src/Blob/Blob.csproj

@@ -5,7 +5,7 @@
 		<AssemblyName>Coscine.Api.Blob</AssemblyName>
 		<GenerateDocumentationFile>true</GenerateDocumentationFile>
 		<TargetFramework>net6.0</TargetFramework>
-		<Version>3.0.6</Version>
+		<Version>3.1.0</Version>
 	</PropertyGroup>
 	<PropertyGroup>
 		<Authors>RWTH Aachen University</Authors>

src/Blob/Controllers/BlobController.cs

@@ -120,11 +120,14 @@ namespace Coscine.Api.Blob.Controllers
             {
                 return checkResourceId;
             }
-            var checkUser = CheckUser(user, resource);
-            if (checkUser != null)
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Resource: View Resource (RCV, Metadatamanager)
+            if (user is null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member, UserRoles.Guest))
             {
-                return checkUser;
+                return Forbid("User does not have permission to download files from the resource.");
             }
+
             try
             {
                 var resourceTypeDefinition = ResourceTypeFactory.Instance.GetResourceType(resource);
@@ -204,10 +207,12 @@ namespace Coscine.Api.Blob.Controllers
             {
                 return checkResourceId;
             }
-            var checkUser = CheckUser(user, resource);
-            if (checkUser != null)
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Resource: Change Resource (RCV, Metadatamanager)
+            if (user is null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
             {
-                return checkUser;
+                return Forbid("User does not have permission to upload files in the resource.");
             }
 
             if (resource.Archived == "1")
@@ -306,10 +311,12 @@ namespace Coscine.Api.Blob.Controllers
             {
                 return checkResourceId;
             }
-            var checkUser = CheckUser(user, resource);
-            if (checkUser != null)
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Resource: Change Resource (RCV, Metadatamanager)
+            if (user is null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
             {
-                return checkUser;
+                return Forbid("User does not have permission to delete from the resource.");
             }
 
             if (resource.Archived == "1")
@@ -395,21 +402,6 @@ namespace Coscine.Api.Blob.Controllers
             return null;
         }
 
-        /// <summary>
-        /// Checks if the user has access to the resource
-        /// </summary>
-        /// <param name="user">user</param>
-        /// <param name="resource">resource</param>
-        /// <returns>status code 403 if the user has no access</returns>
-        public IActionResult CheckUser(User user, Resource resource)
-        {
-            if (user == null || !_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
-            {
-                return Forbid("User does not have permission to the resource.");
-            }
-            return null;
-        }
-
         /// <summary>
         /// Writes an analytics log entry
         /// </summary>