Fix: fixed internal ddos (coscine/issues#1796)

src/Project/Controllers/ProjectController.cs

@@ -23,7 +23,6 @@ using System.Linq;
 
 namespace Coscine.Api.Project.Controllers
 {
-
     /// <summary>
     ///  /// This controller represents the actions which can be taken with a project object.
     /// </summary>
@@ -72,7 +71,7 @@ namespace Coscine.Api.Project.Controllers
         /// <summary>
         /// Returns all available projects (including sub projects)
         /// </summary>
-        /// <returns>Ok</returns>
+        /// <returns>OK</returns>
         [Route("[controller]")]
         public ActionResult<IEnumerable<ProjectObject>> Index()
         {
@@ -87,7 +86,7 @@ namespace Coscine.Api.Project.Controllers
         /// <summary>
         /// Retrieves all top level projects
         /// </summary>
-        /// <returns>Ok</returns>
+        /// <returns>OK</returns>
         [Route("[controller]/-/topLevel")]
         public ActionResult<IEnumerable<ProjectObject>> GetTopLevelProjects()
         {
@@ -105,10 +104,10 @@ namespace Coscine.Api.Project.Controllers
         }
 
         /// <summary>
-        /// This returns the the project if the user has access to it
+        /// This returns the project if the user has access to it
         /// </summary>
-        /// <param name="id">Id of the resource</param>
-        /// <returns>Ok or Statuscode 401</returns>
+        /// <param name="id">Id of the project</param>
+        /// <returns>OK or status code 401</returns>
         [HttpGet("[controller]/{id}")]
         public ActionResult<ProjectObject> Get(string id)
         {
@@ -117,7 +116,7 @@ namespace Coscine.Api.Project.Controllers
             if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
             {
                 SubProjectModel subProjectModel = new SubProjectModel();
-                var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && project.Deleted == false);
+                var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && !project.Deleted);
 
                 var parentProjectRelation = subProjectRel.FirstOrDefault();
                 if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner))
@@ -136,7 +135,7 @@ namespace Coscine.Api.Project.Controllers
         /// Gets the resources
         /// </summary>
         /// <param name="id">Id of the resource</param>
-        /// <returns>Json object or Statuscode 401</returns>
+        /// <returns>JSON object or status code 401</returns>
         [HttpGet("[controller]/{id}/resources")]
         public ActionResult<IEnumerable<ResourceObject>> GetResources(string id)
         {
@@ -151,10 +150,7 @@ namespace Coscine.Api.Project.Controllers
                         (from projectResource in resource.ProjectResources
                          where projectResource.ProjectId == project.Id
                          select projectResource).Any())
-                        .Select((resource) =>
-                        {
-                            return resourceModel.CreateReturnObjectFromDatabaseObject(resource);
-                        }).OrderBy(element => element.DisplayName);
+                        .Select((resource) => resourceModel.CreateReturnObjectFromDatabaseObject(resource)).OrderBy(element => element.DisplayName);
                 if (Request.Query != null && Request.Query["noanalyticslog"] != "true")
                 {
                     var projectObject = _projectModel.CreateReturnObjectFromDatabaseObject(_projectModel.GetById(project.Id));
@@ -180,7 +176,7 @@ namespace Coscine.Api.Project.Controllers
 
             if (!Guid.TryParse(projectId, out Guid projectGuid))
             {
-                return BadRequest($"{projectId} is not a guid.");
+                return BadRequest($"{projectId} is not a GUID.");
             }
 
             var project = _projectModel.GetById(projectGuid);
@@ -195,7 +191,7 @@ namespace Coscine.Api.Project.Controllers
                 return Unauthorized("The user is not authorized to perform a get on the selected project!");
             }
 
-            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
+            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
 
             return Json(resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, projectGuid)));
         }
@@ -210,15 +206,15 @@ namespace Coscine.Api.Project.Controllers
                 Id = x.Id,
                 Name = x.DisplayName,
                 Used = CalculateUsed(x, projectGuid),
-                Allocated = projectQuota == null ? 0 : projectQuota.Quota,
-                Maximum = projectQuota == null ? 0 : projectQuota.MaxQuota
+                Allocated = (projectQuota?.Quota) ?? 0,
+                Maximum = (projectQuota?.MaxQuota) ?? 0
             };
         }
 
         private int GetMaxQuota(Guid projectId, Guid resourceTypeId)
         {
             var projectQuota = _projectQuotaModel.GetWhere(x => x.ProjectId == projectId && x.ResourceTypeId == resourceTypeId);
-            return projectQuota == null ? 0 : projectQuota.MaxQuota;
+            return (projectQuota?.MaxQuota) ?? 0;
         }
 
         private int CalculateUsed(ResourceType resourceType, Guid projectId)
@@ -248,7 +244,7 @@ namespace Coscine.Api.Project.Controllers
 
             if (!Guid.TryParse(projectId, out Guid projectGuid))
             {
-                return BadRequest($"{projectId} is not a guid.");
+                return BadRequest($"{projectId} is not a GUID.");
             }
 
             var project = _projectModel.GetById(projectGuid);
@@ -265,12 +261,12 @@ namespace Coscine.Api.Project.Controllers
 
             if (!Guid.TryParse(resourceTypeId, out Guid resourceTypeGuid))
             {
-                return BadRequest($"{resourceTypeId} is not a guid.");
+                return BadRequest($"{resourceTypeId} is not a GUID.");
             }
 
             var resourceType = _resourceTypeModel.GetById(resourceTypeGuid);
 
-            if (resourceType == null || !resourceType.Enabled.HasValue || !resourceType.Enabled.Value)
+            if (resourceType?.Enabled.HasValue != true || !resourceType.Enabled.Value)
             {
                 return NotFound($"Could not find resourceType with id: {resourceTypeId}");
             }
@@ -285,8 +281,8 @@ namespace Coscine.Api.Project.Controllers
                 Id = resourceTypeGuid,
                 Name = resourceType.DisplayName,
                 Used = CalculateUsed(resourceType, projectGuid),
-                Allocated = projectQuota == null ? 0 : projectQuota.Quota,
-                Maximum = projectQuota == null ? 0 : projectQuota.MaxQuota
+                Allocated = (projectQuota?.Quota) ?? 0,
+                Maximum = (projectQuota?.MaxQuota) ?? 0
             };
 
             return Json(projectQuotaReturnObject);
@@ -305,7 +301,7 @@ namespace Coscine.Api.Project.Controllers
 
             if (!Guid.TryParse(projectId, out Guid projectGuid))
             {
-                return BadRequest($"{projectId} is not a guid.");
+                return BadRequest($"{projectId} is not a GUID.");
             }
 
             var project = _projectModel.GetById(projectGuid);
@@ -322,12 +318,12 @@ namespace Coscine.Api.Project.Controllers
 
             if (!Guid.TryParse(resourceTypeId, out Guid resourceTypeGuid))
             {
-                return BadRequest($"{resourceTypeId} is not a guid.");
+                return BadRequest($"{resourceTypeId} is not a GUID.");
             }
 
             var resourceType = _resourceTypeModel.GetById(resourceTypeGuid);
 
-            if (resourceType == null || !resourceType.Enabled.HasValue || !resourceType.Enabled.Value)
+            if (resourceType?.Enabled.HasValue != true || !resourceType.Enabled.Value)
             {
                 return NotFound($"Could not find resourceType with id: {resourceTypeId}");
             }
@@ -349,7 +345,7 @@ namespace Coscine.Api.Project.Controllers
 
             if (!Guid.TryParse(projectId, out Guid projectGuid))
             {
-                return BadRequest($"{projectId} is not a guid.");
+                return BadRequest($"{projectId} is not a GUID.");
             }
 
             var project = _projectModel.GetById(projectGuid);
@@ -366,12 +362,12 @@ namespace Coscine.Api.Project.Controllers
 
             if (!Guid.TryParse(resourceTypeId, out Guid resourceTypeGuid))
             {
-                return BadRequest($"{resourceTypeId} is not a guid.");
+                return BadRequest($"{resourceTypeId} is not a GUID.");
             }
 
             var resourceType = _resourceTypeModel.GetById(resourceTypeGuid);
 
-            if (resourceType == null || !resourceType.Enabled.HasValue || !resourceType.Enabled.Value)
+            if (resourceType?.Enabled.HasValue != true || !resourceType.Enabled.Value)
             {
                 return NotFound($"Could not find resourceType with id: {resourceTypeId}");
             }
@@ -414,8 +410,8 @@ namespace Coscine.Api.Project.Controllers
             {
                 var projectQuota = new ProjectQuota
                 {
-                    MaxQuota = defaultQuota == null ? 0 : defaultQuota.DefaultMaxQuota,
-                    Quota = defaultQuota == null ? 0 : defaultQuota.DefaultQuota,
+                    MaxQuota = (defaultQuota?.DefaultMaxQuota) ?? 0,
+                    Quota = (defaultQuota?.DefaultQuota) ?? 0,
                     ProjectId = project.Id,
                     ResourceTypeId = resourceType.Id
                 };
@@ -433,7 +429,7 @@ namespace Coscine.Api.Project.Controllers
         /// Updates the selected project
         /// </summary>
         /// <param name="id">Id of the resource</param>
-        /// <returns>Ok or Statuscode 401</returns>
+        /// <returns>OK or status code 401</returns>
         [HttpPost("[controller]/{id}")]
         public IActionResult Update(string id)
         {
@@ -455,7 +451,7 @@ namespace Coscine.Api.Project.Controllers
         /// Deletes the selected project
         /// </summary>
         /// <param name="id">Id of the resource</param>
-        /// <returns>Json object or Statuscode 401</returns>
+        /// <returns>JSON object or status code 401</returns>
         [HttpDelete("[controller]/{id}")]
         public IActionResult Delete(string id)
         {
@@ -479,13 +475,13 @@ namespace Coscine.Api.Project.Controllers
         /// </summary>
         /// <param name="project">Project</param>
         /// <param name="isHard">isHard</param>
-        /// <param name="propegateAction">propegate Action</param>
-        public void DeleteProject(Database.DataModel.Project project, bool isHard = false, bool propegateAction = true)
+        /// <param name="propagateAction">propagate Action</param>
+        public void DeleteProject(Database.DataModel.Project project, bool isHard = false, bool propagateAction = true)
         {
             var subProjectModel = new SubProjectModel();
             foreach (var subProject in subProjectModel.GetAllWhere(
                 (subProject) => subProject.ProjectId == project.Id
-                                && (subProject.SubProjectNavigation.Deleted == false || isHard)
+                                && (!subProject.SubProjectNavigation.Deleted || isHard)
             ))
             {
                 Database.DataModel.Project subProjectObject;
@@ -498,7 +494,7 @@ namespace Coscine.Api.Project.Controllers
                 {
                     subProjectObject = _projectModel.GetById(subProject.SubProjectId);
                 }
-                DeleteProject(subProjectObject, isHard, propegateAction);
+                DeleteProject(subProjectObject, isHard, propagateAction);
             }
 
             foreach (var subProject in subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id))
@@ -554,7 +550,7 @@ namespace Coscine.Api.Project.Controllers
 
                 _activatedFeaturesModel.DeactivateAllFeatures(project);
 
-                if (propegateAction)
+                if (propagateAction)
                 {
                     _emitter.EmitProjectDelete(new ProjectEventArgs(_configuration)
                     {
@@ -573,7 +569,7 @@ namespace Coscine.Api.Project.Controllers
         /// <summary>
         /// Creates a project
         /// </summary>
-        /// <returns>Json object or Statuscode 401</returns>
+        /// <returns>JSON object or status code 401</returns>
         [HttpPost("[controller]")]
         public IActionResult Store()
         {
@@ -639,7 +635,7 @@ namespace Coscine.Api.Project.Controllers
 
             if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
             {
-                return Unauthorized($"You are not an owner of the project.");
+                return Unauthorized("You are not an owner of the project.");
             }
 
             var invitations = _invitationModel.GetAllWhere(x => x.Project == projectId)
@@ -685,7 +681,7 @@ namespace Coscine.Api.Project.Controllers
 
             if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
             {
-                return Unauthorized($"You are not an owner of the project.");
+                return Unauthorized("You are not an owner of the project.");
             }
 
             var invitations = _invitationModel.GetAllWhere(
@@ -718,7 +714,7 @@ namespace Coscine.Api.Project.Controllers
                 {
                     ["placeholder"] = new JObject()
                     {
-                        ["confirmation_link"] = $@"{_configuration.GetString("coscine/local/api/additional/url")}/SitePages/Home.aspx?token={token}"
+                        ["confirmation_link"] = $"{_configuration.GetString("coscine/local/api/additional/url")}/SitePages/Home.aspx?token={token}"
                     }
                 }
             };
@@ -747,7 +743,7 @@ namespace Coscine.Api.Project.Controllers
 
             if (!_projectModel.HasAccess(user, _projectModel.GetById(invitation.Project), UserRoles.Owner))
             {
-                return Unauthorized($"You are not an owner of this project.");
+                return Unauthorized("You are not an owner of this project.");
             }
 
             _invitationModel.Delete(invitation);
@@ -781,12 +777,12 @@ namespace Coscine.Api.Project.Controllers
 
             if (!_projectModel.HasAccess(_userModel.GetById(invitation.Issuer), project, UserRoles.Owner))
             {
-                return Unauthorized($"The issuer is not an owner of the project.");
+                return Unauthorized("The issuer is not an owner of the project.");
             }
 
             if (_projectRoleModel.GetAllWhere(x => x.ProjectId == invitation.Project && x.UserId == user.Id).Any())
             {
-                return BadRequest($"The invitee is already part of the project.");
+                return BadRequest("The invitee is already part of the project.");
             }
 
             var role = _roleModel.GetById(invitation.Role);
@@ -838,7 +834,7 @@ namespace Coscine.Api.Project.Controllers
 
         private void LogAnalyticsViewProject(Database.DataModel.Project project, List<ResourceObject> resources, IEnumerable<DisciplineObject> disciplines, IEnumerable<OrganizationObject> organizations, User user)
         {
-            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
+            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
 
             var objects = resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, project.Id));
 
@@ -853,13 +849,13 @@ namespace Coscine.Api.Project.Controllers
                     Disciplines = disciplines.Select(x => x.DisplayNameEn).ToList(),
                     Organizations = organizations.Select(x => x.DisplayName).ToList(),
                     Visibility = project.VisibilityId.HasValue ? _visibilityModel.GetById(project.VisibilityId.Value)?.DisplayName : null,
-                    ResourceList = resources.Select(x => x.Id.ToString()).ToList(),
+                    ResourceList = resources.ConvertAll(x => x.Id.ToString()),
                 });
         }
 
         private void LogAnalyticsEditProject(Database.DataModel.Project project, string metadataCompletness, IEnumerable<DisciplineObject> disciplines, IEnumerable<OrganizationObject> organizations, User user)
         {
-            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
+            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
 
             var objects = resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, project.Id));
 
@@ -880,7 +876,7 @@ namespace Coscine.Api.Project.Controllers
 
         private void LogAnalyticsAddProject(Database.DataModel.Project project, string metadataCompletness, IEnumerable<DisciplineObject> disciplines, IEnumerable<OrganizationObject> organizations, User user)
         {
-            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
+            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
 
             var objects = resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, project.Id));
 
@@ -901,7 +897,7 @@ namespace Coscine.Api.Project.Controllers
 
         private void LogAnalyticsDeleteProject(Database.DataModel.Project project, IEnumerable<DisciplineObject> disciplines, IEnumerable<OrganizationObject> organizations, User user)
         {
-            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
+            var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
 
             var objects = resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, project.Id));