Commits (3)
......@@ -193,7 +193,7 @@ namespace Coscine.Api.Project.Controllers
return NotFound($"Could not find project with id: {projectId}");
}
if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
if (!_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
{
return Unauthorized("The user is not authorized to perform a get on the selected project!");
}
......@@ -552,7 +552,7 @@ namespace Coscine.Api.Project.Controllers
var projectObject = ObjectFactory<ProjectObject>.DeserializeFromStream(Request.Body);
if (projectObject?.ParentId != new Guid()
&& !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
&& !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
{
return Unauthorized("User is not allowed to create SubProjects.");
}
......@@ -560,8 +560,8 @@ namespace Coscine.Api.Project.Controllers
var project = _projectModel.StoreFromObject(projectObject, user, _rdfStoreConnector.GetQuotaDefault(user.Id.ToString()));
if (projectObject.ParentId != new Guid()
// for now, only an owner can add subprojects to projects
&& _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Owner))
// Both an owner and a member can add subprojects to projects
&& _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
{
var subProjectModel = new SubProjectModel();
subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);
......
......@@ -5,7 +5,7 @@
<AssemblyName>Coscine.Api.Project</AssemblyName>
<GenerateDocumentationFile>true</GenerateDocumentationFile>
<TargetFramework>net5.0</TargetFramework>
<Version>2.2.4</Version>
<Version>2.2.5</Version>
</PropertyGroup>
<PropertyGroup>
<Authors>RWTH Aachen University</Authors>
......