protected override void Configure(Job job)
{
job.AddPhase(new Phase("default", true, RightsUtils.getRights(create: RightValue.APPROVED, query: RightValue.APPROVED, update: RightValue.APPROVED), RightsUtils.getRights(create: RightValue.APPROVED), PhaseStateType.NOTSTARTED));
job.AddPhase(new Phase("xml", true, RightsUtils.getRights(update: RightValue.APPROVED), RightsUtils.getRights(create: RightValue.APPROVED), PhaseStateType.NOTSTARTED));
job.AddPhase(new Phase("json", true, RightsUtils.getRights(update: RightValue.APPROVED), RightsUtils.getRights(create: RightValue.APPROVED), PhaseStateType.NOTSTARTED));
job.Timeout = new TimeSpan(0, 1, 0);
}
/// <see cref="IFunctionalService.DeleteToPhase(Guid, string, string, string, string, string, string)"/>
public virtual string DeleteToPhase(Guid id, string phaseName, string body = null, string zone = null, string context = null, string contentType = null, string accept = null)
{
Job job = repository.Retrieve(id);
Phase phase = getPhase(job, phaseName);
RightsUtils.CheckRight(phase.Rights, new Right(RightType.DELETE, RightValue.APPROVED));
IPhaseActions action = getActions(phaseName);
string result = action.Delete(job, phase, body, contentType, accept);
repository.Save(job);
return(result);
}
/// <see cref="IFunctionalService.CreateToState(Guid, string, stateType, string, string)"/>
public virtual stateType CreateToState(Guid id, string phaseName, stateType item = null, string zone = null, string context = null)
{
Job job = repository.Retrieve(id);
Phase phase = getPhase(job, phaseName);
RightsUtils.CheckRight(phase.StatesRights, new Right(RightType.CREATE, RightValue.APPROVED));
PhaseState state = MapperFactory.CreateInstance <stateType, PhaseState>(item);
job.UpdatePhaseState(phaseName, state.Type, state.Description);
repository.Save(job);
return(MapperFactory.CreateInstance <PhaseState, stateType>(phase.GetCurrentState()));
}
/// <summary>
/// <see cref="IAuthorisationService.IsAuthorised(HttpRequestHeaders, string, string, RightType, RightValue, string)">IsAuthorised</see>
/// </summary>
public virtual bool IsAuthorised(HttpRequestHeaders headers,
string sessionToken,
string serviceName,
RightType permission,
RightValue privilege = RightValue.APPROVED,
string zoneId = null)
{
var isAuthorised = true;
Environment environment = authenticationService.GetEnvironmentBySessionToken(sessionToken);
if (environment == null)
{
throw new InvalidSessionException("Session token does not have an associated environment definition.");
}
var operationPolicy = new Right(permission, privilege);
string serviceType = HttpUtils.GetHeaderValue(headers, "serviceType") ?? ServiceType.OBJECT.ToDescription();
// Retrieving permissions for requester.
IDictionary <string, Right> requesterPermissions = GetRightsForService(
serviceType,
serviceName,
EnvironmentUtils.GetTargetZone(environment, zoneId));
if (requesterPermissions == null)
{
isAuthorised = false;
}
else
{
// Checking the appropriate rights.
try
{
RightsUtils.CheckRight(requesterPermissions, operationPolicy);
}
catch (RejectedException)
{
isAuthorised = false;
}
}
return(isAuthorised);
}
/// <summary>
/// Internal method to check if a given right is supported by the ACL.
/// </summary>
/// <param name="serviceName">The name of the service to check</param>
/// <param name="zone">The zone to check authorization in</param>
/// <param name="context">The context to check authorization in</param>
/// <param name="right">The right to check</param>
/// <returns>The session token if authorized, otherwise a HttpResponseException is thrown</returns>
protected virtual string CheckAuthorisation(string serviceName, string[] zone, string[] context, Right right)
{
string sessionToken = CheckAuthorisation(zone, context);
Environment environment = authService.GetEnvironmentBySessionToken(sessionToken);
if (environment == null)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Request failed as could not retrieve environment XML."));
}
try
{
RightsUtils.CheckRight(getRights(serviceName, EnvironmentUtils.GetTargetZone(environment, zone == null ? null : zone[0])), right);
log.Debug("Functional Service " + serviceName + " has expected ACL (" + right.Type + ":" + right.Value + ")");
return(sessionToken);
}
catch (RejectedException e)
{
string msg = "Functional Service " + serviceName + " does not have sufficient access rights to perform an " + right.Type + " operation: " + e.Message;
log.Debug(msg);
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Forbidden, msg, e));
}
}
