diff --git a/src/Blob/Controllers/BlobController.cs b/src/Blob/Controllers/BlobController.cs index ef88a791b449dc18a04ed868caeba7651539afd7..55e0989bef8808c5dd9eb87f8b252109addfeb7f 100644 --- a/src/Blob/Controllers/BlobController.cs +++ b/src/Blob/Controllers/BlobController.cs @@ -1,4 +1,4 @@ -using Coscine.ApiCommons; +using Coscine.ApiCommons; using Coscine.Configuration; using Coscine.Database.DataModel; using Coscine.Database.Models; @@ -106,7 +106,7 @@ namespace Coscine.Api.Blob.Controllers if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member)) { - return Forbid("User does not have permission to the resource."); + return BadRequest("User does not have permission to the resource."); } if ((resource.Type.DisplayName.ToLower() == "rds" || resource.Type.DisplayName.ToLower() == "rdss3") && resource.ResourceTypeOptionId.HasValue) @@ -210,6 +210,11 @@ namespace Coscine.Api.Blob.Controllers return checkUser; } + if (resource.Archived == "1") + { + return BadRequest("The resource is readonly!"); + } + if (files.Count != 1) { return BadRequest($"Only one file can be uploaded per request."); @@ -277,6 +282,12 @@ namespace Coscine.Api.Blob.Controllers { return checkUser; } + + if (resource.Archived == "1") + { + return BadRequest("The resource is readonly!"); + } + try { var resourceTypeOptions = _resourceModel.GetResourceTypeOptions(resource.Id);