New: Included the ResourceCreator Role (coscine/issues#530)

New: Included Search Api (coscine/issues#533) New: Included metadata in the resource view (coscine/issues#566) New: Corrected user authentication (coscine/issues#529)

New: Included the ResourceCreator Role (coscine/issues#530)
New: Included Search Api (coscine/issues#533) New: Included metadata in the resource view (coscine/issues#566) New: Corrected user authentication (coscine/issues#529)
9f1b6ccf · Marcel Nellesen · b0dcbc30 · 9f1b6ccf · 9f1b6ccf · 9f1b6ccf
Commit 9f1b6ccf authored Jan 20, 2020 by Marcel Nellesen
28 changed files
--- a/src/Project.Tests/DefaultControllerTests.cs
+++ b/src/Project.Tests/DefaultControllerTests.cs
@@ -13,6 +13,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Management;
+using System.Security.Claims;

 namespace Coscine.Api.Project.Tests
 {
@@ -257,6 +258,11 @@ namespace Coscine.Api.Project.Tests
            var context = new Mock<HttpContext>();
            context.SetupGet(x => x.Request).Returns(request.Object);

+            var claimsPrincipal = new Mock<ClaimsPrincipal>();
+            Claim claim = new Claim("UserID", user.Id.ToString());
+            context.SetupGet(x => x.User).Returns(claimsPrincipal.Object);
+            context.Setup(x => x.User.FindFirst("UserID")).Returns(claim);
+
            if (stream != null)
            {
                context.SetupGet(x => x.Request.Method).Returns("POST");

--- a/src/Project.Tests/Project.Tests.csproj
+++ b/src/Project.Tests/Project.Tests.csproj
@@ -56,17 +56,17 @@
    <Reference Include="Consul, Version=0.7.2.6, Culture=neutral, PublicKeyToken=20a6ad9a81df1d95, processorArchitecture=MSIL">
      <HintPath>..\packages\Consul.0.7.2.6\lib\net45\Consul.dll</HintPath>
    </Reference>
-    <Reference Include="Coscine.Action, Version=1.7.0.0, Culture=neutral, processorArchitecture=AMD64">
-      <HintPath>..\packages\Coscine.Action.1.7.0\lib\net461\Coscine.Action.dll</HintPath>
+    <Reference Include="Coscine.Action, Version=1.7.1.0, Culture=neutral, processorArchitecture=AMD64">
+      <HintPath>..\packages\Coscine.Action.1.7.1\lib\net461\Coscine.Action.dll</HintPath>
    </Reference>
-    <Reference Include="Coscine.ApiCommons, Version=1.3.1.0, Culture=neutral, PublicKeyToken=af4c1345df96546b, processorArchitecture=MSIL">
-      <HintPath>..\packages\Coscine.ApiCommons.1.3.1\lib\net461\Coscine.ApiCommons.dll</HintPath>
+    <Reference Include="Coscine.ApiCommons, Version=1.4.0.0, Culture=neutral, PublicKeyToken=af4c1345df96546b, processorArchitecture=MSIL">
+      <HintPath>..\packages\Coscine.ApiCommons.1.4.0\lib\net461\Coscine.ApiCommons.dll</HintPath>
    </Reference>
    <Reference Include="Coscine.Configuration, Version=1.4.0.0, Culture=neutral, PublicKeyToken=ce3d7a32d7dc1e5a, processorArchitecture=MSIL">
      <HintPath>..\packages\Coscine.Configuration.1.4.0\lib\net461\Coscine.Configuration.dll</HintPath>
    </Reference>
-    <Reference Include="Coscine.Database, Version=1.12.1.0, Culture=neutral, PublicKeyToken=767d77427707b70a, processorArchitecture=MSIL">
-      <HintPath>..\packages\Coscine.Database.1.12.1\lib\net461\Coscine.Database.dll</HintPath>
+    <Reference Include="Coscine.Database, Version=1.13.0.0, Culture=neutral, PublicKeyToken=767d77427707b70a, processorArchitecture=MSIL">
+      <HintPath>..\packages\Coscine.Database.1.13.0\lib\net461\Coscine.Database.dll</HintPath>
    </Reference>
    <Reference Include="Coscine.Logging, Version=1.0.1.0, Culture=neutral, PublicKeyToken=e1ed402bc3f6525e, processorArchitecture=MSIL">
      <HintPath>..\packages\Coscine.Logging.1.0.1\lib\net461\Coscine.Logging.dll</HintPath>
@@ -107,12 +107,18 @@
    <Reference Include="Microsoft.AspNetCore.Antiforgery, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.AspNetCore.Antiforgery.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Antiforgery.dll</HintPath>
    </Reference>
+    <Reference Include="Microsoft.AspNetCore.Authentication, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.AspNetCore.Authentication.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.dll</HintPath>
+    </Reference>
    <Reference Include="Microsoft.AspNetCore.Authentication.Abstractions, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.AspNetCore.Authentication.Abstractions.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.Abstractions.dll</HintPath>
    </Reference>
    <Reference Include="Microsoft.AspNetCore.Authentication.Core, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.AspNetCore.Authentication.Core.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.Core.dll</HintPath>
    </Reference>
+    <Reference Include="Microsoft.AspNetCore.Authentication.JwtBearer, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.AspNetCore.Authentication.JwtBearer.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.JwtBearer.dll</HintPath>
+    </Reference>
    <Reference Include="Microsoft.AspNetCore.Authorization, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.AspNetCore.Authorization.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authorization.dll</HintPath>
    </Reference>
@@ -371,6 +377,12 @@
    <Reference Include="Microsoft.IdentityModel.Logging, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.IdentityModel.Logging.5.6.0\lib\net461\Microsoft.IdentityModel.Logging.dll</HintPath>
    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=5.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.5.3.0\lib\net461\Microsoft.IdentityModel.Protocols.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=5.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.5.3.0\lib\net461\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
+    </Reference>
    <Reference Include="Microsoft.IdentityModel.Tokens, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.5.6.0\lib\net461\Microsoft.IdentityModel.Tokens.dll</HintPath>
    </Reference>

--- a/src/Project.Tests/ProjectControllerTests.cs
+++ b/src/Project.Tests/ProjectControllerTests.cs
@@ -25,8 +25,8 @@ namespace Coscine.Api.Project.Tests
        public void OwnsTest()
        {
            ProjectModel projectModel = new ProjectModel();
-            Assert.IsTrue(projectModel.OwnsProject(Users[0], Projects[0]));
-            Assert.IsFalse(projectModel.OwnsProject(Users[0], Projects[1]));
+            Assert.IsTrue(projectModel.HasAccess(Users[0], Projects[0], UserRoles.Owner));
+            Assert.IsFalse(projectModel.HasAccess(Users[0], Projects[1], UserRoles.Owner));

            var all = projectModel.GetAllWhere((project) =>
                (from projectRole in project.ProjectRolesProjectIdIds
@@ -87,15 +87,8 @@ namespace Coscine.Api.Project.Tests

            FakeControllerContext(Users[0], stream);

-            try
-            {
-                Controller.Update(Projects[1].Id.ToString());
-                Assert.Fail();
-            }
-            catch (Exception e)
-            {
-                Assert.IsTrue(e.GetType() == typeof(NotAuthorizedException));
-            }
+            actionResult = Controller.Update(Projects[1].Id.ToString());
+            Assert.IsTrue(actionResult.GetType() == typeof(UnauthorizedObjectResult));

            // Cleanup
            stream.Close();
@@ -114,12 +107,12 @@ namespace Coscine.Api.Project.Tests
            FakeControllerContext(Users[0], stream);

            var actionResult = Controller.Store();
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));

-            OkObjectResult okObjectResult = (OkObjectResult)actionResult;
-            Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ProjectObject));
+            JsonResult jsonResult = (JsonResult)actionResult;
+            Assert.IsTrue(jsonResult.Value.GetType() == typeof(ProjectObject));

-            ProjectObject createdProjectObject = (ProjectObject)okObjectResult.Value;
+            ProjectObject createdProjectObject = (ProjectObject)jsonResult.Value;

            Assert.IsTrue(createdProjectObject.Description == newProjectObject.Description);
            Assert.IsTrue(createdProjectObject.DisplayName == newProjectObject.DisplayName);
@@ -149,12 +142,12 @@ namespace Coscine.Api.Project.Tests
            FakeControllerContext(Users[0], stream);

            var actionResult = Controller.Store();
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));

-            OkObjectResult okObjectResult = (OkObjectResult)actionResult;
-            Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ProjectObject));
+            JsonResult result = (JsonResult)actionResult;
+            Assert.IsTrue(result.Value.GetType() == typeof(ProjectObject));

-            ProjectObject createdProjectObject = (ProjectObject)okObjectResult.Value;
+            ProjectObject createdProjectObject = (ProjectObject)result.Value;
            stream.Close();

            stream = ObjectFactory<ProjectObject>.SerializeToStream(createdProjectObject);
@@ -162,10 +155,10 @@ namespace Coscine.Api.Project.Tests
            FakeControllerContext(Users[0], stream);

            actionResult = Controller.Delete(createdProjectObject.Id.ToString());
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));

-            okObjectResult = (OkObjectResult)actionResult;
-            Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ProjectObject));
+            result = (JsonResult)actionResult;
+            Assert.IsTrue(result.Value.GetType() == typeof(ProjectObject));

            stream.Close();
        }
@@ -184,8 +177,8 @@ namespace Coscine.Api.Project.Tests

            var actionResult = Controller.Store();

-            OkObjectResult okObjectResult = (OkObjectResult)actionResult;
-            ProjectObject createdProjectObject = (ProjectObject)okObjectResult.Value;
+            JsonResult result = (JsonResult)actionResult;
+            ProjectObject createdProjectObject = (ProjectObject)result.Value;
            stream.Close();

            newProjectObject = new ProjectObject(Guid.NewGuid(), "NewProject", "NewDisplayName", DateTime.Now, DateTime.Now.AddYears(1), "test2;test3", "abc", "investigator", "grandId",
@@ -205,10 +198,10 @@ namespace Coscine.Api.Project.Tests
            FakeControllerContext(Users[0], stream);

            actionResult = Controller.Delete(createdProjectObject.Id.ToString());
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));

-            okObjectResult = (OkObjectResult)actionResult;
-            Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ProjectObject));
+            result = (JsonResult)actionResult;
+            Assert.IsTrue(result.Value.GetType() == typeof(ProjectObject));

            stream.Close();
        }
@@ -225,8 +218,8 @@ namespace Coscine.Api.Project.Tests
            FakeControllerContext(Users[0], stream);
            var actionResult = Controller.Store();

-            OkObjectResult okObjectResult = (OkObjectResult)actionResult;
-            ProjectObject createdProjectObject = (ProjectObject)okObjectResult.Value;
+            JsonResult result = (JsonResult)actionResult;
+            ProjectObject createdProjectObject = (ProjectObject)result.Value;

            ProjectObject newSubProjectObject = new ProjectObject(Guid.NewGuid(), "NewSubProject", "NewDisplayNameSub", DateTime.Now, DateTime.Now.AddYears(1), "test2;test3", "abc", "investigator", "grandId",
                                                                        new List<DisciplineObject>() { new DisciplineObject(Discipline.Id, Discipline.Url, Discipline.DisplayNameDe, Discipline.DisplayNameEn) },
@@ -238,8 +231,8 @@ namespace Coscine.Api.Project.Tests
            FakeControllerContext(Users[0], subStream);
            var subActionResult = Controller.Store();

-            OkObjectResult okSubObjectResult = (OkObjectResult)subActionResult;
-            ProjectObject createdSubProjectObject = (ProjectObject)okSubObjectResult.Value;
+            JsonResult resultSubProject = (JsonResult)subActionResult;
+            ProjectObject createdSubProjectObject = (ProjectObject)resultSubProject.Value;

            SubProjectModel subProjectModel = new SubProjectModel();
            var subProjects = subProjectModel.GetAllWhere((x) => x.ProjectId == createdProjectObject.Id);

--- a/src/Project.Tests/ResourceControllerTests.cs
+++ b/src/Project.Tests/ResourceControllerTests.cs
@@ -23,19 +23,19 @@ namespace Coscine.Api.Project.Tests
        public void TestControllerIndex()
        {
            var actionResult = Controller.Index();
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
        }

        [Test]
        public void TestControllerGet()
        {
            var actionResult = Controller.Get(Resources[0].Id.ToString());
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));

-            OkObjectResult okObjectResult = (OkObjectResult)actionResult;
-            Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ResourceObject));
+            JsonResult result = (JsonResult)actionResult;
+            Assert.IsTrue(result.Value.GetType() == typeof(ResourceObject));

-            ResourceObject resourceObject = (ResourceObject)okObjectResult.Value;
+            ResourceObject resourceObject = (ResourceObject)result.Value;

            Assert.IsTrue(resourceObject.Id == Resources[0].Id);
            Assert.IsTrue(resourceObject.DisplayName == Resources[0].DisplayName);
@@ -49,8 +49,8 @@ namespace Coscine.Api.Project.Tests
        public void TestControllerUpdate()
        {
            var actionResult = Controller.Get(Resources[0].Id.ToString());
-            OkObjectResult okObjectResult = (OkObjectResult)actionResult;
-            ResourceObject resourceObject = (ResourceObject)okObjectResult.Value;
+            JsonResult result = (JsonResult)actionResult;
+            ResourceObject resourceObject = (ResourceObject)result.Value;

            resourceObject.DisplayName = "OtherName";
            resourceObject.ResourceTypeOption = JObject.FromObject(new RDSResourceTypeObject(Guid.NewGuid(), "PITLABTTEST", 0));
@@ -60,7 +60,7 @@ namespace Coscine.Api.Project.Tests
            FakeControllerContext(Users[0], stream);

            actionResult = Controller.Update(Resources[0].Id.ToString());
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));

            // Cleanup
            stream.Close();
@@ -69,15 +69,8 @@ namespace Coscine.Api.Project.Tests

            FakeControllerContext(Users[0], stream);

-            try
-            {
-                Controller.Update(Resources[1].Id.ToString());
-                Assert.Fail();
-            }
-            catch (Exception e)
-            {
-                Assert.IsTrue(e.GetType() == typeof(NotAuthorizedException));
-            }
+            actionResult = Controller.Update(Resources[1].Id.ToString());
+            Assert.IsTrue(actionResult.GetType() == typeof(UnauthorizedObjectResult));

            // Cleanup
            stream.Close();
@@ -107,9 +100,9 @@ namespace Coscine.Api.Project.Tests
            FakeControllerContext(Users[0], stream);

            var actionResult = Controller.StoreToProject(Projects[0].Id.ToString());
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
-            OkObjectResult okObjectResult = (OkObjectResult)actionResult;
-            resourceObject = (ResourceObject)okObjectResult.Value;
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
+            JsonResult result = (JsonResult)actionResult;
+            resourceObject = (ResourceObject)result.Value;

            // Cleanup
            stream.Close();
@@ -119,7 +112,7 @@ namespace Coscine.Api.Project.Tests
            FakeControllerContext(Users[0], stream);

            actionResult = Controller.Delete(resourceObject.Id.ToString());
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));

            stream.Close();
        }

--- a/src/Project.Tests/ResourceTypeControllerTests.cs
+++ b/src/Project.Tests/ResourceTypeControllerTests.cs
@@ -20,10 +20,10 @@ namespace Coscine.Api.Project.Tests
        public void TestGettingFields()
        {
            var actionResult = Controller.Fields(Resources[0].Type.Id.ToString());
-            Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+            Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));

-            OkObjectResult okObjectResult = (OkObjectResult)actionResult;
-            List<string> fields = (List<string>) okObjectResult.Value;
+            JsonResult result = (JsonResult)actionResult;
+            List<string> fields = (List<string>) result.Value;
            if(fields.Count() == 2)
            {
                Assert.IsTrue(fields[0] == "BucketName");

--- a/src/Project.Tests/app.config
+++ b/src/Project.Tests/app.config
@@ -88,7 +88,7 @@
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Coscine.Database" publicKeyToken="767d77427707b70a" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.12.1.0" newVersion="1.12.1.0" />
+        <bindingRedirect oldVersion="0.0.0.0-1.13.0.0" newVersion="1.13.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -142,6 +142,10 @@
        <assemblyIdentity name="Coscine.Logging" publicKeyToken="e1ed402bc3f6525e" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-1.0.1.0" newVersion="1.0.1.0" />
      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.6.0.0" newVersion="5.6.0.0" />
+      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>

--- a/src/Project.Tests/packages.config
+++ b/src/Project.Tests/packages.config
@@ -4,10 +4,10 @@
  <package id="AutoMapper.Extensions.Microsoft.DependencyInjection" version="6.0.0" targetFramework="net472" />
  <package id="Castle.Core" version="4.4.0" targetFramework="net472" />
  <package id="Consul" version="0.7.2.6" targetFramework="net472" />
-  <package id="Coscine.Action" version="1.7.0" targetFramework="net472" />
-  <package id="Coscine.ApiCommons" version="1.3.1" targetFramework="net472" />
+  <package id="Coscine.Action" version="1.7.1" targetFramework="net472" />
+  <package id="Coscine.ApiCommons" version="1.4.0" targetFramework="net472" />
  <package id="Coscine.Configuration" version="1.4.0" targetFramework="net472" />
-  <package id="Coscine.Database" version="1.12.1" targetFramework="net472" />
+  <package id="Coscine.Database" version="1.13.0" targetFramework="net472" />
  <package id="Coscine.Logging" version="1.0.1" targetFramework="net472" />
  <package id="Coscine.ProxyApi" version="1.2.0" targetFramework="net472" />
  <package id="Coscine.SharePoint.Webparts.Vue" version="1.4.0" targetFramework="net472" />
@@ -22,8 +22,10 @@
  <package id="Metadata" version="1.0.0" targetFramework="net472" />
  <package id="Microsoft.AspNetCore" version="2.2.0" targetFramework="net472" />
  <package id="Microsoft.AspNetCore.Antiforgery" version="2.2.0" targetFramework="net472" />
+  <package id="Microsoft.AspNetCore.Authentication" version="2.2.0" targetFramework="net472" />
  <package id="Microsoft.AspNetCore.Authentication.Abstractions" version="2.2.0" targetFramework="net472" />
  <package id="Microsoft.AspNetCore.Authentication.Core" version="2.2.0" targetFramework="net472" />
+  <package id="Microsoft.AspNetCore.Authentication.JwtBearer" version="2.2.0" targetFramework="net472" />
  <package id="Microsoft.AspNetCore.Authorization" version="2.2.0" targetFramework="net472" />
  <package id="Microsoft.AspNetCore.Authorization.Policy" version="2.2.0" targetFramework="net472" />
  <package id="Microsoft.AspNetCore.Connections.Abstractions" version="2.2.0" targetFramework="net472" />
@@ -115,6 +117,8 @@
  <package id="Microsoft.IdentityModel" version="7.0.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.JsonWebTokens" version="5.6.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Logging" version="5.6.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Protocols" version="5.3.0" targetFramework="net472" />
+  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="5.3.0" targetFramework="net472" />
  <package id="Microsoft.IdentityModel.Tokens" version="5.6.0" targetFramework="net472" />
  <package id="Microsoft.Net.Http.Headers" version="2.2.0" targetFramework="net472" />
  <package id="Microsoft.Win32.Registry" version="4.5.0" targetFramework="net472" />

--- a/src/Project/App.config
+++ b/src/Project/App.config
@@ -91,7 +91,7 @@
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Coscine.Database" publicKeyToken="767d77427707b70a" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.12.1.0" newVersion="1.12.1.0" />
+        <bindingRedirect oldVersion="0.0.0.0-1.13.0.0" newVersion="1.13.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -145,6 +145,10 @@
        <assemblyIdentity name="Coscine.Logging" publicKeyToken="e1ed402bc3f6525e" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-1.0.1.0" newVersion="1.0.1.0" />
      </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.6.0.0" newVersion="5.6.0.0" />
+      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>

--- a/src/Project/Controllers/DataSourceController.cs
+++ b/src/Project/Controllers/DataSourceController.cs
@@ -5,6 +5,7 @@ using Coscine.ApiCommons.Factories;
 using Coscine.ApiCommons.Utils;
 using Coscine.Configuration;
 using Coscine.Database.Model;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Newtonsoft.Json.Linq;
 using System;
@@ -22,6 +23,7 @@ using System.Web;

 namespace Coscine.Api.Project.Controllers
 {
+    [Authorize]
    public class DataSourceController : Controller
    {
        private readonly IConfiguration _configuration;
@@ -30,6 +32,7 @@ namespace Coscine.Api.Project.Controllers
        private static readonly HttpClient Client;
        private readonly Authenticator _authenticator;
        private readonly ResourceModel _resourceModel;
+        private readonly ProjectModel _projectModel;

        static DataSourceController()
        {
@@ -45,6 +48,7 @@ namespace Coscine.Api.Project.Controllers
            _jwtHandler = new JWTHandler(_configuration);
            _authenticator = new Authenticator(this, _configuration);
            _resourceModel = new ResourceModel();
+            _projectModel = new ProjectModel();
        }

        // inferring a ../ (urlencoded) can manipulate the url.
@@ -53,6 +57,8 @@ namespace Coscine.Api.Project.Controllers
        [HttpGet("[controller]/{resourceId}/{path}")]
        public async Task<IActionResult> GetWaterButlerFolder(string resourceId, string path)
        {
+            var user = _authenticator.GetUser();
+
            if (!string.IsNullOrWhiteSpace(path))
            {
                path = HttpUtility.UrlDecode(path);
@@ -64,6 +70,11 @@ namespace Coscine.Api.Project.Controllers
                return check;
            }

+            if (!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
+            {
+                return BadRequest("User does not have permission to the resource.");
+            }
+
            var authHeader = BuildAuthHeader(resource);

            if (authHeader == null)
@@ -107,6 +118,9 @@ namespace Coscine.Api.Project.Controllers
        [DisableRequestSizeLimit]
        public async Task<IActionResult> PutUploadFile(string resourceId, string path)
        {
+            var user = _authenticator.GetUser();
+
+
            if (!string.IsNullOrWhiteSpace(path))
            {
                path = HttpUtility.UrlDecode(path);
@@ -118,6 +132,11 @@ namespace Coscine.Api.Project.Controllers
                return check;
            }

+            if(!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
+            {
+                return BadRequest("User does not have permission to the resource.");
+            }
+
            var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });

            if (authHeader == null)
@@ -156,6 +175,8 @@ namespace Coscine.Api.Project.Controllers
        [DisableRequestSizeLimit]
        public async Task<IActionResult> PutUpdateFile(string resourceId, string path)
        {
+            var user = _authenticator.GetUser();
+
            if (!string.IsNullOrWhiteSpace(path))
            {
                path = HttpUtility.UrlDecode(path);
@@ -167,6 +188,11 @@ namespace Coscine.Api.Project.Controllers
                return check;
            }

+            if (!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
+            {
+                return BadRequest("User does not have permission to the resource.");
+            }
+
            var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });

            if (authHeader == null)
@@ -220,7 +246,7 @@ namespace Coscine.Api.Project.Controllers
                return resource["type"]["displayName"].ToString().ToLower();
            }
        }
-        
+

        public async Task<HttpResponseMessage> UploadFile(string url, string authHeader, Stream stream)
        {
@@ -233,6 +259,8 @@ namespace Coscine.Api.Project.Controllers
        [HttpDelete("[controller]/{resourceId}/{path}")]
        public async Task<IActionResult> Delete(string resourceId, string path)
        {
+            var user = _authenticator.GetUser();
+
            if (!string.IsNullOrWhiteSpace(path))
            {
                path = HttpUtility.UrlDecode(path);
@@ -244,6 +272,11 @@ namespace Coscine.Api.Project.Controllers
                return check;
            }

+            if (!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
+            {
+                return BadRequest("User does not have permission to the resource.");
+            }
+
            var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });

            if (authHeader == null)
@@ -286,7 +319,6 @@ namespace Coscine.Api.Project.Controllers

            JToken resource = ObjectFactory<JToken>.DeserializeFromStream(Request.Body);

-
            string authHeader = null;
            if (resource["type"]["displayName"].ToString().ToLower() == "s3")
            {
@@ -298,10 +330,12 @@ namespace Coscine.Api.Project.Controllers
            }
            else if (resource["type"]["displayName"].ToString().ToLower() == "gitlab")
            {
-                GitlabResourceType gitlabResourceType = new GitlabResourceType();
-                gitlabResourceType.RepositoryNumber = (int)resource["resourceTypeOption"]["RepositoryNumber"];
-                gitlabResourceType.RepositoryUrl = resource["resourceTypeOption"]["RepositoryUrl"].ToString();
-                gitlabResourceType.Token = resource["resourceTypeOption"]["Token"].ToString();
+                GitlabResourceType gitlabResourceType = new GitlabResourceType
+                {
+                    RepositoryNumber = (int)resource["resourceTypeOption"]["RepositoryNumber"],
+                    RepositoryUrl = resource["resourceTypeOption"]["RepositoryUrl"].ToString(),
+                    Token = resource["resourceTypeOption"]["Token"].ToString()
+                };
                authHeader = BuildGitlabAuthHeader(gitlabResourceType);
            }

@@ -374,7 +408,7 @@ namespace Coscine.Api.Project.Controllers
            {
                return BadRequest($"{resourceId} is not a guid.");
            }
-            
+
            try
            {
                resource = _resourceModel.GetById(resourceGuid);
@@ -382,11 +416,6 @@ namespace Coscine.Api.Project.Controllers
                {
                    return NotFound($"Could not find resource with id: {resourceId}");
                }
-                var user = _authenticator.GetUserFromToken();
-                if (!_resourceModel.OwnsResource(user, resource))
-                {
-                    return Forbid($"The user does not own the resource {resourceId}");
-                }
            }
            catch (Exception)
            {

--- a/src/Project/Controllers/DisciplineController.cs
+++ b/src/Project/Controllers/DisciplineController.cs
 using Coscine.Api.Project.Models;
 using Coscine.Api.Project.ReturnObjects;
-using Coscine.ApiCommons;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using System;
-using System.Collections.Generic;
 using System.Linq;
-using System.Text;
-using System.Threading.Tasks;

 namespace Coscine.Api.Project.Controllers
 {
+    [Authorize]
    public class DisciplineController : Controller
    {
-        private readonly Authenticator _authenticator;
        private readonly DisciplineModel _disciplineModel;

        public DisciplineController()
        {
-            _authenticator = new Authenticator(this, Program.Configuration);
            _disciplineModel = new DisciplineModel();
        }

        [Route("[controller]")]
        public IActionResult Index()
        {
-            return Ok(_authenticator.ValidateAndExecute((user) =>
-            {
-                return _disciplineModel.GetAll().OrderBy(discipline => discipline.DisplayNameDe.Substring(discipline.DisplayNameDe.Length - 3)).Select((discipline) => new DisciplineObject(discipline.Id, discipline.Url, discipline.DisplayNameDe, discipline.DisplayNameEn));
-            }));
+            return Json(_disciplineModel.GetAll()
+                .OrderBy(discipline => discipline.DisplayNameDe.Substring(discipline.DisplayNameDe.Length - 3))
+                .Select((discipline) => new DisciplineObject(discipline.Id, discipline.Url, discipline.DisplayNameDe, discipline.DisplayNameEn)));
        }
    }
 }
--- a/src/Project/Controllers/InstituteController.cs
+++ b/src/Project/Controllers/InstituteController.cs
 using Coscine.Api.Project.Models;
 using Coscine.Api.Project.ReturnObjects;
-using Coscine.ApiCommons;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using System;
-using System.Collections.Generic;
 using System.Linq;
-using System.Text;
-using System.Threading.Tasks;

 namespace Coscine.Api.Project.Controllers
 {
+    [Authorize]
    public class InstituteController : Controller
    {
-        private readonly Authenticator _authenticator;
        private readonly InstituteModel _instituteModel;

        public InstituteController()
        {
-            _authenticator = new Authenticator(this, Program.Configuration);
            _instituteModel = new InstituteModel();
        }

        [Route("[controller]")]
        public IActionResult Index()
        {
-            return Ok(_authenticator.ValidateAndExecute((user) =>
-            {
-                return _instituteModel.GetAll().Select((institute) => new InstituteObject(institute.Id, institute.IKZ, institute.DisplayName));
-            }));