New: Added Guest Role

eb874a94 · Petar Hristov · 467aff41 · eb874a94 · eb874a94 · eb874a94
Commit eb874a94 authored Nov 29, 2022 by Petar Hristov 💬
--- a/src/Project/Controllers/ProjectController.cs
+++ b/src/Project/Controllers/ProjectController.cs
@@ -87,7 +87,7 @@ namespace Coscine.Api.Project.Controllers
        public ActionResult<IEnumerable<ProjectObject>> GetTopLevelProjects()
        {
            var user = _authenticator.GetUser();
-            var projects = _projectModel.GetTopLevelWithAccess(user, UserRoles.Member, UserRoles.Owner).ToList()
+            var projects = _projectModel.GetTopLevelWithAccess(user, UserRoles.Member, UserRoles.Owner, UserRoles.Guest).ToList()
                .Select((project) => _projectModel.CreateReturnObjectFromDatabaseObject(project))
                .OrderBy(element => element.DisplayName);

@@ -109,13 +109,19 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();
            var project = _projectModel.GetById(id);
-            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Coscine Basis: View Projects
+            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
            {
                var subProjectModel = new SubProjectModel();
                var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && !project.Deleted);

                var parentProjectRelation = subProjectRel.FirstOrDefault();
-                if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner))
+
+                // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+                // - Project: View Subprojects (no inheritance, invited seperately) 
+                if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
                {
                    return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project, parentProjectRelation.ProjectId));
                }
@@ -137,13 +143,19 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();
            var project = _projectModel.GetBySlug(slug);
-            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Coscine Basis: View Projects // Project: View Subprojects (no inheritance, invited seperately) 
+            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
            {
                var subProjectModel = new SubProjectModel();
                var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && !project.Deleted);

                var parentProjectRelation = subProjectRel.FirstOrDefault();
-                if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner))
+
+                // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+                // - Coscine Basis: View Projects // Project: View Subprojects (no inheritance, invited seperately) 
+                if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
                {
                    return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project, parentProjectRelation.ProjectId));
                }
@@ -168,7 +180,10 @@ namespace Coscine.Api.Project.Controllers

            var resourceModel = new ResourceModel();
            var resourceTypeModel = new ResourceTypeModel();
-            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Resource: View Resource (RCV, Metadatamanager)
+            if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
            {
                var resources = resourceModel.GetAllWhere((resource) =>
                        (from projectResource in resource.ProjectResources
@@ -199,6 +214,9 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();
            var project = _projectModel.GetById(id);
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                LogAnalyticsEditProject(project, _projectModel.GetMetadataCompleteness(projectObject), projectObject.Disciplines, projectObject.Organizations, user);
@@ -220,6 +238,9 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();
            var project = _projectModel.GetById(id);
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                var projectObject = _projectModel.CreateReturnObjectFromDatabaseObject(_projectModel.GetById(project.Id));
@@ -339,8 +360,11 @@ namespace Coscine.Api.Project.Controllers
        {
            var user = _authenticator.GetUser();

-            if (projectObject.ParentId != new Guid()
-                && !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Create Subprojects
+            var isUserAllowedToCreateSubProjects = _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner);
+
+            if (projectObject.ParentId != new Guid() && !isUserAllowedToCreateSubProjects)
            {
                return Unauthorized("User is not allowed to create SubProjects.");
            }
@@ -360,9 +384,7 @@ namespace Coscine.Api.Project.Controllers

            var project = _projectModel.StoreFromObject(projectObject, user, projectQuotas);

-            if (projectObject.ParentId != new Guid()
-                // Both an owner and a member can add subprojects to projects
-                && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
+            if (projectObject.ParentId != new Guid() && isUserAllowedToCreateSubProjects)
            {
                var subProjectModel = new SubProjectModel();
                subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);
@@ -396,6 +418,8 @@ namespace Coscine.Api.Project.Controllers

            var user = _authenticator.GetUser();

+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: View Settings (project, user, quota)
            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("You are not an owner of the project.");
@@ -416,7 +440,7 @@ namespace Coscine.Api.Project.Controllers
        }

        /// <summary>
-        /// Call to analytics logger.
+        /// Creation of an Application Profile.
        /// </summary>
        /// <param name="projectId">Project id of the project</param>
        /// <returns>204 no content</returns>
@@ -432,6 +456,8 @@ namespace Coscine.Api.Project.Controllers

            var user = _authenticator.GetUser();

+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - ???
            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("You are not an owner of the project.");
@@ -469,6 +495,8 @@ namespace Coscine.Api.Project.Controllers
                return NotFound($@"The role ""{sendInvitationObject.Role}"" was not found.");
            }

+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("You are not an owner of the project.");
@@ -536,6 +564,8 @@ namespace Coscine.Api.Project.Controllers

            var user = _authenticator.GetUser();

+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (!_projectModel.HasAccess(user, _projectModel.GetById(invitation.Project), UserRoles.Owner))
            {
                return Unauthorized("You are not an owner of this project.");
@@ -570,6 +600,8 @@ namespace Coscine.Api.Project.Controllers

            var project = _projectModel.GetById(invitation.Project);

+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (!_projectModel.HasAccess(_userModel.GetById(invitation.Issuer), project, UserRoles.Owner))
            {
                return Unauthorized("The issuer is not an owner of the project.");

--- a/src/Project/Controllers/ProjectQuotaController.cs
+++ b/src/Project/Controllers/ProjectQuotaController.cs
@@ -64,7 +64,9 @@ namespace Coscine.Api.Project.Controllers
                return base.NotFound($"Could not find project with id: {id}");
            }

-            if (!_projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: View Settings (project, user, quota)
+            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("The user is not authorized to perform a get on the selected project!");
            }
@@ -94,7 +96,9 @@ namespace Coscine.Api.Project.Controllers
                return NotFound($"Could not find project with id: {id}");
            }

-            if (!_projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: View Settings (project, user, quota)
+            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("The user is not authorized to perform a get on the selected project!");
            }
@@ -129,6 +133,8 @@ namespace Coscine.Api.Project.Controllers
                return NotFound($"Could not find project with id: {id}");
            }

+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Change Settings (project, user, quota)
            if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                return Unauthorized("The user is not authorized to perform a get on the selected project!");

--- a/src/Project/Controllers/ProjectRoleController.cs
+++ b/src/Project/Controllers/ProjectRoleController.cs
@@ -57,7 +57,9 @@ namespace Coscine.Api.Project.Controllers
            var projectModel = new ProjectModel();
            var user = _authenticator.GetUser();

-            if (projectModel.HasAccess(user, projectModel.GetById(projectId), UserRoles.Owner, UserRoles.Member))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: View Members of Project on Project page
+            if (projectModel.HasAccess(user, projectModel.GetById(projectId), UserRoles.Owner, UserRoles.Member, UserRoles.Guest))
            {
                var users = _projectRoleModel.GetAllWhere((projectRole) =>
                    (projectRole.ProjectId == projectId)
@@ -128,9 +130,13 @@ namespace Coscine.Api.Project.Controllers
            var userToAdd = userModel.GetById(projectRoleObject.User.Id);
            var user = _authenticator.GetUser();

+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Project: Change Settings (project, user, quota)
            if (projectModel.HasAccess(user, project, UserRoles.Owner))
            {
-                var userIsAlreadymember = projectModel.HasAccess(userToAdd, project, UserRoles.Owner, UserRoles.Member);
+                // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+                // - none
+                var userAlreadyHasRole = projectModel.HasAccess(userToAdd, project, UserRoles.Owner, UserRoles.Member, UserRoles.Guest);
                _emitter.EmitUserAdd(new UserEventArgs(_configuration)
                {
                    Project = project,
@@ -138,7 +144,7 @@ namespace Coscine.Api.Project.Controllers
                    User = userToAdd
                });

-                LogAnalytics(userIsAlreadymember == true ? "Change Role" : "Add Member", user, null, project.Id.ToString());
+                LogAnalytics(userAlreadyHasRole == true ? "Change Role" : "Add Member", user, null, project.Id.ToString());

                return Ok(_projectRoleModel.SetFromObject(projectRoleObject));
            }
@@ -162,6 +168,8 @@ namespace Coscine.Api.Project.Controllers
            var user = _authenticator.GetUser();
            var project = projectModel.GetById(projectId);

+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Project: Change Settings (project, user, quota)
            if (projectModel.HasAccess(user, project, UserRoles.Owner))
            {
                _projectRoleModel.CheckIfLastOwnerWillBeRemoved(roleId, projectId);
@@ -201,7 +209,10 @@ namespace Coscine.Api.Project.Controllers
            var project = projectModel.GetById(projectId);
            var roleId = _projectRoleModel.GetGetUserRoleForProject(projectId, user.Id);

-            if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - ???
+            // Guests have the right to leave a project on their own.
+            if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member, UserRoles.Guest))
            {
                _projectRoleModel.CheckIfLastOwnerWillBeRemoved((Guid)roleId, projectId);
                _emitter.EmitUserRemove(new UserEventArgs(this._configuration)

--- a/src/Project/Controllers/SubProjectController.cs
+++ b/src/Project/Controllers/SubProjectController.cs
@@ -39,6 +39,9 @@ namespace Coscine.Api.Project.Controllers
            var projectModel = new ProjectModel();
            var projectRoleModel = new ProjectRoleModel();
            var user = _authenticator.GetUser();
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Create Subprojects
            string[] allowedRoles = { UserRoles.Owner, UserRoles.Member };
            allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray();
            if (projectModel.HasAccess(user, projectModel.GetById(parentGuid), allowedRoles))
@@ -76,6 +79,9 @@ namespace Coscine.Api.Project.Controllers
            var projectModel = new ProjectModel();
            var projectRoleModel = new ProjectRoleModel();
            var user = _authenticator.GetUser();
+
+            // Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
+            // - Project: Create Subprojects
            string[] allowedRoles = { UserRoles.Owner, UserRoles.Member };
            allowedRoles = allowedRoles.Select(x => x.ToLower().Trim()).ToArray();
            if (projectModel.HasAccess(user, projectModel.GetById(childGuid), allowedRoles))