- Timestamp:
- 10/18/18 14:07:32 (6 years ago)
- Location:
- branches/2931_OR-Tools_LP_MIP
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2931_OR-Tools_LP_MIP
- Property svn:mergeinfo changed
/branches/2916_IndexedDataTableSerialization (added) merged: 15918 /trunk merged: 16168-16169,16177,16179,16184-16187,16202-16209,16211,16213,16216,16218-16219,16221,16223-16224,16232
- Property svn:mergeinfo changed
-
branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive
- Property svn:mergeinfo changed
/trunk/HeuristicLab.Services.Hive merged: 16187,16203,16208-16209
- Property svn:mergeinfo changed
-
branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
r16139 r16235 38 38 private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource"; 39 39 private const string USER_NOT_IDENTIFIED = "User could not be identified"; 40 private const string JOB_NOT_EXISTENT = "Queried job could not be found"; 40 41 private const string TASK_NOT_EXISTENT = "Queried task could not be found"; 41 42 private const string PROJECT_NOT_EXISTENT = "Queried project could not be found"; … … 60 61 public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) { 61 62 if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks 63 if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // administrator can access all tasks 64 var currentUserId = UserManager.CurrentUserId; 62 65 var pm = PersistenceManager; 63 66 var taskDao = pm.TaskDao; 67 var projectDao = pm.ProjectDao; 64 68 pm.UseTransaction(() => { 65 69 var task = taskDao.GetById(taskId); 66 70 if (task == null) throw new SecurityException(TASK_NOT_EXISTENT); 71 72 // check if user is granted to administer a job-parenting project 73 var administrationGrantedProjects = projectDao 74 .GetAdministrationGrantedProjectsForUser(currentUserId) 75 .ToList(); 76 if (administrationGrantedProjects.Contains(task.Job.Project)) return; 77 67 78 AuthorizeJob(pm, task.JobId, requiredPermission); 68 79 }); … … 70 81 71 82 public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission) { 72 var pm = PersistenceManager; 73 pm.UseTransaction(() => { 83 if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // administrator can access all jobs 84 var currentUserId = UserManager.CurrentUserId; 85 var pm = PersistenceManager; 86 var jobDao = pm.JobDao; 87 var projectDao = pm.ProjectDao; 88 pm.UseTransaction(() => { 89 var job = jobDao.GetById(jobId); 90 if(job == null) throw new SecurityException(JOB_NOT_EXISTENT); 91 92 // check if user is granted to administer a job-parenting project 93 var administrationGrantedProjects = projectDao 94 .GetAdministrationGrantedProjectsForUser(currentUserId) 95 .ToList(); 96 if (administrationGrantedProjects.Contains(job.Project)) return; 97 74 98 AuthorizeJob(pm, jobId, requiredPermission); 75 99 });
Note: See TracChangeset
for help on using the changeset viewer.