Free cookie consent management tool by TermsFeed Policy Generator

Ignore:
Timestamp:
06/19/12 12:06:18 (12 years ago)
Author:
jkarder
Message:

#1859: manually merged branch "HiveResourcePermissionManagement (trunk integration)" into trunk

Location:
trunk/sources/HeuristicLab.Services.Hive/3.3
Files:
1 added
8 edited

Legend:

Unmodified
Added
Removed

  • trunk/sources/HeuristicLab.Services.Hive/3.3/HeuristicLab.Services.Hive-3.3.csproj

    r7916 r8051  
    172172  </ItemGroup>
    173173  <ItemGroup>
     174    <ProjectReference Include="..\..\HeuristicLab.Services.Access\3.3\HeuristicLab.Services.Access-3.3.csproj">
     175      <Project>{9FAC0B23-2730-452A-9BA0-D7CA1746C541}</Project>
     176      <Name>HeuristicLab.Services.Access-3.3</Name>
     177    </ProjectReference>
    174178    <ProjectReference Include="..\..\HeuristicLab.Services.Hive.DataAccess\3.3\HeuristicLab.Services.Hive.DataAccess-3.3.csproj">
    175179      <Project>{EC2C8109-6E1E-4C88-9A2B-908CFF2EF4AC}</Project>

  • trunk/sources/HeuristicLab.Services.Hive/3.3/HiveService.cs

    r7916 r8051  
    4141      get { return ServiceLocator.Instance.HiveDao; }
    4242    }
    43     private IAuthenticationManager authen {
    44       get { return ServiceLocator.Instance.AuthenticationManager; }
     43    private Access.IRoleVerifier authen {
     44      get { return ServiceLocator.Instance.RoleVerifier; }
    4545    }
    4646    private IAuthorizationManager author {
     
    5353      get { return ServiceLocator.Instance.EventManager; }
    5454    }
    55     private IUserManager userManager {
     55    private Access.IUserManager userManager {
    5656      get { return ServiceLocator.Instance.UserManager; }
    5757    }
     
    5959      get { return ServiceLocator.Instance.HeartbeatManager; }
    6060    }
     61
     62    #region Authorization Methods
     63    public bool AuthorizesForResourceAdministration(Guid resourceId) {
     64      try {
     65        author.AuthorizeForResourceAdministration(resourceId);
     66        return true;
     67      }
     68      catch (System.Security.SecurityException) { return false; }
     69    }
     70    #endregion
    6171
    6272    #region Task Methods
     
    467477
    468478    #region ResourcePermission Methods
    469     public void GrantResourcePermission(Guid resourceId, Guid grantedUserId) {
     479    public void GrantResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) {
    470480      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    471481      trans.UseTransaction(() => {
    472482        Resource resource = dao.GetResource(resourceId);
    473483        if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId));
    474         if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource"));
    475         dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = grantedUserId });
    476       });
    477     }
    478 
    479     public void RevokeResourcePermission(Guid resourceId, Guid grantedUserId) {
     484        if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to grant permission for this resource"));
     485        foreach (Guid id in grantedUserIds)
     486          dao.AddResourcePermission(new ResourcePermission { ResourceId = resourceId, GrantedByUserId = userManager.CurrentUserId, GrantedUserId = id });
     487      });
     488    }
     489
     490    public void RevokeResourcePermissions(Guid resourceId, params Guid[] grantedUserIds) {
    480491      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    481492      trans.UseTransaction(() => {
    482493        Resource resource = dao.GetResource(resourceId);
    483494        if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId));
    484         if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource"));
    485         dao.DeleteResourcePermission(resourceId, grantedUserId);
     495        if (resource.OwnerUserId != userManager.CurrentUserId && !authen.IsInRole(HiveRoles.Administrator)) throw new FaultException<FaultReason>(new FaultReason("Not allowed to revoke permission for this resource"));
     496        foreach (Guid id in grantedUserIds)
     497          dao.DeleteResourcePermission(resourceId, id);
    486498      });
    487499    }
     
    492504        Resource resource = dao.GetResource(resourceId);
    493505        if (resource == null) throw new FaultException<FaultReason>(new FaultReason("Could not find resource with id " + resourceId));
    494         if (resource.OwnerUserId != userManager.CurrentUserId) throw new FaultException<FaultReason>(new FaultReason("Not allowed to list permissions for this resource"));
    495506        return dao.GetResourcePermissions(x => x.ResourceId == resourceId);
    496507      });
     
    515526
    516527    public Guid AddSlaveGroup(SlaveGroup slaveGroup) {
    517       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     528      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    518529      return trans.UseTransaction(() => dao.AddSlaveGroup(slaveGroup));
    519530    }
     
    531542    public IEnumerable<Slave> GetSlaves() {
    532543      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    533       return dao.GetSlaves(x => x.OwnerUserId == null
    534                              || x.OwnerUserId == userManager.CurrentUserId
    535                              || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0
    536                              || authen.IsInRole(HiveRoles.Administrator));
     544      return dao.GetSlaves(x => true).Where(x => x.OwnerUserId == null
     545                                         || x.OwnerUserId == userManager.CurrentUserId
     546                                         || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList())
     547                                         || authen.IsInRole(HiveRoles.Administrator)).ToArray();
    537548    }
    538549
    539550    public IEnumerable<SlaveGroup> GetSlaveGroups() {
    540551      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    541       return dao.GetSlaveGroups(x => x.OwnerUserId == null
    542                                   || x.OwnerUserId == userManager.CurrentUserId
    543                                   || x.ResourcePermissions.Count(y => y.GrantedUserId == userManager.CurrentUserId) > 0
    544                                   || authen.IsInRole(HiveRoles.Administrator));
     552      return dao.GetSlaveGroups(x => true).Where(x => x.OwnerUserId == null
     553                                              || x.OwnerUserId == userManager.CurrentUserId
     554                                              || userManager.VerifyUser(userManager.CurrentUserId, GetResourcePermissions(x.Id).Select(y => y.GrantedUserId).ToList())
     555                                              || authen.IsInRole(HiveRoles.Administrator)).ToArray();
    545556    }
    546557
    547558    public void UpdateSlave(Slave slave) {
    548       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     559      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    549560      trans.UseTransaction(() => {
    550561        dao.UpdateSlave(slave);
     
    553564
    554565    public void UpdateSlaveGroup(SlaveGroup slaveGroup) {
    555       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     566      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    556567      trans.UseTransaction(() => {
    557568        dao.UpdateSlaveGroup(slaveGroup);
     
    560571
    561572    public void DeleteSlave(Guid slaveId) {
    562       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     573      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     574      author.AuthorizeForResourceAdministration(slaveId);
    563575      trans.UseTransaction(() => {
    564576        dao.DeleteSlave(slaveId);
     
    567579
    568580    public void DeleteSlaveGroup(Guid slaveGroupId) {
    569       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     581      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     582      author.AuthorizeForResourceAdministration(slaveGroupId);
    570583      trans.UseTransaction(() => {
    571584        dao.DeleteSlaveGroup(slaveGroupId);
     
    623636    #region Downtime Methods
    624637    public Guid AddDowntime(Downtime downtime) {
    625       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     638      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     639      author.AuthorizeForResourceAdministration(downtime.ResourceId);
    626640      return trans.UseTransaction(() => dao.AddDowntime(downtime));
    627641    }
    628642
    629643    public void DeleteDowntime(Guid downtimeId) {
    630       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     644      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     645      // TODO: pass resource id
     646      // author.AuthorizeForResource(resourceId);
    631647      trans.UseTransaction(() => {
    632648        dao.DeleteDowntime(downtimeId);
     
    635651
    636652    public void UpdateDowntime(Downtime downtime) {
    637       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     653      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
     654      author.AuthorizeForResourceAdministration(downtime.ResourceId);
    638655      trans.UseTransaction(() => {
    639656        dao.UpdateDowntime(downtime);
     
    642659
    643660    public IEnumerable<Downtime> GetDowntimesForResource(Guid resourceId) {
    644       authen.AuthenticateForAnyRole(HiveRoles.Administrator);
     661      authen.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
    645662      return trans.UseTransaction(() => dao.GetDowntimes(x => x.ResourceId == resourceId));
    646663    }

  • trunk/sources/HeuristicLab.Services.Hive/3.3/Interfaces/IAuthorizationManager.cs

    r7259 r8051  
    3333
    3434    void AuthorizeForJob(Guid jobId, Permission requiredPermission);
     35
     36    void AuthorizeForResourceAdministration(Guid resourceId);
    3537  }
    3638}

  • trunk/sources/HeuristicLab.Services.Hive/3.3/Interfaces/IServiceLocator.cs

    r7259 r8051  
    2424namespace HeuristicLab.Services.Hive {
    2525  public interface IServiceLocator {
    26     IAuthenticationManager AuthenticationManager { get; }
     26    Access.IRoleVerifier RoleVerifier { get; }
    2727    IAuthorizationManager AuthorizationManager { get; }
    2828    IHiveDao HiveDao { get; }
    2929    IEventManager EventManager { get; }
    3030    ITransactionManager TransactionManager { get; }
    31     IUserManager UserManager { get; }
     31    Access.IUserManager UserManager { get; }
    3232    HeartbeatManager HeartbeatManager { get; }
    3333  }

  • trunk/sources/HeuristicLab.Services.Hive/3.3/Manager/AuthorizationManager.cs

    r7259 r8051  
    3434
    3535    public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission) {
    36       if (ServiceLocator.Instance.AuthenticationManager.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks
     36      if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave)) return; // slave-users can access all tasks
    3737
    3838      Permission permission = ServiceLocator.Instance.HiveDao.GetPermissionForTask(taskId, ServiceLocator.Instance.UserManager.CurrentUserId);
     
    4646        throw new SecurityException("Current user is not authorized to access task");
    4747    }
     48
     49    public void AuthorizeForResourceAdministration(Guid resourceId) {
     50      Resource resource = DT.Convert.ToEntity(ServiceLocator.Instance.HiveDao.GetResource(resourceId));
     51      if (resource.OwnerUserId != ServiceLocator.Instance.UserManager.CurrentUserId && !ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator))
     52        throw new SecurityException("Current user is not authorized to access resource");
     53    }
    4854  }
    4955}

  • trunk/sources/HeuristicLab.Services.Hive/3.3/Plugin.cs.frame

    r7259 r8051  
    2929  [Plugin("HeuristicLab.Services.Hive", "3.3.6.$WCREV$")]
    3030  [PluginFile("HeuristicLab.Services.Hive-3.3.dll", PluginFileType.Assembly)]
    31   [PluginDependency("HeuristicLab.Common", "3.3")] 
     31  [PluginDependency("HeuristicLab.Common", "3.3")]
    3232  [PluginDependency("HeuristicLab.Core", "3.3")]
    33   [PluginDependency("HeuristicLab.Persistence", "3.3")] 
     33  [PluginDependency("HeuristicLab.Persistence", "3.3")]
     34  [PluginDependency("HeuristicLab.Services.Access-3.3", "3.3")]
    3435  [PluginDependency("HeuristicLab.Services.Hive.DataAccess", "3.3")]
    3536  public class HeuristicLabServicesHivePlugin : PluginBase {

  • trunk/sources/HeuristicLab.Services.Hive/3.3/ServiceContracts/IHiveService.cs

    r7916 r8051  
    3030  [ServiceContract(ProtectionLevel = ProtectionLevel.EncryptAndSign)]
    3131  public interface IHiveService {
     32    #region Authorization Methods
     33    [OperationContract]
     34    bool AuthorizesForResourceAdministration(Guid resourceId);
     35    #endregion
    3236
    3337    #region Task Methods
     
    160164    #region ResourcePermission Methods
    161165    [OperationContract]
    162     void GrantResourcePermission(Guid resourceId, Guid grantedUserId);
    163 
    164     [OperationContract]
    165     void RevokeResourcePermission(Guid resourceId, Guid grantedUserId);
     166    void GrantResourcePermissions(Guid resourceId, params Guid[] grantedUserIds);
     167
     168    [OperationContract]
     169    void RevokeResourcePermissions(Guid resourceId, params Guid[] grantedUserIds);
    166170
    167171    [OperationContract]

  • trunk/sources/HeuristicLab.Services.Hive/3.3/ServiceLocator.cs

    r7259 r8051  
    4242    }
    4343
    44     private IAuthenticationManager authenticationManager;
    45     public IAuthenticationManager AuthenticationManager {
     44    private Access.IRoleVerifier roleVerifier;
     45    public Access.IRoleVerifier RoleVerifier {
    4646      get {
    47         if (authenticationManager == null) authenticationManager = new AuthenticationManager();
    48         return authenticationManager;
     47        if (roleVerifier == null) roleVerifier = new Access.RoleVerifier();
     48        return roleVerifier;
    4949      }
    5050    }
     
    7474    }
    7575
    76     private IUserManager userManager;
    77     public IUserManager UserManager {
     76    private Access.IUserManager userManager;
     77    public Access.IUserManager UserManager {
    7878      get {
    79         if (userManager == null) userManager = new UserManager();
     79        if (userManager == null) userManager = new Access.UserManager();
    8080        return userManager;
    8181      }
     
    8585    public HeartbeatManager HeartbeatManager {
    8686      get {
    87         if(heartbeatManager == null) heartbeatManager = new HeartbeatManager();
     87        if (heartbeatManager == null) heartbeatManager = new HeartbeatManager();
    8888        return heartbeatManager;
    8989      }
Note: See TracChangeset for help on using the changeset viewer.