Commit 1a81318c authored by Petar Hristov's avatar Petar Hristov 💬
Browse files

Merge branch 'Hotfix/1615-membersCreatingProject' into 'master'

Hotfix/1615 members creating project

See merge request !156
parents f15224d7 7a8857e6
......@@ -193,7 +193,7 @@ namespace Coscine.Api.Project.Controllers
return NotFound($"Could not find project with id: {projectId}");
if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
if (!_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
return Unauthorized("The user is not authorized to perform a get on the selected project!");
......@@ -552,7 +552,7 @@ namespace Coscine.Api.Project.Controllers
var projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body);
if (projectObject?.ParentId != new Guid()
&& !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
&& !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
return Unauthorized("User is not allowed to create SubProjects.");
......@@ -560,8 +560,8 @@ namespace Coscine.Api.Project.Controllers
var project = _projectModel.StoreFromObject(projectObject, user, _rdfStoreConnector.GetQuotaDefault(user.Id.ToString()));
if (projectObject.ParentId != new Guid()
// for now, only an owner can add subprojects to projects
&& _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
// Both an owner and a member can add subprojects to projects
&& _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
var subProjectModel = new SubProjectModel();
subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment