Merge branch 'Hotfix/251-correctDeleteHandling' into 'master'

Fix: Last Owner is not able to be deleted (coscine/issues#251) See merge request coscine/api/project!15

Merge branch 'Hotfix/251-correctDeleteHandling' into 'master'
Fix: Last Owner is not able to be deleted (coscine/issues#251) See merge request coscine/api/project!15
61d4520b · L. Ellenbeck · c44d1dc2 · 31e8310c · 61d4520b · 61d4520b
Commit 61d4520b authored Sep 03, 2019 by L. Ellenbeck
--- a/src/Project/Controllers/ProjectRoleController.cs
+++ b/src/Project/Controllers/ProjectRoleController.cs
@@ -85,6 +85,8 @@ namespace Coscine.Api.Project.Controllers
                ProjectModel projectModel = new ProjectModel();
                if (projectModel.OwnsProject(user, projectModel.GetById(projectId)))
                {
+                    _projectRoleModel.CheckIfLastOwnerWillBeRemoved(roleId, projectId);
+
                    return _projectRoleModel.Delete(_projectRoleModel.GetWhere((projectRole) =>
                            projectRole.ProjectId == projectId
                            && projectRole.UserId == userId

--- a/src/Project/Models/ProjectRoleModel.cs
+++ b/src/Project/Models/ProjectRoleModel.cs
 using Coscine.Api.Project.ReturnObjects;
+using Coscine.ApiCommons.Exceptions;
 using Coscine.ApiCommons.Models;
 using Coscine.Database.Model;
 using LinqToDB;
@@ -18,11 +19,13 @@ namespace Coscine.Api.Project.Models
        public ProjectRole SetFromObject(ProjectRoleObject projectRoleObject)
        {
            // Remove existing roles if they exist
-            var existingRoles = GetAllWhere((dbProjectRole) => dbProjectRole.ProjectId == projectRoleObject.ProjectId && dbProjectRole.UserId == projectRoleObject.User.Id);
-            if(existingRoles.Count() > 0)
+            var existingRoles = GetAllWhere((dbProjectRole) => dbProjectRole.ProjectId == projectRoleObject.ProjectId && dbProjectRole.UserId == projectRoleObject.User.Id);            
+
+            if (existingRoles.Count() > 0)
            {
                foreach(var role in existingRoles)
                {
+                    CheckIfLastOwnerWillBeRemoved(role.RoleId, projectRoleObject.ProjectId);
                    Delete(role);
                }
            }
@@ -36,6 +39,24 @@ namespace Coscine.Api.Project.Models
            return projectRole;
        }

+        public void CheckIfLastOwnerWillBeRemoved(Guid roleId, Guid projectId)
+        {
+            RoleModel roleModel = new RoleModel();
+            var ownerRole = roleModel.GetOwnerRole();
+
+            if (roleId == ownerRole.Id)
+            {
+                var moreThanOneOwnerExists = GetAllWhere((projectRole) =>
+                    projectRole.ProjectId == projectId
+                    && projectRole.RoleId == ownerRole.Id
+                ).Count() > 1;
+                if (!moreThanOneOwnerExists)
+                {
+                    throw new NotAuthorizedException("The last owner cannot be removed!");
+                }
+            }
+        }
+
        public override Expression<Func<ProjectRole, Guid>> GetIdFromObject()
        {
            return databaseObject => databaseObject.RelationId;