Free cookie consent management tool by TermsFeed Policy Generator

Ignore:
Timestamp:
10/18/18 14:07:32 (6 years ago)
Author:
ddorfmei
Message:

#2931: Merged [16168-16232/trunk] into branch

Location:
branches/2931_OR-Tools_LP_MIP
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/2931_OR-Tools_LP_MIP

  • branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive

  • branches/2931_OR-Tools_LP_MIP/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r16139 r16235  
    3838    private const string NOT_AUTHORIZED_PROJECTRESOURCE = "Selected project is not authorized to access the requested resource";
    3939    private const string USER_NOT_IDENTIFIED = "User could not be identified";
     40    private const string JOB_NOT_EXISTENT = "Queried job could not be found";
    4041    private const string TASK_NOT_EXISTENT = "Queried task could not be found";
    4142    private const string PROJECT_NOT_EXISTENT = "Queried project could not be found";
     
    6061    public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) {
    6162      if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks
     63      if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // administrator can access all tasks
     64      var currentUserId = UserManager.CurrentUserId;
    6265      var pm = PersistenceManager;
    6366      var taskDao = pm.TaskDao;
     67      var projectDao = pm.ProjectDao;
    6468      pm.UseTransaction(() => {
    6569        var task = taskDao.GetById(taskId);
    6670        if (task == null) throw new SecurityException(TASK_NOT_EXISTENT);
     71
     72        // check if user is granted to administer a job-parenting project
     73        var administrationGrantedProjects = projectDao
     74          .GetAdministrationGrantedProjectsForUser(currentUserId)
     75          .ToList();
     76        if (administrationGrantedProjects.Contains(task.Job.Project)) return;
     77
    6778        AuthorizeJob(pm, task.JobId, requiredPermission);
    6879      });
     
    7081
    7182    public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission) {
    72       var pm = PersistenceManager;
    73       pm.UseTransaction(() => {
     83      if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator)) return; // administrator can access all jobs
     84      var currentUserId = UserManager.CurrentUserId;
     85      var pm = PersistenceManager;
     86      var jobDao = pm.JobDao;
     87      var projectDao = pm.ProjectDao;
     88      pm.UseTransaction(() => {
     89        var job = jobDao.GetById(jobId);
     90        if(job == null) throw new SecurityException(JOB_NOT_EXISTENT);
     91
     92        // check if user is granted to administer a job-parenting project
     93        var administrationGrantedProjects = projectDao
     94          .GetAdministrationGrantedProjectsForUser(currentUserId)
     95          .ToList();
     96        if (administrationGrantedProjects.Contains(job.Project)) return;
     97
    7498        AuthorizeJob(pm, jobId, requiredPermission);
    7599      });
Note: See TracChangeset for help on using the changeset viewer.