public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission)
{
if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Administrator))
{
return; // administrator can access all jobs
}
var currentUserId = UserManager.CurrentUserId;
var pm = PersistenceManager;
var jobDao = pm.JobDao;
var projectDao = pm.ProjectDao;
pm.UseTransaction(() => {
var job = jobDao.GetById(jobId);
if (job == null)
{
throw new SecurityException(JOB_NOT_EXISTENT);
}
// check if user is granted to administer a job-parenting project
var administrationGrantedProjects = projectDao
.GetAdministrationGrantedProjectsForUser(currentUserId)
.ToList();
if (administrationGrantedProjects.Contains(job.Project))
{
return;
}
AuthorizeJob(pm, jobId, requiredPermission);
});
}
public void AuthorizeForJob(Guid jobId, DT.Permission requiredPermission)
{
var pm = PersistenceManager;
pm.UseTransaction(() => {
AuthorizeJob(pm, jobId, requiredPermission);
});
}
private void AuthorizeJob(IPersistenceManager pm, Guid jobId, DT.Permission requiredPermission)
{
var requiredPermissionEntity = requiredPermission.ToEntity();
DA.Permission permission = GetPermissionForJob(pm, jobId, UserManager.CurrentUserId);
if (permission == Permission.NotAllowed ||
((permission != requiredPermissionEntity) && requiredPermissionEntity == Permission.Full))
{
throw new SecurityException(NOT_AUTHORIZED);
}
}
public static DA.Permission ToEntity(this DT.Permission source)
{
switch (source)
{
case DT.Permission.Full: return(DA.Permission.Full);
case DT.Permission.NotAllowed: return(DA.Permission.NotAllowed);
case DT.Permission.Read: return(DA.Permission.Read);
default: return(DA.Permission.NotAllowed);
}
}
public void GrantPermission(Guid jobId, Guid grantedUserId, DT.Permission permission)
{
RoleVerifier.AuthenticateForAnyRole(HiveRoles.Administrator, HiveRoles.Client);
AuthorizationManager.AuthorizeForJob(jobId, Permission.Full);
var pm = PersistenceManager;
using (new PerformanceLogger("GrantPermission")) {
var jobPermissionDao = pm.JobPermissionDao;
var currentUserId = UserManager.CurrentUserId;
pm.UseTransaction(() => {
jobPermissionDao.SetJobPermission(jobId, currentUserId, grantedUserId, permission.ToEntity());
pm.SubmitChanges();
});
}
}
public void AuthorizeForTask(Guid taskId, DT.Permission requiredPermission)
{
if (ServiceLocator.Instance.RoleVerifier.IsInRole(HiveRoles.Slave))
{
return; // slave-users can access all tasks
}
var pm = PersistenceManager;
var taskDao = pm.TaskDao;
pm.UseTransaction(() => {
var task = taskDao.GetById(taskId);
if (task == null)
{
throw new SecurityException(NOT_AUTHORIZED);
}
AuthorizeJob(pm, task.JobId, requiredPermission);
});
}
public static DB.Permission ToEntity(DT.Permission source)
{
if (source == DT.Permission.Full)
{
return(DB.Permission.Full);
}
else if (source == DT.Permission.NotAllowed)
{
return(DB.Permission.NotAllowed);
}
else if (source == DT.Permission.Read)
{
return(DB.Permission.Read);
}
else
{
return(DB.Permission.NotAllowed);
}
}
