Changeset 7950 for branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/HiveService.cs
- Timestamp:
- 06/04/12 14:14:47 (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/HiveResourcePermissionManagement (trunk integration)/HeuristicLab.Services.Hive/3.3/HiveService.cs
r7916 r7950 41 41 get { return ServiceLocator.Instance.HiveDao; } 42 42 } 43 private IAuthenticationManager authen {43 private HeuristicLab.Services.Access.IRoleVerifier authen { 44 44 get { return ServiceLocator.Instance.AuthenticationManager; } 45 45 } … … 53 53 get { return ServiceLocator.Instance.EventManager; } 54 54 } 55 private IUserManager userManager {55 private HeuristicLab.Services.Access.IUserManager userManager { 56 56 get { return ServiceLocator.Instance.UserManager; } 57 57 } … … 59 59 get { return ServiceLocator.Instance.HeartbeatManager; } 60 60 } 61 62 #region Authorization Methods 63 public bool AuthorizesForResourceAdministration(Guid resourceId) { 64 try { 65 author.AuthorizeForResourceAdministration(resourceId); 66 return true; 67 } 68 catch (System.Security.SecurityException) { return false; } 69 } 70 #endregion 61 71 62 72 #region Task Methods … … 467 477 468 478 #region ResourcePermission Methods 469 public void GrantResourcePermission (Guid resourceId, Guid grantedUserId) {479 public void GrantResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) { 470 480 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 471 481 trans.UseTransaction(() => { 472 482 Resource resource = dao.GetResource(resourceId); 473 483 if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId)); 474 if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource")); 475 dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = grantedUserId }); 476 }); 477 } 478 479 public void RevokeResourcePermission(Guid resourceId, Guid grantedUserId) { 484 if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource")); 485 foreach (Guid id in grantedUserIds) 486 dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = id }); 487 }); 488 } 489 490 public void RevokeResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) { 480 491 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 481 492 trans.UseTransaction(() => { 482 493 Resource resource = dao.GetResource(resourceId); 483 494 if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId)); 484 if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource")); 485 dao.DeleteResourcePermission(resourceId, grantedUserId); 495 if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource")); 496 foreach (Guid id in grantedUserIds) 497 dao.DeleteResourcePermission(resourceId, id); 486 498 }); 487 499 } … … 492 504 Resource resource = dao.GetResource(resourceId); 493 505 if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId)); 494 if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to list permissions for this resource"));495 506 return dao.GetResourcePermissions(x => x.ResourceId == resourceId); 496 507 }); … … 515 526 516 527 public Guid AddSlaveGroup(SlaveGroup slaveGroup) { 517 authen.AuthenticateForAnyRole(HiveRoles.Administrator );528 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 518 529 return trans.UseTransaction(() => dao.AddSlaveGroup(slaveGroup)); 519 530 } … … 531 542 public IEnumerable<Slave> GetSlaves() { 532 543 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 533 return dao.GetSlaves(x => x.OwnerUserId == null534 || x.OwnerUserId == userManager.CurrentUserId535 || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0536 || authen.IsInRole(HiveRoles.Administrator));544 return dao.GetSlaves(x => true).Where(x => x.OwnerUserId == null 545 || x.OwnerUserId == userManager.CurrentUserId 546 || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList()) 547 || authen.IsInRole(HiveRoles.Administrator)).ToArray(); 537 548 } 538 549 539 550 public IEnumerable<SlaveGroup> GetSlaveGroups() { 540 551 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 541 return dao.GetSlaveGroups(x => x.OwnerUserId == null542 || x.OwnerUserId == userManager.CurrentUserId543 || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0544 || authen.IsInRole(HiveRoles.Administrator));552 return dao.GetSlaveGroups(x => true).Where(x => x.OwnerUserId == null 553 || x.OwnerUserId == userManager.CurrentUserId 554 || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList()) 555 || authen.IsInRole(HiveRoles.Administrator)).ToArray(); 545 556 } 546 557 547 558 public void UpdateSlave(Slave slave) { 548 authen.AuthenticateForAnyRole(HiveRoles.Administrator );559 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 549 560 trans.UseTransaction(() => { 550 561 dao.UpdateSlave(slave); … … 553 564 554 565 public void UpdateSlaveGroup(SlaveGroup slaveGroup) { 555 authen.AuthenticateForAnyRole(HiveRoles.Administrator );566 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 556 567 trans.UseTransaction(() => { 557 568 dao.UpdateSlaveGroup(slaveGroup); … … 560 571 561 572 public void DeleteSlave(Guid slaveId) { 562 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 573 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 574 author.AuthorizeForResourceAdministration(slaveId); 563 575 trans.UseTransaction(() => { 564 576 dao.DeleteSlave(slaveId); … … 567 579 568 580 public void DeleteSlaveGroup(Guid slaveGroupId) { 569 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 581 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 582 author.AuthorizeForResourceAdministration(slaveGroupId); 570 583 trans.UseTransaction(() => { 571 584 dao.DeleteSlaveGroup(slaveGroupId); … … 623 636 #region Downtime Methods 624 637 public Guid AddDowntime(Downtime downtime) { 625 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 638 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 639 author.AuthorizeForResourceAdministration(downtime.ResourceId); 626 640 return trans.UseTransaction(() => dao.AddDowntime(downtime)); 627 641 } 628 642 629 643 public void DeleteDowntime(Guid downtimeId) { 630 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 644 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 645 // TODO: pass resource id 646 // author.AuthorizeForResource(resourceId); 631 647 trans.UseTransaction(() => { 632 648 dao.DeleteDowntime(downtimeId); … … 635 651 636 652 public void UpdateDowntime(Downtime downtime) { 637 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 653 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 654 author.AuthorizeForResourceAdministration(downtime.ResourceId); 638 655 trans.UseTransaction(() => { 639 656 dao.UpdateDowntime(downtime); … … 642 659 643 660 public IEnumerable<Downtime> GetDowntimesForResource(Guid resourceId) { 644 authen.AuthenticateForAnyRole(HiveRoles.Administrator );661 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 645 662 return trans.UseTransaction(() => dao.GetDowntimes(x => x.ResourceId == resourceId)); 646 663 }
Note: See TracChangeset
for help on using the changeset viewer.