Changeset 7950


Ignore:
Timestamp:
06/04/12 14:14:47 (7 years ago)
Author:
jkarder
Message:

#1860:

  • added ResourcePermission data transfer object
  • added resource permission management service methods
  • added authorization service method for resource administration
  • HiveService now uses AccessService infrastructure
Location:
branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3
Files:
1 added
7 edited

Legend:

Unmodified
Added
Removed
  • branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/HeuristicLab.Services.Hive-3.3.csproj

    r7916 r7950  
    9090      <HintPath>..\..\bin\HeuristicLab.Core-3.3.dll</HintPath>
    9191    </Reference>
     92    <Reference Include="HeuristicLab.GeoIP">
     93      <HintPath>..\..\..\ClientUserManagement\HeuristicLab.GeoIP\1.12\obj\Debug\HeuristicLab.GeoIP.dll</HintPath>
     94    </Reference>
    9295    <Reference Include="HeuristicLab.Persistence-3.3">
    9396      <HintPath>..\..\bin\HeuristicLab.Persistence-3.3.dll</HintPath>
     
    9598    <Reference Include="HeuristicLab.PluginInfrastructure-3.3">
    9699      <HintPath>..\..\bin\HeuristicLab.PluginInfrastructure-3.3.dll</HintPath>
     100    </Reference>
     101    <Reference Include="HeuristicLab.Services.Access">
     102      <HintPath>..\..\..\ClientUserManagement\HeuristicLab.Services.Access\3.3\obj\Debug\HeuristicLab.Services.Access.dll</HintPath>
     103    </Reference>
     104    <Reference Include="HeuristicLab.Services.Access.DataAccess">
     105      <HintPath>..\..\..\ClientUserManagement\HeuristicLab.Services.Access.DataAccess\3.3\obj\Debug\HeuristicLab.Services.Access.DataAccess.dll</HintPath>
    97106    </Reference>
    98107    <Reference Include="System" />
  • branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/HiveService.cs

    r7916 r7950  
    4141      get { return ServiceLocator.Instance.HiveDao; }
    4242    }
    43     private IAuthenticationManager authen {
     43    private HeuristicLab.Services.Access.IRoleVerifier authen {
    4444      get { return ServiceLocator.Instance.AuthenticationManager; }
    4545    }
     
    5353      get { return ServiceLocator.Instance.EventManager; }
    5454    }
    55     private IUserManager userManager {
     55    private HeuristicLab.Services.Access.IUserManager userManager {
    5656      get { return ServiceLocator.Instance.UserManager; }
    5757    }
     
    5959      get { return ServiceLocator.Instance.HeartbeatManager; }
    6060    }
     61
     62    #region Authorization Methods
     63    public bool AuthorizesForResourceAdministration(Guid resourceId) {
     64      try {
     65        author.AuthorizeForResourceAdministration(resourceId);
     66        return true;
     67      }
     68      catch (System.Security.SecurityException) { return false; }
     69    }
     70    #endregion
    6171
    6272    #region Task Methods
     
    467477
    468478    #region ResourcePermission Methods
    469     public void GrantResourcePermission(Guid resourceId, Guid grantedUserId) {
     479    public void GrantResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) {
    470480      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    471481      trans.UseTransaction(() => {
    472482        Resource resource = dao.GetResource(resourceId);
    473483        if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId));
    474         if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource"));
    475         dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = grantedUserId });
    476       });
    477     }
    478 
    479     public void RevokeResourcePermission(Guid resourceId, Guid grantedUserId) {
     484        if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource"));
     485        foreach (Guid id in grantedUserIds)
     486          dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = id });
     487      });
     488    }
     489
     490    public void RevokeResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) {
    480491      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    481492      trans.UseTransaction(() => {
    482493        Resource resource = dao.GetResource(resourceId);
    483494        if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId));
    484         if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource"));
    485         dao.DeleteResourcePermission(resourceId, grantedUserId);
     495        if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource"));
     496        foreach (Guid id in grantedUserIds)
     497          dao.DeleteResourcePermission(resourceId, id);
    486498      });
    487499    }
     
    492504        Resource resource = dao.GetResource(resourceId);
    493505        if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId));
    494         if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to list permissions for this resource"));
    495506        return dao.GetResourcePermissions(x => x.ResourceId == resourceId);
    496507      });
     
    515526
    516527    public Guid AddSlaveGroup(SlaveGroup slaveGroup) {
    517       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     528      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    518529      return trans.UseTransaction(() => dao.AddSlaveGroup(slaveGroup));
    519530    }
     
    531542    public IEnumerable<Slave> GetSlaves() {
    532543      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    533       return dao.GetSlaves(x => x.OwnerUserId == null
    534                              || x.OwnerUserId == userManager.CurrentUserId
    535                              || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0
    536                              || authen.IsInRole(HiveRoles.Administrator));
     544      return dao.GetSlaves(x => true).Where(x => x.OwnerUserId == null
     545                                         || x.OwnerUserId == userManager.CurrentUserId
     546                                         || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList())
     547                                         || authen.IsInRole(HiveRoles.Administrator)).ToArray();
    537548    }
    538549
    539550    public IEnumerable<SlaveGroup> GetSlaveGroups() {
    540551      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    541       return dao.GetSlaveGroups(x => x.OwnerUserId == null
    542                                   || x.OwnerUserId == userManager.CurrentUserId
    543                                   || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0
    544                                   || authen.IsInRole(HiveRoles.Administrator));
     552      return dao.GetSlaveGroups(x => true).Where(x => x.OwnerUserId == null
     553                                              || x.OwnerUserId == userManager.CurrentUserId
     554                                              || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList())
     555                                              || authen.IsInRole(HiveRoles.Administrator)).ToArray();
    545556    }
    546557
    547558    public void UpdateSlave(Slave slave) {
    548       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     559      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    549560      trans.UseTransaction(() => {
    550561        dao.UpdateSlave(slave);
     
    553564
    554565    public void UpdateSlaveGroup(SlaveGroup slaveGroup) {
    555       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     566      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    556567      trans.UseTransaction(() => {
    557568        dao.UpdateSlaveGroup(slaveGroup);
     
    560571
    561572    public void DeleteSlave(Guid slaveId) {
    562       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     573      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     574      author.AuthorizeForResourceAdministration(slaveId);
    563575      trans.UseTransaction(() => {
    564576        dao.DeleteSlave(slaveId);
     
    567579
    568580    public void DeleteSlaveGroup(Guid slaveGroupId) {
    569       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     581      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     582      author.AuthorizeForResourceAdministration(slaveGroupId);
    570583      trans.UseTransaction(() => {
    571584        dao.DeleteSlaveGroup(slaveGroupId);
     
    623636    #region Downtime Methods
    624637    public Guid AddDowntime(Downtime downtime) {
    625       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     638      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     639      author.AuthorizeForResourceAdministration(downtime.ResourceId);
    626640      return trans.UseTransaction(() => dao.AddDowntime(downtime));
    627641    }
    628642
    629643    public void DeleteDowntime(Guid downtimeId) {
    630       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     644      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     645      // TODO: pass resource id
     646      // author.AuthorizeForResource(resourceId);
    631647      trans.UseTransaction(() => {
    632648        dao.DeleteDowntime(downtimeId);
     
    635651
    636652    public void UpdateDowntime(Downtime downtime) {
    637       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     653      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     654      author.AuthorizeForResourceAdministration(downtime.ResourceId);
    638655      trans.UseTransaction(() => {
    639656        dao.UpdateDowntime(downtime);
     
    642659
    643660    public IEnumerable<Downtime> GetDowntimesForResource(Guid resourceId) {
    644       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     661      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    645662      return trans.UseTransaction(() => dao.GetDowntimes(x => x.ResourceId == resourceId));
    646663    }
  • branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs

    r7259 r7950  
    3333
    3434    void AuthorizeForJob(Guid jobId, Permission requiredPermission);
     35
     36    void AuthorizeForResourceAdministration(Guid resourceId);
    3537  }
    3638}
  • branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/Interfaces/IServiceLocator.cs

    r7259 r7950  
    2424namespace HeuristicLab.Services.Hive {
    2525  public interface IServiceLocator {
    26     IAuthenticationManager AuthenticationManager { get; }
     26    HeuristicLab.Services.Access.IRoleVerifier AuthenticationManager { get; }
    2727    IAuthorizationManager AuthorizationManager { get; }
    2828    IHiveDao HiveDao { get; }
    2929    IEventManager EventManager { get; }
    3030    ITransactionManager TransactionManager { get; }
    31     IUserManager UserManager { get; }
     31    HeuristicLab.Services.Access.IUserManager UserManager { get; }
    3232    HeartbeatManager HeartbeatManager { get; }
    3333  }
  • branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r7259 r7950  
    4646        throw new SecurityException("Current user is not authorized to access task");
    4747    }
     48
     49    public void AuthorizeForResourceAdministration(Guid resourceId) {
     50      Resource resource = DT.Convert.ToEntity(ServiceLocator.Instance.HiveDao.GetResource(resourceId));
     51      if (resource.OwnerUserId != ServiceLocator.Instance.UserManager.CurrentUserId && !ServiceLocator.Instance.AuthenticationManager.IsInRole(HiveRoles.Administrator))
     52        throw new SecurityException("Current user is not authorized to access resource");
     53    }
    4854  }
    4955}
  • branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/ServiceContracts/IHiveService.cs

    r7916 r7950  
    3131  public interface IHiveService {
    3232
     33    #region Authorization Methods
     34    [OperationContract]
     35    bool AuthorizesForResourceAdministration(Guid resourceId);
     36    #endregion
     37
    3338    #region Task Methods
    3439    [OperationContract]
     
    160165    #region ResourcePermission Methods
    161166    [OperationContract]
    162     void GrantResourcePermission(Guid resourceId, Guid grantedUserId);
    163 
    164     [OperationContract]
    165     void RevokeResourcePermission(Guid resourceId, Guid grantedUserId);
     167    void GrantResourcePermissions(Guid resourceId, params Guid[] grantedUserIds);
     168
     169    [OperationContract]
     170    void RevokeResourcePermissions(Guid resourceId, params Guid[] grantedUserIds);
    166171
    167172    [OperationContract]
  • branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/ServiceLocator.cs

    r7259 r7950  
    4242    }
    4343
    44     private IAuthenticationManager authenticationManager;
    45     public IAuthenticationManager AuthenticationManager {
     44    private HeuristicLab.Services.Access.IRoleVerifier authenticationManager;
     45    public HeuristicLab.Services.Access.IRoleVerifier AuthenticationManager {
    4646      get {
    47         if (authenticationManager == null) authenticationManager = new AuthenticationManager();
     47        if (authenticationManager == null) authenticationManager = new HeuristicLab.Services.Access.RoleVerifier();
    4848        return authenticationManager;
    4949      }
     
    7474    }
    7575
    76     private IUserManager userManager;
    77     public IUserManager UserManager {
     76    private HeuristicLab.Services.Access.IUserManager userManager;
     77    public HeuristicLab.Services.Access.IUserManager UserManager {
    7878      get {
    79         if (userManager == null) userManager = new UserManager();
     79        if (userManager == null) userManager = new HeuristicLab.Services.Access.UserManager();
    8080        return userManager;
    8181      }
     
    8585    public HeartbeatManager HeartbeatManager {
    8686      get {
    87         if(heartbeatManager == null) heartbeatManager = new HeartbeatManager();
     87        if (heartbeatManager == null) heartbeatManager = new HeartbeatManager();
    8888        return heartbeatManager;
    8989      }
Note: See TracChangeset for help on using the changeset viewer.