Changeset 16209 for trunk/HeuristicLab.Services.Hive
- Timestamp:
- 10/03/18 15:06:21 (6 years ago)
- Location:
- trunk/HeuristicLab.Services.Hive/3.3
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/HeuristicLab.Services.Hive/3.3/HiveService.cs
r16208 r16209 483 483 } 484 484 485 486 485 jobDto.CopyToEntity(job); 487 486 … … 523 522 524 523 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 525 bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);526 var currentUserId = UserManager.CurrentUserId;524 // check if user is an admin, or granted to administer a job-parenting project, or job owner 525 AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full); 527 526 528 527 var pm = PersistenceManager; 529 528 using (new PerformanceLogger("UpdateJobState")) { 530 var jobDao = pm.JobDao; 531 var projectDao = pm.ProjectDao; 529 var jobDao = pm.JobDao; 532 530 pm.UseTransaction(() => { 533 531 var job = jobDao.GetById(jobId); 534 if (job != null) { 535 536 var administrationGrantedProjects = projectDao 537 .GetAdministrationGrantedProjectsForUser(currentUserId) 538 .ToList(); 539 540 // check if user is an admin, or granted to administer a job-parenting project,... 541 if (!isAdministrator && !administrationGrantedProjects.Contains(job.Project)) 542 AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full); // ... or job owner 532 if (job != null) { 543 533 544 534 // note: allow solely state changes from "Online" to "StatisticsPending" = deletion request by user for HiveStatisticGenerator … … 563 553 564 554 RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 565 bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator); 566 var currentUserId = UserManager.CurrentUserId; 555 // check if user is an admin, or granted to administer a job-parenting project, or job owner 556 foreach (var jobId in jobIds) 557 AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full); 567 558 568 559 var pm = PersistenceManager; … … 571 562 var projectDao = pm.ProjectDao; 572 563 pm.UseTransaction(() => { 573 var administrationGrantedProjects = projectDao574 .GetAdministrationGrantedProjectsForUser(currentUserId)575 .ToList();576 577 564 foreach (var jobId in jobIds) { 578 565 var job = jobDao.GetById(jobId); 579 566 if (job != null) { 580 581 // check if user is an admin, or granted to administer a job-parenting project,...582 if (!isAdministrator && !administrationGrantedProjects.Contains(job.Project))583 AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full); // ... or job owner584 567 585 568 // note: allow solely state changes from "Online" to "StatisticsPending" = deletion request by user for HiveStatisticGenerator -
trunk/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
r16117 r16209 38 38 private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource"; 39 39 private const string USER_NOT_IDENTIFIED = "User could not be identified"; 40 private const string JOB_NOT_EXISTENT = "Queried job could not be found"; 40 41 private const string TASK_NOT_EXISTENT = "Queried task could not be found"; 41 42 private const string PROJECT_NOT_EXISTENT = "Queried project could not be found"; … … 60 61 public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) { 61 62 if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks 63 if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // administrator can access all tasks 64 var currentUserId = UserManager.CurrentUserId; 62 65 var pm = PersistenceManager; 63 66 var taskDao = pm.TaskDao; 67 var projectDao = pm.ProjectDao; 64 68 pm.UseTransaction(() => { 65 69 var task = taskDao.GetById(taskId); 66 70 if (task == null) throw new SecurityException(TASK_NOT_EXISTENT); 71 72 // check if user is granted to administer a job-parenting project 73 var administrationGrantedProjects = projectDao 74 .GetAdministrationGrantedProjectsForUser(currentUserId) 75 .ToList(); 76 if (administrationGrantedProjects.Contains(task.Job.Project)) return; 77 67 78 AuthorizeJob(pm, task.JobId, requiredPermission); 68 79 }); … … 70 81 71 82 public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission) { 72 var pm = PersistenceManager; 73 pm.UseTransaction(() => { 83 if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // administrator can access all jobs 84 var currentUserId = UserManager.CurrentUserId; 85 var pm = PersistenceManager; 86 var jobDao = pm.JobDao; 87 var projectDao = pm.ProjectDao; 88 pm.UseTransaction(() => { 89 var job = jobDao.GetById(jobId); 90 if(job == null) throw new SecurityException(JOB_NOT_EXISTENT); 91 92 // check if user is granted to administer a job-parenting project 93 var administrationGrantedProjects = projectDao 94 .GetAdministrationGrantedProjectsForUser(currentUserId) 95 .ToList(); 96 if (administrationGrantedProjects.Contains(job.Project)) return; 97 74 98 AuthorizeJob(pm, jobId, requiredPermission); 75 99 });
Note: See TracChangeset
for help on using the changeset viewer.