Merge branch 'Hotfix/1615-membersCreatingProject' into 'master'

Hotfix/1615 members creating project

See merge request !156

src/Project/Controllers/ProjectController.cs

@@ -193,7 +193,7 @@ namespace Coscine.Api.Project.Controllers
                 return NotFound($"Could not find project with id: {projectId}");
             }
 
-            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
+            if (!_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
             {
                 return Unauthorized("The user is not authorized to perform a get on the selected project!");
             }
@@ -552,7 +552,7 @@ namespace Coscine.Api.Project.Controllers
             var projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body);
 
             if (projectObject?.ParentId != new Guid()
-                && !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
+                && !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
             {
                 return Unauthorized("User is not allowed to create SubProjects.");
             }
@@ -560,8 +560,8 @@ namespace Coscine.Api.Project.Controllers
             var project = _projectModel.StoreFromObject(projectObject, user, _rdfStoreConnector.GetQuotaDefault(user.Id.ToString()));
 
             if (projectObject.ParentId != new Guid()
-                // for now, only an owner can add subprojects to projects
-                && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
+                // Both an owner and a member can add subprojects to projects
+                && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
             {
                 var subProjectModel = new SubProjectModel();
                 subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);