Skip to content
Snippets Groups Projects

New: Added Guest Role

Merged New: Added Guest Role
Issue/2287-guestRole into master
Merged Petar Hristov requested to merge Issue/2287-guestRole into master
Compare
and
6 files
+ 105
29
Compare changes
  • Side-by-side
  • Inline
Files
6
src/Project/Controllers/ProjectController.cs
+ 61
14
@@ -87,7 +87,7 @@ namespace Coscine.Api.Project.Controllers
public ActionResult<IEnumerable<ProjectObject>> GetTopLevelProjects()
{
var user = _authenticator.GetUser();
var projects = _projectModel.GetTopLevelWithAccess(user, UserRoles.Member, UserRoles.Owner).ToList()
var projects = _projectModel.GetTopLevelWithAccess(user, UserRoles.Member, UserRoles.Owner, UserRoles.Guest).ToList()
.Select((project) => _projectModel.CreateReturnObjectFromDatabaseObject(project))
.OrderBy(element => element.DisplayName);
@@ -109,13 +109,19 @@ namespace Coscine.Api.Project.Controllers
{
var user = _authenticator.GetUser();
var project = _projectModel.GetById(id);
if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Coscine Basis: View Projects
if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
{
var subProjectModel = new SubProjectModel();
var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && !project.Deleted);
var parentProjectRelation = subProjectRel.FirstOrDefault();
if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner))
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Project: View Subprojects (no inheritance, invited seperately)
if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
{
return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project, parentProjectRelation.ProjectId));
}
@@ -137,13 +143,19 @@ namespace Coscine.Api.Project.Controllers
{
var user = _authenticator.GetUser();
var project = _projectModel.GetBySlug(slug);
if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Coscine Basis: View Projects // Project: View Subprojects (no inheritance, invited seperately)
if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
{
var subProjectModel = new SubProjectModel();
var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && !project.Deleted);
var parentProjectRelation = subProjectRel.FirstOrDefault();
if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner))
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Coscine Basis: View Projects // Project: View Subprojects (no inheritance, invited seperately)
if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
{
return Ok(_projectModel.CreateReturnObjectFromDatabaseObject(project, parentProjectRelation.ProjectId));
}
@@ -168,13 +180,19 @@ namespace Coscine.Api.Project.Controllers
var resourceModel = new ResourceModel();
var resourceTypeModel = new ResourceTypeModel();
if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Resource: View Resource (RCV, Metadatamanager)
if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner, UserRoles.Guest))
{
var resources = resourceModel.GetAllWhere((resource) =>
(from projectResource in resource.ProjectResources
where projectResource.ProjectId == project.Id
select projectResource).Any())
.Select((resource) => ResourceTypes.Helpers.CreateResourceReturnObject(resource)).OrderBy(element => element.DisplayName);
.Select(resource => ResourceTypes.Helpers.CreateResourceReturnObject(resource))
.Select(resource => HideSensitiveInformation(user, project, resource))
.OrderBy(element => element.DisplayName);
if (Request.Query != null && Request.Query["noanalyticslog"] != "true")
{
var projectObject = _projectModel.CreateReturnObjectFromDatabaseObject(_projectModel.GetById(project.Id));
@@ -188,6 +206,18 @@ namespace Coscine.Api.Project.Controllers
}
}
private ResourceObject HideSensitiveInformation(User user, Database.DataModel.Project project, ResourceObject resourceObject)
{
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Resource: View Resource (RCV, Metadatamanager) - BUT hide resource type options!
if (_projectModel.HasAccess(user, project, UserRoles.Guest))
{
// From resource.resourceTypeOption hide all sensitive keys listed bellow that a user should not have access to, based on their role
resourceObject.ResourceTypeOption = null;
}
return resourceObject;
}
/// <summary>
/// Updates a project
/// </summary>
@@ -199,6 +229,9 @@ namespace Coscine.Api.Project.Controllers
{
var user = _authenticator.GetUser();
var project = _projectModel.GetById(id);
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Project: Change Settings (project, user, quota)
if (_projectModel.HasAccess(user, project, UserRoles.Owner))
{
LogAnalyticsEditProject(project, _projectModel.GetMetadataCompleteness(projectObject), projectObject.Disciplines, projectObject.Organizations, user);
@@ -220,6 +253,9 @@ namespace Coscine.Api.Project.Controllers
{
var user = _authenticator.GetUser();
var project = _projectModel.GetById(id);
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Project: Change Settings (project, user, quota)
if (_projectModel.HasAccess(user, project, UserRoles.Owner))
{
var projectObject = _projectModel.CreateReturnObjectFromDatabaseObject(_projectModel.GetById(project.Id));
@@ -339,10 +375,11 @@ namespace Coscine.Api.Project.Controllers
{
var user = _authenticator.GetUser();
if (projectObject.ParentId != new Guid()
&& !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Project: Create Subprojects
if (projectObject.ParentId != new Guid() && !_projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
{
return Unauthorized("User is not allowed to create SubProjects.");
return Unauthorized("User is not allowed to create sub-projects in the selected project!");
}
var defaultQuotas = _rdfStoreConnector.GetQuotaDefault(user.Id.ToString());
@@ -360,9 +397,9 @@ namespace Coscine.Api.Project.Controllers
var project = _projectModel.StoreFromObject(projectObject, user, projectQuotas);
if (projectObject.ParentId != new Guid()
// Both an owner and a member can add subprojects to projects
&& _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Project: Create Subprojects
if (projectObject.ParentId != new Guid() && _projectModel.HasAccess(user, _projectModel.GetById(projectObject.ParentId), UserRoles.Member, UserRoles.Owner))
{
var subProjectModel = new SubProjectModel();
subProjectModel.LinkSubProject(projectObject.ParentId, project.Id);
@@ -396,6 +433,8 @@ namespace Coscine.Api.Project.Controllers
var user = _authenticator.GetUser();
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Project: View Settings (project, user, quota)
if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
{
return Unauthorized("You are not an owner of the project.");
@@ -416,7 +455,7 @@ namespace Coscine.Api.Project.Controllers
}
/// <summary>
/// Call to analytics logger.
/// Creation of an Application Profile.
/// </summary>
/// <param name="projectId">Project id of the project</param>
/// <returns>204 no content</returns>
@@ -432,6 +471,8 @@ namespace Coscine.Api.Project.Controllers
var user = _authenticator.GetUser();
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - ???
if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
{
return Unauthorized("You are not an owner of the project.");
@@ -469,6 +510,8 @@ namespace Coscine.Api.Project.Controllers
return NotFound($@"The role ""{sendInvitationObject.Role}"" was not found.");
}
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Project: Change Settings (project, user, quota)
if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
{
return Unauthorized("You are not an owner of the project.");
@@ -536,6 +579,8 @@ namespace Coscine.Api.Project.Controllers
var user = _authenticator.GetUser();
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Project: Change Settings (project, user, quota)
if (!_projectModel.HasAccess(user, _projectModel.GetById(invitation.Project), UserRoles.Owner))
{
return Unauthorized("You are not an owner of this project.");
@@ -570,6 +615,8 @@ namespace Coscine.Api.Project.Controllers
var project = _projectModel.GetById(invitation.Project);
// Rights Matrix (https://git.rwth-aachen.de/coscine/docs/private/internal-wiki/-/blob/master/coscine/Definition%20of%20rights%20Matrix.md)
// - Project: Change Settings (project, user, quota)
if (!_projectModel.HasAccess(_userModel.GetById(invitation.Issuer), project, UserRoles.Owner))
{
return Unauthorized("The issuer is not an owner of the project.");