diff --git a/src/Project.Tests/Project.Tests.csproj b/src/Project.Tests/Project.Tests.csproj
index 2c54126cb3f837d43fca45443e26076be05dae32..7449eb94ac1412e263b7b82956953e19d532f988 100644
--- a/src/Project.Tests/Project.Tests.csproj
+++ b/src/Project.Tests/Project.Tests.csproj
@@ -56,8 +56,8 @@
..\packages\Consul.0.7.2.6\lib\net45\Consul.dll
-
- ..\packages\Coscine.Action.1.7.1\lib\net461\Coscine.Action.dll
+
+ ..\packages\Coscine.Action.1.8.0\lib\net461\Coscine.Action.dll
..\packages\Coscine.ApiCommons.1.4.0\lib\net461\Coscine.ApiCommons.dll
@@ -65,14 +65,14 @@
..\packages\Coscine.Configuration.1.4.0\lib\net461\Coscine.Configuration.dll
-
- ..\packages\Coscine.Database.1.13.0\lib\net461\Coscine.Database.dll
+
+ ..\packages\Coscine.Database.1.14.0\lib\net461\Coscine.Database.dll
..\packages\Coscine.Logging.1.0.1\lib\net461\Coscine.Logging.dll
-
- ..\packages\Coscine.ProxyApi.1.2.0\lib\net461\Coscine.ProxyApi.dll
+
+ ..\packages\Coscine.ProxyApi.1.2.1\lib\net461\Coscine.ProxyApi.dll
..\packages\Coscine.SharePoint.Webparts.Vue.1.4.0\lib\net461\Coscine.SharePoint.Webparts.Vue.dll
diff --git a/src/Project.Tests/ResourceControllerTests.cs b/src/Project.Tests/ResourceControllerTests.cs
index b69ef09f4864b6b37d24d2076046b796ac052a0f..e728df469d34ae9fbab590cde0bb0b8e0244fa6c 100644
--- a/src/Project.Tests/ResourceControllerTests.cs
+++ b/src/Project.Tests/ResourceControllerTests.cs
@@ -86,7 +86,7 @@ namespace Coscine.Api.Project.Tests
"testD",
"keys",
"usageR",
- new ResourceTypeObject(Resources[0].Type.Id, Resources[0].Type.DisplayName),
+ new ResourceTypeObject(Resources[0].Type.Id, Resources[0].Type.DisplayName, Resources[0].Type.Enabled),
new List() { new DisciplineObject(Discipline.Id, Discipline.Url, Discipline.DisplayNameDe, Discipline.DisplayNameEn) },
new VisibilityObject(Visibility.Id, Visibility.DisplayName),
new LicenseObject(License.Id, License.DisplayName),
diff --git a/src/Project.Tests/app.config b/src/Project.Tests/app.config
index 818739760f695dc5e54820747004635e684a5143..ee00d482944c6f0110fbe51a182cfdef7a75bfc3 100644
--- a/src/Project.Tests/app.config
+++ b/src/Project.Tests/app.config
@@ -88,7 +88,7 @@
-
+
diff --git a/src/Project.Tests/packages.config b/src/Project.Tests/packages.config
index 034f6f4da6299086bbaeab3e936a269f05f6811e..38b79944858252e2816d795f44ab7d0662de0130 100644
--- a/src/Project.Tests/packages.config
+++ b/src/Project.Tests/packages.config
@@ -4,12 +4,12 @@
-
+
-
+
-
+
diff --git a/src/Project/App.config b/src/Project/App.config
index bf476cf12a19b952a40ee84d9ba9988451e6c015..02589e5172c2e6deceb46ff8fbc8d409cbbe7d69 100644
--- a/src/Project/App.config
+++ b/src/Project/App.config
@@ -91,7 +91,7 @@
-
+
diff --git a/src/Project/Controllers/DataSourceController.cs b/src/Project/Controllers/DataSourceController.cs
index 7dd77b6e63196e5deb7110936e68baa377139cfc..8eb0c2697ef39253c47208c9f4e9a6c72002d369 100644
--- a/src/Project/Controllers/DataSourceController.cs
+++ b/src/Project/Controllers/DataSourceController.cs
@@ -59,10 +59,7 @@ namespace Coscine.Api.Project.Controllers
{
var user = _authenticator.GetUser();
- if (!string.IsNullOrWhiteSpace(path))
- {
- path = HttpUtility.UrlDecode(path);
- }
+ path = FormatPath(path);
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
@@ -120,11 +117,7 @@ namespace Coscine.Api.Project.Controllers
{
var user = _authenticator.GetUser();
-
- if (!string.IsNullOrWhiteSpace(path))
- {
- path = HttpUtility.UrlDecode(path);
- }
+ path = FormatPath(path);
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
@@ -177,10 +170,7 @@ namespace Coscine.Api.Project.Controllers
{
var user = _authenticator.GetUser();
- if (!string.IsNullOrWhiteSpace(path))
- {
- path = HttpUtility.UrlDecode(path);
- }
+ path = FormatPath(path);
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
@@ -224,6 +214,17 @@ namespace Coscine.Api.Project.Controllers
}
}
+ private string FormatPath(string path)
+ {
+ if (!string.IsNullOrWhiteSpace(path))
+ {
+ path = HttpUtility.UrlDecode(path);
+ path = path.Replace(@"\", "/");
+ }
+
+ return path;
+ }
+
private string GetResourceTypeName(Resource resource)
{
if (resource.Type.DisplayName.ToLower().Equals("s3")) {
@@ -261,10 +262,7 @@ namespace Coscine.Api.Project.Controllers
{
var user = _authenticator.GetUser();
- if (!string.IsNullOrWhiteSpace(path))
- {
- path = HttpUtility.UrlDecode(path);
- }
+ path = FormatPath(path);
var check = CheckResourceIdAndPath(resourceId, path, out Resource resource);
if (check != null)
@@ -398,10 +396,10 @@ namespace Coscine.Api.Project.Controllers
return BadRequest($"Your path \"{path}\" is empty.");
}
- Regex rgx = new Regex(@"^[0-9a-zA-Z_\-/. ]+$");
- if (!rgx.IsMatch(path))
+ Regex rgx = new Regex(@"[\:?*<>|]+");
+ if (rgx.IsMatch(path))
{
- return BadRequest($"Your path \"{path}\" contains bad chars. Only {@"^[0-9a-zA-Z_\-./ ]+"} are allowed as chars.");
+ return BadRequest($"Your path \"{path}\" contains bad characters. The following characters are not permissible: {@"\/:?*<>|"}.");
}
if (!Guid.TryParse(resourceId, out Guid resourceGuid))
diff --git a/src/Project/Controllers/ProjectController.cs b/src/Project/Controllers/ProjectController.cs
index a6dad85b02a4b47b457181ee881bd1c407d5219f..1ced64d962c424295c13e3c4c0606da48d50c12c 100644
--- a/src/Project/Controllers/ProjectController.cs
+++ b/src/Project/Controllers/ProjectController.cs
@@ -19,7 +19,7 @@ namespace Coscine.Api.Project.Controllers
private readonly Authenticator _authenticator;
private readonly ProjectModel _projectModel;
private readonly IConfiguration _configuration;
- private readonly Emitter _emitter;
+ private readonly Emitter _emitter;
public ProjectController()
{
@@ -48,6 +48,14 @@ namespace Coscine.Api.Project.Controllers
var project = _projectModel.GetById(Guid.Parse(id));
if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
{
+ SubProjectModel subProjectModel = new SubProjectModel();
+ var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id);
+
+ var parentProjectRelation = subProjectRel.FirstOrDefault();
+ if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner))
+ {
+ return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project, parentProjectRelation.ProjectId));
+ }
return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project));
}
else
@@ -176,7 +184,7 @@ namespace Coscine.Api.Project.Controllers
var project = _projectModel.StoreFromObject(projectObject, user);
- if (projectObject.ParentId != null
+ if (projectObject.ParentId != null
&& projectObject.ParentId != new Guid()
// for now, only an owner can add subprojects to projects
&& _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
diff --git a/src/Project/Controllers/ResourceController.cs b/src/Project/Controllers/ResourceController.cs
index 9ca1ae695cec3c6d4771ed822b8099c5a4c61187..bee1704f7c615a3a9817b430c0fa8ee9d7dba8dc 100644
--- a/src/Project/Controllers/ResourceController.cs
+++ b/src/Project/Controllers/ResourceController.cs
@@ -118,11 +118,17 @@ namespace Coscine.Api.Project.Controllers
{
var resourceObject = ObjectFactory.DeserializeFromStream(Request.Body);
var projectModel = new ProjectModel();
+ var resourceTypeModel = new ResourceTypeModel();
+ var isResourceEnabled = resourceTypeModel.GetById(resourceObject.Type.Id).Enabled;
var project = projectModel.GetById(Guid.Parse(projectId));
var user = _authenticator.GetUser();
if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
{
+ if (!isResourceEnabled)
+ {
+ return Unauthorized("The user is not authorized to add a new resource of this type to the selected project!");
+ }
resourceObject.Creator = user.Id;
var resource = _resourceModel.StoreFromObject(resourceObject);
projectModel.AddResource(project, resource);
diff --git a/src/Project/Controllers/ResourceTypeController.cs b/src/Project/Controllers/ResourceTypeController.cs
index 04e097a20774308c9c39ddc4c8f61c5edb10a2fb..4fb4237ebc4defb35baed99034d0a24b73cfb2dc 100644
--- a/src/Project/Controllers/ResourceTypeController.cs
+++ b/src/Project/Controllers/ResourceTypeController.cs
@@ -25,7 +25,14 @@ namespace Coscine.Api.Project.Controllers
public IActionResult Index()
{
return Json(_resourceTypeModel.GetAll()
- .Select((resourceType) => new ResourceTypeObject(resourceType.Id, resourceType.DisplayName)));
+ .Select((resourceType) => new ResourceTypeObject(resourceType.Id, resourceType.DisplayName, resourceType.Enabled)));
+ }
+
+ [Route("[controller]/enabled")]
+ public IActionResult GetEnabledResourceTypes()
+ {
+ return Json(_resourceTypeModel.GetAllWhere((resourceType) => (resourceType.Enabled == true))
+ .Select((resourceType) => new ResourceTypeObject(resourceType.Id, resourceType.DisplayName, resourceType.Enabled)));
}
[Route("[controller]/{id}/fields")]
diff --git a/src/Project/Controllers/SubProjectController.cs b/src/Project/Controllers/SubProjectController.cs
index a9f95638a2aa661ea43f2995f478e95f616cae5a..812da5778065382280ea15eeeb8658902c6f21a3 100644
--- a/src/Project/Controllers/SubProjectController.cs
+++ b/src/Project/Controllers/SubProjectController.cs
@@ -24,10 +24,19 @@ namespace Coscine.Api.Project.Controllers
{
var parentGuid = new Guid(parentId);
var projectModel = new ProjectModel();
+ var projectRoleModel = new ProjectRoleModel();
var user = _authenticator.GetUser();
- if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), UserRoles.Owner, UserRoles.Member))
+ string[] allowedRoles = { UserRoles.Owner, UserRoles.Member };
+ allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray();
+ if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), allowedRoles))
{
- var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.ProjectId == parentGuid))
+ var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.ProjectId == parentGuid
+ // select only subprojects to which the user has access
+ && (from projectRole in subProjectM.SubProject_FK.ProjectRolesProjectIdIds
+ where projectRole.User.Id == user.Id
+ && allowedRoles.Contains(projectRole.Role.DisplayName.ToLower())
+ select projectRole).Any())
+ )
.Select((subProject) => projectModel.GetById(subProject.SubProjectId))
.Select((project) => projectModel.CreateReturnObjectFromDatabaseObject(project, parentGuid))
.OrderBy(element => element.DisplayName);
diff --git a/src/Project/Models/ProjectModel.cs b/src/Project/Models/ProjectModel.cs
index db9f51de3c641115ea08d9997d101c8f071f9048..8dff8dcbb178886e062ea9afa3cff773544dbf5e 100644
--- a/src/Project/Models/ProjectModel.cs
+++ b/src/Project/Models/ProjectModel.cs
@@ -102,6 +102,11 @@ namespace Coscine.Api.Project.Models
return projectRole;
}
+ public bool HasAccess(User user, Guid projectId, params string[] allowedAccess)
+ {
+ return HasAccess(user, GetById(projectId), allowedAccess);
+ }
+
public bool HasAccess(User user, Database.Model.Project project, params string[] allowedAccess)
{
ProjectRoleModel projectRoleModel = new ProjectRoleModel();
@@ -123,7 +128,16 @@ namespace Coscine.Api.Project.Models
var allUserProjectRoles = projectRoleModel.GetAllWhere((projectRoleRelation) => projectRoleRelation.UserId == user.Id &&
allowedAccess.Contains(projectRoleRelation.Role.DisplayName.ToLower()));
var allowedProjectIds = allUserProjectRoles.Select((projectRole) => projectRole.ProjectId);
- var allowedProjects = projectModel.GetAllWhere((project) => allowedProjectIds.Contains(project.Id));
+ var allowedProjects = projectModel.GetAllWhere((project) => allowedProjectIds.Contains(project.Id)
+ && ((!project.SubProjectsSubProjectIdIds.Any()) // get top level projects not having any parent projects
+ || !(from subProject in project.SubProjectsSubProjectIdIds // check if the direct parent project is accessible to the current user
+ where (from parentProjectRole in subProject.Project.ProjectRolesProjectIdIds
+ where parentProjectRole.UserId == user.Id
+ && allowedAccess.Contains(parentProjectRole.Role.DisplayName.ToLower())
+ select parentProjectRole).Any()
+ select subProject).Any())
+ );
+
return allowedProjects.ToList();
}
diff --git a/src/Project/Models/ResourceModel.cs b/src/Project/Models/ResourceModel.cs
index e3b55279953fd1848f3789faebe7f740ebe011a7..a44a64d6cd3206d401c988aa28947432ad0f271b 100644
--- a/src/Project/Models/ResourceModel.cs
+++ b/src/Project/Models/ResourceModel.cs
@@ -322,7 +322,7 @@ namespace Coscine.Api.Project.Models
resource.Description,
resource.Keywords,
resource.UsageRights,
- new ResourceTypeObject(resource.Type.Id, resource.Type.DisplayName),
+ new ResourceTypeObject(resource.Type.Id, resource.Type.DisplayName, resource.Type.Enabled),
disciplines,
(resource.Visibility != null) ? new VisibilityObject(resource.Visibility.Id, resource.Visibility.DisplayName) : null,
(resource.License != null) ? new LicenseObject(resource.License.Id, resource.License.DisplayName) : null,
diff --git a/src/Project/Project.csproj b/src/Project/Project.csproj
index 309ead71b71ed87250943ab89c79b252dfef7cd7..a8b92dda8bb51920ce970423ec07df97d98a3346 100644
--- a/src/Project/Project.csproj
+++ b/src/Project/Project.csproj
@@ -46,8 +46,8 @@
..\packages\Consul.0.7.2.6\lib\net45\Consul.dll
-
- ..\packages\Coscine.Action.1.7.1\lib\net461\Coscine.Action.dll
+
+ ..\packages\Coscine.Action.1.8.0\lib\net461\Coscine.Action.dll
..\packages\Coscine.ApiCommons.1.4.0\lib\net461\Coscine.ApiCommons.dll
@@ -55,14 +55,14 @@
..\packages\Coscine.Configuration.1.4.0\lib\net461\Coscine.Configuration.dll
-
- ..\packages\Coscine.Database.1.13.0\lib\net461\Coscine.Database.dll
+
+ ..\packages\Coscine.Database.1.14.0\lib\net461\Coscine.Database.dll
..\packages\Coscine.Logging.1.0.1\lib\net461\Coscine.Logging.dll
-
- ..\packages\Coscine.ProxyApi.1.2.0\lib\net461\Coscine.ProxyApi.dll
+
+ ..\packages\Coscine.ProxyApi.1.2.1\lib\net461\Coscine.ProxyApi.dll
..\packages\Coscine.SharePoint.Webparts.Vue.1.4.0\lib\net461\Coscine.SharePoint.Webparts.Vue.dll
diff --git a/src/Project/ReturnObjects/ResourceTypeObject.cs b/src/Project/ReturnObjects/ResourceTypeObject.cs
index e2b9130ca9262ea0f816ae54d472a07fdd571d10..63e26afcb139d9dbe521617b21c878c9487d22d6 100644
--- a/src/Project/ReturnObjects/ResourceTypeObject.cs
+++ b/src/Project/ReturnObjects/ResourceTypeObject.cs
@@ -10,10 +10,13 @@ namespace Coscine.Api.Project.ReturnObjects
public string DisplayName { get; set; }
- public ResourceTypeObject(Guid id, string displayName)
+ public bool Enabled { get; set; }
+
+ public ResourceTypeObject(Guid id, string displayName, bool enabled)
{
Id = id;
DisplayName = displayName;
+ Enabled = enabled;
}
}
diff --git a/src/Project/packages.config b/src/Project/packages.config
index 0ef590e6c8d5f5e1bd76f9e0da92cf0af71871e7..7ad9f145bdee077063a923b6d39c239a428cc823 100644
--- a/src/Project/packages.config
+++ b/src/Project/packages.config
@@ -3,12 +3,12 @@
-
+
-
+
-
+