Changeset 8051 for trunk/sources/HeuristicLab.Services.Hive
- Timestamp:
- 06/19/12 12:06:18 (12 years ago)
- Location:
- trunk/sources/HeuristicLab.Services.Hive/3.3
- Files:
-
- 1 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/sources/HeuristicLab.Services.Hive/3.3/HeuristicLab.Services.Hive-3.3.csproj
r7916 r8051 172 172 </ItemGroup> 173 173 <ItemGroup> 174 <ProjectReference Include="..\..\HeuristicLab.Services.Access\3.3\HeuristicLab.Services.Access-3.3.csproj"> 175 <Project>{9FAC0B23-2730-452A-9BA0-D7CA1746C541}</Project> 176 <Name>HeuristicLab.Services.Access-3.3</Name> 177 </ProjectReference> 174 178 <ProjectReference Include="..\..\HeuristicLab.Services.Hive.DataAccess\3.3\HeuristicLab.Services.Hive.DataAccess-3.3.csproj"> 175 179 <Project>{EC2C8109-6E1E-4C88-9A2B-908CFF2EF4AC}</Project> -
trunk/sources/HeuristicLab.Services.Hive/3.3/HiveService.cs
r7916 r8051 41 41 get { return ServiceLocator.Instance.HiveDao; } 42 42 } 43 private IAuthenticationManager authen {44 get { return ServiceLocator.Instance. AuthenticationManager; }43 private Access.IRoleVerifier authen { 44 get { return ServiceLocator.Instance.RoleVerifier; } 45 45 } 46 46 private IAuthorizationManager author { … … 53 53 get { return ServiceLocator.Instance.EventManager; } 54 54 } 55 private IUserManager userManager {55 private Access.IUserManager userManager { 56 56 get { return ServiceLocator.Instance.UserManager; } 57 57 } … … 59 59 get { return ServiceLocator.Instance.HeartbeatManager; } 60 60 } 61 62 #region Authorization Methods 63 public bool AuthorizesForResourceAdministration(Guid resourceId) { 64 try { 65 author.AuthorizeForResourceAdministration(resourceId); 66 return true; 67 } 68 catch (System.Security.SecurityException) { return false; } 69 } 70 #endregion 61 71 62 72 #region Task Methods … … 467 477 468 478 #region ResourcePermission Methods 469 public void GrantResourcePermission (Guid resourceId, Guid grantedUserId) {479 public void GrantResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) { 470 480 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 471 481 trans.UseTransaction(() => { 472 482 Resource resource = dao.GetResource(resourceId); 473 483 if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId)); 474 if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource")); 475 dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = grantedUserId }); 476 }); 477 } 478 479 public void RevokeResourcePermission(Guid resourceId, Guid grantedUserId) { 484 if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource")); 485 foreach (Guid id in grantedUserIds) 486 dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = id }); 487 }); 488 } 489 490 public void RevokeResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) { 480 491 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 481 492 trans.UseTransaction(() => { 482 493 Resource resource = dao.GetResource(resourceId); 483 494 if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId)); 484 if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource")); 485 dao.DeleteResourcePermission(resourceId, grantedUserId); 495 if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource")); 496 foreach (Guid id in grantedUserIds) 497 dao.DeleteResourcePermission(resourceId, id); 486 498 }); 487 499 } … … 492 504 Resource resource = dao.GetResource(resourceId); 493 505 if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId)); 494 if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to list permissions for this resource"));495 506 return dao.GetResourcePermissions(x => x.ResourceId == resourceId); 496 507 }); … … 515 526 516 527 public Guid AddSlaveGroup(SlaveGroup slaveGroup) { 517 authen.AuthenticateForAnyRole(HiveRoles.Administrator );528 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 518 529 return trans.UseTransaction(() => dao.AddSlaveGroup(slaveGroup)); 519 530 } … … 531 542 public IEnumerable<Slave> GetSlaves() { 532 543 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 533 return dao.GetSlaves(x => x.OwnerUserId == null534 || x.OwnerUserId == userManager.CurrentUserId535 || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0536 || authen.IsInRole(HiveRoles.Administrator));544 return dao.GetSlaves(x => true).Where(x => x.OwnerUserId == null 545 || x.OwnerUserId == userManager.CurrentUserId 546 || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList()) 547 || authen.IsInRole(HiveRoles.Administrator)).ToArray(); 537 548 } 538 549 539 550 public IEnumerable<SlaveGroup> GetSlaveGroups() { 540 551 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 541 return dao.GetSlaveGroups(x => x.OwnerUserId == null542 || x.OwnerUserId == userManager.CurrentUserId543 || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0544 || authen.IsInRole(HiveRoles.Administrator));552 return dao.GetSlaveGroups(x => true).Where(x => x.OwnerUserId == null 553 || x.OwnerUserId == userManager.CurrentUserId 554 || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList()) 555 || authen.IsInRole(HiveRoles.Administrator)).ToArray(); 545 556 } 546 557 547 558 public void UpdateSlave(Slave slave) { 548 authen.AuthenticateForAnyRole(HiveRoles.Administrator );559 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 549 560 trans.UseTransaction(() => { 550 561 dao.UpdateSlave(slave); … … 553 564 554 565 public void UpdateSlaveGroup(SlaveGroup slaveGroup) { 555 authen.AuthenticateForAnyRole(HiveRoles.Administrator );566 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 556 567 trans.UseTransaction(() => { 557 568 dao.UpdateSlaveGroup(slaveGroup); … … 560 571 561 572 public void DeleteSlave(Guid slaveId) { 562 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 573 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 574 author.AuthorizeForResourceAdministration(slaveId); 563 575 trans.UseTransaction(() => { 564 576 dao.DeleteSlave(slaveId); … … 567 579 568 580 public void DeleteSlaveGroup(Guid slaveGroupId) { 569 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 581 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 582 author.AuthorizeForResourceAdministration(slaveGroupId); 570 583 trans.UseTransaction(() => { 571 584 dao.DeleteSlaveGroup(slaveGroupId); … … 623 636 #region Downtime Methods 624 637 public Guid AddDowntime(Downtime downtime) { 625 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 638 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 639 author.AuthorizeForResourceAdministration(downtime.ResourceId); 626 640 return trans.UseTransaction(() => dao.AddDowntime(downtime)); 627 641 } 628 642 629 643 public void DeleteDowntime(Guid downtimeId) { 630 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 644 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 645 // TODO: pass resource id 646 // author.AuthorizeForResource(resourceId); 631 647 trans.UseTransaction(() => { 632 648 dao.DeleteDowntime(downtimeId); … … 635 651 636 652 public void UpdateDowntime(Downtime downtime) { 637 authen.AuthenticateForAnyRole(HiveRoles.Administrator); 653 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 654 author.AuthorizeForResourceAdministration(downtime.ResourceId); 638 655 trans.UseTransaction(() => { 639 656 dao.UpdateDowntime(downtime); … … 642 659 643 660 public IEnumerable<Downtime> GetDowntimesForResource(Guid resourceId) { 644 authen.AuthenticateForAnyRole(HiveRoles.Administrator );661 authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client); 645 662 return trans.UseTransaction(() => dao.GetDowntimes(x => x.ResourceId == resourceId)); 646 663 } -
trunk/sources/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs
r7259 r8051 33 33 34 34 void AuthorizeForJob(Guid jobId, Permission requiredPermission); 35 36 void AuthorizeForResourceAdministration(Guid resourceId); 35 37 } 36 38 } -
trunk/sources/HeuristicLab.Services.Hive/3.3/Interfaces/IServiceLocator.cs
r7259 r8051 24 24 namespace HeuristicLab.Services.Hive { 25 25 public interface IServiceLocator { 26 IAuthenticationManager AuthenticationManager { get; }26 Access.IRoleVerifier RoleVerifier { get; } 27 27 IAuthorizationManager AuthorizationManager { get; } 28 28 IHiveDao HiveDao { get; } 29 29 IEventManager EventManager { get; } 30 30 ITransactionManager TransactionManager { get; } 31 IUserManager UserManager { get; }31 Access.IUserManager UserManager { get; } 32 32 HeartbeatManager HeartbeatManager { get; } 33 33 } -
trunk/sources/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs
r7259 r8051 34 34 35 35 public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) { 36 if (ServiceLocator.Instance. AuthenticationManager.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks36 if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks 37 37 38 38 Permission permission = ServiceLocator.Instance.HiveDao.GetPermissionForTask(taskId, ServiceLocator.Instance.UserManager.CurrentUserId); … … 46 46 throw new SecurityException("Current user is not authorized to access task"); 47 47 } 48 49 public void AuthorizeForResourceAdministration(Guid resourceId) { 50 Resource resource = DT.Convert.ToEntity(ServiceLocator.Instance.HiveDao.GetResource(resourceId)); 51 if (resource.OwnerUserId != ServiceLocator.Instance.UserManager.CurrentUserId && !ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator)) 52 throw new SecurityException("Current user is not authorized to access resource"); 53 } 48 54 } 49 55 } -
trunk/sources/HeuristicLab.Services.Hive/3.3/Plugin.cs.frame
r7259 r8051 29 29 [Plugin("HeuristicLab.Services.Hive", "3.3.6.$WCREV$")] 30 30 [PluginFile("HeuristicLab.Services.Hive-3.3.dll", PluginFileType.Assembly)] 31 [PluginDependency("HeuristicLab.Common", "3.3")] 31 [PluginDependency("HeuristicLab.Common", "3.3")] 32 32 [PluginDependency("HeuristicLab.Core", "3.3")] 33 [PluginDependency("HeuristicLab.Persistence", "3.3")] 33 [PluginDependency("HeuristicLab.Persistence", "3.3")] 34 [PluginDependency("HeuristicLab.Services.Access-3.3", "3.3")] 34 35 [PluginDependency("HeuristicLab.Services.Hive.DataAccess", "3.3")] 35 36 public class HeuristicLabServicesHivePlugin : PluginBase { -
trunk/sources/HeuristicLab.Services.Hive/3.3/ServiceContracts/IHiveService.cs
r7916 r8051 30 30 [ServiceContract(ProtectionLevel = ProtectionLevel.EncryptAndSign)] 31 31 public interface IHiveService { 32 #region Authorization Methods 33 [OperationContract] 34 bool AuthorizesForResourceAdministration(Guid resourceId); 35 #endregion 32 36 33 37 #region Task Methods … … 160 164 #region ResourcePermission Methods 161 165 [OperationContract] 162 void GrantResourcePermission (Guid resourceId, Guid grantedUserId);163 164 [OperationContract] 165 void RevokeResourcePermission (Guid resourceId, Guid grantedUserId);166 void GrantResourcePermissions(Guid resourceId, params Guid[] grantedUserIds); 167 168 [OperationContract] 169 void RevokeResourcePermissions(Guid resourceId, params Guid[] grantedUserIds); 166 170 167 171 [OperationContract] -
trunk/sources/HeuristicLab.Services.Hive/3.3/ServiceLocator.cs
r7259 r8051 42 42 } 43 43 44 private IAuthenticationManager authenticationManager;45 public IAuthenticationManager AuthenticationManager {44 private Access.IRoleVerifier roleVerifier; 45 public Access.IRoleVerifier RoleVerifier { 46 46 get { 47 if ( authenticationManager == null) authenticationManager = new AuthenticationManager();48 return authenticationManager;47 if (roleVerifier == null) roleVerifier = new Access.RoleVerifier(); 48 return roleVerifier; 49 49 } 50 50 } … … 74 74 } 75 75 76 private IUserManager userManager;77 public IUserManager UserManager {76 private Access.IUserManager userManager; 77 public Access.IUserManager UserManager { 78 78 get { 79 if (userManager == null) userManager = new UserManager();79 if (userManager == null) userManager = new Access.UserManager(); 80 80 return userManager; 81 81 } … … 85 85 public HeartbeatManager HeartbeatManager { 86 86 get { 87 if (heartbeatManager == null) heartbeatManager = new HeartbeatManager();87 if (heartbeatManager == null) heartbeatManager = new HeartbeatManager(); 88 88 return heartbeatManager; 89 89 }
Note: See TracChangeset
for help on using the changeset viewer.