Skip to content
Snippets Groups Projects
Commit 1a81318c authored by Petar Hristov's avatar Petar Hristov :speech_balloon:
Browse files

Merge branch 'Hotfix/1615-membersCreatingProject' into 'master' 

Hotfix/1615 members creating project

See merge request !156
parents f15224d7 7a8857e6
No related branches found
No related tags found
1 merge request!156Hotfix/1615 members creating project
Show whitespace changes
Inline Side-by-side
src/Project/Controllers/ProjectController.cs
+ 4
4
View file @ 1a81318c
...@@ -193,7 +193,7 @@ namespace Coscine.Api.Project.Controllers ...@@ -193,7 +193,7 @@ namespace Coscine.Api.Project.Controllers
return NotFound($"Could not find project with id: {projectId}"); return NotFound($"Could not find project with id: {projectId}");
} }
if (!_projectModel.HasAccess(user, project, UserRoles.Owner)) if (!_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
{ {
return Unauthorized("The user is not authorized to perform a get on the selected project!"); return Unauthorized("The user is not authorized to perform a get on the selected project!");
} }
...@@ -552,7 +552,7 @@ namespace Coscine.Api.Project.Controllers ...@@ -552,7 +552,7 @@ namespace Coscine.Api.Project.Controllers
var projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body); var projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body);
if (projectObject?.ParentId != new Guid() if (projectObject?.ParentId != new Guid()
&& !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner)) && !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
{ {
return Unauthorized("User is not allowed to create SubProjects."); return Unauthorized("User is not allowed to create SubProjects.");
} }
...@@ -560,8 +560,8 @@ namespace Coscine.Api.Project.Controllers ...@@ -560,8 +560,8 @@ namespace Coscine.Api.Project.Controllers
var project = _projectModel.StoreFromObject(projectObject, user, _rdfStoreConnector.GetQuotaDefault(user.Id.ToString())); var project = _projectModel.StoreFromObject(projectObject, user, _rdfStoreConnector.GetQuotaDefault(user.Id.ToString()));
if (projectObject.ParentId != new Guid() if (projectObject.ParentId != new Guid()
// for now, only an owner can add subprojects to projects // Both an owner and a member can add subprojects to projects
&& _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner)) && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
{ {
var subProjectModel = new SubProjectModel(); var subProjectModel = new SubProjectModel();
subProjectModel.LinkSubProject(projectObject.ParentId, project.Id); subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment