- Timestamp:
- 06/21/11 16:51:03 (13 years ago)
- Location:
- branches/HeuristicLab.Hive-3.4/sources/HeuristicLab.Services.Hive/3.4
- Files:
-
- 7 added
- 4 deleted
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/HeuristicLab.Hive-3.4/sources/HeuristicLab.Services.Hive/3.4/HeuristicLab.Services.Hive-3.4.csproj
r6369 r6463 103 103 </ItemGroup> 104 104 <ItemGroup> 105 <Compile Include="Interfaces\IUserManager.cs" /> 106 <Compile Include="Manager\UserManager.cs" /> 105 107 <None Include="HeuristicLabServicesHivePlugin.cs.frame" /> 106 108 <None Include="Properties\AssemblyInfo.cs.frame" /> 107 <Compile Include=" AuthenticationManager.cs" />108 <Compile Include=" HeartbeatManager.cs" />109 <Compile Include="Manager\AuthenticationManager.cs" /> 110 <Compile Include="Manager\HeartbeatManager.cs" /> 109 111 <Compile Include="Interfaces\IAuthenticationManager.cs" /> 110 112 <Compile Include="Interfaces\ILifecycleManager.cs" /> 111 113 <Compile Include="Interfaces\IServiceLocator.cs" /> 112 <Compile Include=" AuthorizationManager.cs" />114 <Compile Include="Manager\AuthorizationManager.cs" /> 113 115 <Compile Include="HeuristicLabServicesHivePlugin.cs" /> 114 <Compile Include=" LifecycleManager.cs" />116 <Compile Include="Manager\LifecycleManager.cs" /> 115 117 <Compile Include="HiveRoles.cs" /> 116 118 <Compile Include="HiveService.cs" /> -
branches/HeuristicLab.Hive-3.4/sources/HeuristicLab.Services.Hive/3.4/HiveService.cs
r6457 r6463 51 51 get { return ServiceLocator.Instance.LifecycleManager; } 52 52 } 53 private IUserManager userManager { 54 get { return ServiceLocator.Instance.UserManager; } 55 } 53 56 private HeartbeatManager heartbeatManager { 54 57 get { return ServiceLocator.Instance.HeartbeatManager; } … … 66 69 } 67 70 dao.AddJobData(jobData); 68 dao.UpdateJobState(job.Id, JobState.Waiting, null, author.UserId, null);71 dao.UpdateJobState(job.Id, JobState.Waiting, null, userManager.CurrentUserId, null); 69 72 return jobData.JobId; 70 73 }, false, true); … … 81 84 public Job GetJob(Guid jobId) { 82 85 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 86 author.AuthorizeForJob(jobId, Permission.Read); 83 87 return dao.GetJob(jobId); 84 88 } … … 86 90 public IEnumerable<Job> GetJobs() { 87 91 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 88 return dao.GetJobs(x => true); 92 var jobs = dao.GetJobs(x => true); 93 foreach (var job in jobs) 94 author.AuthorizeForJob(job.Id, Permission.Read); 95 return jobs; 89 96 } 90 97 91 98 public IEnumerable<LightweightJob> GetLightweightJobs(IEnumerable<Guid> jobIds) { 92 99 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 93 return dao.GetJobs(x => jobIds.Contains(x.JobId)).Select(x => new LightweightJob(x)).ToArray(); 100 var jobs = dao.GetJobs(x => jobIds.Contains(x.JobId)).Select(x => new LightweightJob(x)).ToArray(); 101 foreach (var job in jobs) 102 author.AuthorizeForJob(job.Id, Permission.Read); 103 return jobs; 94 104 } 95 105 96 106 public IEnumerable<LightweightJob> GetLightweightChildJobs(Guid? parentJobId, bool recursive, bool includeParent) { 97 107 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 98 return GetChildJobs(parentJobId, recursive, includeParent).Select(x => new LightweightJob(x)).ToArray(); 108 var jobs = GetChildJobs(parentJobId, recursive, includeParent).Select(x => new LightweightJob(x)).ToArray(); 109 foreach (var job in jobs) 110 author.AuthorizeForJob(job.Id, Permission.Read); 111 return jobs; 99 112 } 100 113 101 114 public IEnumerable<LightweightJob> GetLightweightExperimentJobs(Guid experimentId) { 102 115 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 116 author.AuthorizeForExperiment(experimentId, Permission.Read); 103 117 return dao.GetJobs(x => x.HiveExperimentId == experimentId).Select(x => new LightweightJob(x)).ToArray(); 104 118 } … … 106 120 public JobData GetJobData(Guid jobId) { 107 121 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 122 author.AuthorizeForJob(jobId, Permission.Read); 108 123 return dao.GetJobData(jobId); 109 124 } … … 111 126 public void UpdateJob(Job job) { 112 127 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 128 author.AuthorizeForJob(job.Id, Permission.Full); 113 129 trans.UseTransaction(() => { 114 130 dao.UpdateJob(job); … … 118 134 public void UpdateJobData(Job job, JobData jobData) { 119 135 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 136 author.AuthorizeForJob(job.Id, Permission.Full); 137 author.AuthorizeForJob(jobData.JobId, Permission.Full); 120 138 //trans.UseTransaction(() => { // cneumuel: try without transaction 121 139 jobData.LastUpdate = DateTime.Now; … … 127 145 public void DeleteJob(Guid jobId) { 128 146 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 147 author.AuthorizeForJob(jobId, Permission.Full); 129 148 trans.UseTransaction(() => { 130 149 dao.DeleteJob(jobId); … … 134 153 public void DeleteChildJobs(Guid parentJobId) { 135 154 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 155 author.AuthorizeForJob(parentJobId, Permission.Full); 136 156 trans.UseTransaction(() => { 137 157 var jobs = GetChildJobs(parentJobId, true, false); … … 145 165 public Job UpdateJobState(Guid jobId, JobState jobState, Guid? slaveId, Guid? userId, string exception) { 146 166 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 167 author.AuthorizeForJob(jobId, Permission.Full); 147 168 return trans.UseTransaction(() => { 148 169 Job job = dao.UpdateJobState(jobId, jobState, slaveId, userId, exception); … … 166 187 public IEnumerable<Job> GetJobsByResourceId(Guid resourceId) { 167 188 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 168 return trans.UseTransaction(() => dao.GetJobsByResourceId(resourceId)); 189 var jobs = trans.UseTransaction(() => dao.GetJobsByResourceId(resourceId)); 190 foreach(var job in jobs) 191 author.AuthorizeForJob(job.Id, Permission.Read); 192 return jobs; 169 193 } 170 194 #endregion … … 173 197 public void StopJob(Guid jobId) { 174 198 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 199 author.AuthorizeForJob(jobId, Permission.Full); 175 200 trans.UseTransaction(() => { 176 201 var job = dao.GetJob(jobId); … … 188 213 public void PauseJob(Guid jobId) { 189 214 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 215 author.AuthorizeForJob(jobId, Permission.Full); 190 216 trans.UseTransaction(() => { 191 217 var job = dao.GetJob(jobId); … … 201 227 public void RestartJob(Guid jobId) { 202 228 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 203 trans.UseTransaction(() => { 204 Job job = dao.UpdateJobState(jobId, JobState.Waiting, null, author.UserId, string.Empty); 229 author.AuthorizeForJob(jobId, Permission.Full); 230 trans.UseTransaction(() => { 231 Job job = dao.UpdateJobState(jobId, JobState.Waiting, null, userManager.CurrentUserId, string.Empty); 205 232 job.Command = null; 206 233 dao.UpdateJob(job); … … 212 239 public HiveExperiment GetHiveExperiment(Guid id) { 213 240 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 241 author.AuthorizeForExperiment(id, Permission.Read); 214 242 var hiveExperiment = dao.GetHiveExperiments(x => 215 243 x.HiveExperimentId == id 216 && (x.OwnerUserId == author.UserId || x.HiveExperimentPermissions.Count(hep => hep.Permission != Permission.NotAllowed && hep.GrantedUserId == author.UserId) > 0)244 && (x.OwnerUserId == userManager.CurrentUserId || x.HiveExperimentPermissions.Count(hep => hep.Permission != Permission.NotAllowed && hep.GrantedUserId == userManager.CurrentUserId) > 0) 217 245 ).FirstOrDefault(); 218 if (hiveExperiment != null) hiveExperiment.Permission = dao.GetPermissionForExperiment(hiveExperiment.Id, author.UserId);246 if (hiveExperiment != null) hiveExperiment.Permission = dao.GetPermissionForExperiment(hiveExperiment.Id, userManager.CurrentUserId); 219 247 return hiveExperiment; 220 248 } … … 222 250 public IEnumerable<HiveExperiment> GetHiveExperiments() { 223 251 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 224 var hiveExperiments = dao.GetHiveExperiments(x => x.OwnerUserId == author.UserId || x.HiveExperimentPermissions.Count(hep => hep.Permission != Permission.NotAllowed && hep.GrantedUserId == author.UserId) > 0); 225 foreach (var he in hiveExperiments) 226 he.Permission = dao.GetPermissionForExperiment(he.Id, author.UserId); 252 var hiveExperiments = dao.GetHiveExperiments(x => x.OwnerUserId == userManager.CurrentUserId || x.HiveExperimentPermissions.Count(hep => hep.Permission != Permission.NotAllowed && hep.GrantedUserId == userManager.CurrentUserId) > 0); 253 foreach (var he in hiveExperiments) { 254 author.AuthorizeForExperiment(he.Id, Permission.Read); 255 he.Permission = dao.GetPermissionForExperiment(he.Id, userManager.CurrentUserId); 256 } 227 257 return hiveExperiments; 228 258 } … … 231 261 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 232 262 var hiveExperiments = dao.GetHiveExperiments(x => true); 233 foreach (var he in hiveExperiments) 234 he.Permission = dao.GetPermissionForExperiment(he.Id, author.UserId);263 foreach (var he in hiveExperiments) // no authorization here, since this method is admin-only! (admin is allowed to read all jobs) 264 he.Permission = dao.GetPermissionForExperiment(he.Id, userManager.CurrentUserId); 235 265 return hiveExperiments; 236 266 } … … 239 269 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 240 270 return trans.UseTransaction(() => { 241 hiveExperimentDto.OwnerUserId = author.UserId;271 hiveExperimentDto.OwnerUserId = userManager.CurrentUserId; 242 272 hiveExperimentDto.DateCreated = DateTime.Now; 243 273 return dao.AddHiveExperiment(hiveExperimentDto); … … 247 277 public void UpdateHiveExperiment(HiveExperiment hiveExperimentDto) { 248 278 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 279 author.AuthorizeForExperiment(hiveExperimentDto.Id, Permission.Full); 249 280 trans.UseTransaction(() => { 250 281 dao.UpdateHiveExperiment(hiveExperimentDto); … … 254 285 public void DeleteHiveExperiment(Guid hiveExperimentId) { 255 286 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 287 author.AuthorizeForExperiment(hiveExperimentId, Permission.Full); 256 288 trans.UseTransaction(() => { 257 289 HiveExperiment he = dao.GetHiveExperiment(hiveExperimentId); … … 267 299 HiveExperiment he = dao.GetHiveExperiment(hiveExperimentId); 268 300 if (he == null) throw new FaultException<FaultReason>(new FaultReason("Could not find hiveExperiment with id " + hiveExperimentId)); 269 Permission perm = dao.GetPermissionForExperiment(he.Id, author.UserId);301 Permission perm = dao.GetPermissionForExperiment(he.Id, userManager.CurrentUserId); 270 302 if (perm != Permission.Full) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permissions for this experiment")); 271 dao.SetHiveExperimentPermission(hiveExperimentId, author.UserId, grantedUserId, permission);303 dao.SetHiveExperimentPermission(hiveExperimentId, userManager.CurrentUserId, grantedUserId, permission); 272 304 }); 273 305 } … … 278 310 HiveExperiment he = dao.GetHiveExperiment(hiveExperimentId); 279 311 if (he == null) throw new FaultException<FaultReason>(new FaultReason("Could not find hiveExperiment with id " + hiveExperimentId)); 280 Permission perm = dao.GetPermissionForExperiment(he.Id, author.UserId);312 Permission perm = dao.GetPermissionForExperiment(he.Id, userManager.CurrentUserId); 281 313 if (perm != Permission.Full) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permissions for this experiment")); 282 dao.SetHiveExperimentPermission(hiveExperimentId, author.UserId, grantedUserId, Permission.NotAllowed); 314 dao.SetHiveExperimentPermission(hiveExperimentId, userManager.CurrentUserId, grantedUserId, Permission.NotAllowed); 315 }); 316 } 317 public IEnumerable<HiveExperimentPermission> GetHiveExperimentPermissions(Guid hiveExperimentId) { 318 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 319 return trans.UseTransaction(() => { 320 Permission currentUserPermission = dao.GetPermissionForExperiment(hiveExperimentId, userManager.CurrentUserId); 321 if (currentUserPermission != Permission.Full) throw new FaultException<FaultReason>(new FaultReason("Not allowed to list permissions for this experiment")); 322 return dao.GetHiveExperimentPermissions(x => x.HiveExperimentId == hiveExperimentId); 283 323 }); 284 324 } … … 341 381 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 342 382 return trans.UseTransaction(() => { 343 plugin.UserId = author.UserId;383 plugin.UserId = userManager.CurrentUserId; 344 384 plugin.DateCreated = DateTime.Now; 345 385 … … 369 409 } 370 410 411 // note: this is a possible security problem, since a client is able to download all plugins, which may contain proprietary code (which can be disassembled) 412 // change so that only with GetPluginByHash it is possible to download plugins 371 413 public IEnumerable<Plugin> GetPlugins() { 372 414 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); … … 376 418 public IEnumerable<PluginData> GetPluginDatas(List<Guid> pluginIds) { 377 419 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client, HiveRoles.Slave); 378 List<PluginData> pluginDatas = new List<PluginData>(); 379 420 var pluginDatas = new List<PluginData>(); 380 421 return trans.UseTransaction(() => { 381 422 foreach (Guid guid in pluginIds) { … … 394 435 #region Slave Methods 395 436 public Guid AddSlave(Slave slave) { 396 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);437 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 397 438 return trans.UseTransaction(() => dao.AddSlave(slave)); 398 439 } 399 440 400 441 public Guid AddSlaveGroup(SlaveGroup slaveGroup) { 401 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);442 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 402 443 return trans.UseTransaction(() => dao.AddSlaveGroup(slaveGroup)); 403 444 } 404 445 405 446 public Slave GetSlave(Guid slaveId) { 406 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);447 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 407 448 return dao.GetSlave(slaveId); 408 449 } 409 450 410 451 public SlaveGroup GetSlaveGroup(Guid slaveGroupId) { 411 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);452 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 412 453 return dao.GetSlaveGroup(slaveGroupId); 413 454 } 414 455 415 456 public IEnumerable<Slave> GetSlaves() { 416 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);457 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 417 458 return dao.GetSlaves(x => true); 418 459 } 419 460 420 461 public IEnumerable<SlaveGroup> GetSlaveGroups() { 421 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);462 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 422 463 return dao.GetSlaveGroups(x => true); 423 464 } 424 465 425 466 public void UpdateSlave(Slave slave) { 426 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);467 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 427 468 trans.UseTransaction(() => { 428 469 dao.UpdateSlave(slave); … … 431 472 432 473 public void UpdateSlaveGroup(SlaveGroup slaveGroup) { 433 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);474 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 434 475 trans.UseTransaction(() => { 435 476 dao.UpdateSlaveGroup(slaveGroup); … … 438 479 439 480 public void DeleteSlave(Guid slaveId) { 440 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);481 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 441 482 trans.UseTransaction(() => { 442 483 dao.DeleteSlave(slaveId); … … 445 486 446 487 public void DeleteSlaveGroup(Guid slaveGroupId) { 447 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);488 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 448 489 trans.UseTransaction(() => { 449 490 dao.DeleteSlaveGroup(slaveGroupId); … … 452 493 453 494 public void AddResourceToGroup(Guid slaveGroupId, Guid resourceId) { 454 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);495 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 455 496 trans.UseTransaction(() => { 456 497 var resource = dao.GetResource(resourceId); … … 461 502 462 503 public void RemoveResourceFromGroup(Guid slaveGroupId, Guid resourceId) { 463 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);504 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 464 505 trans.UseTransaction(() => { 465 506 var resource = dao.GetResource(resourceId); … … 470 511 471 512 public Guid GetResourceId(string resourceName) { 472 authen.AuthenticateForAnyRole(HiveRoles.Administrator , HiveRoles.Client);513 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 473 514 return trans.UseTransaction(() => { 474 515 var resource = dao.GetResources(x => x.Name == resourceName).FirstOrDefault(); … … 482 523 483 524 public void TriggerLifecycle(bool force) { 525 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Slave); 484 526 // use a serializable transaction here to ensure not two threads execute this simultaniously (mutex-lock would not work since IIS may use multiple AppDomains) 485 527 trans.UseTransaction(() => { … … 519 561 #endregion 520 562 563 #region User Methods 564 public string GetUsernameByUserId(Guid userId) { 565 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 566 var user = ServiceLocator.Instance.UserManager.GetUserById(userId); 567 if (user != null) 568 return user.UserName; 569 else 570 return null; 571 } 572 573 public Guid GetUserIdByUsername(string username) { 574 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 575 var user = ServiceLocator.Instance.UserManager.GetUserByName(username); 576 return user != null ? (Guid)user.ProviderUserKey : Guid.Empty; 577 } 578 #endregion 579 521 580 #region Helper Methods 522 581 private IEnumerable<Job> GetChildJobs(Guid? parentJobId, bool recursive, bool includeParent) { -
branches/HeuristicLab.Hive-3.4/sources/HeuristicLab.Services.Hive/3.4/Interfaces/IAuthorizationManager.cs
r6372 r6463 21 21 22 22 using System; 23 using HeuristicLab.Services.Hive.Common.DataTransfer; 23 24 namespace HeuristicLab.Services.Hive { 24 25 public interface IAuthorizationManager { 25 /// <summary>26 /// Returns the UserId of the currently authenticated user27 /// </summary>28 Guid UserId { get; }29 30 26 /// <summary> 31 27 /// Compares the current UserId with the given userId and takes appropriate actions if the mismatch 32 28 /// </summary> 33 29 void Authorize(Guid userId); 30 31 void AuthorizeForJob(Guid jobId, Permission requiredPermission); 32 33 void AuthorizeForExperiment(Guid experimentId, Permission requiredPermission); 34 34 } 35 35 } -
branches/HeuristicLab.Hive-3.4/sources/HeuristicLab.Services.Hive/3.4/Interfaces/IServiceLocator.cs
r6452 r6463 29 29 ILifecycleManager LifecycleManager { get; } 30 30 ITransactionManager TransactionManager { get; } 31 IUserManager UserManager { get; } 31 32 HeartbeatManager HeartbeatManager { get; } 32 33 } -
branches/HeuristicLab.Hive-3.4/sources/HeuristicLab.Services.Hive/3.4/ServiceLocator.cs
r6452 r6463 74 74 } 75 75 76 private IUserManager userManager; 77 public IUserManager UserManager { 78 get { 79 if (userManager == null) userManager = new UserManager(); 80 return userManager; 81 } 82 } 83 76 84 private HeartbeatManager heartbeatManager; 77 85 public HeartbeatManager HeartbeatManager {
Note: See TracChangeset
for help on using the changeset viewer.