Sprint/202000

src/Project/Controllers/ResourceController.cs

@@ -9,6 +9,8 @@ using Coscine.Action;
 using Coscine.Configuration;
 using Coscine.Action.EventArgs;
 using Microsoft.AspNetCore.Authorization;
+using Newtonsoft.Json.Linq;
+using Coscine.Database.Model;
 
 namespace Coscine.Api.Project.Controllers
 {
@@ -27,18 +29,18 @@ namespace Coscine.Api.Project.Controllers
             _resourceModel = new ResourceModel();
             _emitter = new Emitter(this._configuration);
         }
-        
+
         [Route("[controller]")]
         public IActionResult Index()
         {
             var user = _authenticator.GetUser();
-            return Json(_resourceModel.GetAllWhere((resource) =>                
+            return Json(_resourceModel.GetAllWhere((resource) =>
                 (from projectResource in resource.ProjectResourceResourceIdIds
-                        where (from projectRole in projectResource.Project.ProjectRolesProjectIdIds
-                                where projectRole.User == user
-                                && (projectRole.Role.DisplayName == "Owner" || projectRole.Role.DisplayName == "Member")
-                                select projectRole).Any()
-                        select projectResource).Any()
+                 where (from projectRole in projectResource.Project.ProjectRolesProjectIdIds
+                        where projectRole.User == user
+                        && (projectRole.Role.DisplayName == "Owner" || projectRole.Role.DisplayName == "Member")
+                        select projectRole).Any()
+                 select projectResource).Any()
             ).Select((resource) => _resourceModel.CreateReturnObjectFromDatabaseObject(resource)));
         }
 
@@ -59,6 +61,18 @@ namespace Coscine.Api.Project.Controllers
             }
         }
 
+        [HttpGet("[controller]/resource/{id}/isCreator")]
+        public IActionResult IsUserResourceCreator(string id)
+        {
+            Resource resource = _resourceModel.GetById(Guid.Parse(id));
+            var user = _authenticator.GetUser();
+            var json = new JObject
+            {
+                ["isResourceCreator"] = resource.Creator.Equals(user.Id)
+            };
+            return Json(json);
+        }
+
         [HttpPost("[controller]/{id}")]
         public IActionResult Update(string id)
         {
@@ -66,7 +80,8 @@ namespace Coscine.Api.Project.Controllers
             var resource = _resourceModel.GetById(Guid.Parse(id));
             var user = _authenticator.GetUser();
 
-            if (_resourceModel.HasAccess(user, resource, UserRoles.Owner))
+            if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) ||
+                (_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id)))
             {
                 return Json(_resourceModel.UpdateByObject(resource, resourceObject));
             }
@@ -81,7 +96,8 @@ namespace Coscine.Api.Project.Controllers
         {
             var resource = _resourceModel.GetById(Guid.Parse(id));
             var user = _authenticator.GetUser();
-            if (_resourceModel.HasAccess(user, resource, UserRoles.Owner))
+            if (_resourceModel.HasAccess(user, resource, UserRoles.Owner) ||
+                (_resourceModel.HasAccess(user, resource, UserRoles.Member) && resource.Creator.Equals(user.Id)))
             {
                 var returnObject = _resourceModel.CreateReturnObjectFromDatabaseObject(resource);
                 _emitter.EmitResourceDelete(new ResourceEventArgs(_configuration)
@@ -107,6 +123,7 @@ namespace Coscine.Api.Project.Controllers
 
             if (projectModel.HasAccess(user, project, UserRoles.Owner, UserRoles.Member))
             {
+                resourceObject.Creator = user.Id;
                 var resource = _resourceModel.StoreFromObject(resourceObject);
                 projectModel.AddResource(project, resource);