Commit 31e8310c authored by Benedikt Heinrichs's avatar Benedikt Heinrichs
Browse files

Fix: Last Owner is not able to be deleted (coscine/issues#251)

parent c44d1dc2
...@@ -85,6 +85,8 @@ namespace Coscine.Api.Project.Controllers ...@@ -85,6 +85,8 @@ namespace Coscine.Api.Project.Controllers
ProjectModel projectModel = new ProjectModel(); ProjectModel projectModel = new ProjectModel();
if (projectModel.OwnsProject(user, projectModel.GetById(projectId))) if (projectModel.OwnsProject(user, projectModel.GetById(projectId)))
{ {
_projectRoleModel.CheckIfLastOwnerWillBeRemoved(roleId, projectId);
return _projectRoleModel.Delete(_projectRoleModel.GetWhere((projectRole) => return _projectRoleModel.Delete(_projectRoleModel.GetWhere((projectRole) =>
projectRole.ProjectId == projectId projectRole.ProjectId == projectId
&& projectRole.UserId == userId && projectRole.UserId == userId
......
using Coscine.Api.Project.ReturnObjects; using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons.Exceptions;
using Coscine.ApiCommons.Models; using Coscine.ApiCommons.Models;
using Coscine.Database.Model; using Coscine.Database.Model;
using LinqToDB; using LinqToDB;
...@@ -18,11 +19,13 @@ namespace Coscine.Api.Project.Models ...@@ -18,11 +19,13 @@ namespace Coscine.Api.Project.Models
public ProjectRole SetFromObject(ProjectRoleObject projectRoleObject) public ProjectRole SetFromObject(ProjectRoleObject projectRoleObject)
{ {
// Remove existing roles if they exist // Remove existing roles if they exist
var existingRoles = GetAllWhere((dbProjectRole) => dbProjectRole.ProjectId == projectRoleObject.ProjectId && dbProjectRole.UserId == projectRoleObject.User.Id); var existingRoles = GetAllWhere((dbProjectRole) => dbProjectRole.ProjectId == projectRoleObject.ProjectId && dbProjectRole.UserId == projectRoleObject.User.Id);
if(existingRoles.Count() > 0)
if (existingRoles.Count() > 0)
{ {
foreach(var role in existingRoles) foreach(var role in existingRoles)
{ {
CheckIfLastOwnerWillBeRemoved(role.RoleId, projectRoleObject.ProjectId);
Delete(role); Delete(role);
} }
} }
...@@ -36,6 +39,24 @@ namespace Coscine.Api.Project.Models ...@@ -36,6 +39,24 @@ namespace Coscine.Api.Project.Models
return projectRole; return projectRole;
} }
public void CheckIfLastOwnerWillBeRemoved(Guid roleId, Guid projectId)
{
RoleModel roleModel = new RoleModel();
var ownerRole = roleModel.GetOwnerRole();
if (roleId == ownerRole.Id)
{
var moreThanOneOwnerExists = GetAllWhere((projectRole) =>
projectRole.ProjectId == projectId
&& projectRole.RoleId == ownerRole.Id
).Count() > 1;
if (!moreThanOneOwnerExists)
{
throw new NotAuthorizedException("The last owner cannot be removed!");
}
}
}
public override Expression<Func<ProjectRole, Guid>> GetIdFromObject() public override Expression<Func<ProjectRole, Guid>> GetIdFromObject()
{ {
return databaseObject => databaseObject.RelationId; return databaseObject => databaseObject.RelationId;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment