Commit 7a8857e6 authored by Petar Hristov's avatar Petar Hristov 💬
Browse files

Fix: Members could not previously create subprojects (coscine/issues#1615)

parent f15224d7
......@@ -193,7 +193,7 @@ namespace Coscine.Api.Project.Controllers
return NotFound($"Could not find project with id: {projectId}");
}
if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
if (!_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
{
return Unauthorized("The user is not authorized to perform a get on the selected project!");
}
......@@ -552,7 +552,7 @@ namespace Coscine.Api.Project.Controllers
var projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body);
if (projectObject?.ParentId != new Guid()
&& !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
&& !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
{
return Unauthorized("User is not allowed to create SubProjects.");
}
......@@ -560,8 +560,8 @@ namespace Coscine.Api.Project.Controllers
var project = _projectModel.StoreFromObject(projectObject, user, _rdfStoreConnector.GetQuotaDefault(user.Id.ToString()));
if (projectObject.ParentId != new Guid()
// for now, only an owner can add subprojects to projects
&& _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
// Both an owner and a member can add subprojects to projects
&& _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
{
var subProjectModel = new SubProjectModel();
subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment