- Timestamp:
- 06/04/12 14:14:47 (12 years ago)
- Location:
- branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3
- Files:
-
- 1 added
- 7 edited
-
DataTransfer/ResourcePermission.cs (added)
-
HeuristicLab.Services.Hive-3.3.csproj (modified) (2 diffs)
-
HiveService.cs (modified) (13 diffs)
-
Interfaces/IAuthorizationManager.cs (modified) (1 diff)
-
Interfaces/IServiceLocator.cs (modified) (1 diff)
-
Manager/AuthorizationManager.cs (modified) (1 diff)
-
ServiceContracts/IHiveService.cs (modified) (2 diffs)
-
ServiceLocator.cs (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/HeuristicLab.Services.Hive-3.3.csproj
r7916 r7950 90 90 <HintPath>..\..\bin\HeuristicLab.Core-3.3.dll</HintPath> 91 91 </Reference> 92 <Reference Include="HeuristicLab.GeoIP"> 93 <HintPath>..\..\..\ClientUserManagement\HeuristicLab.GeoIP\1.12\obj\Debug\HeuristicLab.GeoIP.dll</HintPath> 94 </Reference> 92 95 <Reference Include="HeuristicLab.Persistence-3.3"> 93 96 <HintPath>..\..\bin\HeuristicLab.Persistence-3.3.dll</HintPath> … … 95 98 <Reference Include="HeuristicLab.PluginInfrastructure-3.3"> 96 99 <HintPath>..\..\bin\HeuristicLab.PluginInfrastructure-3.3.dll</HintPath> 100 </Reference> 101 <Reference Include="HeuristicLab.Services.Access"> 102 <HintPath>..\..\..\ClientUserManagement\HeuristicLab.Services.Access\3.3\obj\Debug\HeuristicLab.Services.Access.dll</HintPath> 103 </Reference> 104 <Reference Include="HeuristicLab.Services.Access.DataAccess"> 105 <HintPath>..\..\..\ClientUserManagement\HeuristicLab.Services.Access.DataAccess\3.3\obj\Debug\HeuristicLab.Services.Access.DataAccess.dll</HintPath> 97 106 </Reference> 98 107 <Reference Include="System" /> -
branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/HiveService.cs
r7916 r7950 41 41 get { return ServiceLocator.Instance.HiveDao; } 42 42 } 43 private IAuthenticationManager authen {43 private HeuristicLab.Services.Access.IRoleVerifier authen { 44 44 get { return ServiceLocator.Instance.AuthenticationManager; } 45 45 } … … 53 53 get { return ServiceLocator.Instance.EventManager; } 54 54 } 55 private IUserManager userManager {55 private HeuristicLab.Services.Access.IUserManager userManager { 56 56 get { return ServiceLocator.Instance.UserManager; } 57 57 } … … 59 59 get { return ServiceLocator.Instance.HeartbeatManager; } 60 60 } 61 62 #region Authorization Methods 63 public bool AuthorizesForResourceAdministration(Guid resourceId) { 64 try { 65 author.AuthorizeForResourceAdministration(resourceId); 66 return true; 67 } 68 catch (System.Security.SecurityException) { return false; } 69 } 70 #endregion 61 71 62 72 #region Task Methods … … 467 477 468 478 #region ResourcePermission Methods 469 public void GrantResourcePermission (Guid resourceId, Guid grantedUserId) {479 public void GrantResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) { 470 480 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 471 481 trans.UseTransaction(() => { 472 482 Resource resource = dao.GetResource(resourceId); 473 483 if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId)); 474 if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource")); 475 dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = grantedUserId }); 476 }); 477 } 478 479 public void RevokeResourcePermission(Guid resourceId, Guid grantedUserId) { 484 if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource")); 485 foreach (Guid id in grantedUserIds) 486 dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = id }); 487 }); 488 } 489 490 public void RevokeResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) { 480 491 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 481 492 trans.UseTransaction(() => { 482 493 Resource resource = dao.GetResource(resourceId); 483 494 if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId)); 484 if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource")); 485 dao.DeleteResourcePermission(resourceId, grantedUserId); 495 if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource")); 496 foreach (Guid id in grantedUserIds) 497 dao.DeleteResourcePermission(resourceId, id); 486 498 }); 487 499 } … … 492 504 Resource resource = dao.GetResource(resourceId); 493 505 if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId)); 494 if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to list permissions for this resource"));495 506 return dao.GetResourcePermissions(x => x.ResourceId == resourceId); 496 507 }); … … 515 526 516 527 public Guid AddSlaveGroup(SlaveGroup slaveGroup) { 517 authen.AuthenticateForAnyRole(HiveRoles.Administrator );528 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 518 529 return trans.UseTransaction(() => dao.AddSlaveGroup(slaveGroup)); 519 530 } … … 531 542 public IEnumerable<Slave> GetSlaves() { 532 543 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 533 return dao.GetSlaves(x => x.OwnerUserId == null534 || x.OwnerUserId == userManager.CurrentUserId535 || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0536 || authen.IsInRole(HiveRoles.Administrator));544 return dao.GetSlaves(x => true).Where(x => x.OwnerUserId == null 545 || x.OwnerUserId == userManager.CurrentUserId 546 || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList()) 547 || authen.IsInRole(HiveRoles.Administrator)).ToArray(); 537 548 } 538 549 539 550 public IEnumerable<SlaveGroup> GetSlaveGroups() { 540 551 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 541 return dao.GetSlaveGroups(x => x.OwnerUserId == null542 || x.OwnerUserId == userManager.CurrentUserId543 || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0544 || authen.IsInRole(HiveRoles.Administrator));552 return dao.GetSlaveGroups(x => true).Where(x => x.OwnerUserId == null 553 || x.OwnerUserId == userManager.CurrentUserId 554 || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList()) 555 || authen.IsInRole(HiveRoles.Administrator)).ToArray(); 545 556 } 546 557 547 558 public void UpdateSlave(Slave slave) { 548 authen.AuthenticateForAnyRole(HiveRoles.Administrator );559 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 549 560 trans.UseTransaction(() => { 550 561 dao.UpdateSlave(slave); … … 553 564 554 565 public void UpdateSlaveGroup(SlaveGroup slaveGroup) { 555 authen.AuthenticateForAnyRole(HiveRoles.Administrator );566 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 556 567 trans.UseTransaction(() => { 557 568 dao.UpdateSlaveGroup(slaveGroup); … … 560 571 561 572 public void DeleteSlave(Guid slaveId) { 562 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 573 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 574 author.AuthorizeForResourceAdministration(slaveId); 563 575 trans.UseTransaction(() => { 564 576 dao.DeleteSlave(slaveId); … … 567 579 568 580 public void DeleteSlaveGroup(Guid slaveGroupId) { 569 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 581 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 582 author.AuthorizeForResourceAdministration(slaveGroupId); 570 583 trans.UseTransaction(() => { 571 584 dao.DeleteSlaveGroup(slaveGroupId); … … 623 636 #region Downtime Methods 624 637 public Guid AddDowntime(Downtime downtime) { 625 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 638 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 639 author.AuthorizeForResourceAdministration(downtime.ResourceId); 626 640 return trans.UseTransaction(() => dao.AddDowntime(downtime)); 627 641 } 628 642 629 643 public void DeleteDowntime(Guid downtimeId) { 630 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 644 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 645 // TODO: pass resource id 646 // author.AuthorizeForResource(resourceId); 631 647 trans.UseTransaction(() => { 632 648 dao.DeleteDowntime(downtimeId); … … 635 651 636 652 public void UpdateDowntime(Downtime downtime) { 637 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 653 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 654 author.AuthorizeForResourceAdministration(downtime.ResourceId); 638 655 trans.UseTransaction(() => { 639 656 dao.UpdateDowntime(downtime); … … 642 659 643 660 public IEnumerable<Downtime> GetDowntimesForResource(Guid resourceId) { 644 authen.AuthenticateForAnyRole(HiveRoles.Administrator );661 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 645 662 return trans.UseTransaction(() => dao.GetDowntimes(x => x.ResourceId == resourceId)); 646 663 } -
branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs
r7259 r7950 33 33 34 34 void AuthorizeForJob(Guid jobId, Permission requiredPermission); 35 36 void AuthorizeForResourceAdministration(Guid resourceId); 35 37 } 36 38 } -
branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/Interfaces/IServiceLocator.cs
r7259 r7950 24 24 namespace HeuristicLab.Services.Hive { 25 25 public interface IServiceLocator { 26 IAuthenticationManager AuthenticationManager { get; }26 HeuristicLab.Services.Access.IRoleVerifier AuthenticationManager { get; } 27 27 IAuthorizationManager AuthorizationManager { get; } 28 28 IHiveDao HiveDao { get; } 29 29 IEventManager EventManager { get; } 30 30 ITransactionManager TransactionManager { get; } 31 IUserManager UserManager { get; }31 HeuristicLab.Services.Access.IUserManager UserManager { get; } 32 32 HeartbeatManager HeartbeatManager { get; } 33 33 } -
branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
r7259 r7950 46 46 throw new SecurityException("Current user is not authorized to access task"); 47 47 } 48 49 public void AuthorizeForResourceAdministration(Guid resourceId) { 50 Resource resource = DT.Convert.ToEntity(ServiceLocator.Instance.HiveDao.GetResource(resourceId)); 51 if (resource.OwnerUserId != ServiceLocator.Instance.UserManager.CurrentUserId && !ServiceLocator.Instance.AuthenticationManager.IsInRole(HiveRoles.Administrator)) 52 throw new SecurityException("Current user is not authorized to access resource"); 53 } 48 54 } 49 55 } -
branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/ServiceContracts/IHiveService.cs
r7916 r7950 31 31 public interface IHiveService { 32 32 33 #region Authorization Methods 34 [OperationContract] 35 bool AuthorizesForResourceAdministration(Guid resourceId); 36 #endregion 37 33 38 #region Task Methods 34 39 [OperationContract] … … 160 165 #region ResourcePermission Methods 161 166 [OperationContract] 162 void GrantResourcePermission (Guid resourceId, Guid grantedUserId);163 164 [OperationContract] 165 void RevokeResourcePermission (Guid resourceId, Guid grantedUserId);167 void GrantResourcePermissions(Guid resourceId, params Guid[] grantedUserIds); 168 169 [OperationContract] 170 void RevokeResourcePermissions(Guid resourceId, params Guid[] grantedUserIds); 166 171 167 172 [OperationContract] -
branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/ServiceLocator.cs
r7259 r7950 42 42 } 43 43 44 private IAuthenticationManager authenticationManager;45 public IAuthenticationManager AuthenticationManager {44 private HeuristicLab.Services.Access.IRoleVerifier authenticationManager; 45 public HeuristicLab.Services.Access.IRoleVerifier AuthenticationManager { 46 46 get { 47 if (authenticationManager == null) authenticationManager = new AuthenticationManager();47 if (authenticationManager == null) authenticationManager = new HeuristicLab.Services.Access.RoleVerifier(); 48 48 return authenticationManager; 49 49 } … … 74 74 } 75 75 76 private IUserManager userManager;77 public IUserManager UserManager {76 private HeuristicLab.Services.Access.IUserManager userManager; 77 public HeuristicLab.Services.Access.IUserManager UserManager { 78 78 get { 79 if (userManager == null) userManager = new UserManager();79 if (userManager == null) userManager = new HeuristicLab.Services.Access.UserManager(); 80 80 return userManager; 81 81 } … … 85 85 public HeartbeatManager HeartbeatManager { 86 86 get { 87 if (heartbeatManager == null) heartbeatManager = new HeartbeatManager();87 if (heartbeatManager == null) heartbeatManager = new HeartbeatManager(); 88 88 return heartbeatManager; 89 89 }
Note: See TracChangeset
for help on using the changeset viewer.
