New: Added Guest Role

4875ffff · Petar Hristov · Sandra Westerhoff · 7e225fb6 · 4875ffff · 4875ffff
Commit 4875ffff authored Jan 17, 2023 by Petar Hristov Committed by Sandra Westerhoff Jan 17, 2023
--- a/src/Project.Tests/Project.Tests.csproj
+++ b/src/Project.Tests/Project.Tests.csproj
@@ -4,10 +4,13 @@
 		<RootNamespace>Coscine.Api.Project.Tests</RootNamespace>
 		<AssemblyName>Coscine.Api.Project.Tests</AssemblyName>
 		<TargetFramework>net6.0</TargetFramework>
-	<Version>4.2.8</Version></PropertyGroup>
+		<Version>4.2.4</Version>
+	</PropertyGroup>
 	<ItemGroup>
 		<ProjectReference Include="..\Project\Project.csproj" />
 	</ItemGroup>
 	<ItemGroup>
 		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.9.1" />
 		<PackageReference Include="Moq" Version="4.16.1" />


--- a/src/Project/Controllers/ProjectController.cs
+++ b/src/Project/Controllers/ProjectController.cs
@@ -87,7 +87,7 @@ namespace Coscine.Api.Project.Controllers
        public ActionResult<IEnumerable<ProjectObject>> GetTopLevelProjects()
        {
            var user = _authenticator.GetUser();
-            var projects = _projectModel.GetTopLevelWithAccess(user, UserRoles.Member, UserRoles.Owner).ToList()
+            var projects = _projectModel.GetTopLevelWithAccess(user, UserRoles.Member, UserRoles.Owner, UserRoles.Guest).ToList()
                .Select((project) => _projectModel.CreateReturnObjectFromDatabaseObject(project))
                .OrderBy(element => element.DisplayName);
@@ -109,13 +109,19 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();
            var project = _projectModel.GetById(id);
-            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Coscine Basis: View Projects
+            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
            {
                var subProjectModel = new SubProjectModel();
                var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && !project.Deleted);
                var parentProjectRelation = subProjectRel.FirstOrDefault();
-                if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner))
+                // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+                // - Project: View Subprojects (no inheritance, invited seperately) 
+                if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
                {
                    return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project, parentProjectRelation.ProjectId));
                }
@@ -137,13 +143,19 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();
            var project = _projectModel.GetBySlug(slug);
-            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Coscine Basis: View Projects // Project: View Subprojects (no inheritance, invited seperately) 
+            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
            {
                var subProjectModel = new SubProjectModel();
                var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && !project.Deleted);
                var parentProjectRelation = subProjectRel.FirstOrDefault();
-                if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner))
+                // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+                // - Coscine Basis: View Projects // Project: View Subprojects (no inheritance, invited seperately) 
+                if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
                {
                    return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project, parentProjectRelation.ProjectId));
                }
@@ -168,13 +180,19 @@ namespace Coscine.Api.Project.Controllers
            var resourceModel = new ResourceModel();
            var resourceTypeModel = new ResourceTypeModel();
-            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Resource: View Resource (RCV, Metadatamanager)
+            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
            {
                var resources = resourceModel.GetAllWhere((resource) =>
                        (from projectResource in resource.ProjectResources
                         where projectResource.ProjectId == project.Id
                         select projectResource).Any())
-                        .Select((resource) => ResourceTypes.Helpers.CreateResourceReturnObject(resource)).OrderBy(element => element.DisplayName);
+                        .Select(resource => ResourceTypes.Helpers.CreateResourceReturnObject(resource))
+                        .Select(resource => HideSensitiveInformation(user, project, resource))
+                        .OrderBy(element => element.DisplayName);
                if (Request.Query != null && Request.Query["noanalyticslog"] != "true")
                {
                    var projectObject = _projectModel.CreateReturnObjectFromDatabaseObject(_projectModel.GetById(project.Id));
@@ -188,6 +206,18 @@ namespace Coscine.Api.Project.Controllers
            }
        }
+        private ResourceObject HideSensitiveInformation(User user, Database.DataModel.Project project, ResourceObject resourceObject)
+        {
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Resource: View Resource (RCV, Metadatamanager) - BUT hide resource type options!
+            if (_projectModel.HasAccess(user, project, UserRoles.Guest))
+            {
+                // From resource.resourceTypeOption hide all sensitive keys listed bellow that a user should not have access to, based on their role
+                resourceObject.ResourceTypeOption = null;
+            }
+            return resourceObject;
+        }
        /// <summary>
        /// Updates a project
        /// </summary>
@@ -199,6 +229,9 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();
            var project = _projectModel.GetById(id);
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                LogAnalyticsEditProject(project, _projectModel.GetMetadataCompleteness(projectObject), projectObject.Disciplines, projectObject.Organizations, user);
@@ -220,6 +253,9 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();
            var project = _projectModel.GetById(id);
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                var projectObject = _projectModel.CreateReturnObjectFromDatabaseObject(_projectModel.GetById(project.Id));
@@ -339,10 +375,11 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();
-            if (projectObject.ParentId != new Guid()
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
-                && !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
+            // - Project: Create Subprojects
+            if (projectObject.ParentId != new Guid() && !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
            {
-                return Unauthorized("User is not allowed to create SubProjects.");
+                return Unauthorized("User is not allowed to create sub-projects in the selected project!");
            }
            var defaultQuotas = _rdfStoreConnector.GetQuotaDefault(user.Id.ToString());
@@ -360,9 +397,9 @@ namespace Coscine.Api.Project.Controllers
            var project = _projectModel.StoreFromObject(projectObject, user, projectQuotas);
-            if (projectObject.ParentId != new Guid()
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
-                // Both an owner and a member can add subprojects to projects
+            // - Project: Create Subprojects
-                && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
+            if (projectObject.ParentId != new Guid() && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
            {
                var subProjectModel = new SubProjectModel();
                subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);
@@ -396,6 +433,8 @@ namespace Coscine.Api.Project.Controllers
            var user = _authenticator.GetUser();
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: View Settings (project, user, quota)
            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("You are not an owner of the project.");
@@ -416,7 +455,7 @@ namespace Coscine.Api.Project.Controllers
        }
        /// <summary>
-        /// Call to analytics logger.
+        /// Creation of an Application Profile.
        /// </summary>
        /// <param name="projectId">Project id of the project</param>
        /// <returns>204 no content</returns>
@@ -432,6 +471,8 @@ namespace Coscine.Api.Project.Controllers
            var user = _authenticator.GetUser();
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - ???
            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("You are not an owner of the project.");
@@ -469,6 +510,8 @@ namespace Coscine.Api.Project.Controllers
                return NotFound($@"The role ""{sendInvitationObject.Role}"" was not found.");
            }
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("You are not an owner of the project.");
@@ -536,6 +579,8 @@ namespace Coscine.Api.Project.Controllers
            var user = _authenticator.GetUser();
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (!_projectModel.HasAccess(user, _projectModel.GetById(invitation.Project), UserRoles.Owner))
            {
                return Unauthorized("You are not an owner of this project.");
@@ -570,6 +615,8 @@ namespace Coscine.Api.Project.Controllers
            var project = _projectModel.GetById(invitation.Project);
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (!_projectModel.HasAccess(_userModel.GetById(invitation.Issuer), project, UserRoles.Owner))
            {
                return Unauthorized("The issuer is not an owner of the project.");


--- a/src/Project/Controllers/ProjectQuotaController.cs
+++ b/src/Project/Controllers/ProjectQuotaController.cs
@@ -64,6 +64,8 @@ namespace Coscine.Api.Project.Controllers
                return base.NotFound($"Could not find project with id: {id}");
            }
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Create Subprojects | Project: View Settings (project, user, quota) ---> conflicts
            if (!_projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
            {
                return Unauthorized("The user is not authorized to perform a get on the selected project!");
@@ -94,7 +96,9 @@ namespace Coscine.Api.Project.Controllers
                return NotFound($"Could not find project with id: {id}");
            }
-            if (!_projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: View Settings (project, user, quota)
+            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("The user is not authorized to perform a get on the selected project!");
            }
@@ -129,6 +133,8 @@ namespace Coscine.Api.Project.Controllers
                return NotFound($"Could not find project with id: {id}");
            }
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("The user is not authorized to perform a get on the selected project!");


--- a/src/Project/Controllers/ProjectRoleController.cs
+++ b/src/Project/Controllers/ProjectRoleController.cs
@@ -57,7 +57,9 @@ namespace Coscine.Api.Project.Controllers
            var projectModel = new ProjectModel();
            var user = _authenticator.GetUser();
-            if (projectModel.HasAccess(user, projectModel.GetById(projectId), UserRoles.Owner, UserRoles.Member))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: View Members of Project on Project page
+            if (projectModel.HasAccess(user, projectModel.GetById(projectId), UserRoles.Owner, UserRoles.Member, UserRoles.Guest))
            {
                var users = _projectRoleModel.GetAllWhere((projectRole) =>
                    (projectRole.ProjectId == projectId)
@@ -128,9 +130,13 @@ namespace Coscine.Api.Project.Controllers
            var userToAdd = userModel.GetById(projectRoleObject.User.Id);
            var user = _authenticator.GetUser();
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Project: Change Settings (project, user, quota)
            if (projectModel.HasAccess(user, project, UserRoles.Owner))
            {
-                var userIsAlreadymember = projectModel.HasAccess(userToAdd, project, UserRoles.Owner, UserRoles.Member);
+                // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+                // - none
+                var userAlreadyHasRole = projectModel.HasAccess(userToAdd, project, UserRoles.Owner, UserRoles.Member, UserRoles.Guest);
                _emitter.EmitUserAdd(new UserEventArgs(_configuration)
                {
                    Project = project,
@@ -138,7 +144,7 @@ namespace Coscine.Api.Project.Controllers
                    User = userToAdd
                });
-                LogAnalytics(userIsAlreadymember == true ? "Change Role" : "Add Member", user, null, project.Id.ToString());
+                LogAnalytics(userAlreadyHasRole == true ? "Change Role" : "Add Member", user, null, project.Id.ToString());
                return Ok(_projectRoleModel.SetFromObject(projectRoleObject));
            }
@@ -162,6 +168,8 @@ namespace Coscine.Api.Project.Controllers
            var user = _authenticator.GetUser();
            var project = projectModel.GetById(projectId);
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Project: Change Settings (project, user, quota)
            if (projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                _projectRoleModel.CheckIfLastOwnerWillBeRemoved(roleId, projectId);
@@ -201,7 +209,10 @@ namespace Coscine.Api.Project.Controllers
            var project = projectModel.GetById(projectId);
            var roleId = _projectRoleModel.GetGetUserRoleForProject(projectId, user.Id);
-            if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - ???
+            // Guests have the right to leave a project on their own.
+            if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member, UserRoles.Guest))
            {
                _projectRoleModel.CheckIfLastOwnerWillBeRemoved((Guid)roleId, projectId);
                _emitter.EmitUserRemove(new UserEventArgs(this._configuration)


--- a/src/Project/Controllers/SubProjectController.cs
+++ b/src/Project/Controllers/SubProjectController.cs
@@ -39,7 +39,10 @@ namespace Coscine.Api.Project.Controllers
            var projectModel = new ProjectModel();
            var projectRoleModel = new ProjectRoleModel();
            var user = _authenticator.GetUser();
-            string[] allowedRoles = { UserRoles.Owner, UserRoles.Member };
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: View Subprojects (no inheritance, invited seperately)
+            string[] allowedRoles = { UserRoles.Owner, UserRoles.Member, UserRoles.Guest };
            allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray();
            if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), allowedRoles))
            {
@@ -60,7 +63,7 @@ namespace Coscine.Api.Project.Controllers
            }
            else
            {
-                return Unauthorized("User is not allowed to create a subproject for the given project id!");
+                return Unauthorized("User is not allowed to see the subproject for the given project id!");
            }
        }
@@ -69,6 +72,7 @@ namespace Coscine.Api.Project.Controllers
        /// </summary>
        /// <param name="childId">Id of the child</param>
        /// <returns>Json or Statuscode 401</returns>
+        [Obsolete("Not in use by the UI")]
        [HttpGet("[controller]/{childId}/accessibleParent")]
        public IActionResult GetAccessibleParent(string childId)
        {
@@ -76,6 +80,9 @@ namespace Coscine.Api.Project.Controllers
            var projectModel = new ProjectModel();
            var projectRoleModel = new ProjectRoleModel();
            var user = _authenticator.GetUser();
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Create Subprojects
            string[] allowedRoles = { UserRoles.Owner, UserRoles.Member };
            allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray();
            if (projectModel.HasAccess(user, projectModel.GetById(childGuid), allowedRoles))


--- a/src/Project/Project.csproj
+++ b/src/Project/Project.csproj
@@ -7,21 +7,23 @@
 		<TargetFramework>net6.0</TargetFramework>
 		<Version>4.2.8</Version>
 	</PropertyGroup>
 	<PropertyGroup>
 		<Authors>RWTH Aachen University</Authors>
 		<Company>IT Center, RWTH Aachen University</Company>
-		<Copyright>2022 IT Center, RWTH Aachen University</Copyright>
+		<Copyright>2023 IT Center, RWTH Aachen University</Copyright>
 		<Description>Project is a part of the Coscine group.</Description>
 		<PackageLicenseExpression>MIT</PackageLicenseExpression>
 		<PackageProjectUrl>https://git.rwth-aachen.de/coscine/backend/apis/Project</PackageProjectUrl>
 		<PackageRequireLicenseAcceptance>false</PackageRequireLicenseAcceptance>
 	</PropertyGroup>
 	<ItemGroup>
-		<PackageReference Include="Coscine.Action" Version="3.*-*" />
+		<PackageReference Include="Coscine.Action" Version="*-*" />
-		<PackageReference Include="Coscine.ApiCommons" Version="2.*-*" />
+		<PackageReference Include="Coscine.ApiCommons" Version="*-*" />
-		<PackageReference Include="Coscine.Database" Version="2.*-*" />
+		<PackageReference Include="Coscine.Database" Version="*-*" />
-		<PackageReference Include="Coscine.Logging" Version="2.*-*" />
+		<PackageReference Include="Coscine.Logging" Version="*-*" />
-		<PackageReference Include="Coscine.Metadata" Version="2.*-*" />
+		<PackageReference Include="Coscine.Metadata" Version="*-*" />
-		<PackageReference Include="Coscine.ResourceTypes" Version="1.*-*" />
+		<PackageReference Include="Coscine.ResourceTypes" Version="*-*" />
 	</ItemGroup>
 </Project>