diff --git a/src/Project.Tests/Project.Tests.csproj b/src/Project.Tests/Project.Tests.csproj index 2c54126cb3f837d43fca45443e26076be05dae32..7449eb94ac1412e263b7b82956953e19d532f988 100644 --- a/src/Project.Tests/Project.Tests.csproj +++ b/src/Project.Tests/Project.Tests.csproj @@ -56,8 +56,8 @@ ..\packages\Consul.0.7.2.6\lib\net45\Consul.dll - - ..\packages\Coscine.Action.1.7.1\lib\net461\Coscine.Action.dll + + ..\packages\Coscine.Action.1.8.0\lib\net461\Coscine.Action.dll ..\packages\Coscine.ApiCommons.1.4.0\lib\net461\Coscine.ApiCommons.dll @@ -65,14 +65,14 @@ ..\packages\Coscine.Configuration.1.4.0\lib\net461\Coscine.Configuration.dll - - ..\packages\Coscine.Database.1.13.0\lib\net461\Coscine.Database.dll + + ..\packages\Coscine.Database.1.14.0\lib\net461\Coscine.Database.dll ..\packages\Coscine.Logging.1.0.1\lib\net461\Coscine.Logging.dll - - ..\packages\Coscine.ProxyApi.1.2.0\lib\net461\Coscine.ProxyApi.dll + + ..\packages\Coscine.ProxyApi.1.2.1\lib\net461\Coscine.ProxyApi.dll ..\packages\Coscine.SharePoint.Webparts.Vue.1.4.0\lib\net461\Coscine.SharePoint.Webparts.Vue.dll diff --git a/src/Project.Tests/ResourceControllerTests.cs b/src/Project.Tests/ResourceControllerTests.cs index b69ef09f4864b6b37d24d2076046b796ac052a0f..e728df469d34ae9fbab590cde0bb0b8e0244fa6c 100644 --- a/src/Project.Tests/ResourceControllerTests.cs +++ b/src/Project.Tests/ResourceControllerTests.cs @@ -86,7 +86,7 @@ namespace Coscine.Api.Project.Tests "testD", "keys", "usageR", - new ResourceTypeObject(Resources[0].Type.Id, Resources[0].Type.DisplayName), + new ResourceTypeObject(Resources[0].Type.Id, Resources[0].Type.DisplayName, Resources[0].Type.Enabled), new List() { new DisciplineObject(Discipline.Id, Discipline.Url, Discipline.DisplayNameDe, Discipline.DisplayNameEn) }, new VisibilityObject(Visibility.Id, Visibility.DisplayName), new LicenseObject(License.Id, License.DisplayName), diff --git a/src/Project.Tests/app.config b/src/Project.Tests/app.config index 818739760f695dc5e54820747004635e684a5143..ee00d482944c6f0110fbe51a182cfdef7a75bfc3 100644 --- a/src/Project.Tests/app.config +++ b/src/Project.Tests/app.config @@ -88,7 +88,7 @@ - + diff --git a/src/Project.Tests/packages.config b/src/Project.Tests/packages.config index 034f6f4da6299086bbaeab3e936a269f05f6811e..38b79944858252e2816d795f44ab7d0662de0130 100644 --- a/src/Project.Tests/packages.config +++ b/src/Project.Tests/packages.config @@ -4,12 +4,12 @@ - + - + - + diff --git a/src/Project/App.config b/src/Project/App.config index bf476cf12a19b952a40ee84d9ba9988451e6c015..02589e5172c2e6deceb46ff8fbc8d409cbbe7d69 100644 --- a/src/Project/App.config +++ b/src/Project/App.config @@ -91,7 +91,7 @@ - + diff --git a/src/Project/Controllers/DataSourceController.cs b/src/Project/Controllers/DataSourceController.cs index 7dd77b6e63196e5deb7110936e68baa377139cfc..8eb0c2697ef39253c47208c9f4e9a6c72002d369 100644 --- a/src/Project/Controllers/DataSourceController.cs +++ b/src/Project/Controllers/DataSourceController.cs @@ -59,10 +59,7 @@ namespace Coscine.Api.Project.Controllers { var user = _authenticator.GetUser(); - if (!string.IsNullOrWhiteSpace(path)) - { - path = HttpUtility.UrlDecode(path); - } + path = FormatPath(path); var check = CheckResourceIdAndPath(resourceId, path, out Resource resource); if (check != null) @@ -120,11 +117,7 @@ namespace Coscine.Api.Project.Controllers { var user = _authenticator.GetUser(); - - if (!string.IsNullOrWhiteSpace(path)) - { - path = HttpUtility.UrlDecode(path); - } + path = FormatPath(path); var check = CheckResourceIdAndPath(resourceId, path, out Resource resource); if (check != null) @@ -177,10 +170,7 @@ namespace Coscine.Api.Project.Controllers { var user = _authenticator.GetUser(); - if (!string.IsNullOrWhiteSpace(path)) - { - path = HttpUtility.UrlDecode(path); - } + path = FormatPath(path); var check = CheckResourceIdAndPath(resourceId, path, out Resource resource); if (check != null) @@ -224,6 +214,17 @@ namespace Coscine.Api.Project.Controllers } } + private string FormatPath(string path) + { + if (!string.IsNullOrWhiteSpace(path)) + { + path = HttpUtility.UrlDecode(path); + path = path.Replace(@"\", "/"); + } + + return path; + } + private string GetResourceTypeName(Resource resource) { if (resource.Type.DisplayName.ToLower().Equals("s3")) { @@ -261,10 +262,7 @@ namespace Coscine.Api.Project.Controllers { var user = _authenticator.GetUser(); - if (!string.IsNullOrWhiteSpace(path)) - { - path = HttpUtility.UrlDecode(path); - } + path = FormatPath(path); var check = CheckResourceIdAndPath(resourceId, path, out Resource resource); if (check != null) @@ -398,10 +396,10 @@ namespace Coscine.Api.Project.Controllers return BadRequest($"Your path \"{path}\" is empty."); } - Regex rgx = new Regex(@"^[0-9a-zA-Z_\-/. ]+$"); - if (!rgx.IsMatch(path)) + Regex rgx = new Regex(@"[\:?*<>|]+"); + if (rgx.IsMatch(path)) { - return BadRequest($"Your path \"{path}\" contains bad chars. Only {@"^[0-9a-zA-Z_\-./ ]+"} are allowed as chars."); + return BadRequest($"Your path \"{path}\" contains bad characters. The following characters are not permissible: {@"\/:?*<>|"}."); } if (!Guid.TryParse(resourceId, out Guid resourceGuid)) diff --git a/src/Project/Controllers/ProjectController.cs b/src/Project/Controllers/ProjectController.cs index a6dad85b02a4b47b457181ee881bd1c407d5219f..1ced64d962c424295c13e3c4c0606da48d50c12c 100644 --- a/src/Project/Controllers/ProjectController.cs +++ b/src/Project/Controllers/ProjectController.cs @@ -19,7 +19,7 @@ namespace Coscine.Api.Project.Controllers private readonly Authenticator _authenticator; private readonly ProjectModel _projectModel; private readonly IConfiguration _configuration; - private readonly Emitter _emitter; + private readonly Emitter _emitter; public ProjectController() { @@ -48,6 +48,14 @@ namespace Coscine.Api.Project.Controllers var project = _projectModel.GetById(Guid.Parse(id)); if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner)) { + SubProjectModel subProjectModel = new SubProjectModel(); + var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id); + + var parentProjectRelation = subProjectRel.FirstOrDefault(); + if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner)) + { + return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project, parentProjectRelation.ProjectId)); + } return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project)); } else @@ -176,7 +184,7 @@ namespace Coscine.Api.Project.Controllers var project = _projectModel.StoreFromObject(projectObject, user); - if (projectObject.ParentId != null + if (projectObject.ParentId != null && projectObject.ParentId != new Guid() // for now, only an owner can add subprojects to projects && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner)) diff --git a/src/Project/Controllers/ResourceController.cs b/src/Project/Controllers/ResourceController.cs index 9ca1ae695cec3c6d4771ed822b8099c5a4c61187..bee1704f7c615a3a9817b430c0fa8ee9d7dba8dc 100644 --- a/src/Project/Controllers/ResourceController.cs +++ b/src/Project/Controllers/ResourceController.cs @@ -118,11 +118,17 @@ namespace Coscine.Api.Project.Controllers { var resourceObject = ObjectFactory.DeserializeFromStream(Request.Body); var projectModel = new ProjectModel(); + var resourceTypeModel = new ResourceTypeModel(); + var isResourceEnabled = resourceTypeModel.GetById(resourceObject.Type.Id).Enabled; var project = projectModel.GetById(Guid.Parse(projectId)); var user = _authenticator.GetUser(); if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member)) { + if (!isResourceEnabled) + { + return Unauthorized("The user is not authorized to add a new resource of this type to the selected project!"); + } resourceObject.Creator = user.Id; var resource = _resourceModel.StoreFromObject(resourceObject); projectModel.AddResource(project, resource); diff --git a/src/Project/Controllers/ResourceTypeController.cs b/src/Project/Controllers/ResourceTypeController.cs index 04e097a20774308c9c39ddc4c8f61c5edb10a2fb..4fb4237ebc4defb35baed99034d0a24b73cfb2dc 100644 --- a/src/Project/Controllers/ResourceTypeController.cs +++ b/src/Project/Controllers/ResourceTypeController.cs @@ -25,7 +25,14 @@ namespace Coscine.Api.Project.Controllers public IActionResult Index() { return Json(_resourceTypeModel.GetAll() - .Select((resourceType) => new ResourceTypeObject(resourceType.Id, resourceType.DisplayName))); + .Select((resourceType) => new ResourceTypeObject(resourceType.Id, resourceType.DisplayName, resourceType.Enabled))); + } + + [Route("[controller]/enabled")] + public IActionResult GetEnabledResourceTypes() + { + return Json(_resourceTypeModel.GetAllWhere((resourceType) => (resourceType.Enabled == true)) + .Select((resourceType) => new ResourceTypeObject(resourceType.Id, resourceType.DisplayName, resourceType.Enabled))); } [Route("[controller]/{id}/fields")] diff --git a/src/Project/Controllers/SubProjectController.cs b/src/Project/Controllers/SubProjectController.cs index a9f95638a2aa661ea43f2995f478e95f616cae5a..812da5778065382280ea15eeeb8658902c6f21a3 100644 --- a/src/Project/Controllers/SubProjectController.cs +++ b/src/Project/Controllers/SubProjectController.cs @@ -24,10 +24,19 @@ namespace Coscine.Api.Project.Controllers { var parentGuid = new Guid(parentId); var projectModel = new ProjectModel(); + var projectRoleModel = new ProjectRoleModel(); var user = _authenticator.GetUser(); - if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), UserRoles.Owner, UserRoles.Member)) + string[] allowedRoles = { UserRoles.Owner, UserRoles.Member }; + allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray(); + if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), allowedRoles)) { - var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.ProjectId == parentGuid)) + var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.ProjectId == parentGuid + // select only subprojects to which the user has access + && (from projectRole in subProjectM.SubProject_FK.ProjectRolesProjectIdIds + where projectRole.User.Id == user.Id + && allowedRoles.Contains(projectRole.Role.DisplayName.ToLower()) + select projectRole).Any()) + ) .Select((subProject) => projectModel.GetById(subProject.SubProjectId)) .Select((project) => projectModel.CreateReturnObjectFromDatabaseObject(project, parentGuid)) .OrderBy(element => element.DisplayName); diff --git a/src/Project/Models/ProjectModel.cs b/src/Project/Models/ProjectModel.cs index db9f51de3c641115ea08d9997d101c8f071f9048..8dff8dcbb178886e062ea9afa3cff773544dbf5e 100644 --- a/src/Project/Models/ProjectModel.cs +++ b/src/Project/Models/ProjectModel.cs @@ -102,6 +102,11 @@ namespace Coscine.Api.Project.Models return projectRole; } + public bool HasAccess(User user, Guid projectId, params string[] allowedAccess) + { + return HasAccess(user, GetById(projectId), allowedAccess); + } + public bool HasAccess(User user, Database.Model.Project project, params string[] allowedAccess) { ProjectRoleModel projectRoleModel = new ProjectRoleModel(); @@ -123,7 +128,16 @@ namespace Coscine.Api.Project.Models var allUserProjectRoles = projectRoleModel.GetAllWhere((projectRoleRelation) => projectRoleRelation.UserId == user.Id && allowedAccess.Contains(projectRoleRelation.Role.DisplayName.ToLower())); var allowedProjectIds = allUserProjectRoles.Select((projectRole) => projectRole.ProjectId); - var allowedProjects = projectModel.GetAllWhere((project) => allowedProjectIds.Contains(project.Id)); + var allowedProjects = projectModel.GetAllWhere((project) => allowedProjectIds.Contains(project.Id) + && ((!project.SubProjectsSubProjectIdIds.Any()) // get top level projects not having any parent projects + || !(from subProject in project.SubProjectsSubProjectIdIds // check if the direct parent project is accessible to the current user + where (from parentProjectRole in subProject.Project.ProjectRolesProjectIdIds + where parentProjectRole.UserId == user.Id + && allowedAccess.Contains(parentProjectRole.Role.DisplayName.ToLower()) + select parentProjectRole).Any() + select subProject).Any()) + ); + return allowedProjects.ToList(); } diff --git a/src/Project/Models/ResourceModel.cs b/src/Project/Models/ResourceModel.cs index e3b55279953fd1848f3789faebe7f740ebe011a7..a44a64d6cd3206d401c988aa28947432ad0f271b 100644 --- a/src/Project/Models/ResourceModel.cs +++ b/src/Project/Models/ResourceModel.cs @@ -322,7 +322,7 @@ namespace Coscine.Api.Project.Models resource.Description, resource.Keywords, resource.UsageRights, - new ResourceTypeObject(resource.Type.Id, resource.Type.DisplayName), + new ResourceTypeObject(resource.Type.Id, resource.Type.DisplayName, resource.Type.Enabled), disciplines, (resource.Visibility != null) ? new VisibilityObject(resource.Visibility.Id, resource.Visibility.DisplayName) : null, (resource.License != null) ? new LicenseObject(resource.License.Id, resource.License.DisplayName) : null, diff --git a/src/Project/Project.csproj b/src/Project/Project.csproj index 309ead71b71ed87250943ab89c79b252dfef7cd7..a8b92dda8bb51920ce970423ec07df97d98a3346 100644 --- a/src/Project/Project.csproj +++ b/src/Project/Project.csproj @@ -46,8 +46,8 @@ ..\packages\Consul.0.7.2.6\lib\net45\Consul.dll - - ..\packages\Coscine.Action.1.7.1\lib\net461\Coscine.Action.dll + + ..\packages\Coscine.Action.1.8.0\lib\net461\Coscine.Action.dll ..\packages\Coscine.ApiCommons.1.4.0\lib\net461\Coscine.ApiCommons.dll @@ -55,14 +55,14 @@ ..\packages\Coscine.Configuration.1.4.0\lib\net461\Coscine.Configuration.dll - - ..\packages\Coscine.Database.1.13.0\lib\net461\Coscine.Database.dll + + ..\packages\Coscine.Database.1.14.0\lib\net461\Coscine.Database.dll ..\packages\Coscine.Logging.1.0.1\lib\net461\Coscine.Logging.dll - - ..\packages\Coscine.ProxyApi.1.2.0\lib\net461\Coscine.ProxyApi.dll + + ..\packages\Coscine.ProxyApi.1.2.1\lib\net461\Coscine.ProxyApi.dll ..\packages\Coscine.SharePoint.Webparts.Vue.1.4.0\lib\net461\Coscine.SharePoint.Webparts.Vue.dll diff --git a/src/Project/ReturnObjects/ResourceTypeObject.cs b/src/Project/ReturnObjects/ResourceTypeObject.cs index e2b9130ca9262ea0f816ae54d472a07fdd571d10..63e26afcb139d9dbe521617b21c878c9487d22d6 100644 --- a/src/Project/ReturnObjects/ResourceTypeObject.cs +++ b/src/Project/ReturnObjects/ResourceTypeObject.cs @@ -10,10 +10,13 @@ namespace Coscine.Api.Project.ReturnObjects public string DisplayName { get; set; } - public ResourceTypeObject(Guid id, string displayName) + public bool Enabled { get; set; } + + public ResourceTypeObject(Guid id, string displayName, bool enabled) { Id = id; DisplayName = displayName; + Enabled = enabled; } } diff --git a/src/Project/packages.config b/src/Project/packages.config index 0ef590e6c8d5f5e1bd76f9e0da92cf0af71871e7..7ad9f145bdee077063a923b6d39c239a428cc823 100644 --- a/src/Project/packages.config +++ b/src/Project/packages.config @@ -3,12 +3,12 @@ - + - + - +