Context Navigation

← Previous Change
Next Change →

HiveService.cs

Timestamp:

10/03/18 15:06:21 (6 years ago)

Author:

jzenisek

Message:

#2839:

adapted job execution implementation at ProjectJobsView
prohibited resource checking for non-admins

File:

: 1 edited

trunk/HeuristicLab.Services.Hive/3.3/HiveService.cs (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/HeuristicLab.Services.Hive/3.3/HiveService.cs

-                      r16208
+                      r16209
+          }
           jobDto.CopyToEntity(job);
 …
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
       bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
       var currentUserId = UserManager.CurrentUserId;
+      // check if user is an admin, or granted to administer a job-parenting project, or job owner
+      AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full);
       var pm = PersistenceManager;
       using (new PerformanceLogger("UpdateJobState")) {
+        var jobDao = pm.JobDao;
+        var projectDao = pm.ProjectDao;
+        var jobDao = pm.JobDao;
         pm.UseTransaction(() => {
           var job = jobDao.GetById(jobId);
+          if (job != null) {
+            var administrationGrantedProjects = projectDao
+              .GetAdministrationGrantedProjectsForUser(currentUserId)
+              .ToList();
+            // check if user is an admin, or granted to administer a job-parenting project,...
+            if (!isAdministrator && !administrationGrantedProjects.Contains(job.Project))
+              AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full); // ... or job owner
+          if (job != null) {
             // note: allow solely state changes from "Online" to "StatisticsPending" = deletion request by user for HiveStatisticGenerator
 …
       RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
+      bool isAdministrator = RoleVerifier.IsInRole(HiveRoles.Administrator);
+      var currentUserId = UserManager.CurrentUserId;
+      // check if user is an admin, or granted to administer a job-parenting project, or job owner
+      foreach (var jobId in jobIds)
+          AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full);
       var pm = PersistenceManager;
 …
         var projectDao = pm.ProjectDao;
         pm.UseTransaction(() => {
-          var administrationGrantedProjects = projectDao
-            .GetAdministrationGrantedProjectsForUser(currentUserId)
-            .ToList();
           foreach (var jobId in jobIds) {
             var job = jobDao.GetById(jobId);
             if (job != null) {
-              // check if user is an admin, or granted to administer a job-parenting project,...
-              if (!isAdministrator && !administrationGrantedProjects.Contains(job.Project))
-                AuthorizationManager.AuthorizeForJob(jobId, DT.Permission.Full); // ... or job owner
               // note: allow solely state changes from "Online" to "StatisticsPending" = deletion request by user for HiveStatisticGenerator

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 16209 for trunk/HeuristicLab.Services.Hive/3.3/HiveService.cs

Legend:

trunk/HeuristicLab.Services.Hive/3.3/HiveService.cs

Download in other formats: