From 9f1b6ccf9dbc6831b29ace182d2e5799fc213afa Mon Sep 17 00:00:00 2001
From: Marcel Nellesen <nellesen@itc.rwth-aachen.de>
Date: Mon, 20 Jan 2020 13:08:22 +0100
Subject: [PATCH] New: Included the ResourceCreator Role (coscine/issues#530)
New: Included Search Api (coscine/issues#533) New: Included metadata in the
resource view (coscine/issues#566) New: Corrected user authentication
(coscine/issues#529)
---
src/Project.Tests/DefaultControllerTests.cs | 6 +
src/Project.Tests/Project.Tests.csproj | 24 +-
src/Project.Tests/ProjectControllerTests.cs | 55 ++--
src/Project.Tests/ResourceControllerTests.cs | 35 +--
.../ResourceTypeControllerTests.cs | 6 +-
src/Project.Tests/app.config | 6 +-
src/Project.Tests/packages.config | 10 +-
src/Project/App.config | 6 +-
.../Controllers/DataSourceController.cs | 53 +++-
.../Controllers/DisciplineController.cs | 16 +-
.../Controllers/InstituteController.cs | 15 +-
src/Project/Controllers/LicenseController.cs | 15 +-
src/Project/Controllers/MetadataController.cs | 229 +++++++++--------
src/Project/Controllers/ProjectController.cs | 197 +++++++-------
.../Controllers/ProjectRoleController.cs | 180 +++++++------
src/Project/Controllers/ResourceController.cs | 155 +++++------
.../Controllers/ResourceTypeController.cs | 31 +--
src/Project/Controllers/RoleController.cs | 15 +-
src/Project/Controllers/SearchController.cs | 242 ++++++++++++++----
.../Controllers/SubProjectController.cs | 32 +--
.../Controllers/VisibilityController.cs | 15 +-
src/Project/Models/MetadataModel.cs | 25 --
src/Project/Models/ProjectModel.cs | 42 +--
src/Project/Models/ResourceModel.cs | 29 ++-
src/Project/Project.csproj | 26 +-
src/Project/ReturnObjects/ResourceObject.cs | 5 +-
src/Project/UserRoles.cs | 8 +
src/Project/packages.config | 10 +-
28 files changed, 833 insertions(+), 655 deletions(-)
create mode 100644 src/Project/UserRoles.cs
diff --git a/src/Project.Tests/DefaultControllerTests.cs b/src/Project.Tests/DefaultControllerTests.cs
index 1a1c179..2869e18 100644
--- a/src/Project.Tests/DefaultControllerTests.cs
+++ b/src/Project.Tests/DefaultControllerTests.cs
@@ -13,6 +13,7 @@ using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Management;
+using System.Security.Claims;
namespace Coscine.Api.Project.Tests
{
@@ -257,6 +258,11 @@ namespace Coscine.Api.Project.Tests
var context = new Mock<HttpContext>();
context.SetupGet(x => x.Request).Returns(request.Object);
+ var claimsPrincipal = new Mock<ClaimsPrincipal>();
+ Claim claim = new Claim("UserID", user.Id.ToString());
+ context.SetupGet(x => x.User).Returns(claimsPrincipal.Object);
+ context.Setup(x => x.User.FindFirst("UserID")).Returns(claim);
+
if (stream != null)
{
context.SetupGet(x => x.Request.Method).Returns("POST");
diff --git a/src/Project.Tests/Project.Tests.csproj b/src/Project.Tests/Project.Tests.csproj
index 133c2c6..2c54126 100644
--- a/src/Project.Tests/Project.Tests.csproj
+++ b/src/Project.Tests/Project.Tests.csproj
@@ -56,17 +56,17 @@
<Reference Include="Consul, Version=0.7.2.6, Culture=neutral, PublicKeyToken=20a6ad9a81df1d95, processorArchitecture=MSIL">
<HintPath>..\packages\Consul.0.7.2.6\lib\net45\Consul.dll</HintPath>
</Reference>
- <Reference Include="Coscine.Action, Version=1.7.0.0, Culture=neutral, processorArchitecture=AMD64">
- <HintPath>..\packages\Coscine.Action.1.7.0\lib\net461\Coscine.Action.dll</HintPath>
+ <Reference Include="Coscine.Action, Version=1.7.1.0, Culture=neutral, processorArchitecture=AMD64">
+ <HintPath>..\packages\Coscine.Action.1.7.1\lib\net461\Coscine.Action.dll</HintPath>
</Reference>
- <Reference Include="Coscine.ApiCommons, Version=1.3.1.0, Culture=neutral, PublicKeyToken=af4c1345df96546b, processorArchitecture=MSIL">
- <HintPath>..\packages\Coscine.ApiCommons.1.3.1\lib\net461\Coscine.ApiCommons.dll</HintPath>
+ <Reference Include="Coscine.ApiCommons, Version=1.4.0.0, Culture=neutral, PublicKeyToken=af4c1345df96546b, processorArchitecture=MSIL">
+ <HintPath>..\packages\Coscine.ApiCommons.1.4.0\lib\net461\Coscine.ApiCommons.dll</HintPath>
</Reference>
<Reference Include="Coscine.Configuration, Version=1.4.0.0, Culture=neutral, PublicKeyToken=ce3d7a32d7dc1e5a, processorArchitecture=MSIL">
<HintPath>..\packages\Coscine.Configuration.1.4.0\lib\net461\Coscine.Configuration.dll</HintPath>
</Reference>
- <Reference Include="Coscine.Database, Version=1.12.1.0, Culture=neutral, PublicKeyToken=767d77427707b70a, processorArchitecture=MSIL">
- <HintPath>..\packages\Coscine.Database.1.12.1\lib\net461\Coscine.Database.dll</HintPath>
+ <Reference Include="Coscine.Database, Version=1.13.0.0, Culture=neutral, PublicKeyToken=767d77427707b70a, processorArchitecture=MSIL">
+ <HintPath>..\packages\Coscine.Database.1.13.0\lib\net461\Coscine.Database.dll</HintPath>
</Reference>
<Reference Include="Coscine.Logging, Version=1.0.1.0, Culture=neutral, PublicKeyToken=e1ed402bc3f6525e, processorArchitecture=MSIL">
<HintPath>..\packages\Coscine.Logging.1.0.1\lib\net461\Coscine.Logging.dll</HintPath>
@@ -107,12 +107,18 @@
<Reference Include="Microsoft.AspNetCore.Antiforgery, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.AspNetCore.Antiforgery.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Antiforgery.dll</HintPath>
</Reference>
+ <Reference Include="Microsoft.AspNetCore.Authentication, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
+ <HintPath>..\packages\Microsoft.AspNetCore.Authentication.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.dll</HintPath>
+ </Reference>
<Reference Include="Microsoft.AspNetCore.Authentication.Abstractions, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.AspNetCore.Authentication.Abstractions.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.Abstractions.dll</HintPath>
</Reference>
<Reference Include="Microsoft.AspNetCore.Authentication.Core, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.AspNetCore.Authentication.Core.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.Core.dll</HintPath>
</Reference>
+ <Reference Include="Microsoft.AspNetCore.Authentication.JwtBearer, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
+ <HintPath>..\packages\Microsoft.AspNetCore.Authentication.JwtBearer.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.JwtBearer.dll</HintPath>
+ </Reference>
<Reference Include="Microsoft.AspNetCore.Authorization, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.AspNetCore.Authorization.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authorization.dll</HintPath>
</Reference>
@@ -371,6 +377,12 @@
<Reference Include="Microsoft.IdentityModel.Logging, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.Logging.5.6.0\lib\net461\Microsoft.IdentityModel.Logging.dll</HintPath>
</Reference>
+ <Reference Include="Microsoft.IdentityModel.Protocols, Version=5.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+ <HintPath>..\packages\Microsoft.IdentityModel.Protocols.5.3.0\lib\net461\Microsoft.IdentityModel.Protocols.dll</HintPath>
+ </Reference>
+ <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=5.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+ <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.5.3.0\lib\net461\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
+ </Reference>
<Reference Include="Microsoft.IdentityModel.Tokens, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.Tokens.5.6.0\lib\net461\Microsoft.IdentityModel.Tokens.dll</HintPath>
</Reference>
diff --git a/src/Project.Tests/ProjectControllerTests.cs b/src/Project.Tests/ProjectControllerTests.cs
index d779293..968f1e6 100644
--- a/src/Project.Tests/ProjectControllerTests.cs
+++ b/src/Project.Tests/ProjectControllerTests.cs
@@ -25,8 +25,8 @@ namespace Coscine.Api.Project.Tests
public void OwnsTest()
{
ProjectModel projectModel = new ProjectModel();
- Assert.IsTrue(projectModel.OwnsProject(Users[0], Projects[0]));
- Assert.IsFalse(projectModel.OwnsProject(Users[0], Projects[1]));
+ Assert.IsTrue(projectModel.HasAccess(Users[0], Projects[0], UserRoles.Owner));
+ Assert.IsFalse(projectModel.HasAccess(Users[0], Projects[1], UserRoles.Owner));
var all = projectModel.GetAllWhere((project) =>
(from projectRole in project.ProjectRolesProjectIdIds
@@ -87,15 +87,8 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
- try
- {
- Controller.Update(Projects[1].Id.ToString());
- Assert.Fail();
- }
- catch (Exception e)
- {
- Assert.IsTrue(e.GetType() == typeof(NotAuthorizedException));
- }
+ actionResult = Controller.Update(Projects[1].Id.ToString());
+ Assert.IsTrue(actionResult.GetType() == typeof(UnauthorizedObjectResult));
// Cleanup
stream.Close();
@@ -114,12 +107,12 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
var actionResult = Controller.Store();
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
- OkObjectResult okObjectResult = (OkObjectResult)actionResult;
- Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ProjectObject));
+ JsonResult jsonResult = (JsonResult)actionResult;
+ Assert.IsTrue(jsonResult.Value.GetType() == typeof(ProjectObject));
- ProjectObject createdProjectObject = (ProjectObject)okObjectResult.Value;
+ ProjectObject createdProjectObject = (ProjectObject)jsonResult.Value;
Assert.IsTrue(createdProjectObject.Description == newProjectObject.Description);
Assert.IsTrue(createdProjectObject.DisplayName == newProjectObject.DisplayName);
@@ -149,12 +142,12 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
var actionResult = Controller.Store();
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
- OkObjectResult okObjectResult = (OkObjectResult)actionResult;
- Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ProjectObject));
+ JsonResult result = (JsonResult)actionResult;
+ Assert.IsTrue(result.Value.GetType() == typeof(ProjectObject));
- ProjectObject createdProjectObject = (ProjectObject)okObjectResult.Value;
+ ProjectObject createdProjectObject = (ProjectObject)result.Value;
stream.Close();
stream = ObjectFactory<ProjectObject>.SerializeToStream(createdProjectObject);
@@ -162,10 +155,10 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
actionResult = Controller.Delete(createdProjectObject.Id.ToString());
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
- okObjectResult = (OkObjectResult)actionResult;
- Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ProjectObject));
+ result = (JsonResult)actionResult;
+ Assert.IsTrue(result.Value.GetType() == typeof(ProjectObject));
stream.Close();
}
@@ -184,8 +177,8 @@ namespace Coscine.Api.Project.Tests
var actionResult = Controller.Store();
- OkObjectResult okObjectResult = (OkObjectResult)actionResult;
- ProjectObject createdProjectObject = (ProjectObject)okObjectResult.Value;
+ JsonResult result = (JsonResult)actionResult;
+ ProjectObject createdProjectObject = (ProjectObject)result.Value;
stream.Close();
newProjectObject = new ProjectObject(Guid.NewGuid(), "NewProject", "NewDisplayName", DateTime.Now, DateTime.Now.AddYears(1), "test2;test3", "abc", "investigator", "grandId",
@@ -205,10 +198,10 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
actionResult = Controller.Delete(createdProjectObject.Id.ToString());
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
- okObjectResult = (OkObjectResult)actionResult;
- Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ProjectObject));
+ result = (JsonResult)actionResult;
+ Assert.IsTrue(result.Value.GetType() == typeof(ProjectObject));
stream.Close();
}
@@ -225,8 +218,8 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
var actionResult = Controller.Store();
- OkObjectResult okObjectResult = (OkObjectResult)actionResult;
- ProjectObject createdProjectObject = (ProjectObject)okObjectResult.Value;
+ JsonResult result = (JsonResult)actionResult;
+ ProjectObject createdProjectObject = (ProjectObject)result.Value;
ProjectObject newSubProjectObject = new ProjectObject(Guid.NewGuid(), "NewSubProject", "NewDisplayNameSub", DateTime.Now, DateTime.Now.AddYears(1), "test2;test3", "abc", "investigator", "grandId",
new List<DisciplineObject>() { new DisciplineObject(Discipline.Id, Discipline.Url, Discipline.DisplayNameDe, Discipline.DisplayNameEn) },
@@ -238,8 +231,8 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], subStream);
var subActionResult = Controller.Store();
- OkObjectResult okSubObjectResult = (OkObjectResult)subActionResult;
- ProjectObject createdSubProjectObject = (ProjectObject)okSubObjectResult.Value;
+ JsonResult resultSubProject = (JsonResult)subActionResult;
+ ProjectObject createdSubProjectObject = (ProjectObject)resultSubProject.Value;
SubProjectModel subProjectModel = new SubProjectModel();
var subProjects = subProjectModel.GetAllWhere((x) => x.ProjectId == createdProjectObject.Id);
diff --git a/src/Project.Tests/ResourceControllerTests.cs b/src/Project.Tests/ResourceControllerTests.cs
index 869a440..b69ef09 100644
--- a/src/Project.Tests/ResourceControllerTests.cs
+++ b/src/Project.Tests/ResourceControllerTests.cs
@@ -23,19 +23,19 @@ namespace Coscine.Api.Project.Tests
public void TestControllerIndex()
{
var actionResult = Controller.Index();
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
}
[Test]
public void TestControllerGet()
{
var actionResult = Controller.Get(Resources[0].Id.ToString());
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
- OkObjectResult okObjectResult = (OkObjectResult)actionResult;
- Assert.IsTrue(okObjectResult.Value.GetType() == typeof(ResourceObject));
+ JsonResult result = (JsonResult)actionResult;
+ Assert.IsTrue(result.Value.GetType() == typeof(ResourceObject));
- ResourceObject resourceObject = (ResourceObject)okObjectResult.Value;
+ ResourceObject resourceObject = (ResourceObject)result.Value;
Assert.IsTrue(resourceObject.Id == Resources[0].Id);
Assert.IsTrue(resourceObject.DisplayName == Resources[0].DisplayName);
@@ -49,8 +49,8 @@ namespace Coscine.Api.Project.Tests
public void TestControllerUpdate()
{
var actionResult = Controller.Get(Resources[0].Id.ToString());
- OkObjectResult okObjectResult = (OkObjectResult)actionResult;
- ResourceObject resourceObject = (ResourceObject)okObjectResult.Value;
+ JsonResult result = (JsonResult)actionResult;
+ ResourceObject resourceObject = (ResourceObject)result.Value;
resourceObject.DisplayName = "OtherName";
resourceObject.ResourceTypeOption = JObject.FromObject(new RDSResourceTypeObject(Guid.NewGuid(), "PITLABTTEST", 0));
@@ -60,7 +60,7 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
actionResult = Controller.Update(Resources[0].Id.ToString());
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
// Cleanup
stream.Close();
@@ -69,15 +69,8 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
- try
- {
- Controller.Update(Resources[1].Id.ToString());
- Assert.Fail();
- }
- catch (Exception e)
- {
- Assert.IsTrue(e.GetType() == typeof(NotAuthorizedException));
- }
+ actionResult = Controller.Update(Resources[1].Id.ToString());
+ Assert.IsTrue(actionResult.GetType() == typeof(UnauthorizedObjectResult));
// Cleanup
stream.Close();
@@ -107,9 +100,9 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
var actionResult = Controller.StoreToProject(Projects[0].Id.ToString());
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
- OkObjectResult okObjectResult = (OkObjectResult)actionResult;
- resourceObject = (ResourceObject)okObjectResult.Value;
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
+ JsonResult result = (JsonResult)actionResult;
+ resourceObject = (ResourceObject)result.Value;
// Cleanup
stream.Close();
@@ -119,7 +112,7 @@ namespace Coscine.Api.Project.Tests
FakeControllerContext(Users[0], stream);
actionResult = Controller.Delete(resourceObject.Id.ToString());
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
stream.Close();
}
diff --git a/src/Project.Tests/ResourceTypeControllerTests.cs b/src/Project.Tests/ResourceTypeControllerTests.cs
index e8cc2aa..69dc700 100644
--- a/src/Project.Tests/ResourceTypeControllerTests.cs
+++ b/src/Project.Tests/ResourceTypeControllerTests.cs
@@ -20,10 +20,10 @@ namespace Coscine.Api.Project.Tests
public void TestGettingFields()
{
var actionResult = Controller.Fields(Resources[0].Type.Id.ToString());
- Assert.IsTrue(actionResult.GetType() == typeof(OkObjectResult));
+ Assert.IsTrue(actionResult.GetType() == typeof(JsonResult));
- OkObjectResult okObjectResult = (OkObjectResult)actionResult;
- List<string> fields = (List<string>) okObjectResult.Value;
+ JsonResult result = (JsonResult)actionResult;
+ List<string> fields = (List<string>) result.Value;
if(fields.Count() == 2)
{
Assert.IsTrue(fields[0] == "BucketName");
diff --git a/src/Project.Tests/app.config b/src/Project.Tests/app.config
index 70c2da4..8187397 100644
--- a/src/Project.Tests/app.config
+++ b/src/Project.Tests/app.config
@@ -88,7 +88,7 @@
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Coscine.Database" publicKeyToken="767d77427707b70a" culture="neutral" />
- <bindingRedirect oldVersion="0.0.0.0-1.12.1.0" newVersion="1.12.1.0" />
+ <bindingRedirect oldVersion="0.0.0.0-1.13.0.0" newVersion="1.13.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -142,6 +142,10 @@
<assemblyIdentity name="Coscine.Logging" publicKeyToken="e1ed402bc3f6525e" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.0.1.0" newVersion="1.0.1.0" />
</dependentAssembly>
+ <dependentAssembly>
+ <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+ <bindingRedirect oldVersion="0.0.0.0-5.6.0.0" newVersion="5.6.0.0" />
+ </dependentAssembly>
</assemblyBinding>
</runtime>
<entityFramework>
diff --git a/src/Project.Tests/packages.config b/src/Project.Tests/packages.config
index c20bc53..034f6f4 100644
--- a/src/Project.Tests/packages.config
+++ b/src/Project.Tests/packages.config
@@ -4,10 +4,10 @@
<package id="AutoMapper.Extensions.Microsoft.DependencyInjection" version="6.0.0" targetFramework="net472" />
<package id="Castle.Core" version="4.4.0" targetFramework="net472" />
<package id="Consul" version="0.7.2.6" targetFramework="net472" />
- <package id="Coscine.Action" version="1.7.0" targetFramework="net472" />
- <package id="Coscine.ApiCommons" version="1.3.1" targetFramework="net472" />
+ <package id="Coscine.Action" version="1.7.1" targetFramework="net472" />
+ <package id="Coscine.ApiCommons" version="1.4.0" targetFramework="net472" />
<package id="Coscine.Configuration" version="1.4.0" targetFramework="net472" />
- <package id="Coscine.Database" version="1.12.1" targetFramework="net472" />
+ <package id="Coscine.Database" version="1.13.0" targetFramework="net472" />
<package id="Coscine.Logging" version="1.0.1" targetFramework="net472" />
<package id="Coscine.ProxyApi" version="1.2.0" targetFramework="net472" />
<package id="Coscine.SharePoint.Webparts.Vue" version="1.4.0" targetFramework="net472" />
@@ -22,8 +22,10 @@
<package id="Metadata" version="1.0.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Antiforgery" version="2.2.0" targetFramework="net472" />
+ <package id="Microsoft.AspNetCore.Authentication" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Authentication.Abstractions" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Authentication.Core" version="2.2.0" targetFramework="net472" />
+ <package id="Microsoft.AspNetCore.Authentication.JwtBearer" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Authorization" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Authorization.Policy" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Connections.Abstractions" version="2.2.0" targetFramework="net472" />
@@ -115,6 +117,8 @@
<package id="Microsoft.IdentityModel" version="7.0.0" targetFramework="net472" />
<package id="Microsoft.IdentityModel.JsonWebTokens" version="5.6.0" targetFramework="net472" />
<package id="Microsoft.IdentityModel.Logging" version="5.6.0" targetFramework="net472" />
+ <package id="Microsoft.IdentityModel.Protocols" version="5.3.0" targetFramework="net472" />
+ <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="5.3.0" targetFramework="net472" />
<package id="Microsoft.IdentityModel.Tokens" version="5.6.0" targetFramework="net472" />
<package id="Microsoft.Net.Http.Headers" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.Win32.Registry" version="4.5.0" targetFramework="net472" />
diff --git a/src/Project/App.config b/src/Project/App.config
index 8eaea8c..bf476cf 100644
--- a/src/Project/App.config
+++ b/src/Project/App.config
@@ -91,7 +91,7 @@
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Coscine.Database" publicKeyToken="767d77427707b70a" culture="neutral" />
- <bindingRedirect oldVersion="0.0.0.0-1.12.1.0" newVersion="1.12.1.0" />
+ <bindingRedirect oldVersion="0.0.0.0-1.13.0.0" newVersion="1.13.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -145,6 +145,10 @@
<assemblyIdentity name="Coscine.Logging" publicKeyToken="e1ed402bc3f6525e" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.0.1.0" newVersion="1.0.1.0" />
</dependentAssembly>
+ <dependentAssembly>
+ <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+ <bindingRedirect oldVersion="0.0.0.0-5.6.0.0" newVersion="5.6.0.0" />
+ </dependentAssembly>
</assemblyBinding>
</runtime>
<entityFramework>
diff --git a/src/Project/Controllers/DataSourceController.cs b/src/Project/Controllers/DataSourceController.cs
index d594e88..7dd77b6 100644
--- a/src/Project/Controllers/DataSourceController.cs
+++ b/src/Project/Controllers/DataSourceController.cs
@@ -5,6 +5,7 @@ using Coscine.ApiCommons.Factories;
using Coscine.ApiCommons.Utils;
using Coscine.Configuration;
using Coscine.Database.Model;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json.Linq;
using System;
@@ -22,6 +23,7 @@ using System.Web;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class DataSourceController : Controller
{
private readonly IConfiguration _configuration;
@@ -30,6 +32,7 @@ namespace Coscine.Api.Project.Controllers
private static readonly HttpClient Client;
private readonly Authenticator _authenticator;
private readonly ResourceModel _resourceModel;
+ private readonly ProjectModel _projectModel;
static DataSourceController()
{
@@ -45,6 +48,7 @@ namespace Coscine.Api.Project.Controllers
_jwtHandler = new JWTHandler(_configuration);
_authenticator = new Authenticator(this, _configuration);
_resourceModel = new ResourceModel();
+ _projectModel = new ProjectModel();
}
// inferring a ../ (urlencoded) can manipulate the url.
@@ -53,6 +57,8 @@ namespace Coscine.Api.Project.Controllers
[HttpGet("[controller]/{resourceId}/{path}")]
public async Task<IActionResult> GetWaterButlerFolder(string resourceId, string path)
{
+ var user = _authenticator.GetUser();
+
if (!string.IsNullOrWhiteSpace(path))
{
path = HttpUtility.UrlDecode(path);
@@ -64,6 +70,11 @@ namespace Coscine.Api.Project.Controllers
return check;
}
+ if (!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
+ {
+ return BadRequest("User does not have permission to the resource.");
+ }
+
var authHeader = BuildAuthHeader(resource);
if (authHeader == null)
@@ -107,6 +118,9 @@ namespace Coscine.Api.Project.Controllers
[DisableRequestSizeLimit]
public async Task<IActionResult> PutUploadFile(string resourceId, string path)
{
+ var user = _authenticator.GetUser();
+
+
if (!string.IsNullOrWhiteSpace(path))
{
path = HttpUtility.UrlDecode(path);
@@ -118,6 +132,11 @@ namespace Coscine.Api.Project.Controllers
return check;
}
+ if(!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
+ {
+ return BadRequest("User does not have permission to the resource.");
+ }
+
var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });
if (authHeader == null)
@@ -156,6 +175,8 @@ namespace Coscine.Api.Project.Controllers
[DisableRequestSizeLimit]
public async Task<IActionResult> PutUpdateFile(string resourceId, string path)
{
+ var user = _authenticator.GetUser();
+
if (!string.IsNullOrWhiteSpace(path))
{
path = HttpUtility.UrlDecode(path);
@@ -167,6 +188,11 @@ namespace Coscine.Api.Project.Controllers
return check;
}
+ if (!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
+ {
+ return BadRequest("User does not have permission to the resource.");
+ }
+
var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });
if (authHeader == null)
@@ -220,7 +246,7 @@ namespace Coscine.Api.Project.Controllers
return resource["type"]["displayName"].ToString().ToLower();
}
}
-
+
public async Task<HttpResponseMessage> UploadFile(string url, string authHeader, Stream stream)
{
@@ -233,6 +259,8 @@ namespace Coscine.Api.Project.Controllers
[HttpDelete("[controller]/{resourceId}/{path}")]
public async Task<IActionResult> Delete(string resourceId, string path)
{
+ var user = _authenticator.GetUser();
+
if (!string.IsNullOrWhiteSpace(path))
{
path = HttpUtility.UrlDecode(path);
@@ -244,6 +272,11 @@ namespace Coscine.Api.Project.Controllers
return check;
}
+ if (!_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
+ {
+ return BadRequest("User does not have permission to the resource.");
+ }
+
var authHeader = BuildAuthHeader(resource, new string[] { "gitlab" });
if (authHeader == null)
@@ -286,7 +319,6 @@ namespace Coscine.Api.Project.Controllers
JToken resource = ObjectFactory<JToken>.DeserializeFromStream(Request.Body);
-
string authHeader = null;
if (resource["type"]["displayName"].ToString().ToLower() == "s3")
{
@@ -298,10 +330,12 @@ namespace Coscine.Api.Project.Controllers
}
else if (resource["type"]["displayName"].ToString().ToLower() == "gitlab")
{
- GitlabResourceType gitlabResourceType = new GitlabResourceType();
- gitlabResourceType.RepositoryNumber = (int)resource["resourceTypeOption"]["RepositoryNumber"];
- gitlabResourceType.RepositoryUrl = resource["resourceTypeOption"]["RepositoryUrl"].ToString();
- gitlabResourceType.Token = resource["resourceTypeOption"]["Token"].ToString();
+ GitlabResourceType gitlabResourceType = new GitlabResourceType
+ {
+ RepositoryNumber = (int)resource["resourceTypeOption"]["RepositoryNumber"],
+ RepositoryUrl = resource["resourceTypeOption"]["RepositoryUrl"].ToString(),
+ Token = resource["resourceTypeOption"]["Token"].ToString()
+ };
authHeader = BuildGitlabAuthHeader(gitlabResourceType);
}
@@ -374,7 +408,7 @@ namespace Coscine.Api.Project.Controllers
{
return BadRequest($"{resourceId} is not a guid.");
}
-
+
try
{
resource = _resourceModel.GetById(resourceGuid);
@@ -382,11 +416,6 @@ namespace Coscine.Api.Project.Controllers
{
return NotFound($"Could not find resource with id: {resourceId}");
}
- var user = _authenticator.GetUserFromToken();
- if (!_resourceModel.OwnsResource(user, resource))
- {
- return Forbid($"The user does not own the resource {resourceId}");
- }
}
catch (Exception)
{
diff --git a/src/Project/Controllers/DisciplineController.cs b/src/Project/Controllers/DisciplineController.cs
index 62c1ea0..34ae92d 100644
--- a/src/Project/Controllers/DisciplineController.cs
+++ b/src/Project/Controllers/DisciplineController.cs
@@ -1,33 +1,27 @@
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
-using Coscine.ApiCommons;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
-using System;
-using System.Collections.Generic;
using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class DisciplineController : Controller
{
- private readonly Authenticator _authenticator;
private readonly DisciplineModel _disciplineModel;
public DisciplineController()
{
- _authenticator = new Authenticator(this, Program.Configuration);
_disciplineModel = new DisciplineModel();
}
[Route("[controller]")]
public IActionResult Index()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- return _disciplineModel.GetAll().OrderBy(discipline => discipline.DisplayNameDe.Substring(discipline.DisplayNameDe.Length - 3)).Select((discipline) => new DisciplineObject(discipline.Id, discipline.Url, discipline.DisplayNameDe, discipline.DisplayNameEn));
- }));
+ return Json(_disciplineModel.GetAll()
+ .OrderBy(discipline => discipline.DisplayNameDe.Substring(discipline.DisplayNameDe.Length - 3))
+ .Select((discipline) => new DisciplineObject(discipline.Id, discipline.Url, discipline.DisplayNameDe, discipline.DisplayNameEn)));
}
}
}
diff --git a/src/Project/Controllers/InstituteController.cs b/src/Project/Controllers/InstituteController.cs
index 7ef066f..2fff9d6 100644
--- a/src/Project/Controllers/InstituteController.cs
+++ b/src/Project/Controllers/InstituteController.cs
@@ -1,33 +1,26 @@
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
-using Coscine.ApiCommons;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
-using System;
-using System.Collections.Generic;
using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class InstituteController : Controller
{
- private readonly Authenticator _authenticator;
private readonly InstituteModel _instituteModel;
public InstituteController()
{
- _authenticator = new Authenticator(this, Program.Configuration);
_instituteModel = new InstituteModel();
}
[Route("[controller]")]
public IActionResult Index()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- return _instituteModel.GetAll().Select((institute) => new InstituteObject(institute.Id, institute.IKZ, institute.DisplayName));
- }));
+ return Json(_instituteModel.GetAll()
+ .Select((institute) => new InstituteObject(institute.Id, institute.IKZ, institute.DisplayName)));
}
}
}
diff --git a/src/Project/Controllers/LicenseController.cs b/src/Project/Controllers/LicenseController.cs
index 8856855..c4210d9 100644
--- a/src/Project/Controllers/LicenseController.cs
+++ b/src/Project/Controllers/LicenseController.cs
@@ -1,33 +1,26 @@
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
-using Coscine.ApiCommons;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
-using System;
-using System.Collections.Generic;
using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class LicenseController : Controller
{
- private readonly Authenticator _authenticator;
private readonly LicenseModel _licenseModel;
public LicenseController()
{
- _authenticator = new Authenticator(this, Program.Configuration);
_licenseModel = new LicenseModel();
}
[Route("[controller]")]
public IActionResult Index()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- return _licenseModel.GetAll().Select((license) => new LicenseObject(license.Id, license.DisplayName));
- }));
+ return Json(_licenseModel.GetAll()
+ .Select((license) => new LicenseObject(license.Id, license.DisplayName)));
}
}
}
diff --git a/src/Project/Controllers/MetadataController.cs b/src/Project/Controllers/MetadataController.cs
index 018a1da..8a69e4a 100644
--- a/src/Project/Controllers/MetadataController.cs
+++ b/src/Project/Controllers/MetadataController.cs
@@ -11,15 +11,18 @@ using VDS.RDF.Parsing;
using VDS.RDF;
using Metadata;
using System.Web;
-using System.IO;
+using Microsoft.AspNetCore.Authorization;
namespace Coscine.Api.Project.Controllers
{
+
+ [Authorize]
public class MetadataController : Controller
{
private readonly Authenticator _authenticator;
private readonly MetadataModel _metadataModel;
private readonly ResourceModel _resourceModel;
+ private readonly ProjectModel _projectModel;
private readonly Util _util;
public MetadataController()
@@ -27,31 +30,29 @@ namespace Coscine.Api.Project.Controllers
_authenticator = new Authenticator(this, Program.Configuration);
_metadataModel = new MetadataModel();
_resourceModel = new ResourceModel();
+ _projectModel = new ProjectModel();
_util = new Util();
}
[Route("[controller]")]
public IActionResult Index()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- return NoContent();
- }));
+ return NoContent();
}
// returns the basic application profile
[HttpGet("[controller]/resource/{projectId}/ap/{applicationProfileId}")]
public IActionResult GetApplicationProfile(Guid projectId, string applicationProfileId)
{
- var user = _authenticator.GetUserFromToken();
+ var user = _authenticator.GetUser();
- if (_metadataModel.IsProjectMember(user, projectId))
+ if (_projectModel.HasAccess(user, _projectModel.GetById(projectId), UserRoles.Owner, UserRoles.Member))
{
var graph = _util.GetGraph(HttpUtility.UrlDecode(applicationProfileId));
var json = JToken.Parse(VDS.RDF.Writing.StringWriter.Write(graph, new RdfJsonWriter()));
- return Ok(json);
+ return Json(json);
}
else
{
@@ -64,10 +65,10 @@ namespace Coscine.Api.Project.Controllers
[HttpGet("[controller]/resource/{resourceId}/apc/{applicationProfileId}")]
public IActionResult GetApplicationProfileComplete(string resourceId, string applicationProfileId)
{
- var user = _authenticator.GetUserFromToken();
+ var user = _authenticator.GetUser();
var resource = _resourceModel.GetById(Guid.Parse(resourceId));
- if (_metadataModel.IsProjectMember(user, resource) && applicationProfileId != null)
+ if (_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member) && applicationProfileId != null)
{
var graph = _util.GetGraph(HttpUtility.UrlDecode(applicationProfileId));
var fixedValuesGraph = new Graph();
@@ -90,150 +91,162 @@ namespace Coscine.Api.Project.Controllers
[HttpGet("[controller]/project/{projectId}/aplist/")]
public IActionResult ListAllApplicationProfiles(Guid projectId)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var user = _authenticator.GetUser();
+ if (_projectModel.HasAccess(user, _projectModel.GetById(projectId), UserRoles.Owner, UserRoles.Member))
{
- if (_metadataModel.IsProjectMember(user, projectId))
- {
- var graphUris = _util.ListGraphs();
+ var graphUris = _util.ListGraphs();
- return new JArray(graphUris.Select(x => x.ToString()).Where(x => x.StartsWith("https://purl.org/coscine/ap/")));
- }
- else
- {
- throw new NotAuthorizedException("User is no project member!");
- }
- }));
+ return Json(new JArray(graphUris.Select(x => x.ToString()).Where(x => x.StartsWith("https://purl.org/coscine/ap/"))));
+ }
+ else
+ {
+ throw new NotAuthorizedException("User is no project member!");
+ }
}
[HttpGet("[controller]/resource/{resourceId}/filename/{filename}/ver/{version}")]
public IActionResult GetMetadataForFile(string resourceId, string filename, string version)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var user = _authenticator.GetUser();
+ var resource = _resourceModel.GetById(Guid.Parse(resourceId));
+ if (_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
{
- var resource = _resourceModel.GetById(Guid.Parse(resourceId));
- if (_metadataModel.IsProjectMember(user, resource))
- {
- var id = _metadataModel.GenerateId(resourceId, filename, version);
- var graph = _util.GetGraph(id);
- return JToken.Parse(VDS.RDF.Writing.StringWriter.Write(graph, new RdfJsonWriter()));
- }
- else
- {
- throw new NotAuthorizedException("User is no project member!");
- }
- }));
+ var id = _metadataModel.GenerateId(resourceId, filename, version);
+ var graph = _util.GetGraph(id);
+ return Json(JToken.Parse(VDS.RDF.Writing.StringWriter.Write(graph, new RdfJsonWriter())).ToString());
+ }
+ else
+ {
+ throw new NotAuthorizedException("User is no project member!");
+ }
}
[HttpPut("[controller]/resource/{resourceId}/filename/{filename}/ver/{version}")]
public IActionResult StoreMetadataForFile(string resourceId, string filename, string version)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var innerBlock = ObjectFactory<JToken>.DeserializeFromStream(Request.Body);
+ var graphName = _metadataModel.GenerateId(resourceId, filename, version);
+ var graphNameUri = new Uri(graphName);
+ var json = new JObject
{
- var innerBlock = ObjectFactory<JToken>.DeserializeFromStream(Request.Body);
- var graphName = _metadataModel.GenerateId(resourceId, filename, version);
- var graphNameUri = new Uri(graphName);
- var json = new JObject
+ [graphName] = innerBlock
+ };
+
+ var user = _authenticator.GetUser();
+ var resource = _resourceModel.GetById(Guid.Parse(resourceId));
+
+ if (_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
+ {
+ json[graphName]["http://www.w3.org/1999/02/22-rdf-syntax-ns#type"] = new JArray
{
- [graphName] = innerBlock
+ new JObject
+ {
+ ["value"] = resource.ApplicationProfile.Substring(0, resource.ApplicationProfile.Length-1),
+ ["type"] = "uri"
+ }
};
-
- var resource = _resourceModel.GetById(Guid.Parse(resourceId));
- if (_metadataModel.IsProjectMember(user, resource))
+ // throw bad request if empty node value is detected
+ JToken root = json.First.First;
+ foreach (var node in root)
{
- var graph = new Graph();
- graph.LoadFromString(json.ToString(), new RdfJsonParser());
+ string nodeValue = node.First.First["value"].ToString().ToLower();
+ if (String.IsNullOrEmpty(nodeValue))
+ {
+ throw new ArgumentException("Empty values in application profile are not accepted.");
+ }
+ }
- var fixedValuesGraph = new Graph();
- fixedValuesGraph.LoadFromString(resource.FixedValues, new RdfJsonParser());
+ var graph = new Graph();
+ graph.LoadFromString(json.ToString(), new RdfJsonParser());
- foreach(var triple in fixedValuesGraph.Triples.Where(x => x.Predicate.ToString() == "https://purl.org/coscine/fixedValue"))
+ var fixedValuesGraph = new Graph();
+ fixedValuesGraph.LoadFromString(resource.FixedValues, new RdfJsonParser());
+
+ foreach(var triple in fixedValuesGraph.Triples.Where(x => x.Predicate.ToString() == "https://purl.org/coscine/fixedValue"))
+ {
+ // Remove any existing triples
+ foreach (var triple2 in graph.GetTriplesWithSubjectPredicate(graph.CreateUriNode(graphNameUri), triple.Subject).ToList())
{
- // Remove any existing triples
- foreach (var triple2 in graph.GetTriplesWithSubjectPredicate(graph.CreateUriNode(graphNameUri), triple.Subject).ToList())
- {
- graph.Retract(triple2);
- }
- graph.Assert(graph.CreateUriNode(graphNameUri), triple.Subject, triple.Object);
+ graph.Retract(triple2);
}
+ graph.Assert(graph.CreateUriNode(graphNameUri), triple.Subject, triple.Object);
+ }
- // Default values is not checked or added
+ // Default values is not checked or added
- // validate the data
- if (_util.ValidateShacl(graph, graphNameUri))
+ // validate the data
+ if (_util.ValidateShacl(graph, graphNameUri))
+ {
+ // store the data
+ if (_util.HasGraph(graphNameUri))
{
- // store the data
- if (_util.HasGraph(graphNameUri))
- {
- _util.ClearGraph(graphNameUri);
- }
- else
- {
- _util.CreateNamedGraph(graphNameUri);
- }
-
- // BaseUri must be set for the sparql query
- graph.BaseUri = graphNameUri;
- _util.AddGraph(graph);
-
- return NoContent();
+ _util.ClearGraph(graphNameUri);
}
else
{
- throw new NotAuthorizedException("Data has the wrong format!");
+ _util.CreateNamedGraph(graphNameUri);
}
+ // BaseUri must be set for the sparql query
+ graph.BaseUri = graphNameUri;
+ _util.AddGraph(graph);
+
+ return NoContent();
}
else
{
- throw new NotAuthorizedException("User is no project member!");
+ throw new NotAuthorizedException("Data has the wrong format!");
}
- }));
+
+ }
+ else
+ {
+ throw new NotAuthorizedException("User is no project member!");
+ }
}
[HttpGet("[controller]/vocabulary/{projectId}/{path}")]
public IActionResult GetVocabulary(Guid projectId, string path)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var user = _authenticator.GetUser();
+ if (_projectModel.HasAccess(user, _projectModel.GetById(projectId), UserRoles.Owner, UserRoles.Member))
{
- if (_metadataModel.IsProjectMember(user, projectId))
- {
- var graph = _util.GetGraph(HttpUtility.UrlDecode(path));
-
- JArray de = new JArray();
- foreach (var kv in _util.GetVocabularyLabels(graph, "de"))
- {
- JObject obj = new JObject
- {
- ["value"] = kv.Key,
- ["name"] = kv.Value
- };
- de.Add(obj);
- }
+ var graph = _util.GetGraph(HttpUtility.UrlDecode(path));
- JArray en = new JArray();
- foreach(var kv in _util.GetVocabularyLabels(graph, "en"))
+ var de = new JArray();
+ foreach (var kv in _util.GetVocabularyLabels(graph, "de"))
+ {
+ JObject obj = new JObject
{
- JObject obj = new JObject
- {
- ["value"] = kv.Key,
- ["name"] = kv.Value
- };
- en.Add(obj);
- }
+ ["value"] = kv.Key,
+ ["name"] = kv.Value
+ };
+ de.Add(obj);
+ }
- JObject json = new JObject
+ var en = new JArray();
+ foreach(var kv in _util.GetVocabularyLabels(graph, "en"))
+ {
+ JObject obj = new JObject
{
- ["de"] = de,
- ["en"] = en
+ ["value"] = kv.Key,
+ ["name"] = kv.Value
};
-
- return json;
+ en.Add(obj);
}
- else
+
+ JObject json = new JObject
{
- throw new NotAuthorizedException("User is no project member!");
- }
- }));
+ ["de"] = de,
+ ["en"] = en
+ };
+
+ return Json(json);
+ }
+ else
+ {
+ throw new NotAuthorizedException("User is no project member!");
+ }
}
}
diff --git a/src/Project/Controllers/ProjectController.cs b/src/Project/Controllers/ProjectController.cs
index d2a952b..a6dad85 100644
--- a/src/Project/Controllers/ProjectController.cs
+++ b/src/Project/Controllers/ProjectController.cs
@@ -1,20 +1,19 @@
using Coscine.Action;
using Coscine.Action.EventArgs;
-using Coscine.Action.Implementations.Project;
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons;
-using Coscine.ApiCommons.Exceptions;
using Coscine.ApiCommons.Factories;
-using Coscine.Database.Model;
using Microsoft.AspNetCore.Mvc;
using System;
-using System.Collections.Generic;
using System.Linq;
using Coscine.Configuration;
+using Microsoft.AspNetCore.Authorization;
+using System.Collections.Generic;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class ProjectController : Controller
{
private readonly Authenticator _authenticator;
@@ -27,105 +26,96 @@ namespace Coscine.Api.Project.Controllers
_authenticator = new Authenticator(this, Program.Configuration);
_configuration = Program.Configuration;
_projectModel = new ProjectModel();
- _emitter = new Emitter(this._configuration);
+ _emitter = new Emitter(_configuration);
}
[Route("[controller]")]
public IActionResult Index()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- return _projectModel.GetAllWhere((project) =>
- (from projectRole in project.ProjectRolesProjectIdIds
- where projectRole.User == user
- && projectRole.Role.DisplayName == "Owner"
- select projectRole).Any()
- ).Select((project) => _projectModel.CreateReturnObjectFromDatabaseObject(project));
- }));
+ var user = _authenticator.GetUser();
+
+ return Ok(_projectModel.GetWithAccess(user, UserRoles.Member, UserRoles.Owner).ToList()
+ .Select((project) => _projectModel.CreateReturnObjectFromDatabaseObject(project))
+ .OrderBy(element => element.DisplayName)
+ );
+
}
[HttpGet("[controller]/{id}")]
public IActionResult Get(string id)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- var project = _projectModel.GetById(Guid.Parse(id));
- if (_projectModel.CanSeeProject(user, project))
- {
- return _projectModel.CreateReturnObjectFromDatabaseObject(project);
- }
- else
- {
- throw new UnauthorizedAccessException("User is not allowed to see given project Id!");
- }
- }));
+ var user = _authenticator.GetUser();
+ var project = _projectModel.GetById(Guid.Parse(id));
+ if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
+ {
+ return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project));
+ }
+ else
+ {
+ return Unauthorized($"User is not allowed to see given the project {id}");
+ }
}
[HttpGet("[controller]/{id}/resources")]
public IActionResult GetResources(string id)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- var project = _projectModel.GetById(Guid.Parse(id));
- ResourceModel resourceModel = new ResourceModel();
- ResourceTypeModel resourceTypeModel = new ResourceTypeModel();
- if (_projectModel.CanSeeProject(user, project))
- {
- return resourceModel.GetAllWhere((resource) =>
- (from projectResource in resource.ProjectResourceResourceIdIds
- where projectResource.ProjectId == project.Id
- select projectResource).Any())
- .Select((resource) =>
- {
- return resourceModel.CreateReturnObjectFromDatabaseObject(resource);
- });
- }
- else
- {
- throw new UnauthorizedAccessException("User cannot see resources of given project!");
- }
- }));
+ var project = _projectModel.GetById(Guid.Parse(id));
+ var user = _authenticator.GetUser();
+
+ var resourceModel = new ResourceModel();
+ var resourceTypeModel = new ResourceTypeModel();
+ if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
+ {
+ return Json(resourceModel.GetAllWhere((resource) =>
+ (from projectResource in resource.ProjectResourceResourceIdIds
+ where projectResource.ProjectId == project.Id
+ select projectResource).Any())
+ .Select((resource) =>
+ {
+ return resourceModel.CreateReturnObjectFromDatabaseObject(resource);
+ }).OrderBy(element => element.DisplayName));
+ }
+ else
+ {
+ return Unauthorized($"User is not allowed to see given the project {id}");
+ }
}
[HttpPost("[controller]/{id}")]
public IActionResult Update(string id)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- ProjectObject projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body);
- var project = _projectModel.GetById(Guid.Parse(id));
- if(_projectModel.OwnsProject(user, project))
- {
- return _projectModel.UpdateByObject(project, projectObject);
- }
- else
- {
- throw new NotAuthorizedException("The user is not authorized to perform an update on the selected project!");
- }
- }));
+ var user = _authenticator.GetUser();
+ var projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body);
+ var project = _projectModel.GetById(Guid.Parse(id));
+ if(_projectModel.HasAccess(user, project, UserRoles.Owner))
+ {
+ return Ok(_projectModel.UpdateByObject(project, projectObject));
+ }
+ else
+ {
+ return Unauthorized("The user is not authorized to perform an update on the selected project!");
+ }
}
[HttpDelete("[controller]/{id}")]
public IActionResult Delete(string id)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- var project = _projectModel.GetById(Guid.Parse(id));
- if (_projectModel.OwnsProject(user, project))
- {
- DeleteProject(project);
- return _projectModel.CreateReturnObjectFromDatabaseObject(project);
- }
- else
- {
- throw new NotAuthorizedException("The user is not authorized to perform an update on the selected project!");
- }
- }));
+ var user = _authenticator.GetUser();
+ var project = _projectModel.GetById(Guid.Parse(id));
+ if (_projectModel.HasAccess(user, project, UserRoles.Owner))
+ {
+ DeleteProject(project);
+ return Json(_projectModel.CreateReturnObjectFromDatabaseObject(project));
+ }
+ else
+ {
+ return Unauthorized("The user is not authorized to perform an update on the selected project!");
+ }
}
- public void DeleteProject(Coscine.Database.Model.Project project)
+ public void DeleteProject(Database.Model.Project project)
{
- SubProjectModel subProjectModel = new SubProjectModel();
+ var subProjectModel = new SubProjectModel();
foreach(var subProject in subProjectModel.GetAllWhere((subProject) => subProject.ProjectId == project.Id))
{
subProjectModel.Delete(subProject);
@@ -137,7 +127,7 @@ namespace Coscine.Api.Project.Controllers
subProjectModel.Delete(subProject);
}
- ProjectResourceModel projectResourceModel = new ProjectResourceModel();
+ var projectResourceModel = new ProjectResourceModel();
ResourceModel resourceModel = new ResourceModel();
foreach (var projectResource in projectResourceModel.GetAllWhere((projectResource) => projectResource.ProjectId == project.Id))
{
@@ -145,19 +135,19 @@ namespace Coscine.Api.Project.Controllers
resourceModel.Delete(resourceModel.GetById(projectResource.ResourceId));
}
- ProjectRoleModel projectRoleModel = new ProjectRoleModel();
+ var projectRoleModel = new ProjectRoleModel();
foreach (var projectRole in projectRoleModel.GetAllWhere((projectRole) => projectRole.ProjectId == project.Id))
{
projectRoleModel.Delete(projectRole);
}
- ProjectDisciplineModel projectDisciplineModel = new ProjectDisciplineModel();
+ var projectDisciplineModel = new ProjectDisciplineModel();
foreach (var projectDiscipline in projectDisciplineModel.GetAllWhere((projectDiscipline) => projectDiscipline.ProjectId == project.Id))
{
projectDisciplineModel.Delete(projectDiscipline);
}
- ProjectInstituteModel projectInstituteModel = new ProjectInstituteModel();
+ var projectInstituteModel = new ProjectInstituteModel();
foreach (var projectInstitute in projectInstituteModel.GetAllWhere((projectInstitute) => projectInstitute.ProjectId == project.Id))
{
projectInstituteModel.Delete(projectInstitute);
@@ -174,27 +164,34 @@ namespace Coscine.Api.Project.Controllers
[HttpPost("[controller]")]
public IActionResult Store()
{
- return base.Ok(_authenticator.ValidateAndExecute((user) =>
- {
- ProjectObject projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body);
- var project = _projectModel.StoreFromObject(projectObject, user);
-
- if (projectObject.ParentId != null
- && projectObject.ParentId != new Guid()
- && _projectModel.IsMemberOrHigher(user, _projectModel.GetById(projectObject.ParentId))) // for now, only an owner can add subprojects to projects
- {
- SubProjectModel subProjectModel = new SubProjectModel();
- subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);
- }
-
- _emitter.EmitProjectCreate(new ProjectEventArgs(_configuration)
- {
- Project = project,
- ProjectOwner = user
- });
-
- return _projectModel.CreateReturnObjectFromDatabaseObject(project);
- }));
+ var user = _authenticator.GetUser();
+ var projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body);
+
+ if (projectObject.ParentId != null
+ && projectObject.ParentId != new Guid()
+ && !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
+ {
+ return Unauthorized("User is not allowed to create SubProjects.");
+ }
+
+ var project = _projectModel.StoreFromObject(projectObject, user);
+
+ if (projectObject.ParentId != null
+ && projectObject.ParentId != new Guid()
+ // for now, only an owner can add subprojects to projects
+ && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
+ {
+ var subProjectModel = new SubProjectModel();
+ subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);
+ }
+
+ _emitter.EmitProjectCreate(new ProjectEventArgs(_configuration)
+ {
+ Project = project,
+ ProjectOwner = user
+ });
+
+ return Json(_projectModel.CreateReturnObjectFromDatabaseObject(project));
}
}
}
diff --git a/src/Project/Controllers/ProjectRoleController.cs b/src/Project/Controllers/ProjectRoleController.cs
index f7638fd..4dca837 100644
--- a/src/Project/Controllers/ProjectRoleController.cs
+++ b/src/Project/Controllers/ProjectRoleController.cs
@@ -1,27 +1,24 @@
using Coscine.Action;
using Coscine.Action.EventArgs;
-using Coscine.Action.Implementations.User;
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons;
-using Coscine.ApiCommons.Exceptions;
using Coscine.ApiCommons.Factories;
-using Coscine.Database.Model;
+using Coscine.Configuration;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System;
-using System.Collections.Generic;
using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class ProjectRoleController : Controller
{
private readonly Authenticator _authenticator;
private readonly ProjectRoleModel _projectRoleModel;
private readonly Emitter _emitter;
- private readonly Coscine.Configuration.IConfiguration _configuration;
+ private readonly IConfiguration _configuration;
public ProjectRoleController()
{
@@ -34,120 +31,115 @@ namespace Coscine.Api.Project.Controllers
[Route("[controller]/{projectId}")]
public IActionResult Index(string projectId)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var userModel = new UserModel();
+ var roleModel = new RoleModel();
+ var projectModel = new ProjectModel();
+ Guid.TryParse(projectId, out Guid projectIdGuid);
+ var user = _authenticator.GetUser();
+
+ if (projectModel.HasAccess(user, projectModel.GetById(projectIdGuid), UserRoles.Owner, UserRoles.Member))
{
- UserModel userModel = new UserModel();
- RoleModel roleModel = new RoleModel();
- ProjectModel projectModel = new ProjectModel();
- Guid.TryParse(projectId, out Guid projectIdGuid);
- if (projectModel.OwnsProject(user, projectModel.GetById(projectIdGuid)))
+ return Json(_projectRoleModel.GetAllWhere((projectRole) =>
+ (projectRole.ProjectId == projectIdGuid)
+ ).Select((projectRole) =>
{
- return _projectRoleModel.GetAllWhere((projectRole) =>
- (projectRole.ProjectId == projectIdGuid)
- ).Select((projectRole) =>
+ var userInst = projectRole.User;
+ if (userInst == null)
{
- User userInst = projectRole.User;
- if (userInst == null)
- {
- userInst = userModel.GetById(projectRole.UserId);
- }
- Role role = projectRole.Role;
- if (role == null)
- {
- role = roleModel.GetById(projectRole.RoleId);
- }
- return new ProjectRoleObject(projectRole.ProjectId, new UserObject(userInst.Id, userInst.DisplayName, userInst.Givenname, userInst.Surname, userInst.EmailAddress), new RoleObject(role.Id, role.DisplayName));
- });
- }
- else
- {
- throw new UnauthorizedAccessException("User is not allowed to list all users to the given project!");
- }
- }));
+ userInst = userModel.GetById(projectRole.UserId);
+ }
+ var role = projectRole.Role;
+ if (role == null)
+ {
+ role = roleModel.GetById(projectRole.RoleId);
+ }
+ return new ProjectRoleObject(projectRole.ProjectId, new UserObject(userInst.Id, userInst.DisplayName, userInst.Givenname, userInst.Surname, userInst.EmailAddress), new RoleObject(role.Id, role.DisplayName));
+ }));
+ }
+ else
+ {
+ return Unauthorized("User is not allowed to list all users to the given project!");
+ }
}
//Get all roles for current user and given project
[HttpGet("[controller]/project/{projectId}")]
public IActionResult Get(string projectId)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- RoleModel roleModel = new RoleModel();
- Guid.TryParse(projectId, out Guid projectIdGuid);
- UserObject userObject = new UserObject(user.Id, user.DisplayName, user.Givenname, user.Surname, user.EmailAddress);
+ var roleModel = new RoleModel();
+ Guid.TryParse(projectId, out Guid projectIdGuid);
+ var user = _authenticator.GetUser();
+ var userObject = new UserObject(user.Id, user.DisplayName, user.Givenname, user.Surname, user.EmailAddress);
- return _projectRoleModel.GetAllWhere((projectRole) =>
- (projectRole.UserId == user.Id &&
- projectRole.ProjectId == projectIdGuid)
- ).Select((projectRole) => {
- if(projectRole.Role == null)
- {
- projectRole.Role = roleModel.GetById(projectRole.RoleId);
- }
- return new ProjectRoleObject(projectRole.RelationId, userObject, new RoleObject(projectRole.Role.Id, projectRole.Role.DisplayName));
- });
+ return Json(_projectRoleModel.GetAllWhere((projectRole) =>
+ (projectRole.UserId == user.Id &&
+ projectRole.ProjectId == projectIdGuid)
+ ).Select((projectRole) => {
+ if(projectRole.Role == null)
+ {
+ projectRole.Role = roleModel.GetById(projectRole.RoleId);
+ }
+ return new ProjectRoleObject(projectRole.RelationId, userObject, new RoleObject(projectRole.Role.Id, projectRole.Role.DisplayName));
}));
}
[HttpPost("[controller]")]
public IActionResult Set()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var projectRoleObject = ObjectFactory<ProjectRoleObject>.DeserializeFromStream(Request.Body);
+ var projectModel = new ProjectModel();
+ var project = projectModel.GetById(projectRoleObject.ProjectId);
+ var roleModel = new RoleModel();
+ var role = roleModel.GetById(projectRoleObject.Role.Id);
+ var userModel = new UserModel();
+ var userToAdd = userModel.GetById(projectRoleObject.User.Id);
+ var user = _authenticator.GetUser();
+
+ if (projectModel.HasAccess(user, project, UserRoles.Owner))
{
- ProjectRoleObject projectRoleObject = ObjectFactory<ProjectRoleObject>.DeserializeFromStream(Request.Body);
- ProjectModel projectModel = new ProjectModel();
- var project = projectModel.GetById(projectRoleObject.ProjectId);
- RoleModel roleModel = new RoleModel();
- var role = roleModel.GetById(projectRoleObject.Role.Id);
- UserModel userModel = new UserModel();
- var userToAdd = userModel.GetById(projectRoleObject.User.Id);
- if (projectModel.OwnsProject(user, project))
+ _emitter.EmitUserAdd(new UserEventArgs(_configuration)
{
- _emitter.EmitUserAdd(new UserEventArgs(this._configuration)
- {
- Project = project,
- Role = role,
- User = userToAdd
- });
- return _projectRoleModel.SetFromObject(projectRoleObject);
- }
- else
- {
- throw new NotAuthorizedException("The user is not authorized to store a project role to the given project!");
- }
- }));
+ Project = project,
+ Role = role,
+ User = userToAdd
+ });
+ return Json(_projectRoleModel.SetFromObject(projectRoleObject));
+ }
+ else
+ {
+ return Unauthorized("The user is not authorized to store a project role to the given project!");
+ }
}
[HttpDelete("[controller]/project/{projectId}/user/{userId}/role/{roleId}")]
public IActionResult Delete(Guid projectId, Guid userId, Guid roleId)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- ProjectModel projectModel = new ProjectModel();
- if (projectModel.OwnsProject(user, projectModel.GetById(projectId)))
- {
- _projectRoleModel.CheckIfLastOwnerWillBeRemoved(roleId, projectId);
+ var projectModel = new ProjectModel();
+ var user = _authenticator.GetUser();
- var project = projectModel.GetById(projectId);
- UserModel userModel = new UserModel();
- var userToRemove = userModel.GetById(userId);
+ if (projectModel.HasAccess(user, projectModel.GetById(projectId), UserRoles.Owner))
+ {
+ _projectRoleModel.CheckIfLastOwnerWillBeRemoved(roleId, projectId);
- _emitter.EmitUserRemove(new UserEventArgs(this._configuration)
- {
- Project = project,
- User = userToRemove
- });
+ var project = projectModel.GetById(projectId);
+ var userModel = new UserModel();
+ var userToRemove = userModel.GetById(userId);
- return _projectRoleModel.Delete(_projectRoleModel.GetWhere((projectRole) =>
- projectRole.ProjectId == projectId
- && projectRole.UserId == userId
- && projectRole.RoleId == roleId));
- }
- else
+ _emitter.EmitUserRemove(new UserEventArgs(this._configuration)
{
- throw new NotAuthorizedException("The user is not authorized to delete a project role for the given project!");
- }
- }));
+ Project = project,
+ User = userToRemove
+ });
+
+ return Json(_projectRoleModel.Delete(_projectRoleModel.GetWhere((projectRole) =>
+ projectRole.ProjectId == projectId
+ && projectRole.UserId == userId
+ && projectRole.RoleId == roleId)));
+ }
+ else
+ {
+ return Unauthorized("The user is not authorized to delete a project role for the given project!");
+ }
}
}
}
diff --git a/src/Project/Controllers/ResourceController.cs b/src/Project/Controllers/ResourceController.cs
index 4368b1e..9ca1ae6 100644
--- a/src/Project/Controllers/ResourceController.cs
+++ b/src/Project/Controllers/ResourceController.cs
@@ -1,18 +1,20 @@
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons;
-using Coscine.ApiCommons.Exceptions;
using Coscine.ApiCommons.Factories;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Linq;
-using Newtonsoft.Json.Linq;
using Coscine.Action;
using Coscine.Configuration;
using Coscine.Action.EventArgs;
+using Microsoft.AspNetCore.Authorization;
+using Newtonsoft.Json.Linq;
+using Coscine.Database.Model;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class ResourceController : Controller
{
private readonly Authenticator _authenticator;
@@ -27,110 +29,115 @@ namespace Coscine.Api.Project.Controllers
_resourceModel = new ResourceModel();
_emitter = new Emitter(this._configuration);
}
-
+
[Route("[controller]")]
public IActionResult Index()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- return _resourceModel.GetAllWhere((resource) =>
- (from projectResource in resource.ProjectResourceResourceIdIds
- where (from projectRole in projectResource.Project.ProjectRolesProjectIdIds
- where projectRole.User == user
- && projectRole.Role.DisplayName == "Owner"
- select projectRole).Any()
- select projectResource).Any()
- ).Select((resource) => _resourceModel.CreateReturnObjectFromDatabaseObject(resource));
- }));
+ var user = _authenticator.GetUser();
+ return Json(_resourceModel.GetAllWhere((resource) =>
+ (from projectResource in resource.ProjectResourceResourceIdIds
+ where (from projectRole in projectResource.Project.ProjectRolesProjectIdIds
+ where projectRole.User == user
+ && (projectRole.Role.DisplayName == "Owner" || projectRole.Role.DisplayName == "Member")
+ select projectRole).Any()
+ select projectResource).Any()
+ ).Select((resource) => _resourceModel.CreateReturnObjectFromDatabaseObject(resource)));
}
[HttpGet("[controller]/{id}")]
public IActionResult Get(string id)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var resource = _resourceModel.GetById(Guid.Parse(id));
+ var user = _authenticator.GetUser();
+ if (_resourceModel.HasAccess(user, resource, UserRoles.Owner, UserRoles.Member))
{
- var resource = _resourceModel.GetById(Guid.Parse(id));
- if (_resourceModel.OwnsResource(user, resource))
- {
- _resourceModel.SetType(resource);
- return _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
- }
- else
- {
- throw new NotAuthorizedException("User does not own resource!");
- }
- }));
+ _resourceModel.SetType(resource);
+ return Json(_resourceModel.CreateReturnObjectFromDatabaseObject(resource));
+ }
+ else
+ {
+ return Unauthorized("User does not own resource!");
+ }
+ }
+
+ [HttpGet("[controller]/resource/{id}/isCreator")]
+ public IActionResult IsUserResourceCreator(string id)
+ {
+ Resource resource = _resourceModel.GetById(Guid.Parse(id));
+ var user = _authenticator.GetUser();
+ var json = new JObject
+ {
+ ["isResourceCreator"] = resource.Creator.Equals(user.Id)
+ };
+ return Json(json);
}
[HttpPost("[controller]/{id}")]
public IActionResult Update(string id)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);
+ var resource = _resourceModel.GetById(Guid.Parse(id));
+ var user = _authenticator.GetUser();
+
+ if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) ||
+ (_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id)))
{
- ResourceObject resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);
- var resource = _resourceModel.GetById(Guid.Parse(id));
- if (_resourceModel.OwnsResource(user, resource))
- {
- return _resourceModel.UpdateByObject(resource, resourceObject);
- }
- else
- {
- throw new NotAuthorizedException("The user is not authorized to perform an update on the selected resource!");
- }
- }));
+ return Json(_resourceModel.UpdateByObject(resource, resourceObject));
+ }
+ else
+ {
+ return Unauthorized("The user is not authorized to perform an update on the selected resource!");
+ }
}
[HttpDelete("[controller]/{id}")]
public IActionResult Delete(string id)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var resource = _resourceModel.GetById(Guid.Parse(id));
+ var user = _authenticator.GetUser();
+ if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) ||
+ (_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id)))
{
- var resource = _resourceModel.GetById(Guid.Parse(id));
- if (_resourceModel.OwnsResource(user, resource))
- {
- var returnObject = _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
- _emitter.EmitResourceDelete(new ResourceEventArgs(_configuration)
- {
- Resource = resource
- });
- _resourceModel.DeleteResource(resource);
- return returnObject;
- }
- else
+ var returnObject = _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
+ _emitter.EmitResourceDelete(new ResourceEventArgs(_configuration)
{
- throw new NotAuthorizedException("The user is not authorized to perform an update on the selected resource!");
- }
- }));
+ Resource = resource
+ });
+ _resourceModel.DeleteResource(resource);
+ return Json(returnObject);
+ }
+ else
+ {
+ return Unauthorized("The user is not authorized to perform an update on the selected resource!");
+ }
}
[HttpPost("[controller]/project/{projectId}")]
public IActionResult StoreToProject(string projectId)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);
+ var projectModel = new ProjectModel();
+ var project = projectModel.GetById(Guid.Parse(projectId));
+ var user = _authenticator.GetUser();
+
+ if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
{
- ResourceObject resourceObject = ObjectFactory<ResourceObject>.DeserializeFromStream(Request.Body);
+ resourceObject.Creator = user.Id;
+ var resource = _resourceModel.StoreFromObject(resourceObject);
+ projectModel.AddResource(project, resource);
- ProjectModel projectModel = new ProjectModel();
- var project = projectModel.GetById(Guid.Parse(projectId));
- if (projectModel.OwnsProject(user, project))
+ _emitter.EmitResourceCreate(new ResourceEventArgs(_configuration)
{
- var resource = _resourceModel.StoreFromObject(resourceObject);
-
- projectModel.AddResource(project, resource);
-
- _emitter.EmitResourceCreate(new ResourceEventArgs(_configuration)
- {
- Resource = resource
- });
+ Resource = resource
+ });
- return _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
- }
- else
- {
- throw new NotAuthorizedException("The user is not authorized to add a new resource to the selected project!");
- }
- }));
+ return Json(_resourceModel.CreateReturnObjectFromDatabaseObject(resource));
+ }
+ else
+ {
+ return Unauthorized("The user is not authorized to add a new resource to the selected project!");
+ }
}
}
}
diff --git a/src/Project/Controllers/ResourceTypeController.cs b/src/Project/Controllers/ResourceTypeController.cs
index b002220..04e097a 100644
--- a/src/Project/Controllers/ResourceTypeController.cs
+++ b/src/Project/Controllers/ResourceTypeController.cs
@@ -1,15 +1,14 @@
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System;
-using System.Collections.Generic;
using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class ResourceTypeController : Controller
{
private readonly Authenticator _authenticator;
@@ -25,46 +24,40 @@ namespace Coscine.Api.Project.Controllers
[Route("[controller]")]
public IActionResult Index()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- return _resourceTypeModel.GetAll().Select((resourceType) => new ResourceTypeObject(resourceType.Id, resourceType.DisplayName));
- }));
+ return Json(_resourceTypeModel.GetAll()
+ .Select((resourceType) => new ResourceTypeObject(resourceType.Id, resourceType.DisplayName)));
}
[Route("[controller]/{id}/fields")]
public IActionResult Fields(string id)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- var resourceType = _resourceTypeModel.GetById(Guid.Parse(id));
+ var resourceType = _resourceTypeModel.GetById(Guid.Parse(id));
if (resourceType.DisplayName == "s3")
{
- return Type.GetType("Coscine.Api.Project.ReturnObjects.S3ResourceTypeObject").GetProperties()
+ return Json(Type.GetType("Coscine.Api.Project.ReturnObjects.S3ResourceTypeObject").GetProperties()
.Where((property) => property.Name != "Id")
.Select((property) => property.Name)
- .ToList();
+ .ToList());
}
else if (resourceType.DisplayName == "rds")
{
- return Type.GetType("Coscine.Api.Project.ReturnObjects.RDSResourceTypeObject").GetProperties()
+ return Json(Type.GetType("Coscine.Api.Project.ReturnObjects.RDSResourceTypeObject").GetProperties()
.Where((property) => property.Name != "Id")
.Select((property) => property.Name)
- .ToList();
+ .ToList());
}
else if(resourceType.DisplayName == "gitlab")
{
- return Type.GetType("Coscine.Api.Project.ReturnObjects.GitlabResourceTypeObject").GetProperties()
+ return Json(Type.GetType("Coscine.Api.Project.ReturnObjects.GitlabResourceTypeObject").GetProperties()
.Where((property) => property.Name != "Id")
.Select((property) => property.Name)
- .ToList();
+ .ToList());
}
else
{
throw new ArgumentException("Invalid Resource Type!");
}
- }));
}
-
- }
+ }
}
diff --git a/src/Project/Controllers/RoleController.cs b/src/Project/Controllers/RoleController.cs
index 7ef12a8..d259627 100644
--- a/src/Project/Controllers/RoleController.cs
+++ b/src/Project/Controllers/RoleController.cs
@@ -1,33 +1,26 @@
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
-using Coscine.ApiCommons;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
-using System;
-using System.Collections.Generic;
using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class RoleController : Controller
{
- private readonly Authenticator _authenticator;
private readonly RoleModel _roleModel;
public RoleController()
{
- _authenticator = new Authenticator(this, Program.Configuration);
_roleModel = new RoleModel();
}
[Route("[controller]")]
public IActionResult Index()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- return _roleModel.GetAll().Select((role) => new RoleObject(role.Id, role.DisplayName));
- }));
+ return Json(_roleModel.GetAll()
+ .Select((role) => new RoleObject(role.Id, role.DisplayName)));
}
}
}
diff --git a/src/Project/Controllers/SearchController.cs b/src/Project/Controllers/SearchController.cs
index b5be4b6..33ee860 100644
--- a/src/Project/Controllers/SearchController.cs
+++ b/src/Project/Controllers/SearchController.cs
@@ -1,70 +1,220 @@
-using System.Linq;
-using Coscine.Api.Project.Models;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
using Coscine.ApiCommons;
using Coscine.ApiCommons.Utils;
+using LinqToDB.Tools;
using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Logging;
-using VDS.RDF.Query.Expressions.Functions.Sparql.String;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
+using Microsoft.AspNetCore.Authorization;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class SearchController : Controller
{
private readonly Authenticator _authenticator;
- private DatabaseConnection _databaseConnection;
- private readonly ProjectModel _projectModel;
-
+ private readonly DatabaseConnection _databaseConnection;
public SearchController()
{
_authenticator = new Authenticator(this, Program.Configuration);
- _projectModel = new ProjectModel();
_databaseConnection = new DatabaseConnection(Program.Configuration);
+ }
+
+ [HttpGet("[controller]/allNoFilter/")]
+ public IActionResult SearchNoFilter()
+ {
+ var user = _authenticator.GetUser();
+ return Ok(GetSearchResults(user.Id, "", ""));
+ }
+
+ [HttpGet("[controller]/all/{encodedSearchWord}")]
+ public IActionResult Search(string encodedSearchWord)
+ {
+ var user = _authenticator.GetUser();
+ return Ok(GetSearchResults(user.Id, encodedSearchWord, ""));
+ }
+
+ [HttpGet("[controller]/projectNoFilter/{projectId}")]
+ public IActionResult SearchProjectNoFilter(string projectId)
+ {
+ var user = _authenticator.GetUser();
+ return Ok(GetSearchResults(user.Id, "", projectId));
+ }
+ [HttpGet("[controller]/project/{projectId}/{encodedSearchWord}")]
+ public IActionResult SearchProject(string projectId, string encodedSearchWord)
+ {
+ var user = _authenticator.GetUser();
+ return Ok(GetSearchResults(user.Id, encodedSearchWord, projectId));
}
- [Route("[controller]")]
- public IActionResult Index()
+ private JToken GetSearchResults(Guid userId, string encodedSearchWord, string projectId)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ string searchQuery;
+ if (!string.IsNullOrWhiteSpace(encodedSearchWord))
{
- string searchQuery = "";
- return _databaseConnection.ConnectToDatabase((db) =>
+ searchQuery = HttpUtility.UrlDecode(encodedSearchWord);
+ }
+ else
{
- return
+ searchQuery = "";
+ }
+
+ List<Guid> list;
+ if (projectId.Equals(""))
+ {
+ list = new List<Guid>();
+ }
+ else
+ {
+ list = GetAllSubProjects(projectId);
+ }
+
+ // create return object
+ var json = new JObject();
+
+ // search and add results for resources
+ json["Resources"] = SearchForResources(userId, searchQuery, projectId, list);
+
+ // search and add results for projects
+ if (projectId.Equals(""))
+ {
+ json["Projects"] = SearchForProjects(userId, searchQuery, projectId, list, false);
+ }
+ else
+ {
+ json["Projects"] = new JArray();
+ }
+
+ // remove the id of the root project since it cann not be a subproject of it self
+ if (list.Count >= 1)
+ {
+ list.RemoveAt(0);
+ }
+
+ // search and ad results for sub-projects
+ json["SubProjects"] = SearchForProjects(userId, searchQuery, projectId, list, true);
+
+ return json;
+ }
+
+
+ private List<Guid> GetAllSubProjects(string projectId)
+ {
+ var list = new List<Guid>();
+ if (!projectId.Equals(""))
+ {
+ list.Add(new Guid(projectId));
+ var counter = 0;
+ _databaseConnection.ConnectToDatabase((db) =>
+ {
+ while (counter != list.Count)
+ {
+ var innerResults = (from sp in db.SubProjects
+ where sp.ProjectId.Equals(list[counter])
+ select sp.SubProjectId);
+ list.AddRange(innerResults.ToList());
+ counter++;
+ }
+ });
+ }
+ return list;
+ }
+
+
+ private JToken SearchForProjects(Guid userId, string searchQuery, string projectId, List<Guid> listOfSubprojects, bool showSubProjects)
+ {
+ return _databaseConnection.ConnectToDatabase((db) =>
+ {
+ var allSubProjects = (from sp in db.SubProjects select sp.SubProjectId).ToList();
+ var allSubProjectsList = new List<Guid>();
+ allSubProjectsList.AddRange(allSubProjects);
+
+ var results =
(from p in db.Projects
- join v in db.Visibilities on p.VisibilityId equals v.Id
- join pd in db.ProjectDisciplines on p.Id equals pd.ProjectId
- join d in db.Disciplines on pd.DisciplineId equals d.Id
- join pi in db.ProjectInstitutes on p.Id equals pi.ProjectId
- join i in db.Institutes on pi.InstituteId equals i.Id
-
- where p.ProjectName.Contains(searchQuery) ||
- p.Description.Contains(searchQuery) ||
- p.StartDate.ToString().Contains(searchQuery) ||
- p.EndDate.ToString().Contains(searchQuery) ||
- p.Keywords.Contains(searchQuery) ||
- p.DisplayName.Contains(searchQuery) ||
- p.PrincipleInvestigators.Contains(searchQuery) ||
- p.GrantId.Contains(searchQuery) ||
- v.DisplayName.Contains(searchQuery) ||
- d.Url.Contains(searchQuery) ||
- d.DisplayNameDe.Contains(searchQuery) ||
- d.DisplayNameEn.Contains(searchQuery) ||
- i.DisplayName.Contains(searchQuery) ||
- i.IKZ.Contains(searchQuery)
-
- select new {p.Id, p.DisplayName});
+ join pr in db.ProjectRoles on p.Id equals pr.ProjectId into joinedPr
+ from jpr in joinedPr.DefaultIfEmpty()
+ join v in db.Visibilities on p.VisibilityId equals v.Id into joinedV
+ from jv in joinedV.DefaultIfEmpty()
+ join pd in db.ProjectDisciplines on p.Id equals pd.ProjectId into joinedPd
+ from jpd in joinedPd.DefaultIfEmpty()
+ join d in db.Disciplines on jpd.DisciplineId equals d.Id into joinedD
+ from jd in joinedD.DefaultIfEmpty()
+ join pi in db.ProjectInstitutes on p.Id equals pi.ProjectId into joinedPi
+ from jpi in joinedPi.DefaultIfEmpty()
+ join i in db.Institutes on jpi.InstituteId equals i.Id into joinedI
+ from ji in joinedI.DefaultIfEmpty()
+
+ where ((!showSubProjects && p.Id.NotIn(allSubProjectsList)) ||
+ (showSubProjects && p.Id.In(allSubProjectsList))) &&
+ (jpr.UserId.Equals(userId) || jv.DisplayName.Equals("Public")) &&
+ (projectId.Equals("") || p.Id.In(listOfSubprojects)) &&
+ (searchQuery.Equals("") ||
+ p.ProjectName.Contains(searchQuery) ||
+ p.Description.Contains(searchQuery) ||
+ p.Keywords.Contains(searchQuery) ||
+ p.DisplayName.Contains(searchQuery) ||
+ p.PrincipleInvestigators.Contains(searchQuery) ||
+ p.GrantId.Contains(searchQuery) ||
+ jv.DisplayName.Contains(searchQuery) ||
+ jd.Url.Contains(searchQuery) ||
+ jd.DisplayNameDe.Contains(searchQuery) ||
+ jd.DisplayNameEn.Contains(searchQuery) ||
+ ji.DisplayName.Contains(searchQuery) ||
+ ji.IKZ.Contains(searchQuery))
+
+ select new { p.Id, p.DisplayName }).OrderBy(element => element.DisplayName).Distinct();
+ return JToken.Parse(JsonConvert.SerializeObject(results));
+ });
+ }
+
+ private JToken SearchForResources(Guid userId, string searchQuery, string projectId, List<Guid> listOfSubprojects)
+ {
+ return _databaseConnection.ConnectToDatabase((db) =>
+ {
+
+ var results = (from r in db.Resources
+ join pres in db.ProjectResources on r.Id equals pres.ResourceId into joinedPres
+ from jpres in joinedPres.DefaultIfEmpty()
+ join p in db.Projects on jpres.ProjectId equals p.Id into joinedP
+ from jp in joinedP.DefaultIfEmpty()
+ join pr in db.ProjectRoles on jp.Id equals pr.ProjectId into joinedPr
+ from jpr in joinedPr.DefaultIfEmpty()
+ join v in db.Visibilities on r.VisibilityId equals v.Id into joinedV
+ from jv in joinedV.DefaultIfEmpty()
+ join rd in db.ResourceDisciplines on r.Id equals rd.ResourceId into joinedRd
+ from jrd in joinedRd.DefaultIfEmpty()
+ join d in db.Disciplines on jrd.DisciplineId equals d.Id into joinedD
+ from jd in joinedD.DefaultIfEmpty()
+ join l in db.Licenses on r.LicenseId equals l.Id into joinedL
+ from jl in joinedL.DefaultIfEmpty()
+ join rt in db.ResourceTypes on r.TypeId equals rt.Id into joinedRt
+ from jrt in joinedRt.DefaultIfEmpty()
+
+ where (jpr.UserId.Equals(userId) || jv.DisplayName.Equals("Public")) &&
+ (projectId.Equals("") || jp.Id.In(listOfSubprojects)) &&
+ (searchQuery.Equals("") ||
+ r.ResourceName.Contains(searchQuery) ||
+ r.DisplayName.Contains(searchQuery) ||
+ r.ResourceName.Contains(searchQuery) ||
+ r.Keywords.Contains(searchQuery) ||
+ r.UsageRights.Contains(searchQuery) ||
+ r.Description.Contains(searchQuery) ||
+ r.ApplicationProfile.Contains(searchQuery) ||
+ jrt.DisplayName.Contains(searchQuery) ||
+ jl.DisplayName.Contains(searchQuery) ||
+ jd.DisplayNameDe.Contains(searchQuery) ||
+ jd.DisplayNameEn.Contains(searchQuery))
+
+ select new { r.Id, r.DisplayName, jpr.ProjectId }).OrderBy(element => element.DisplayName).Distinct();
+
+ return JToken.Parse(JsonConvert.SerializeObject(results));
+
});
- }));
-
- /*
- return DatabaseConnection.ConnectToDatabase((db) => (from relation in db.ProjectRoles
- where relation.Project == project
- && relation.User == user
- && (relation.Role.DisplayName == "Owner"
- || relation.Role.DisplayName == "Member")
- select relation).Any());*/
}
}
-}
+}
\ No newline at end of file
diff --git a/src/Project/Controllers/SubProjectController.cs b/src/Project/Controllers/SubProjectController.cs
index 74db39e..a9f9563 100644
--- a/src/Project/Controllers/SubProjectController.cs
+++ b/src/Project/Controllers/SubProjectController.cs
@@ -1,12 +1,13 @@
using Coscine.Api.Project.Models;
-using Coscine.Api.Project.ReturnObjects;
using Coscine.ApiCommons;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Linq;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class SubProjectController : Controller
{
private readonly Authenticator _authenticator;
@@ -21,22 +22,21 @@ namespace Coscine.Api.Project.Controllers
[HttpGet("[controller]/{parentId}")]
public IActionResult Get(string parentId)
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
+ var parentGuid = new Guid(parentId);
+ var projectModel = new ProjectModel();
+ var user = _authenticator.GetUser();
+ if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), UserRoles.Owner, UserRoles.Member))
{
- Guid parentGuid = new Guid(parentId);
- ProjectModel projectModel = new ProjectModel();
- if (projectModel.CanSeeProject(user, projectModel.GetById(parentGuid)))
- {
- var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.ProjectId == parentGuid))
- .Select((subProject) => projectModel.GetById(subProject.SubProjectId))
- .Select((project) => projectModel.CreateReturnObjectFromDatabaseObject(project, parentGuid));
- return subProjects;
- }
- else
- {
- throw new UnauthorizedAccessException("User is not allowed to create a subproject for the given project id!");
- }
- }));
+ var subProjects = _subProjectModel.GetAllWhere((subProjectM) => (subProjectM.ProjectId == parentGuid))
+ .Select((subProject) => projectModel.GetById(subProject.SubProjectId))
+ .Select((project) => projectModel.CreateReturnObjectFromDatabaseObject(project, parentGuid))
+ .OrderBy(element => element.DisplayName);
+ return Json(subProjects);
+ }
+ else
+ {
+ return Unauthorized("User is not allowed to create a subproject for the given project id!");
+ }
}
}
}
diff --git a/src/Project/Controllers/VisibilityController.cs b/src/Project/Controllers/VisibilityController.cs
index c14fe74..bdf9bc3 100644
--- a/src/Project/Controllers/VisibilityController.cs
+++ b/src/Project/Controllers/VisibilityController.cs
@@ -1,33 +1,26 @@
using Coscine.Api.Project.Models;
using Coscine.Api.Project.ReturnObjects;
-using Coscine.ApiCommons;
+using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
-using System;
-using System.Collections.Generic;
using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
namespace Coscine.Api.Project.Controllers
{
+ [Authorize]
public class VisibilityController : Controller
{
- private readonly Authenticator _authenticator;
private readonly VisibilityModel _visibilityModel;
public VisibilityController()
{
- _authenticator = new Authenticator(this, Program.Configuration);
_visibilityModel = new VisibilityModel();
}
[Route("[controller]")]
public IActionResult Index()
{
- return Ok(_authenticator.ValidateAndExecute((user) =>
- {
- return _visibilityModel.GetAll().Select((visibility) => new VisibilityObject(visibility.Id, visibility.DisplayName));
- }));
+ return Json(_visibilityModel.GetAll()
+ .Select((visibility) => new VisibilityObject(visibility.Id, visibility.DisplayName)));
}
}
}
diff --git a/src/Project/Models/MetadataModel.cs b/src/Project/Models/MetadataModel.cs
index 5b7697a..5ce7769 100644
--- a/src/Project/Models/MetadataModel.cs
+++ b/src/Project/Models/MetadataModel.cs
@@ -52,30 +52,5 @@ namespace Coscine.Api.Project.Models
{
return $"https://purl.org/coscine/md/{resourceId}/{filename}/{version}/";
}
-
- public bool IsProjectMember(User user, Resource resource)
- {
- return DatabaseConnection.ConnectToDatabase((db) =>
- {
- return (from relation in db.ProjectRoles
- where relation.UserId == user.Id
- && (relation.Role.DisplayName == "Owner" || relation.Role.DisplayName == "Member")
- && (relation.Project.ProjectResourceProjectIdIds != null && relation.Project.ProjectResourceProjectIdIds.
- Any((projectResource) => projectResource.Resource == resource))
- select relation).Any();
- });
- }
-
- public bool IsProjectMember(User user, Guid projectId)
- {
- return DatabaseConnection.ConnectToDatabase((db) =>
- {
- return (from relation in db.ProjectRoles
- where relation.UserId == user.Id
- && (relation.Role.DisplayName == "Owner" || relation.Role.DisplayName == "Member")
- && (relation.ProjectId == projectId)
- select relation).Any();
- });
- }
}
}
diff --git a/src/Project/Models/ProjectModel.cs b/src/Project/Models/ProjectModel.cs
index 97b533d..db9f51d 100644
--- a/src/Project/Models/ProjectModel.cs
+++ b/src/Project/Models/ProjectModel.cs
@@ -102,28 +102,29 @@ namespace Coscine.Api.Project.Models
return projectRole;
}
- public bool CanSeeProject(User user, Coscine.Database.Model.Project project)
+ public bool HasAccess(User user, Database.Model.Project project, params string[] allowedAccess)
{
- return IsMemberOrHigher(user, project);
- }
+ ProjectRoleModel projectRoleModel = new ProjectRoleModel();
+ allowedAccess = allowedAccess.Select(x => x.ToLower().Trim()).ToArray();
- public bool IsMemberOrHigher(User user, Coscine.Database.Model.Project project)
- {
- return DatabaseConnection.ConnectToDatabase((db) => (from relation in db.ProjectRoles
- where relation.Project == project
- && relation.User == user
- && (relation.Role.DisplayName == "Owner"
- || relation.Role.DisplayName == "Member")
- select relation).Any());
+ IEnumerable<Coscine.Database.Model.ProjectRole> projectRoles = projectRoleModel.GetAllWhere(
+ (projectRoleRelation) => projectRoleRelation.ProjectId == project.Id &&
+ projectRoleRelation.UserId == user.Id &&
+ allowedAccess.Contains(projectRoleRelation.Role.DisplayName.ToLower()));
+ return projectRoles.Count() > 0;
}
- public bool OwnsProject(User user, Coscine.Database.Model.Project project)
+ public IEnumerable<Database.Model.Project> GetWithAccess(User user, params string[] allowedAccess)
{
- return DatabaseConnection.ConnectToDatabase((db) => (from relation in db.ProjectRoles
- where relation.Project == project
- && relation.User == user
- && relation.Role.DisplayName == "Owner"
- select relation).Any());
+ ProjectRoleModel projectRoleModel = new ProjectRoleModel();
+ ProjectModel projectModel = new ProjectModel();
+
+ allowedAccess = allowedAccess.Select(x => x.ToLower().Trim()).ToArray();
+ var allUserProjectRoles = projectRoleModel.GetAllWhere((projectRoleRelation) => projectRoleRelation.UserId == user.Id &&
+ allowedAccess.Contains(projectRoleRelation.Role.DisplayName.ToLower()));
+ var allowedProjectIds = allUserProjectRoles.Select((projectRole) => projectRole.ProjectId);
+ var allowedProjects = projectModel.GetAllWhere((project) => allowedProjectIds.Contains(project.Id));
+ return allowedProjects.ToList();
}
public void AddResource(Coscine.Database.Model.Project project, Resource resource)
@@ -165,7 +166,12 @@ namespace Coscine.Api.Project.Models
return Update(project);
}
- public ProjectObject CreateReturnObjectFromDatabaseObject(Database.Model.Project project, Guid parentId = new Guid())
+ public ProjectObject CreateReturnObjectFromDatabaseObject(Database.Model.Project project)
+ {
+ return CreateReturnObjectFromDatabaseObject(project, new Guid());
+ }
+
+ public ProjectObject CreateReturnObjectFromDatabaseObject(Database.Model.Project project, Guid parentId)
{
IEnumerable<DisciplineObject> disciplines = new List<DisciplineObject>();
if(project.ProjectDisciplineProjectIdIds == null)
diff --git a/src/Project/Models/ResourceModel.cs b/src/Project/Models/ResourceModel.cs
index f7f7d7c..e3b5527 100644
--- a/src/Project/Models/ResourceModel.cs
+++ b/src/Project/Models/ResourceModel.cs
@@ -38,7 +38,8 @@ namespace Coscine.Api.Project.Models
Type = new ResourceTypeModel().GetById(resourceObject.Type.Id),
VisibilityId = resourceObject.Visibility.Id,
ApplicationProfile = resourceObject.ApplicationProfile,
- FixedValues = resourceObject.FixedValues != null ? resourceObject.FixedValues.ToString() :"{}"
+ FixedValues = resourceObject.FixedValues != null ? resourceObject.FixedValues.ToString() :"{}",
+ Creator = resourceObject.Creator
};
if(resourceObject.License != null)
{
@@ -191,17 +192,15 @@ namespace Coscine.Api.Project.Models
}
}
- public bool OwnsResource(User user, Resource resource)
+ public bool HasAccess(User user, Database.Model.Resource resource, params string[] allowedAccess)
{
- return DatabaseConnection.ConnectToDatabase((db) =>
- {
- return (from relation in db.ProjectRoles
- where relation.User == user
- && relation.Role.DisplayName == "Owner"
- && (relation.Project.ProjectResourceProjectIdIds != null && relation.Project.ProjectResourceProjectIdIds.
- Any((projectResource) => projectResource.Resource == resource))
- select relation).Any();
- });
+ IEnumerable<string> allowedAccessLabels = allowedAccess.Select(x => x.ToLower().Trim()).ToList();
+ return DatabaseConnection.ConnectToDatabase((db) => (from relation in db.ProjectRoles
+ where relation.Project.ProjectResourceProjectIdIds != null && relation.Project.ProjectResourceProjectIdIds
+ .Any((projectResource) => projectResource.Resource.Id == resource.Id)
+ && relation.User.Id == user.Id
+ && allowedAccessLabels.Contains(relation.Role.DisplayName.ToLower())
+ select relation).Any());
}
public int UpdateByObject(Resource resource, ResourceObject resourceObject)
@@ -228,10 +227,15 @@ namespace Coscine.Api.Project.Models
{
resource.LicenseId = resourceObject.License.Id;
}
+
// the application profile can not be altered after creation
// resource.ApplicationProfile = resourceObject.ApplicationProfile;
+
resource.FixedValues = resourceObject.FixedValues != null ? resourceObject.FixedValues.ToString() : "{}";
+ // the resource creator can not be altered after creation
+ // resource.Creator = resourceObject.Creator;
+
SetDisciplines(resource, resourceObject.Disciplines);
SetResourceTypeObject(resource, resourceObject.ResourceTypeOption);
@@ -324,7 +328,8 @@ namespace Coscine.Api.Project.Models
(resource.License != null) ? new LicenseObject(resource.License.Id, resource.License.DisplayName) : null,
JObject.FromObject(resourceTypeOptionObject),
resource.ApplicationProfile,
- JToken.Parse(resource.FixedValues == null ? "{}": resource.FixedValues )
+ JToken.Parse(resource.FixedValues == null ? "{}": resource.FixedValues ),
+ (resource.Creator != null) ? resource.Creator : null
);
}
diff --git a/src/Project/Project.csproj b/src/Project/Project.csproj
index 3d10138..309ead7 100644
--- a/src/Project/Project.csproj
+++ b/src/Project/Project.csproj
@@ -46,17 +46,17 @@
<Reference Include="Consul, Version=0.7.2.6, Culture=neutral, PublicKeyToken=20a6ad9a81df1d95, processorArchitecture=MSIL">
<HintPath>..\packages\Consul.0.7.2.6\lib\net45\Consul.dll</HintPath>
</Reference>
- <Reference Include="Coscine.Action, Version=1.7.0.0, Culture=neutral, processorArchitecture=AMD64">
- <HintPath>..\packages\Coscine.Action.1.7.0\lib\net461\Coscine.Action.dll</HintPath>
+ <Reference Include="Coscine.Action, Version=1.7.1.0, Culture=neutral, processorArchitecture=AMD64">
+ <HintPath>..\packages\Coscine.Action.1.7.1\lib\net461\Coscine.Action.dll</HintPath>
</Reference>
- <Reference Include="Coscine.ApiCommons, Version=1.3.1.0, Culture=neutral, PublicKeyToken=af4c1345df96546b, processorArchitecture=MSIL">
- <HintPath>..\packages\Coscine.ApiCommons.1.3.1\lib\net461\Coscine.ApiCommons.dll</HintPath>
+ <Reference Include="Coscine.ApiCommons, Version=1.4.0.0, Culture=neutral, PublicKeyToken=af4c1345df96546b, processorArchitecture=MSIL">
+ <HintPath>..\packages\Coscine.ApiCommons.1.4.0\lib\net461\Coscine.ApiCommons.dll</HintPath>
</Reference>
<Reference Include="Coscine.Configuration, Version=1.4.0.0, Culture=neutral, PublicKeyToken=ce3d7a32d7dc1e5a, processorArchitecture=MSIL">
<HintPath>..\packages\Coscine.Configuration.1.4.0\lib\net461\Coscine.Configuration.dll</HintPath>
</Reference>
- <Reference Include="Coscine.Database, Version=1.12.1.0, Culture=neutral, PublicKeyToken=767d77427707b70a, processorArchitecture=MSIL">
- <HintPath>..\packages\Coscine.Database.1.12.1\lib\net461\Coscine.Database.dll</HintPath>
+ <Reference Include="Coscine.Database, Version=1.13.0.0, Culture=neutral, PublicKeyToken=767d77427707b70a, processorArchitecture=MSIL">
+ <HintPath>..\packages\Coscine.Database.1.13.0\lib\net461\Coscine.Database.dll</HintPath>
</Reference>
<Reference Include="Coscine.Logging, Version=1.0.1.0, Culture=neutral, PublicKeyToken=e1ed402bc3f6525e, processorArchitecture=MSIL">
<HintPath>..\packages\Coscine.Logging.1.0.1\lib\net461\Coscine.Logging.dll</HintPath>
@@ -97,12 +97,18 @@
<Reference Include="Microsoft.AspNetCore.Antiforgery, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.AspNetCore.Antiforgery.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Antiforgery.dll</HintPath>
</Reference>
+ <Reference Include="Microsoft.AspNetCore.Authentication, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
+ <HintPath>..\packages\Microsoft.AspNetCore.Authentication.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.dll</HintPath>
+ </Reference>
<Reference Include="Microsoft.AspNetCore.Authentication.Abstractions, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.AspNetCore.Authentication.Abstractions.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.Abstractions.dll</HintPath>
</Reference>
<Reference Include="Microsoft.AspNetCore.Authentication.Core, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.AspNetCore.Authentication.Core.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.Core.dll</HintPath>
</Reference>
+ <Reference Include="Microsoft.AspNetCore.Authentication.JwtBearer, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
+ <HintPath>..\packages\Microsoft.AspNetCore.Authentication.JwtBearer.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authentication.JwtBearer.dll</HintPath>
+ </Reference>
<Reference Include="Microsoft.AspNetCore.Authorization, Version=2.2.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.AspNetCore.Authorization.2.2.0\lib\netstandard2.0\Microsoft.AspNetCore.Authorization.dll</HintPath>
</Reference>
@@ -366,6 +372,12 @@
<Reference Include="Microsoft.IdentityModel.Logging, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.Logging.5.6.0\lib\net461\Microsoft.IdentityModel.Logging.dll</HintPath>
</Reference>
+ <Reference Include="Microsoft.IdentityModel.Protocols, Version=5.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+ <HintPath>..\packages\Microsoft.IdentityModel.Protocols.5.3.0\lib\net461\Microsoft.IdentityModel.Protocols.dll</HintPath>
+ </Reference>
+ <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=5.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+ <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.5.3.0\lib\net461\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
+ </Reference>
<Reference Include="Microsoft.IdentityModel.Tokens, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.IdentityModel.Tokens.5.6.0\lib\net461\Microsoft.IdentityModel.Tokens.dll</HintPath>
</Reference>
@@ -606,6 +618,7 @@
<Compile Include="Controllers\DataSourceController.cs" />
<Compile Include="Controllers\MetadataController.cs" />
<Compile Include="Controllers\LicenseController.cs" />
+ <Compile Include="Controllers\SearchController.cs" />
<Compile Include="Controllers\VisibilityController.cs" />
<Compile Include="Controllers\InstituteController.cs" />
<Compile Include="Controllers\DisciplineController.cs" />
@@ -652,6 +665,7 @@
<Compile Include="ReturnObjects\UserObject.cs" />
<Compile Include="ReturnObjects\WaterbutlerFolder.cs" />
<Compile Include="Startup.cs" />
+ <Compile Include="UserRoles.cs" />
</ItemGroup>
<ItemGroup>
<None Include="App.config" />
diff --git a/src/Project/ReturnObjects/ResourceObject.cs b/src/Project/ReturnObjects/ResourceObject.cs
index b02e57c..9f0132f 100644
--- a/src/Project/ReturnObjects/ResourceObject.cs
+++ b/src/Project/ReturnObjects/ResourceObject.cs
@@ -22,8 +22,9 @@ namespace Coscine.Api.Project.ReturnObjects
public JObject ResourceTypeOption { get; set; }
public string ApplicationProfile { get; set; }
public JToken FixedValues { get; set; }
+ public Guid? Creator { get; set; }
- public ResourceObject(Guid id, string displayName, string resourceName, string description, string keywords, string usageRights, ResourceTypeObject type, IEnumerable<DisciplineObject> disciplines, VisibilityObject visibility, LicenseObject license, JObject resourceTypeOption, string applicationProfile, JToken fixedValues)
+ public ResourceObject(Guid id, string displayName, string resourceName, string description, string keywords, string usageRights, ResourceTypeObject type, IEnumerable<DisciplineObject> disciplines, VisibilityObject visibility, LicenseObject license, JObject resourceTypeOption, string applicationProfile, JToken fixedValues, Guid? creator = null)
{
Id = id;
@@ -42,6 +43,8 @@ namespace Coscine.Api.Project.ReturnObjects
ApplicationProfile = applicationProfile;
FixedValues = fixedValues;
+
+ Creator = creator;
}
}
}
diff --git a/src/Project/UserRoles.cs b/src/Project/UserRoles.cs
new file mode 100644
index 0000000..4a3b853
--- /dev/null
+++ b/src/Project/UserRoles.cs
@@ -0,0 +1,8 @@
+namespace Coscine.Api.Project
+{
+ public static class UserRoles
+ {
+ public static string Member { get; } = "member";
+ public static string Owner { get; } = "owner";
+ }
+}
diff --git a/src/Project/packages.config b/src/Project/packages.config
index 6b7bb51..0ef590e 100644
--- a/src/Project/packages.config
+++ b/src/Project/packages.config
@@ -3,10 +3,10 @@
<package id="AutoMapper" version="8.0.0" targetFramework="net472" />
<package id="AutoMapper.Extensions.Microsoft.DependencyInjection" version="6.0.0" targetFramework="net472" />
<package id="Consul" version="0.7.2.6" targetFramework="net472" />
- <package id="Coscine.Action" version="1.7.0" targetFramework="net472" />
- <package id="Coscine.ApiCommons" version="1.3.1" targetFramework="net472" />
+ <package id="Coscine.Action" version="1.7.1" targetFramework="net472" />
+ <package id="Coscine.ApiCommons" version="1.4.0" targetFramework="net472" />
<package id="Coscine.Configuration" version="1.4.0" targetFramework="net472" />
- <package id="Coscine.Database" version="1.12.1" targetFramework="net472" />
+ <package id="Coscine.Database" version="1.13.0" targetFramework="net472" />
<package id="Coscine.Logging" version="1.0.1" targetFramework="net472" />
<package id="Coscine.ProxyApi" version="1.2.0" targetFramework="net472" />
<package id="Coscine.SharePoint.Webparts.Vue" version="1.4.0" targetFramework="net472" />
@@ -21,8 +21,10 @@
<package id="Metadata" version="1.0.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Antiforgery" version="2.2.0" targetFramework="net472" />
+ <package id="Microsoft.AspNetCore.Authentication" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Authentication.Abstractions" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Authentication.Core" version="2.2.0" targetFramework="net472" />
+ <package id="Microsoft.AspNetCore.Authentication.JwtBearer" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Authorization" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Authorization.Policy" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.AspNetCore.Connections.Abstractions" version="2.2.0" targetFramework="net472" />
@@ -114,6 +116,8 @@
<package id="Microsoft.IdentityModel" version="7.0.0" targetFramework="net472" />
<package id="Microsoft.IdentityModel.JsonWebTokens" version="5.6.0" targetFramework="net472" />
<package id="Microsoft.IdentityModel.Logging" version="5.6.0" targetFramework="net472" />
+ <package id="Microsoft.IdentityModel.Protocols" version="5.3.0" targetFramework="net472" />
+ <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="5.3.0" targetFramework="net472" />
<package id="Microsoft.IdentityModel.Tokens" version="5.6.0" targetFramework="net472" />
<package id="Microsoft.Net.Http.Headers" version="2.2.0" targetFramework="net472" />
<package id="Microsoft.Win32.Registry" version="4.5.0" targetFramework="net472" />
--
GitLab