public IEnumerable<DT.Job> GetJobsByProjectIds(IEnumerable<Guid> projectIds) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetJobsByProjectIds")) {
+        var currentUserId = UserManager.CurrentUserId;
+        var projectDao = pm.ProjectDao;
+        var jobDao = pm.JobDao;
+        return pm.UseTransaction(() => {
+          // check for which of requested projectIds the user is granted to administer
+          var administrationGrantedProjectIds = projectDao
+            .GetAdministrationGrantedProjectsForUser(currentUserId)
+            .Select(x => x.ProjectId)
+            .ToList();
+          var requestedAndGrantedProjectIds = projectIds.Intersect(administrationGrantedProjectIds);
+          if (requestedAndGrantedProjectIds.Any()) {
+            var jobs = jobDao.GetByProjectIds(requestedAndGrantedProjectIds)
+              .Select(x => x.ToDto())
               .ToList();
+          foreach (var job in jobs) {
+            var statistic = statistics.FirstOrDefault(x => x.Key == job.Id);
+            if (statistic != null) {
+              job.JobCount = statistic.TotalCount;
+              job.CalculatingCount = statistic.CalculatingCount;
+              job.FinishedCount = statistic.FinishedCount;
+            }
+            job.OwnerUsername = UserManager.GetUserNameById(job.OwnerUserId);
+            if (currentUserId == job.OwnerUserId) {
+              job.Permission = Permission.Full;
+            } else {
+              var jobPermission = jobPermissionDao.GetByJobAndUserId(job.Id, currentUserId);
+              job.Permission = jobPermission == null ? Permission.NotAllowed : jobPermission.Permission.ToDto();
+            }
+          }
+          return jobs;
+        });
+      }
+    }
+    public Guid AddJob(DT.Job jobDto) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+            EvaluateJobs(pm, jobs);
+            return jobs;
+          } else {
+            return Enumerable.Empty<DT.Job>();
+          }
+        });
+      }
+    }
+    public Guid AddJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var dateCreated = DateTime.Now;
+      var pm = PersistenceManager;
+      // check project availability (cf. duration)
+      CheckProjectAvailability(pm, jobDto.ProjectId, dateCreated);
+      // check user - project
+      AuthorizationManager.AuthorizeUserForProjectUse(UserManager.CurrentUserId, jobDto.ProjectId);
+      // check project - resources
+      AuthorizationManager.AuthorizeProjectForResourcesUse(jobDto.ProjectId, resourceIds);
       using (new PerformanceLogger("AddJob")) {
         var jobDao = pm.JobDao;
         var userPriorityDao = pm.UserPriorityDao;
+        return pm.UseTransaction(() => {
+          jobDto.OwnerUserId = UserManager.CurrentUserId;
+          jobDto.DateCreated = DateTime.Now;
+          var job = jobDao.Save(jobDto.ToEntity());
+          if (userPriorityDao.GetById(jobDto.OwnerUserId) == null) {
+        return pm.UseTransaction(() => {
+          var newJob = jobDto.ToEntity();
+          newJob.OwnerUserId = UserManager.CurrentUserId;
+          newJob.DateCreated = dateCreated;
+          // add resource assignments
+          if (resourceIds != null && resourceIds.Any()) {
+            newJob.AssignedJobResources.AddRange(resourceIds.Select(
+              x => new DA.AssignedJobResource {
+                ResourceId = x
+              }));
+          }
+          var job = jobDao.Save(newJob);
+          if (userPriorityDao.GetById(newJob.OwnerUserId) == null) {
             userPriorityDao.Save(new DA.UserPriority {
               UserId = jobDto.OwnerUserId,
               DateEnqueued = jobDto.DateCreated
+              UserId = newJob.OwnerUserId,
+              DateEnqueued = newJob.DateCreated
             });
+          }
 …
+    }
     public void UpdateJob(DT.Job jobDto) {
+    public void UpdateJob(DT.Job jobDto, IEnumerable<Guid> resourceIds) {
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
       AuthorizationManager.AuthorizeForJob(jobDto.Id, DT.Permission.Full);
       var pm = PersistenceManager;
+      var dateUpdated = DateTime.Now;
+      // check project availability
+      CheckProjectAvailability(pm, jobDto.ProjectId, dateUpdated);
+      // check user - project permission
+      AuthorizationManager.AuthorizeUserForProjectUse(UserManager.CurrentUserId, jobDto.ProjectId);
+      // check project - resources permission
+      AuthorizationManager.AuthorizeProjectForResourcesUse(jobDto.ProjectId, resourceIds);
       using (new PerformanceLogger("UpdateJob")) {
         bool exists = true;
 …
             exists = false;
             job = new DA.Job();
+          }
+          } else if (job.State != DA.JobState.Online) {
+            throw new InvalidOperationException(NO_JOB_UPDATE_POSSIBLE);
+          }
           jobDto.CopyToEntity(job);
           if (!exists) {
+            // add resource assignments
+            if (resourceIds != null && resourceIds.Any()) {
+              job.AssignedJobResources.AddRange(resourceIds.Select(
+                x => new DA.AssignedJobResource {
+                  ResourceId = x
+                }));
+            }
             jobDao.Save(job);
+          }
+          pm.SubmitChanges();
+        });
+      }
+    }
+    public void DeleteJob(Guid jobId) {
+          } else if (resourceIds != null) {
+            var addedJobResourceIds = resourceIds.Except(job.AssignedJobResources.Select(x => x.ResourceId));
+            var removedJobResourceIds = job.AssignedJobResources
+              .Select(x => x.ResourceId)
+              .Except(resourceIds)
+              .ToArray();
+            // remove resource assignments
+            foreach (var rid in removedJobResourceIds) {
+              var ajr = job.AssignedJobResources.Where(x => x.ResourceId == rid).SingleOrDefault();
+              if (ajr != null) job.AssignedJobResources.Remove(ajr);
+            }
+            // add resource assignments
+            job.AssignedJobResources.AddRange(addedJobResourceIds.Select(
+              x => new DA.AssignedJobResource {
+                ResourceId = x
+              }));
+          }
+          pm.SubmitChanges();
+        });
+      }
+    }
+    public void UpdateJobState(Guid jobId, DT.JobState jobState) {
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
       AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full);
       var pm = PersistenceManager;
       using (new PerformanceLogger("DeleteJob")) {
+      using (new PerformanceLogger("UpdateJobState")) {
         var jobDao = pm.JobDao;
         pm.UseTransaction(() => {
+          // child task will be deleted by db-trigger
+          jobDao.Delete(jobId);
+          pm.SubmitChanges();
+        });
+          var job = jobDao.GetById(jobId);
+          if (job != null) {
+            var jobStateEntity = jobState.ToEntity();
+            // note: allow solely state changes from "Online" to "StatisticsPending" = deletion request by user for HiveStatisticGenerator
+            // and from "StatisticsPending" to "DeletionPending" = deletion request by HiveStatisticGenerator for EventManager
+            if (job.State == DA.JobState.Online && jobStateEntity == DA.JobState.StatisticsPending) {
+              job.State = jobStateEntity;
+              foreach (var task in job.Tasks
+              .Where(x => x.State == DA.TaskState.Waiting
+                || x.State == DA.TaskState.Paused
+                || x.State == DA.TaskState.Offline)) {
+                task.State = DA.TaskState.Aborted;
+              }
+              pm.SubmitChanges();
+            } else if (job.State == DA.JobState.StatisticsPending && jobStateEntity == DA.JobState.DeletionPending) {
+              job.State = jobStateEntity;
+              pm.SubmitChanges();
+            }
+          }
+        });
+      }
+    }
+    public void UpdateJobStates(IEnumerable<Guid> jobIds, DT.JobState jobState) {
+      if (jobState != JobState.StatisticsPending) return; // only process requests for "StatisticsPending"
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
+      var currentUserId = UserManager.CurrentUserId;
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("UpdateJobStates")) {
+        var jobDao = pm.JobDao;
+        var projectDao = pm.ProjectDao;
+        pm.UseTransaction(() => {
+          foreach (var jobId in jobIds) {
+            var job = jobDao.GetById(jobId);
+            if (job != null) {
+              var administrationGrantedProjects = projectDao
+                .GetAdministrationGrantedProjectsForUser(currentUserId)
+                .ToList();
+              // check if user is granted to administer the job-parenting project
+              if (isAdministrator || administrationGrantedProjects.Contains(job.Project)) {
+                // note: allow solely state changes from "Online" to "StatisticsPending" = deletion request by user for HiveStatisticGenerator
+                if (job.State == DA.JobState.Online) {
+                  job.State = DA.JobState.StatisticsPending;
+                  foreach (var task in job.Tasks
+                  .Where(x => x.State == DA.TaskState.Waiting
+                    || x.State == DA.TaskState.Paused
+                    || x.State == DA.TaskState.Offline)) {
+                    task.State = DA.TaskState.Aborted;
+                  }
+                  pm.SubmitChanges();
+                }
+              }
+            }
+          }
+        });
+      }
+    }
+    public IEnumerable<DT.AssignedJobResource> GetAssignedResourcesForJob(Guid jobId) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full);
+      var pm = PersistenceManager;
+      var assignedJobResourceDao = pm.AssignedJobResourceDao;
+      using (new PerformanceLogger("GetAssignedResourcesForProject")) {
+        return pm.UseTransaction(() =>
+          assignedJobResourceDao.GetByJobId(jobId)
+          .Select(x => x.ToDto())
+          .ToList()
+        );
+      }
+    }
 …
           result = HeartbeatManager.ProcessHeartbeat(heartbeat);
+        }
+      }
+      catch (Exception ex) {
+      } catch (Exception ex) {
         DA.LogFactory.GetLogger(this.GetType().Namespace).Log(string.Format("Exception processing Heartbeat: {0}", ex));
+      }
 …
     #endregion
+    #region ResourcePermission Methods
+    public void GrantResourcePermissions(Guid resourceId, Guid[] grantedUserIds) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GrantResourcePermissions")) {
+        pm.UseTransaction(() => {
+          var resource = AuthorizeForResource(pm, resourceId);
+          var resourcePermissions = resource.ResourcePermissions.ToList();
+    #region Project Methods
+    public Guid AddProject(DT.Project projectDto) {
+      if (projectDto == null || projectDto.Id != Guid.Empty) return Guid.Empty;
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      // check if current (non-admin) user is owner of one of projectDto's-parents
+      // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry)
+      bool isAdmin = RoleVerifier.IsInRole(HiveRoles.Administrator);
+      if (!isAdmin) {
+        if (projectDto != null && projectDto.ParentProjectId.HasValue) {
+          AuthorizationManager.AuthorizeForProjectAdministration(projectDto.ParentProjectId.Value, false);
+        } else {
+          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
+        }
+      }
+      // check that non-admins can not be set as owner of root projects
+      if (projectDto != null && !projectDto.ParentProjectId.HasValue) {
+        var owner = UserManager.GetUserById(projectDto.OwnerUserId);
+        if (owner == null || !RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)) {
+          throw new SecurityException(NOT_AUTHORIZED_PROJECTOWNER);
+        }
+      }
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("AddProject")) {
+        var projectDao = pm.ProjectDao;
+        return pm.UseTransaction(() => {
+          var project = projectDao.Save(projectDto.ToEntity());
+          var parentProjects = projectDao.GetParentProjectsById(project.ProjectId).ToList();
+          bool isParent = parentProjects.Select(x => x.OwnerUserId == UserManager.CurrentUserId).Any();
+          // if user is no admin, but owner of a parent project
+          // check start/end date time boundaries of parent projects before updating child project
+          if (!isAdmin) {
+            var parentProject = parentProjects.Where(x => x.ProjectId == project.ParentProjectId).FirstOrDefault();
+            if (parentProject != null) {
+              if (project.StartDate < parentProject.StartDate) project.StartDate = parentProject.StartDate;
+              if ((parentProject.EndDate.HasValue && project.EndDate.HasValue && project.EndDate > parentProject.EndDate)
+              || (parentProject.EndDate.HasValue && !project.EndDate.HasValue))
+                project.EndDate = parentProject.EndDate;
+            }
+          }
+          project.ProjectPermissions.Clear();
+          project.ProjectPermissions.Add(new DA.ProjectPermission {
+            GrantedUserId = project.OwnerUserId,
+            GrantedByUserId = UserManager.CurrentUserId
+          });
+          pm.SubmitChanges();
+          return project.ProjectId;
+        });
+      }
+    }
+    public void UpdateProject(DT.Project projectDto) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      // check if current (non-admin) user is owner of the project or the projectDto's-parents
+      // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry)
+      bool isAdmin = RoleVerifier.IsInRole(HiveRoles.Administrator);
+      if (!isAdmin) {
+        if (projectDto != null && projectDto.ParentProjectId.HasValue) {
+          AuthorizationManager.AuthorizeForProjectAdministration(projectDto.Id, false);
+        } else {
+          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
+        }
+      }
+      // check that non-admins can not be set as owner of root projects
+      if (projectDto != null && !projectDto.ParentProjectId.HasValue) {
+        var owner = UserManager.GetUserById(projectDto.OwnerUserId);
+        if (owner == null || !RoleVerifier.IsUserInRole(owner.UserName, HiveRoles.Administrator)) {
+          throw new SecurityException(NOT_AUTHORIZED_PROJECTOWNER);
+        }
+      }
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("UpdateProject")) {
+        var projectDao = pm.ProjectDao;
+        var assignedJobResourceDao = pm.AssignedJobResourceDao;
+        pm.UseTransaction(() => {
+          var project = projectDao.GetById(projectDto.Id);
+          if (project != null) { // (1) update existent project
+            var parentProjects = projectDao.GetParentProjectsById(project.ProjectId).ToList();
+            bool isParent = parentProjects.Select(x => x.OwnerUserId == UserManager.CurrentUserId).Any();
+            var formerOwnerId = project.OwnerUserId;
+            var formerStartDate = project.StartDate;
+            var formerEndDate = project.EndDate;
+            projectDto.CopyToEntity(project);
+            // if user is no admin, but owner of parent project(s)
+            // check start/end date time boundaries of parent projects before updating child project
+            if (!isAdmin && isParent) {
+              var parentProject = parentProjects.Where(x => x.ProjectId == project.ParentProjectId).FirstOrDefault();
+              if (parentProject != null) {
+                if (project.StartDate < parentProject.StartDate) project.StartDate = formerStartDate;
+                if ((parentProject.EndDate.HasValue && project.EndDate.HasValue && project.EndDate > parentProject.EndDate)
+                || (parentProject.EndDate.HasValue && !project.EndDate.HasValue))
+                  project.EndDate = formerEndDate;
+              }
+            }
+            // if user is admin or owner of parent project(s)
+            if (isAdmin || isParent) {
+              // if owner has changed...
+              if (formerOwnerId != projectDto.OwnerUserId) {
+                // Add permission for new owner if not already done
+                if (!project.ProjectPermissions
+                  .Select(pp => pp.GrantedUserId)
+                  .Contains(projectDto.OwnerUserId)) {
+                  project.ProjectPermissions.Add(new DA.ProjectPermission {
+                    GrantedUserId = projectDto.OwnerUserId,
+                    GrantedByUserId = UserManager.CurrentUserId
+                  });
+                }
+              }
+            } else { // if user is only owner of current project, but no admin and no owner of parent project(s)
+              project.OwnerUserId = formerOwnerId;
+              project.StartDate = formerStartDate;
+              project.EndDate = formerEndDate;
+            }
+          } else { // (2) save new project
+            var newProject = projectDao.Save(projectDto.ToEntity());
+            var parentProjects = projectDao.GetParentProjectsById(project.ProjectId).ToList();
+            bool isParent = parentProjects.Select(x => x.OwnerUserId == UserManager.CurrentUserId).Any();
+            // if user is no admin, but owner of a parent project
+            // check start/end date time boundaries of parent projects before updating child project
+            if (!isAdmin) {
+              var parentProject = parentProjects.Where(x => x.ProjectId == project.ParentProjectId).FirstOrDefault();
+              if (parentProject != null) {
+                if (project.StartDate < parentProject.StartDate) project.StartDate = parentProject.StartDate;
+                if ((parentProject.EndDate.HasValue && project.EndDate.HasValue && project.EndDate > parentProject.EndDate)
+                || (parentProject.EndDate.HasValue && !project.EndDate.HasValue))
+                  project.EndDate = parentProject.EndDate;
+              }
+            }
+            newProject.ProjectPermissions.Clear();
+            newProject.ProjectPermissions.Add(new DA.ProjectPermission {
+              GrantedUserId = projectDto.OwnerUserId,
+              GrantedByUserId = UserManager.CurrentUserId
+            });
+          }
+          pm.SubmitChanges();
+        });
+      }
+    }
+    public void DeleteProject(Guid projectId) {
+      if (projectId == Guid.Empty) return;
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      // check if current (non-admin) user is owner of one of the projectDto's-parents
+      // note: non-admin users are not allowed to administer root projects (i.e. projects without parental entry)
+      if (!RoleVerifier.IsInRole(HiveRoles.Administrator)) {
+        AuthorizationManager.AuthorizeForProjectAdministration(projectId, true);
+      }
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("DeleteProject")) {
+        var projectDao = pm.ProjectDao;
+        var jobDao = pm.JobDao;
+        var assignedJobResourceDao = pm.AssignedJobResourceDao;
+        pm.UseTransaction(() => {
+          var projectIds = new HashSet<Guid> { projectId };
+          projectIds.Union(projectDao.GetChildProjectIdsById(projectId));
+          var jobs = jobDao.GetByProjectIds(projectIds)
+            .Select(x => x.ToDto())
+            .ToList();
+          if (jobs.Count > 0) {
+            throw new InvalidOperationException("There are " + jobs.Count + " job(s) using this project and/or child-projects. It is necessary to delete them before the project.");
+          } else {
+            assignedJobResourceDao.DeleteByProjectIds(projectIds);
+            projectDao.DeleteByIds(projectIds);
+            pm.SubmitChanges();
+          }
+        });
+      }
+    }
+    // query granted project for use (i.e. to calculate on)
+    public DT.Project GetProject(Guid projectId) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetProject")) {
+        var projectDao = pm.ProjectDao;
+        var currentUserId = UserManager.CurrentUserId;
+        var userAndGroupIds = new List<Guid> { currentUserId };
+        userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(currentUserId));
+        return pm.UseTransaction(() => {
+          return projectDao.GetUsageGrantedProjectsForUser(userAndGroupIds)
+          .Where(x => x.ProjectId == projectId)
+          .Select(x => x.ToDto())
+          .SingleOrDefault();
+        });
+      }
+    }
+    // query granted projects for use (i.e. to calculate on)
+    public IEnumerable<DT.Project> GetProjects() {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetProjects")) {
+        var projectDao = pm.ProjectDao;
+        var currentUserId = UserManager.CurrentUserId;
+        var userAndGroupIds = new List<Guid> { currentUserId };
+        userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(currentUserId));
+        return pm.UseTransaction(() => {
+          var projects = projectDao.GetUsageGrantedProjectsForUser(userAndGroupIds)
+            .Select(x => x.ToDto()).ToList();
+          var now = DateTime.Now;
+          return projects.Where(x => x.StartDate <= now && (x.EndDate == null || x.EndDate >= now)).ToList();
+        });
+      }
+    }
+    public IEnumerable<DT.Project> GetProjectsForAdministration() {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetProjectsForAdministration")) {
+        var projectDao = pm.ProjectDao;
+        return pm.UseTransaction(() => {
+          if (isAdministrator) {
+            return projectDao.GetAll().Select(x => x.ToDto()).ToList();
+          } else {
+            var currentUserId = UserManager.CurrentUserId;
+            return projectDao.GetAdministrationGrantedProjectsForUser(currentUserId)
+              .Select(x => x.ToDto()).ToList();
+          }
+        });
+      }
+    }
+    public IDictionary<Guid, HashSet<Guid>> GetProjectGenealogy() {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetProjectGenealogy")) {
+        var projectDao = pm.ProjectDao;
+        var projectAncestors = new Dictionary<Guid, HashSet<Guid>>();
+        return pm.UseTransaction(() => {
+          var projects = projectDao.GetAll().ToList();
+          projects.ForEach(p => projectAncestors.Add(p.ProjectId, new HashSet<Guid>()));
+          foreach (var p in projects) {
+            var parentProject = p.ParentProject;
+            while (parentProject != null) {
+              projectAncestors[p.ProjectId].Add(parentProject.ProjectId);
+              parentProject = parentProject.ParentProject;
+            }
+          }
+          return projectAncestors;
+        });
+      }
+    }
+    public IDictionary<Guid, string> GetProjectNames() {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetProjectNames")) {
+        var projectDao = pm.ProjectDao;
+        var projectNames = new Dictionary<Guid, string>();
+        return pm.UseTransaction(() => {
+          projectDao
+            .GetAll().ToList()
+            .ForEach(p => projectNames.Add(p.ProjectId, p.Name));
+          return projectNames;
+        });
+      }
+    }
+    #endregion
+    #region ProjectPermission Methods
+    public void SaveProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool reassign, bool cascading, bool reassignCascading) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      if (projectId == null || grantedUserIds == null) return;
+      AuthorizationManager.AuthorizeForProjectAdministration(projectId, false);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("SaveProjectPermissions")) {
+        var projectDao = pm.ProjectDao;
+        var projectPermissionDao = pm.ProjectPermissionDao;
+        var assignedJobResourceDao = pm.AssignedJobResourceDao;
+        pm.UseTransaction(() => {
+          var project = projectDao.GetById(projectId);
+          if (project == null) return;
+          var projectPermissions = project.ProjectPermissions.Select(x => x.GrantedUserId).ToArray();
+          // guarantee that project owner is always permitted
+          if (!grantedUserIds.Contains(project.OwnerUserId)) {
+            grantedUserIds.Add(project.OwnerUserId);
+          }
+          //var addedPermissions = grantedUserIds.Except(projectPermissions);
+          var removedPermissions = projectPermissions.Except(grantedUserIds);
+          // remove job assignments and project permissions
+          if (reassign) {
+            assignedJobResourceDao.DeleteByProjectId(project.ProjectId);
+            project.ProjectPermissions.Clear();
+          } else {
+            var ugt = GetUserGroupTree();
+            var permittedGuids = new HashSet<Guid>(); // User- and Group-Guids
+            var notpermittedGuids = new HashSet<Guid>();
+            // remove job assignments:
+            // (1) get all member-Guids of all still or fresh permitted user/groups
+            foreach (var item in grantedUserIds) {
+              permittedGuids.Add(item);
+              if (ugt.ContainsKey(item)) {
+                ugt[item].ToList().ForEach(x => permittedGuids.Add(x));
+              }
+            }
+            // (2) get all member-Guids of users and groups in removedPermissions
+            foreach (var item in removedPermissions) {
+              notpermittedGuids.Add(item);
+              if (ugt.ContainsKey(item)) {
+                ugt[item].ToList().ForEach(x => notpermittedGuids.Add(x));
+              }
+            }
+            // (3) get all Guids which are in removedPermissions but not in grantedUserIds
+            var definitelyNotPermittedGuids = notpermittedGuids.Except(permittedGuids);
+            // (4) delete jobs of those
+            assignedJobResourceDao.DeleteByProjectIdAndUserIds(project.ProjectId, definitelyNotPermittedGuids);
+            // remove project permissions
+            foreach (var item in project.ProjectPermissions
+              .Where(x => removedPermissions.Contains(x.GrantedUserId))
+              .ToList()) {
+              project.ProjectPermissions.Remove(item);
+            }
+          }
+          pm.SubmitChanges();
+          // add project permissions
           foreach (var id in grantedUserIds) {
             if (resourcePermissions.All(x => x.GrantedUserId != id)) {
               resource.ResourcePermissions.Add(new DA.ResourcePermission {
+            if (project.ProjectPermissions.All(x => x.GrantedUserId != id)) {
+              project.ProjectPermissions.Add(new DA.ProjectPermission {
                 GrantedUserId = id,
                 GrantedByUserId = UserManager.CurrentUserId
 …
+          }
           pm.SubmitChanges();
+        });
+      }
+    }
+    public void RevokeResourcePermissions(Guid resourceId, Guid[] grantedUserIds) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("RevokeResourcePermissions")) {
+        var resourcePermissionDao = pm.ResourcePermissionDao;
+        pm.UseTransaction(() => {
+          AuthorizeForResource(pm, resourceId);
+          resourcePermissionDao.DeleteByResourceAndGrantedUserId(resourceId, grantedUserIds);
+          pm.SubmitChanges();
+        });
+      }
+    }
+    public IEnumerable<DT.ResourcePermission> GetResourcePermissions(Guid resourceId) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetResourcePermissions")) {
+        var resourcePermissionDao = pm.ResourcePermissionDao;
+        return pm.UseTransaction(() => resourcePermissionDao.GetByResourceId(resourceId)
+          if (cascading) {
+            var childProjects = projectDao.GetChildProjectsById(projectId).ToList();
+            var childProjectIds = childProjects.Select(x => x.ProjectId).ToList();
+            // remove job assignments
+            if (reassignCascading) {
+              assignedJobResourceDao.DeleteByProjectIds(childProjectIds);
+            } else {
+              assignedJobResourceDao.DeleteByProjectIdsAndUserIds(childProjectIds, removedPermissions);
+            }
+            foreach (var p in childProjects) {
+              var cpAssignedPermissions = p.ProjectPermissions.Select(x => x.GrantedUserId).ToList();
+              // guarantee that project owner is always permitted
+              if (!cpAssignedPermissions.Contains(p.OwnerUserId)) {
+                cpAssignedPermissions.Add(p.OwnerUserId);
+              }
+              var cpRemovedPermissions = cpAssignedPermissions.Where(x => x != p.OwnerUserId).Except(grantedUserIds);
+              // remove left-over job assignments (for non-reassignments)
+              if (!reassignCascading) {
+                assignedJobResourceDao.DeleteByProjectIdAndUserIds(p.ProjectId, cpRemovedPermissions);
+              }
+              // remove project permissions
+              if (reassignCascading) {
+                p.ProjectPermissions.Clear();
+              } else {
+                foreach (var item in p.ProjectPermissions
+                  .Where(x => x.GrantedUserId != p.OwnerUserId
+                    && (removedPermissions.Contains(x.GrantedUserId) || cpRemovedPermissions.Contains(x.GrantedUserId)))
+                  .ToList()) {
+                  p.ProjectPermissions.Remove(item);
+                }
+              }
+              pm.SubmitChanges();
+              // add project permissions
+              var cpGrantedUserIds = new HashSet<Guid>(grantedUserIds);
+              cpGrantedUserIds.Add(p.OwnerUserId);
+              foreach (var id in cpGrantedUserIds) {
+                if (p.ProjectPermissions.All(x => x.GrantedUserId != id)) {
+                  p.ProjectPermissions.Add(new DA.ProjectPermission {
+                    GrantedUserId = id,
+                    GrantedByUserId = UserManager.CurrentUserId
+                  });
+                }
+              }
+            }
+          }
+          pm.SubmitChanges();
+        });
+      }
+    }
+    //private void GrantProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading) {
+    //  throw new NotImplementedException();
+    //}
+    //private void RevokeProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading) {
+    //  RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+    //  if (projectId == null || grantedUserIds == null || !grantedUserIds.Any()) return;
+    //  AuthorizationManager.AuthorizeForProjectAdministration(projectId, false);
+    //  var pm = PersistenceManager;
+    //  using (new PerformanceLogger("RevokeProjectPermissions")) {
+    //    var projectPermissionDao = pm.ProjectPermissionDao;
+    //    var projectDao = pm.ProjectDao;
+    //    var assignedJobResourceDao = pm.AssignedJobResourceDao;
+    //    pm.UseTransaction(() => {
+    //      if (cascading) {
+    //        var childProjectIds = projectDao.GetChildProjectIdsById(projectId).ToList();
+    //        projectPermissionDao.DeleteByProjectIdsAndGrantedUserIds(childProjectIds, grantedUserIds);
+    //        assignedJobResourceDao.DeleteByProjectIdsAndUserIds(childProjectIds, grantedUserIds);
+    //      }
+    //      projectPermissionDao.DeleteByProjectIdAndGrantedUserIds(projectId, grantedUserIds);
+    //      assignedJobResourceDao.DeleteByProjectIdAndUserIds(projectId, grantedUserIds);
+    //      pm.SubmitChanges();
+    //    });
+    //  }
+    //}
+    public IEnumerable<DT.ProjectPermission> GetProjectPermissions(Guid projectId) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      AuthorizationManager.AuthorizeForProjectAdministration(projectId, false);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetProjectPermissions")) {
+        var projectPermissionDao = pm.ProjectPermissionDao;
+        return pm.UseTransaction(() => projectPermissionDao.GetByProjectId(projectId)
           .Select(x => x.ToDto())
           .ToList()
 …
     #endregion
+    #region AssignedProjectResource Methods
+    // basic: remove and add assignments (resourceIds) to projectId and its depending jobs
+    // reassign: clear all assignments from project and its depending jobs, before adding new ones (resourceIds)
+    // cascading: "basic" mode for child-projects
+    // reassignCascading: "reassign" mode for child-projects
+    public void SaveProjectResourceAssignments(Guid projectId, List<Guid> resourceIds, bool reassign, bool cascading, bool reassignCascading) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      if (projectId == null || resourceIds == null) return;
+      AuthorizationManager.AuthorizeForProjectResourceAdministration(projectId, resourceIds);
+      bool isAdmin = RoleVerifier.IsInRole(HiveRoles.Administrator);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("SaveProjectResourceAssignments")) {
+        var projectDao = pm.ProjectDao;
+        var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+        var assignedJobResourceDao = pm.AssignedJobResourceDao;
+        pm.UseTransaction(() => {
+          var project = projectDao.GetById(projectId);
+          var parentProjects = projectDao.GetParentProjectsById(project.ProjectId).ToList();
+          bool isParent = parentProjects.Select(x => x.OwnerUserId == UserManager.CurrentUserId).Any();
+          var assignedResources = project.AssignedProjectResources.Select(x => x.ResourceId).ToArray();
+          if (!isParent) resourceIds = assignedResources.ToList();
+          var removedAssignments = assignedResources.Except(resourceIds);
+          // if user is admin or owner of parent project(s)
+          if (isAdmin || isParent) {
+            // remove job and project assignments
+            if (reassign) {
+              assignedJobResourceDao.DeleteByProjectId(project.ProjectId);
+              project.AssignedProjectResources.Clear();
+            } else {
+              assignedJobResourceDao.DeleteByProjectIdAndResourceIds(projectId, removedAssignments);
+              foreach (var item in project.AssignedProjectResources
+                .Where(x => removedAssignments.Contains(x.ResourceId))
+                .ToList()) {
+                project.AssignedProjectResources.Remove(item);
+              }
+            }
+            pm.SubmitChanges();
+            // add project assignments
+            foreach (var id in resourceIds) {
+              if (project.AssignedProjectResources.All(x => x.ResourceId != id)) {
+                project.AssignedProjectResources.Add(new DA.AssignedProjectResource {
+                  ResourceId = id
+                });
+              }
+            }
+            pm.SubmitChanges();
+          }
+          // if user is admin, project owner or owner of parent projects
+          if (cascading) {
+            var childProjects = projectDao.GetChildProjectsById(projectId).ToList();
+            var childProjectIds = childProjects.Select(x => x.ProjectId).ToList();
+            // remove job assignments
+            if (reassignCascading) {
+              assignedJobResourceDao.DeleteByProjectIds(childProjectIds);
+            } else {
+              assignedJobResourceDao.DeleteByProjectIdsAndResourceIds(childProjectIds, removedAssignments);
+            }
+            foreach (var p in childProjects) {
+              var cpAssignedResources = p.AssignedProjectResources.Select(x => x.ResourceId).ToArray();
+              var cpRemovedAssignments = cpAssignedResources.Except(resourceIds);
+              // remove left-over job assignments (for non-reassignments)
+              if (!reassignCascading) {
+                assignedJobResourceDao.DeleteByProjectIdAndResourceIds(p.ProjectId, cpRemovedAssignments);
+              }
+              // remove project assignments
+              if (reassignCascading) {
+                p.AssignedProjectResources.Clear();
+              } else {
+                foreach (var item in p.AssignedProjectResources
+                  .Where(x => removedAssignments.Contains(x.ResourceId) || cpRemovedAssignments.Contains(x.ResourceId))
+                  .ToList()) {
+                  p.AssignedProjectResources.Remove(item);
+                }
+              }
+              pm.SubmitChanges();
+              // add project assignments
+              foreach (var id in resourceIds) {
+                if (p.AssignedProjectResources.All(x => x.ResourceId != id)) {
+                  p.AssignedProjectResources.Add(new DA.AssignedProjectResource {
+                    ResourceId = id
+                  });
+                }
+              }
+            }
+          }
+          pm.SubmitChanges();
+        });
+      }
+    }
+    //private void AssignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading) {
+    //  throw new NotImplementedException();
+    //}
+    //private void UnassignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading) {
+    //  RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+    //  if (projectId == null || resourceIds == null || !resourceIds.Any()) return;
+    //  AuthorizationManager.AuthorizeForProjectResourceAdministration(projectId, resourceIds);
+    //  var pm = PersistenceManager;
+    //  using (new PerformanceLogger("UnassignProjectResources")) {
+    //    var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+    //    var assignedJobResourceDao = pm.AssignedJobResourceDao;
+    //    var projectDao = pm.ProjectDao;
+    //    pm.UseTransaction(() => {
+    //      if (cascading) {
+    //        var childProjectIds = projectDao.GetChildProjectIdsById(projectId).ToList();
+    //        assignedProjectResourceDao.DeleteByProjectIdsAndResourceIds(childProjectIds, resourceIds);
+    //        assignedJobResourceDao.DeleteByProjectIdsAndResourceIds(childProjectIds, resourceIds);
+    //      }
+    //      assignedProjectResourceDao.DeleteByProjectIdAndResourceIds(projectId, resourceIds);
+    //      assignedJobResourceDao.DeleteByProjectIdAndResourceIds(projectId, resourceIds);
+    //      pm.SubmitChanges();
+    //    });
+    //  }
+    //}
+    public IEnumerable<DT.AssignedProjectResource> GetAssignedResourcesForProject(Guid projectId) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      AuthorizationManager.AuthorizeUserForProjectUse(UserManager.CurrentUserId, projectId);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetAssignedResourcesForProject")) {
+        var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+        return pm.UseTransaction(() => assignedProjectResourceDao.GetByProjectId(projectId)
+          .Select(x => x.ToDto())
+          .ToList()
+        );
+      }
+    }
+    public IEnumerable<DT.AssignedProjectResource> GetAssignedResourcesForProjectAdministration(Guid projectId) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      AuthorizationManager.AuthorizeForProjectAdministration(projectId, false);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetAssignedResourcesForProject")) {
+        var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+        return pm.UseTransaction(() => assignedProjectResourceDao.GetByProjectId(projectId)
+          .Select(x => x.ToDto())
+          .ToList()
+        );
+      }
+    }
+    public IEnumerable<DT.AssignedProjectResource> GetAssignedResourcesForProjectsAdministration(IEnumerable<Guid> projectIds) {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      foreach (var id in projectIds)
+        AuthorizationManager.AuthorizeForProjectAdministration(id, false);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetAssignedResourcesForProject")) {
+        var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+        var assignments = new List<DT.AssignedProjectResource>();
+        pm.UseTransaction(() => {
+          foreach (var id in projectIds) {
+            assignments.AddRange(assignedProjectResourceDao.GetByProjectId(id)
+              .Select(x => x.ToDto()));
+          }
+        });
+        return assignments.Distinct();
+      }
+    }
+    #endregion
     #region Slave Methods
     public Guid AddSlave(DT.Slave slaveDto) {
 …
     public Guid AddSlaveGroup(DT.SlaveGroup slaveGroupDto) {
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator);
       var pm = PersistenceManager;
       using (new PerformanceLogger("AddSlaveGroup")) {
 …
+    }
+    // query granted slaves for use (i.e. to calculate on)
     public IEnumerable<DT.Slave> GetSlaves() {
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
-      bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
       var pm = PersistenceManager;
       using (new PerformanceLogger("GetSlaves")) {
         var slaveDao = pm.SlaveDao;
+        var resourcePermissionDao = pm.ResourcePermissionDao;
+        var projectDao = pm.ProjectDao;
+        var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+        // collect user information
         var currentUserId = UserManager.CurrentUserId;
+        return pm.UseTransaction(() => {
+          var resourcePermissions = resourcePermissionDao.GetAll();
+          return slaveDao.GetAll().ToList()
+            .Where(x => isAdministrator
+              || x.OwnerUserId == null
+              || x.OwnerUserId == currentUserId
+              || UserManager.VerifyUser(currentUserId, resourcePermissions
+                  .Where(y => y.ResourceId == x.ResourceId)
+                  .Select(z => z.GrantedUserId)
+                  .ToList())
+              )
+        var userAndGroupIds = new List<Guid> { currentUserId };
+        userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(currentUserId));
+        return pm.UseTransaction(() => {
+          var slaves = slaveDao.GetAll()
             .Select(x => x.ToDto())
             .ToList();
+        });
+      }
+    }
+          var grantedProjectIds = projectDao.GetUsageGrantedProjectsForUser(userAndGroupIds)
+            .Select(x => x.ProjectId)
+            .ToList();
+          var grantedResourceIds = assignedProjectResourceDao.GetAllGrantedResourcesByProjectIds(grantedProjectIds)
+            .Select(x => x.ResourceId)
+            .ToList();
+          return slaves
+            .Where(x => grantedResourceIds.Contains(x.Id))
+            .ToList();
+        });
+      }
+    }
+    // query granted slave groups for use (i.e. to calculate on)
     public IEnumerable<DT.SlaveGroup> GetSlaveGroups() {
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
-      bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
       var pm = PersistenceManager;
       using (new PerformanceLogger("GetSlaveGroups")) {
         var slaveGroupDao = pm.SlaveGroupDao;
+        var resourcePermissionDao = pm.ResourcePermissionDao;
+        var projectDao = pm.ProjectDao;
+        var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+        // collect user information
         var currentUserId = UserManager.CurrentUserId;
+        return pm.UseTransaction(() => {
+          var resourcePermissions = resourcePermissionDao.GetAll();
+          return slaveGroupDao.GetAll().ToList()
+            .Where(x => isAdministrator
+              || x.OwnerUserId == null
+              || x.OwnerUserId == currentUserId
+              || UserManager.VerifyUser(currentUserId, resourcePermissions
+                  .Where(y => y.ResourceId == x.ResourceId)
+                  .Select(z => z.GrantedUserId)
+                  .ToList())
+              )
+        var userAndGroupIds = new List<Guid> { currentUserId };
+        userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(currentUserId));
+        return pm.UseTransaction(() => {
+          var slaveGroups = slaveGroupDao.GetAll()
             .Select(x => x.ToDto())
             .ToList();
+          var grantedProjectIds = projectDao.GetUsageGrantedProjectsForUser(userAndGroupIds)
+            .Select(x => x.ProjectId)
+            .ToList();
+          var grantedResourceIds = assignedProjectResourceDao.GetAllGrantedResourcesByProjectIds(grantedProjectIds)
+            .Select(x => x.ResourceId)
+            .ToList();
+          return slaveGroups
+            .Where(x => grantedResourceIds.Contains(x.Id))
+            .ToList();
+        });
+      }
+    }
+    // query granted slaves for resource administration
+    public IEnumerable<DT.Slave> GetSlavesForAdministration() {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetSlavesForAdministration")) {
+        var slaveDao = pm.SlaveDao;
+        var currentUserId = UserManager.CurrentUserId;
+        if (isAdministrator) {
+          return pm.UseTransaction(() => {
+            return slaveDao.GetAll()
+              .Select(x => x.ToDto())
+              .ToList();
+          });
+        } else {
+          var slaves = slaveDao.GetAll()
+            .Select(x => x.ToDto())
+            .ToList();
+          var projectDao = pm.ProjectDao;
+          var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+          var projects = projectDao.GetAdministrationGrantedProjectsForUser(currentUserId).ToList();
+          var resourceIds = assignedProjectResourceDao
+            .GetAllGrantedResourcesByProjectIds(projects.Select(x => x.ProjectId).ToList())
+            .Select(x => x.ResourceId)
+            .ToList();
+          return slaves
+            .Where(x => resourceIds.Contains(x.Id))
+            .ToList();
+        }
+      }
+    }
+    // query granted slave groups for resource administration
+    public IEnumerable<DT.SlaveGroup> GetSlaveGroupsForAdministration() {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetSlaveGroupsForAdministration")) {
+        var slaveGroupDao = pm.SlaveGroupDao;
+        var currentUserId = UserManager.CurrentUserId;
+        if (isAdministrator) {
+          return pm.UseTransaction(() => {
+            return slaveGroupDao.GetAll()
+              .Select(x => x.ToDto())
+              .ToList();
+          });
+        } else {
+          var slaveGroups = slaveGroupDao.GetAll()
+            .Select(x => x.ToDto())
+            .ToList();
+          var projectDao = pm.ProjectDao;
+          var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+          var projects = projectDao.GetAdministrationGrantedProjectsForUser(currentUserId).ToList();
+          var resourceIds = assignedProjectResourceDao
+            .GetAllGrantedResourcesByProjectIds(projects.Select(x => x.ProjectId).ToList())
+            .Select(x => x.ResourceId)
+            .ToList();
+          return slaveGroups
+            .Where(x => resourceIds.Contains(x.Id))
+            .ToList();
+        }
+      }
+    }
+    public IDictionary<Guid, HashSet<Guid>> GetResourceGenealogy() {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetResourceGenealogy")) {
+        var resourceDao = pm.ResourceDao;
+        var resourceAncestors = new Dictionary<Guid, HashSet<Guid>>();
+        return pm.UseTransaction(() => {
+          var resources = resourceDao.GetAll().ToList();
+          resources.ForEach(r => resourceAncestors.Add(r.ResourceId, new HashSet<Guid>()));
+          foreach (var r in resources) {
+            var parentResource = r.ParentResource;
+            while (parentResource != null) {
+              resourceAncestors[r.ResourceId].Add(parentResource.ResourceId);
+              parentResource = parentResource.ParentResource;
+            }
+          }
+          return resourceAncestors;
+        });
+      }
+    }
+    public IDictionary<Guid, string> GetResourceNames() {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("GetResourceNames")) {
+        var resourceDao = pm.ResourceDao;
+        var resourceNames = new Dictionary<Guid, string>();
+        return pm.UseTransaction(() => {
+          resourceDao
+            .GetAll().ToList()
+            .ForEach(p => resourceNames.Add(p.ResourceId, p.Name));
+          return resourceNames;
         });
+      }
 …
     public void UpdateSlave(DT.Slave slaveDto) {
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      if (slaveDto == null) return;
+      AuthorizationManager.AuthorizeForResourceAdministration(slaveDto.Id);
       var pm = PersistenceManager;
       using (new PerformanceLogger("UpdateSlave")) {
 …
     public void UpdateSlaveGroup(DT.SlaveGroup slaveGroupDto) {
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      if (slaveGroupDto == null) return;
+      AuthorizationManager.AuthorizeForResourceAdministration(slaveGroupDto.Id);
       var pm = PersistenceManager;
       using (new PerformanceLogger("UpdateSlaveGroup")) {
 …
     public void DeleteSlave(Guid slaveId) {
+      if (slaveId == Guid.Empty) return;
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
       AuthorizationManager.AuthorizeForResourceAdministration(slaveId);
 …
     public void DeleteSlaveGroup(Guid slaveGroupId) {
+      if (slaveGroupId == Guid.Empty) return;
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
       AuthorizationManager.AuthorizeForResourceAdministration(slaveGroupId);
       var pm = PersistenceManager;
       using (new PerformanceLogger("DeleteSlaveGroup")) {
+        var slaveGroupDao = pm.SlaveGroupDao;
+        pm.UseTransaction(() => {
+          slaveGroupDao.Delete(slaveGroupId);
+        var resourceDao = pm.ResourceDao;
+        pm.UseTransaction(() => {
+          var resourceIds = new HashSet<Guid> { slaveGroupId };
+          resourceIds.Union(resourceDao.GetChildResourceIdsById(slaveGroupId));
+          resourceDao.DeleteByIds(resourceIds);
           pm.SubmitChanges();
         });
 …
       var user = ServiceLocator.Instance.UserManager.GetUserByName(username);
       return user != null ? (Guid?)user.ProviderUserKey ?? Guid.Empty : Guid.Empty;
+    }
+    public Dictionary<Guid, HashSet<Guid>> GetUserGroupTree() {
+      var userGroupTree = new Dictionary<Guid, HashSet<Guid>>();
+      var userGroupMapping = UserManager.GetUserGroupMapping();
+      foreach (var ugm in userGroupMapping) {
+        if (ugm.Parent == null || ugm.Child == null) continue;
+        if (!userGroupTree.ContainsKey(ugm.Parent)) {
+          userGroupTree.Add(ugm.Parent, new HashSet<Guid>());
+        }
+        userGroupTree[ugm.Parent].Add(ugm.Child);
+      }
+      return userGroupTree;
+    }
+    public bool CheckAccessToAdminAreaGranted() {
+      RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
+      var pm = PersistenceManager;
+      using (new PerformanceLogger("CheckAccessToAdminAreaGranted")) {
+        if (isAdministrator) {
+          return true;
+        } else {
+          var projectDao = pm.ProjectDao;
+          var currentUserId = UserManager.CurrentUserId;
+          return projectDao.GetAdministrationGrantedProjectsForUser(currentUserId).Any();
+        }
+      }
+    }
     #endregion
 …
+    }
+    private DA.Resource AuthorizeForResource(IPersistenceManager pm, Guid resourceId) {
+      var resourceDao = pm.ResourceDao;
+      var resource = resourceDao.GetById(resourceId);
+      if (resource == null) throw new SecurityException("Not authorized");
+      if (resource.OwnerUserId != UserManager.CurrentUserId
+          && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
+        throw new SecurityException("Not authorized");
+      }
+      return resource;
+    private void CheckProjectAvailability(IPersistenceManager pm, Guid projectId, DateTime date) {
+      var projectDao = pm.ProjectDao;
+      using (new PerformanceLogger("UpdateJob")) {
+        var project = pm.UseTransaction(() => {
+          return projectDao.GetById(projectId);
+        });
+        if (project != null) {
+          if (project.StartDate > date) throw new ArgumentException("Cannot add job to specified project. The start date of the project is still in the future.");
+          else if (project.EndDate != null && project.EndDate < date) throw new ArgumentException("Cannot add job to specified project. The end date of the project is already reached.");
+        } else {
+          throw new ArgumentException("Cannot add job to specified project. The project seems not to be available anymore.");
+        }
+      }
+    }
+    private void EvaluateJobs(IPersistenceManager pm, IEnumerable<DT.Job> jobs) {
+      if (jobs == null || !jobs.Any()) return;
+      var currentUserId = UserManager.CurrentUserId;
+      var taskDao = pm.TaskDao;
+      var jobPermissionDao = pm.JobPermissionDao;
+      var statistics = taskDao.GetAll()
+        .Where(x => jobs.Select(y => y.Id).Contains(x.JobId))
+        .GroupBy(x => x.JobId)
+        .Select(x => new {
+          x.Key,
+          TotalCount = x.Count(),
+          CalculatingCount = x.Count(y => y.State == DA.TaskState.Calculating),
+          FinishedCount = x.Count(y => CompletedStates.Contains(y.State))
+        })
+        .ToList();
+      foreach (var job in jobs) {
+        var statistic = statistics.FirstOrDefault(x => x.Key == job.Id);
+        if (statistic != null) {
+          job.JobCount = statistic.TotalCount;
+          job.CalculatingCount = statistic.CalculatingCount;
+          job.FinishedCount = statistic.FinishedCount;
+        }
+        job.OwnerUsername = UserManager.GetUserNameById(job.OwnerUserId);
+        if (currentUserId == job.OwnerUserId) {
+          job.Permission = Permission.Full;
+        } else {
+          var jobPermission = jobPermissionDao.GetByJobAndUserId(job.Id, currentUserId);
+          job.Permission = jobPermission == null ? Permission.NotAllowed : jobPermission.Permission.ToDto();
+        }
+      }
+    }
     #endregion

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/HiveStatisticsGenerator.cs

-                      r15583
+                      r16139
     public void GenerateStatistics() {
       using (var pm = new PersistenceManager()) {
+        pm.UseTransaction(() => {
+          UpdateDimProjectTable(pm);
+          pm.SubmitChanges();
+        });
         pm.UseTransaction(() => {
           UpdateDimUserTable(pm);
           UpdateDimJobTable(pm);
           UpdateDimClientsTable(pm);
 …
             UpdateFactClientInfoTable(time, pm);
             pm.SubmitChanges();
+            UpdateFactProjectInfoTable(time, pm);
+            pm.SubmitChanges();
           });
           pm.UseTransaction(() => {
             UpdateTaskFactsTable(pm);
+            UpdateFactTaskTable(pm);
             try {
               pm.SubmitChanges();
 …
           });
+        }
+        pm.UseTransaction(() => {
+          FlagJobsForDeletion(pm);
+          pm.SubmitChanges();
+        });
+      }
+    }
 …
+    }
+    // add new projects
+    // delete expired projects
+    // update information of existing projects
+    private void UpdateDimProjectTable(PersistenceManager pm) {
+      var projectDao = pm.ProjectDao;
+      var dimProjectDao = pm.DimProjectDao;
+      var projects = projectDao.GetAll().ToList();
+      var dimProjects = dimProjectDao.GetAllOnlineProjects().ToList();
+      var onlineProjects = dimProjects.Where(x => projects.Select(y => y.ProjectId).Contains(x.ProjectId));
+      var addedProjects = projects.Where(x => !dimProjects.Select(y => y.ProjectId).Contains(x.ProjectId));
+      var removedProjects = dimProjects.Where(x => !projects.Select(y => y.ProjectId).Contains(x.ProjectId));
+      // set expiration time of removed projects
+      foreach (var p in removedProjects) {
+        p.DateExpired = DateTime.Now;
+      }
+      // add new projects
+      dimProjectDao.Save(addedProjects.Select(x => new DimProject {
+        ProjectId = x.ProjectId,
+        ParentProjectId = x.ParentProjectId,
+        Name = x.Name,
+        Description = x.Description,
+        OwnerUserId = x.OwnerUserId,
+        StartDate = x.StartDate,
+        EndDate = x.EndDate,
+        DateCreated = x.DateCreated,
+        DateExpired = null
+      }));
+      // expire project if its parent has changed and create a new entry
+      // otherwise perform "normal" update
+      foreach (var dimP in onlineProjects) {
+        var p = projects.Where(x => x.ProjectId == dimP.ProjectId).SingleOrDefault();
+        if (p != null) {
+          if (dimP.ParentProjectId == null ? p.ParentProjectId != null : dimP.ParentProjectId != p.ParentProjectId) { // or: (!object.Equals(dimP.ParentProjectId, p.ParentProjectId))
+            dimP.DateExpired = DateTime.Now;
+            dimProjectDao.Save(new DimProject {
+              ProjectId = p.ProjectId,
+              ParentProjectId = p.ParentProjectId,
+              Name = p.Name,
+              Description = p.Description,
+              OwnerUserId = p.OwnerUserId,
+              StartDate = p.StartDate,
+              EndDate = p.EndDate,
+              DateCreated = p.DateCreated,
+              DateExpired = null
+            });
+          } else {
+            dimP.Name = p.Name;
+            dimP.Description = p.Description;
+            dimP.OwnerUserId = p.OwnerUserId;
+            dimP.StartDate = p.StartDate;
+            dimP.EndDate = p.EndDate;
+          }
+        }
+      }
+    }
     private void UpdateDimJobTable(PersistenceManager pm) {
+      var dimProjectDao = pm.DimProjectDao;
       var dimJobDao = pm.DimJobDao;
       var jobDao = pm.JobDao;
 …
           JobName = x.Name ?? string.Empty,
           DateCreated = x.DateCreated,
+          ProjectId = dimProjectDao.GetLastValidIdByProjectId(x.ProjectId),
           TotalTasks = taskDao.GetAll().Count(y => y.JobId == x.JobId)
         })
 …
         UserName = GetUserName(x.UserId),
         DateCreated = x.DateCreated,
+        ProjectId = x.ProjectId,
         TotalTasks = x.TotalTasks,
         CompletedTasks = 0,
 …
     private void UpdateExistingDimJobs(PersistenceManager pm) {
+      var dimProjectDao = pm.DimProjectDao;
       var jobDao = pm.JobDao;
       var dimJobDao = pm.DimJobDao;
 …
+          }
+        }
+        var job = jobDao.GetById(dimJob.JobId);
         if (totalTasks == completedTasks) {
           var completeDate = factTaskDao.GetLastCompletedTaskFromJob(dimJob.JobId);
           if (completeDate == null) {
             if (jobDao.GetById(dimJob.JobId) == null) {
+            if (job == null) {
               completeDate = DateTime.Now;
+            }
 …
           dimJob.DateCompleted = completeDate;
+        }
+        if(job != null) {
+          dimJob.JobName = job.Name;
+          dimJob.ProjectId = dimProjectDao.GetLastValidIdByProjectId(job.ProjectId);
+        }
         dimJob.TotalTasks = totalTasks;
         dimJob.CompletedTasks = completedTasks;
 …
+    }
+    private void FlagJobsForDeletion(PersistenceManager pm) {
+      var jobDao = pm.JobDao;
+      var jobs = jobDao.GetJobsReadyForDeletion();
+      foreach(var job in jobs) {
+        job.State = JobState.DeletionPending;
+      }
+    }
     private void UpdateDimClientsTable(PersistenceManager pm) {
       var dimClientDao = pm.DimClientDao;
+      var slaveDao = pm.SlaveDao;
+      var slaves = slaveDao.GetAll();
+      var recentlyAddedClients = dimClientDao.GetActiveClients();
+      var slaveIds = slaves.Select(x => x.ResourceId);
+      var removedClientIds = recentlyAddedClients
+        .Where(x => !slaveIds.Contains(x.ResourceId))
+        .Select(x => x.Id);
+      var modifiedClients =
+        from slave in slaves
+        join client in recentlyAddedClients on slave.ResourceId equals client.ResourceId
+        where (slave.Name != client.Name
+               || slave.ParentResourceId == null && client.ResourceGroupId != null // because both can be null and null comparison
+               || slave.ParentResourceId != null && client.ResourceGroupId == null // does return no entry on the sql server
+               || slave.ParentResourceId != client.ResourceGroupId
+               || ((slave.ParentResource != null) && slave.ParentResource.ParentResourceId != client.ResourceGroup2Id))
+        select new {
+          SlaveId = slave.ResourceId,
+          ClientId = client.Id
+        };
+      var clientIds = dimClientDao.GetActiveClients().Select(x => x.ResourceId);
+      var modifiedClientIds = modifiedClients.Select(x => x.SlaveId);
+      var newClients = slaves
+        .Where(x => !clientIds.Contains(x.ResourceId)
+                    || modifiedClientIds.Contains(x.ResourceId))
+        .Select(x => new {
+          x.ResourceId,
+          x.Name,
+          ResourceGroupId = x.ParentResourceId,
+          GroupName = x.ParentResource != null ? x.ParentResource.Name : null,
+          ResourceGroup2Id = x.ParentResource != null ? x.ParentResource.ParentResourceId : null,
+          GroupName2 = x.ParentResource != null ? x.ParentResource.ParentResource != null ? x.ParentResource.ParentResource.Name : null : null
+        })
+        .ToList();
+      var clientsToUpdate = removedClientIds.Union(modifiedClients.Select(x => x.ClientId));
+      dimClientDao.UpdateExpirationTime(clientsToUpdate, DateTime.Now);
+      dimClientDao.Save(newClients.Select(x => new DimClient {
+      var resourceDao = pm.ResourceDao;
+      var resources = resourceDao.GetAll().ToList();
+      var dimClients = dimClientDao.GetAllOnlineClients().ToList();
+      var onlineClients = dimClients.Where(x => resources.Select(y => y.ResourceId).Contains(x.ResourceId));
+      var addedResources = resources.Where(x => !dimClients.Select(y => y.ResourceId).Contains(x.ResourceId));
+      var removedResources = dimClients.Where(x => !resources.Select(y => y.ResourceId).Contains(x.ResourceId));
+      // set expiration time of removed resources
+      foreach(var r in removedResources) {
+        r.DateExpired = DateTime.Now;
+      }
+      // add new resources
+      dimClientDao.Save(addedResources.Select(x => new DimClient {
         ResourceId = x.ResourceId,
+        ParentResourceId = x.ParentResourceId,
         Name = x.Name,
+        ExpirationTime = null,
+        ResourceGroupId = x.ResourceGroupId,
+        GroupName = x.GroupName,
+        ResourceGroup2Id = x.ResourceGroup2Id,
+        GroupName2 = x.GroupName2
+        ResourceType = x.ResourceType,
+        DateCreated = DateTime.Now,
+        DateExpired = null
       }));
+    }
+      // expire client if its parent has changed and create a new entry
+      // otherwise perform "normal" update
+      foreach(var dimc in onlineClients) {
+        var r = resources.Where(x => x.ResourceId == dimc.ResourceId).SingleOrDefault();
+        if(r != null) {
+          if(dimc.ParentResourceId == null ? r.ParentResourceId != null : dimc.ParentResourceId != r.ParentResourceId) {
+            var now = DateTime.Now;
+            dimc.DateExpired = now;
+            dimClientDao.Save(new DimClient {
+              ResourceId = r.ResourceId,
+              ParentResourceId = r.ParentResourceId,
+              Name = r.Name,
+              ResourceType = r.ResourceType,
+              DateCreated = now,
+              DateExpired = null
+            });
+          } else {
+            dimc.Name = r.Name;
+          }
+        }
+      }
+    }
+    //// (1) for new slaves (not yet reported in Table DimClients) ...
+    //// and modified slaves (name or parent resource changed) a new DimClient-entry is created
+    //// (2) for already reported removed and modifid clients the expiration date is set
+    //private void UpdateDimClientsTableOld(PersistenceManager pm) {
+    //  var dimClientDao = pm.DimClientDao;
+    //  var slaveDao = pm.SlaveDao;
+    //  var slaves = slaveDao.GetAll();
+    //  var recentlyAddedClients = dimClientDao.GetAllOnlineClients();
+    //  var slaveIds = slaves.Select(x => x.ResourceId);
+    //  var removedClientIds = recentlyAddedClients
+    //    .Where(x => !slaveIds.Contains(x.ResourceId))
+    //    .Select(x => x.Id);
+    //  var modifiedClients =
+    //    from slave in slaves
+    //    join client in recentlyAddedClients on slave.ResourceId equals client.ResourceId
+    //    where (slave.Name != client.Name
+    //           || slave.ParentResourceId == null && client.ResourceGroupId != null // because both can be null and null comparison
+    //           || slave.ParentResourceId != null && client.ResourceGroupId == null // does return no entry on the sql server
+    //           || slave.ParentResourceId != client.ResourceGroupId
+    //           || ((slave.ParentResource != null) && slave.ParentResource.ParentResourceId != client.ResourceGroup2Id))
+    //    select new {
+    //      SlaveId = slave.ResourceId,
+    //      ClientId = client.Id
+    //    };
+    //  var clientIds = dimClientDao.GetAllOnlineClients().Select(x => x.ResourceId);
+    //  var modifiedClientIds = modifiedClients.Select(x => x.SlaveId);
+    //  var newClients = slaves
+    //    .Where(x => !clientIds.Contains(x.ResourceId)
+    //                || modifiedClientIds.Contains(x.ResourceId))
+    //    .Select(x => new {
+    //      x.ResourceId,
+    //      x.Name,
+    //      ResourceGroupId = x.ParentResourceId,
+    //      GroupName = x.ParentResource != null ? x.ParentResource.Name : null,
+    //      ResourceGroup2Id = x.ParentResource != null ? x.ParentResource.ParentResourceId : null,
+    //      GroupName2 = x.ParentResource != null ? x.ParentResource.ParentResource != null ? x.ParentResource.ParentResource.Name : null : null
+    //    })
+    //    .ToList();
+    //  var clientsToUpdate = removedClientIds.Union(modifiedClients.Select(x => x.ClientId));
+    //  dimClientDao.UpdateExpirationTime(clientsToUpdate, DateTime.Now);
+    //  dimClientDao.Save(newClients.Select(x => new DimClient {
+    //    ResourceId = x.ResourceId,
+    //    Name = x.Name,
+    //    ExpirationTime = null,
+    //    ResourceGroupId = x.ResourceGroupId,
+    //    GroupName = x.GroupName,
+    //    ResourceGroup2Id = x.ResourceGroup2Id,
+    //    GroupName2 = x.GroupName2
+    //  }));
+    //}
     private void UpdateFactClientInfoTable(DimTime newTime, PersistenceManager pm) {
 …
       var newRawFactInfos =
         from s in slaveDao.GetAll()
         join c in dimClientDao.GetActiveClients() on s.ResourceId equals c.ResourceId
+        join c in dimClientDao.GetAllOnlineSlaves() on s.ResourceId equals c.ResourceId
         join lcf in factClientInfoDao.GetLastUpdateTimestamps() on c.ResourceId equals lcf.ResourceId into joinCf
         from cf in joinCf.DefaultIfEmpty()
 …
+    }
+    private void UpdateTaskFactsTable(PersistenceManager pm) {
+    private void UpdateFactProjectInfoTable(DimTime newTime, PersistenceManager pm) {
+      var factProjectInfoDao = pm.FactProjectInfoDao;
+      var dimProjectDao = pm.DimProjectDao;
+      var projectDao = pm.ProjectDao;
+      var projectAvailabilityStats = projectDao.GetAvailabilityStatsPerProject();
+      var projectUsageStats = projectDao.GetUsageStatsPerProject();
+      var dimProjects = dimProjectDao.GetAllOnlineProjects().ToList();
+      factProjectInfoDao.Save(
+        from dimp in dimProjects
+        let aStats = projectAvailabilityStats.Where(x => x.ProjectId == dimp.ProjectId).SingleOrDefault()
+        let uStats = projectUsageStats.Where(x => x.ProjectId == dimp.ProjectId).SingleOrDefault()
+        select new FactProjectInfo {
+            ProjectId = dimp.Id,
+            DimTime = newTime,
+            NumTotalCores = aStats != null ? aStats.Cores : 0,
+            TotalMemory = aStats != null ? aStats.Memory : 0,
+            NumUsedCores = uStats != null ? uStats.Cores : 0,
+            UsedMemory = uStats != null ? uStats.Memory : 0
+          }
+        );
+    }
+    private void UpdateFactTaskTable(PersistenceManager pm) {
       var factTaskDao = pm.FactTaskDao;
       var taskDao = pm.TaskDao;
 …
       var factTaskIds = factTaskDao.GetAll().Select(x => x.TaskId);
+      var notFinishedFactTasks = factTaskDao.GetNotFinishedTasks().Select(x => new {
+        x.TaskId,
+        x.LastClientId
+      });
+      var newTasks =
+      var notFinishedFactTasks = factTaskDao.GetNotFinishedTasks();
+      //var notFinishedFactTasks = factTaskDao.GetNotFinishedTasks().Select(x => new {
+      //  x.TaskId,
+      //  x.LastClientId
+      //});
+      // query several properties for all new and not finished tasks
+      // in order to use them later either...
+      // (1) to update the fact task entry of not finished tasks
+      // (2) to insert a new fact task entry for new tasks
+      var newAndNotFinishedTasks =
         (from task in taskDao.GetAllChildTasks()
          let stateLogs = task.StateLogs.OrderByDescending(x => x.DateTime)
 …
          join lastFactTask in notFinishedFactTasks on task.TaskId equals lastFactTask.TaskId into lastFactPerTask
          from lastFact in lastFactPerTask.DefaultIfEmpty()
          join client in dimClientDao.GetActiveClients() on lastSlaveId equals client.ResourceId into clientsPerSlaveId
+         join client in dimClientDao.GetAllOnlineClients() on lastSlaveId equals client.ResourceId into clientsPerSlaveId
          from client in clientsPerSlaveId.DefaultIfEmpty()
          select new {
 …
          }).ToList();
+      //insert facts for new tasks
+      // (1) update data of already existing facts
+      // i.e. for all in newAndNotFinishedTasks where NotFinishedTask = true
+      foreach (var notFinishedFactTask in notFinishedFactTasks) {
+        var nfftUpdate = newAndNotFinishedTasks.Where(x => x.TaskId == notFinishedFactTask.TaskId).SingleOrDefault();
+        if(nfftUpdate != null) {
+          var taskData = CalculateFactTaskData(nfftUpdate.StateLogs);
+          notFinishedFactTask.StartTime = taskData.StartTime;
+          notFinishedFactTask.EndTime = taskData.EndTime;
+          notFinishedFactTask.LastClientId = nfftUpdate.LastClientId;
+          notFinishedFactTask.Priority = nfftUpdate.Priority;
+          notFinishedFactTask.CoresRequired = nfftUpdate.CoresRequired;
+          notFinishedFactTask.MemoryRequired = nfftUpdate.MemoryRequired;
+          notFinishedFactTask.NumCalculationRuns = taskData.CalculationRuns;
+          notFinishedFactTask.NumRetries = taskData.Retries;
+          notFinishedFactTask.WaitingTime = taskData.WaitingTime;
+          notFinishedFactTask.CalculatingTime = taskData.CalculatingTime;
+          notFinishedFactTask.TransferTime = taskData.TransferTime;
+          notFinishedFactTask.TaskState = nfftUpdate.State;
+          notFinishedFactTask.Exception = taskData.Exception;
+          notFinishedFactTask.InitialWaitingTime = taskData.InitialWaitingTime;
+        }
+      }
+      // (2) insert facts for new tasks
+      // i.e. for all in newAndNotFinishedTasks where NotFinishedTask = false
       factTaskDao.Save(
         from x in newTasks
+        from x in newAndNotFinishedTasks
         where !x.NotFinishedTask
         let taskData = CalculateFactTaskData(x.StateLogs)
 …
         });
+      //update data of already existing facts
+      foreach (var notFinishedTask in factTaskDao.GetNotFinishedTasks()) {
+        var ntc = newTasks.Where(x => x.TaskId == notFinishedTask.TaskId);
+        if (ntc.Any()) {
+          var x = ntc.Single();
+          var taskData = CalculateFactTaskData(x.StateLogs);
+          notFinishedTask.StartTime = taskData.StartTime;
+          notFinishedTask.EndTime = taskData.EndTime;
+          notFinishedTask.LastClientId = x.LastClientId;
+          notFinishedTask.Priority = x.Priority;
+          notFinishedTask.CoresRequired = x.CoresRequired;
+          notFinishedTask.MemoryRequired = x.MemoryRequired;
+          notFinishedTask.NumCalculationRuns = taskData.CalculationRuns;
+          notFinishedTask.NumRetries = taskData.Retries;
+          notFinishedTask.WaitingTime = taskData.WaitingTime;
+          notFinishedTask.CalculatingTime = taskData.CalculatingTime;
+          notFinishedTask.TransferTime = taskData.TransferTime;
+          notFinishedTask.TaskState = x.State;
+          notFinishedTask.Exception = taskData.Exception;
+          notFinishedTask.InitialWaitingTime = taskData.InitialWaitingTime;
+        }
+      }
+      ////update data of already existing facts
+      //foreach (var notFinishedTask in factTaskDao.GetNotFinishedTasks()) {
+      //  var ntc = newTasks.Where(x => x.TaskId == notFinishedTask.TaskId);
+      //  if (ntc.Any()) {
+      //    var x = ntc.Single();
+      //    var taskData = CalculateFactTaskData(x.StateLogs);
+      //    notFinishedTask.StartTime = taskData.StartTime;
+      //    notFinishedTask.EndTime = taskData.EndTime;
+      //    notFinishedTask.LastClientId = x.LastClientId;
+      //    notFinishedTask.Priority = x.Priority;
+      //    notFinishedTask.CoresRequired = x.CoresRequired;
+      //    notFinishedTask.MemoryRequired = x.MemoryRequired;
+      //    notFinishedTask.NumCalculationRuns = taskData.CalculationRuns;
+      //    notFinishedTask.NumRetries = taskData.Retries;
+      //    notFinishedTask.WaitingTime = taskData.WaitingTime;
+      //    notFinishedTask.CalculatingTime = taskData.CalculatingTime;
+      //    notFinishedTask.TransferTime = taskData.TransferTime;
+      //    notFinishedTask.TaskState = x.State;
+      //    notFinishedTask.Exception = taskData.Exception;
+      //    notFinishedTask.InitialWaitingTime = taskData.InitialWaitingTime;
+      //  }
+      //}
+    }

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs

-                      r15583
+                      r16139
 using System;
 using HeuristicLab.Services.Hive.DataTransfer;
+using System.Collections.Generic;
 namespace HeuristicLab.Services.Hive {
 …
     void AuthorizeForResourceAdministration(Guid resourceId);
+    void AuthorizeForProjectAdministration(Guid projectId, bool parentalOwnership);
+    void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds);
+    void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds);
+    void AuthorizeUserForProjectUse(Guid userId, Guid projectId);
+  }
+}

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

-                      r15583
+                      r16139
 using DA = HeuristicLab.Services.Hive.DataAccess;
 using DT = HeuristicLab.Services.Hive.DataTransfer;
+using System.Collections.Generic;
+using System.Linq;
 namespace HeuristicLab.Services.Hive {
   public class AuthorizationManager : IAuthorizationManager {
+    private const string NOT_AUTHORIZED = "Current user is not authorized to access the requested resource";
+    private const string NOT_AUTHORIZED_USERRESOURCE = "Current user is not authorized to access the requested resource";
+    private const string NOT_AUTHORIZED_USERPROJECT = "Current user is not authorized to access the requested project";
+    private const string NOT_AUTHORIZED_USERJOB = "Current user is not authorized to access the requested job";
+    private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
+    private const string USER_NOT_IDENTIFIED = "User could not be identified";
+    private const string TASK_NOT_EXISTENT = "Queried task could not be found";
+    private const string PROJECT_NOT_EXISTENT = "Queried project could not be found";
     private IPersistenceManager PersistenceManager {
       get { return ServiceLocator.Instance.PersistenceManager; }
 …
     public void Authorize(Guid userId) {
       if (userId != ServiceLocator.Instance.UserManager.CurrentUserId)
         throw new SecurityException(NOT_AUTHORIZED);
+        throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
+    }
 …
       pm.UseTransaction(() => {
         var task = taskDao.GetById(taskId);
         if (task == null) throw new SecurityException(NOT_AUTHORIZED);
+        if (task == null) throw new SecurityException(TASK_NOT_EXISTENT);
         AuthorizeJob(pm, task.JobId, requiredPermission);
       });
 …
+    }
+    // authorize if user is admin or resource owner
     public void AuthorizeForResourceAdministration(Guid resourceId) {
+      var currentUserId = UserManager.CurrentUserId;
       var pm = PersistenceManager;
       var resourceDao = pm.ResourceDao;
       pm.UseTransaction(() => {
         var resource = resourceDao.GetById(resourceId);
+        if (resource == null) throw new SecurityException(NOT_AUTHORIZED);
+        if (resource.OwnerUserId != UserManager.CurrentUserId
+        if (resource == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
+        if (resource.OwnerUserId != currentUserId
             && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
+          throw new SecurityException(NOT_AUTHORIZED);
+        }
+      });
+          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
+        }
+      });
+    }
+    // authorize if user is admin, project owner or owner of a parent project
+    public void AuthorizeForProjectAdministration(Guid projectId, bool parentalOwnership) {
+      if (projectId == null || projectId == Guid.Empty) return;
+      var currentUserId = UserManager.CurrentUserId;
+      var pm = PersistenceManager;
+      var projectDao = pm.ProjectDao;
+      pm.UseTransaction(() => {
+        var project = projectDao.GetById(projectId);
+        if (project == null) throw new ArgumentException(PROJECT_NOT_EXISTENT);
+        if(!RoleVerifier.IsInRole(HiveRoles.Administrator)
+          && !project.ParentProjectId.HasValue) {
+          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
+        }
+        List<Project> projectBranch = null;
+        if(parentalOwnership) projectBranch = projectDao.GetParentProjectsById(projectId).ToList();
+        else projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId).ToList();
+        if(!RoleVerifier.IsInRole(HiveRoles.Administrator)
+            && !projectBranch.Select(x => x.OwnerUserId).Contains(currentUserId)) {
+          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
+        }
+      });
+    }
+    // authorize if user is admin, or owner of a project or parent project, for which the resources are assigned to
+    public void AuthorizeForProjectResourceAdministration(Guid projectId, IEnumerable<Guid> resourceIds) {
+      if (projectId == null || projectId == Guid.Empty) return;
+      var currentUserId = UserManager.CurrentUserId;
+      var pm = PersistenceManager;
+      var projectDao = pm.ProjectDao;
+      var resourceDao = pm.ResourceDao;
+      var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+      pm.UseTransaction(() => {
+        // check if project exists (not necessary)
+        var project = projectDao.GetById(projectId);
+        if (project == null) throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
+        // check if resourceIds exist
+        if (resourceIds != null && resourceIds.Any() && !resourceDao.CheckExistence(resourceIds))
+          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
+        // check if user is admin
+        if (RoleVerifier.IsInRole(HiveRoles.Administrator)) return;
+        // check if user is owner of the project or a parent project
+        var projectBranch = projectDao.GetCurrentAndParentProjectsById(projectId).ToList();
+        if (!projectBranch.Select(x => x.OwnerUserId).Contains(currentUserId)
+            && !RoleVerifier.IsInRole(HiveRoles.Administrator)) {
+          throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
+        }
+        // check if the all argument resourceIds are among the assigned resources of the owned projects
+        var grantedResourceIds = assignedProjectResourceDao.GetAllGrantedResourceIdsOfOwnedParentProjects(projectId, currentUserId).ToList();
+        if(resourceIds.Except(grantedResourceIds).Any()) {
+          throw new SecurityException(NOT_AUTHORIZED_USERRESOURCE);
+        }
+      });
+    }
+    // Check if a project is authorized to use a list of resources
+    public void AuthorizeProjectForResourcesUse(Guid projectId, IEnumerable<Guid> resourceIds) {
+      if (projectId == null || projectId == Guid.Empty || resourceIds == null || !resourceIds.Any()) return;
+      var pm = PersistenceManager;
+      var assignedProjectResourceDao = pm.AssignedProjectResourceDao;
+      if (!assignedProjectResourceDao.CheckProjectGrantedForResources(projectId, resourceIds))
+        throw new SecurityException(NOT_AUTHORIZED_PROJECTRESOURCE);
+    }
+    // Check if current user is authorized to use an explicit project (e.g. in order to add a job)
+    // note: administrators and project owner are NOT automatically granted
+    public void AuthorizeUserForProjectUse(Guid userId, Guid projectId) {
+      if(userId == null || userId == Guid.Empty) {
+        throw new SecurityException(USER_NOT_IDENTIFIED);
+      }
+      if(projectId == null) return;
+      var pm = PersistenceManager;
+      // collect current and group membership Ids
+      var userAndGroupIds = new List<Guid>() { userId };
+      userAndGroupIds.AddRange(UserManager.GetUserGroupIdsOfUser(userId));
+      // perform the actual check
+      var projectPermissionDao = pm.ProjectPermissionDao;
+      if (!projectPermissionDao.CheckUserGrantedForProject(projectId, userAndGroupIds)) {
+        throw new SecurityException(NOT_AUTHORIZED_USERPROJECT);
+      }
+    }
 …
     private void AuthorizeJob(IPersistenceManager pm, Guid jobId, DT.Permission requiredPermission) {
+      var currentUserId = UserManager.CurrentUserId;
       var requiredPermissionEntity = requiredPermission.ToEntity();
       DA.Permission permission = GetPermissionForJob(pm, jobId, UserManager.CurrentUserId);
+      DA.Permission permission = GetPermissionForJob(pm, jobId, currentUserId);
       if (permission == Permission.NotAllowed
           || ((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full)) {
         throw new SecurityException(NOT_AUTHORIZED);
+        throw new SecurityException(NOT_AUTHORIZED_USERJOB);
+      }
+    }

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/Manager/EventManager.cs

-                      r15583
+                      r16139
     public void Cleanup() {
       var pm = PersistenceManager;
+      pm.UseTransaction(() => {
+        FinishJobDeletion(pm);
+        pm.SubmitChanges();
+      });
       pm.UseTransaction(() => {
         SetTimeoutSlavesOffline(pm);
 …
         pm.SubmitChanges();
       });
+    }
+    /// <summary>
+    /// Deletes all jobs which are in state "DeletionPending" (this will include all corresponding tasks).
+    /// The state "DeletionPending" is set by HiveJanitor > StatisticsGenerator
+    /// </summary>
+    private void FinishJobDeletion(IPersistenceManager pm) {
+      var jobDao = pm.JobDao;
+      jobDao.DeleteByState(JobState.DeletionPending);
+    }

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/Manager/HeartbeatManager.cs

-                      r15583
+                      r16139
     private IEnumerable<MessageContainer> UpdateTasks(IPersistenceManager pm, Heartbeat heartbeat, bool isAllowedToCalculate) {
       var taskDao = pm.TaskDao;
+      var assignedResourceDao = pm.AssignedResourceDao;
+      var jobDao = pm.JobDao;
+      var assignedJobResourceDao = pm.AssignedJobResourceDao;
       var actions = new List<MessageContainer>();
       if (heartbeat.JobProgress == null || !heartbeat.JobProgress.Any())
         return actions;
+      if (!isAllowedToCalculate && heartbeat.JobProgress.Count != 0) {
+        actions.Add(new MessageContainer(MessageContainer.MessageType.PauseAll));
+      } else {
+        // select all tasks and statelogs with one query
+        var taskIds = heartbeat.JobProgress.Select(x => x.Key).ToList();
+        var taskInfos = pm.UseTransaction(() =>
+          (from task in taskDao.GetAll()
+           where taskIds.Contains(task.TaskId)
+           let lastStateLog = task.StateLogs.OrderByDescending(x => x.DateTime).FirstOrDefault()
+           select new {
+             TaskId = task.TaskId,
+             Command = task.Command,
+             SlaveId = lastStateLog != null ? lastStateLog.SlaveId : default(Guid)
+           }).ToList()
+        );
+        // process the jobProgresses
+        foreach (var jobProgress in heartbeat.JobProgress) {
+          var progress = jobProgress;
+          var curTask = taskInfos.SingleOrDefault(x => x.TaskId == progress.Key);
+          if (curTask == null) {
+            actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, progress.Key));
+            LogFactory.GetLogger(this.GetType().Namespace).Log("Task on slave " + heartbeat.SlaveId + " does not exist in DB: " + jobProgress.Key);
+          } else {
+            var slaveId = curTask.SlaveId;
+            if (slaveId == Guid.Empty || slaveId != heartbeat.SlaveId) {
+              // assigned slave does not match heartbeat
+      var jobIdsWithStatisticsPending = jobDao.GetJobIdsByState(DA.JobState.StatisticsPending).ToList();
+      // select all tasks and statelogs with one query
+      var taskIds = heartbeat.JobProgress.Select(x => x.Key).ToList();
+      var taskInfos = pm.UseTransaction(() =>
+        (from task in taskDao.GetAll()
+          where taskIds.Contains(task.TaskId)
+          let lastStateLog = task.StateLogs.OrderByDescending(x => x.DateTime).FirstOrDefault()
+          select new {
+            TaskId = task.TaskId,
+            JobId = task.JobId,
+            State = task.State,
+            Command = task.Command,
+            SlaveId = lastStateLog != null ? lastStateLog.SlaveId : default(Guid)
+          }).ToList()
+      );
+      // process the jobProgresses
+      foreach (var jobProgress in heartbeat.JobProgress) {
+        var progress = jobProgress;
+        var curTask = taskInfos.SingleOrDefault(x => x.TaskId == progress.Key);
+        if (curTask == null) {
+          actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, progress.Key));
+          LogFactory.GetLogger(this.GetType().Namespace).Log("Task on slave " + heartbeat.SlaveId + " does not exist in DB: " + jobProgress.Key);
+        } else if (jobIdsWithStatisticsPending.Contains(curTask.JobId)) {
+          // parenting job of current task has been requested for deletion (indicated by job state "Statistics Pending")
+          // update task execution time
+          pm.UseTransaction(() => {
+            taskDao.UpdateExecutionTime(curTask.TaskId, progress.Value.TotalMilliseconds);
+          });
+          actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, curTask.TaskId));
+          LogFactory.GetLogger(this.GetType().Namespace).Log("Abort task " + curTask.TaskId + " on slave " + heartbeat.SlaveId + ". The parenting job " + curTask.JobId + " was requested to be deleted.");
+        } else if (curTask.SlaveId == Guid.Empty || curTask.SlaveId != heartbeat.SlaveId) {
+          // assigned slave does not match heartbeat
+          actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, curTask.TaskId));
+          LogFactory.GetLogger(this.GetType().Namespace).Log("The slave " + heartbeat.SlaveId + " is not supposed to calculate task: " + curTask.TaskId);
+        } else if (!isAllowedToCalculate) {
+          actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
+          LogFactory.GetLogger(this.GetType().Namespace).Log("The slave " + heartbeat.SlaveId + " is not allowed to calculate any tasks tue to a downtime. The task is paused.");
+        } else if (!assignedJobResourceDao.CheckJobGrantedForResource(curTask.JobId, heartbeat.SlaveId)) {
+          // slaveId (and parent resourceGroupIds) are not among the assigned resources ids for task-parenting job
+          // this might happen when (a) job-resource assignment has been changed (b) slave is moved to different group
+          actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
+          LogFactory.GetLogger(this.GetType().Namespace).Log("The slave " + heartbeat.SlaveId + " is not granted to calculate task: " + curTask.TaskId + " of job: " + curTask.JobId);
+        } else {
+          // update task execution time
+          pm.UseTransaction(() => {
+            taskDao.UpdateExecutionTime(curTask.TaskId, progress.Value.TotalMilliseconds);
+          });
+          switch (curTask.Command) {
+            case DA.Command.Stop:
+              actions.Add(new MessageContainer(MessageContainer.MessageType.StopTask, curTask.TaskId));
+              break;
+            case DA.Command.Pause:
+              actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
+              break;
+            case DA.Command.Abort:
               actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, curTask.TaskId));
+              LogFactory.GetLogger(this.GetType().Namespace).Log("The slave " + heartbeat.SlaveId + " is not supposed to calculate task: " + curTask.TaskId);
+            } else if (!assignedResourceDao.TaskIsAllowedToBeCalculatedBySlave(curTask.TaskId, heartbeat.SlaveId)) {
+              // assigned resources ids of task do not match with slaveId (and parent resourceGroupIds); this might happen when slave is moved to different group
+              actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
+            } else {
+              // update task execution time
+              pm.UseTransaction(() => {
+                taskDao.UpdateExecutionTime(curTask.TaskId, progress.Value.TotalMilliseconds);
+              });
+              switch (curTask.Command) {
+                case DA.Command.Stop:
+                  actions.Add(new MessageContainer(MessageContainer.MessageType.StopTask, curTask.TaskId));
+                  break;
+                case DA.Command.Pause:
+                  actions.Add(new MessageContainer(MessageContainer.MessageType.PauseTask, curTask.TaskId));
+                  break;
+                case DA.Command.Abort:
+                  actions.Add(new MessageContainer(MessageContainer.MessageType.AbortTask, curTask.TaskId));
+                  break;
+              }
+            }
+          }
+        }
+      }
+              break;
+          }
+        }
+      }
       return actions;
+    }

branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/ServiceContracts/IHiveService.cs

-                      r15583
+                      r16139
   public interface IHiveService {
     #region Task Methods
+    [OperationContract]
+    Guid AddTask(Task task, TaskData taskData, IEnumerable<Guid> resourceIds);
+    [OperationContract]
+    Guid AddTask(Task task, TaskData taskData);
     [OperationContract]
 …
     [OperationContract]
+    Guid AddJob(Job jobDto);
+    [OperationContract]
+    void UpdateJob(Job jobDto);
+    [OperationContract]
+    void DeleteJob(Guid JobId);
+    IEnumerable<Job> GetJobsByProjectId(Guid projectId);
+    [OperationContract]
+    IEnumerable<Job> GetJobsByProjectIds(IEnumerable<Guid> projectIds);
+    [OperationContract]
+    Guid AddJob(Job jobDto, IEnumerable<Guid> resourceIds);
+    [OperationContract]
+    void UpdateJob(Job jobDto, IEnumerable<Guid> resourceIds);
+    [OperationContract]
+    void UpdateJobState(Guid JobId, JobState jobState);
+    [OperationContract]
+    void UpdateJobStates(IEnumerable<Guid> jobIds, JobState jobState);
+    [OperationContract]
+    IEnumerable<AssignedJobResource> GetAssignedResourcesForJob(Guid jobId);
     #endregion
 …
     #endregion
+    #region ResourcePermission Methods
+    [OperationContract]
+    void GrantResourcePermissions(Guid resourceId, Guid[] grantedUserIds);
+    [OperationContract]
+    void RevokeResourcePermissions(Guid resourceId, Guid[] grantedUserIds);
+    [OperationContract]
+    IEnumerable<ResourcePermission> GetResourcePermissions(Guid resourceId);
+    #region Project Methods
+    [OperationContract]
+    Guid AddProject(Project projectDto);
+    [OperationContract]
+    void UpdateProject(Project projectDto);
+    [OperationContract]
+    void DeleteProject(Guid projectId);
+    [OperationContract]
+    Project GetProject(Guid projectId);
+    [OperationContract]
+    IEnumerable<Project> GetProjects();
+    [OperationContract]
+    IEnumerable<Project> GetProjectsForAdministration();
+    [OperationContract]
+    IDictionary<Guid, HashSet<Guid>> GetProjectGenealogy();
+    [OperationContract]
+    IDictionary<Guid, string> GetProjectNames();
+    #endregion
+    #region ProjectPermission Methods
+    [OperationContract]
+    void SaveProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool reassign, bool cascading, bool reassignCascading);
+    //[OperationContract]
+    //void GrantProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading);
+    //[OperationContract]
+    //void RevokeProjectPermissions(Guid projectId, List<Guid> grantedUserIds, bool cascading);
+    [OperationContract]
+    IEnumerable<ProjectPermission> GetProjectPermissions(Guid projectId);
+    #endregion
+    #region AssignedProjectResource Methods
+    [OperationContract]
+    void SaveProjectResourceAssignments(Guid projectId, List<Guid> resourceIds, bool reassign, bool cascading, bool reassignCascading);
+    //[OperationContract]
+    //void AssignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading);
+    //[OperationContract]
+    //void UnassignProjectResources(Guid projectId, List<Guid> resourceIds, bool cascading);
+    [OperationContract]
+    IEnumerable<AssignedProjectResource> GetAssignedResourcesForProject(Guid projectId);
+    [OperationContract]
+    IEnumerable<AssignedProjectResource> GetAssignedResourcesForProjectAdministration(Guid projectId);
+    [OperationContract]
+    IEnumerable<AssignedProjectResource> GetAssignedResourcesForProjectsAdministration(IEnumerable<Guid> projectIds);
     #endregion
 …
     [OperationContract]
+    IEnumerable<Slave> GetSlavesForAdministration();
+    [OperationContract]
+    IEnumerable<SlaveGroup> GetSlaveGroupsForAdministration();
+    [OperationContract]
+    IDictionary<Guid, HashSet<Guid>> GetResourceGenealogy();
+    [OperationContract]
+    IDictionary<Guid, string> GetResourceNames();
+    [OperationContract]
     void UpdateSlave(Slave slave);
 …
     [OperationContract]
     Guid GetUserIdByUsername(string username);
+    [OperationContract]
+    Dictionary<Guid, HashSet<Guid>> GetUserGroupTree();
+    [OperationContract]
+    bool CheckAccessToAdminAreaGranted();
     #endregion

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 16139 for branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive

Legend:

Download in other formats: