RevokeAccessTo => RevokeUserAccessTo, BucketPrefix => S3Prefix

This commit is contained in:
ig 2023-03-19 17:02:18 +01:00
parent ed7c65be2c
commit 0541918beb
5 changed files with 26 additions and 40 deletions

View File

@ -176,23 +176,6 @@ public class Controller
: user.AccessibleFolders(); : user.AccessibleFolders();
} }
// [Returns<Folder[]>] // assuming swagger knows about arrays but not lists (JSON)
// [Returns(Unauthorized)]
// [HttpGet($"{nameof(GetUsersOfFolder)}/")]
// public Object GetUsersOfFolder(Int64 folderId)
// {
// var caller = GetCaller();
// if (caller == null)
// return new HttpResponseMessage(Unauthorized);
//
// var folder = Db.GetFolderById(folderId);
//
// if (folder is null || !caller.HasAccessTo(folder))
// return new HttpResponseMessage(Unauthorized);
//
// return descendantUsers;
// }
[Returns<TreeNode[]>] // assuming swagger knows about arrays but not lists (JSON) [Returns<TreeNode[]>] // assuming swagger knows about arrays but not lists (JSON)
[Returns(Unauthorized)] [Returns(Unauthorized)]
[HttpGet($"{nameof(GetAllFoldersAndInstallations)}/")] [HttpGet($"{nameof(GetAllFoldersAndInstallations)}/")]
@ -281,7 +264,7 @@ public class Controller
var user = id is not null ? Db.GetUserById(id) : session?.User; var user = id is not null ? Db.GetUserById(id) : session?.User;
return session.RevokeAccessTo(user, Db.GetInstallationById(installationId)) return session.RevokeUserAccessTo(user, Db.GetInstallationById(installationId))
? _Ok ? _Ok
: _Unauthorized; : _Unauthorized;
} }
@ -294,8 +277,7 @@ public class Controller
var session = GetSession(); var session = GetSession();
var user = id is not null ? Db.GetUserById(id) : session?.User; var user = id is not null ? Db.GetUserById(id) : session?.User;
return session.RevokeUserAccessTo(user, Db.GetFolderById(folderId))
return session.RevokeAccessTo(user, Db.GetFolderById(folderId))
? _Ok ? _Ok
: _Unauthorized; : _Unauthorized;
} }

View File

@ -45,15 +45,15 @@ public static class SessionMethods
{ {
var user = session?.User; var user = session?.User;
//Note: keep generation of access _after_ generation of object to prevent "zombie" access-rights.
return user is not null return user is not null
&& installation is not null && installation is not null
&& user.HasWriteAccess && user.HasWriteAccess
&& user.HasAccessTo(installation.Parent()) && user.HasAccessTo(installation.Parent())
&& Db.Create(installation) && Db.Create(installation)
&& Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id })
&& installation.CreateBucket().Result // TODO: await? && installation.CreateBucket().Result // TODO: await?
&& Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id }); && installation.RenewS3BucketUrl().Result; // generation of access _after_ generation of
// bucket to prevent "zombie" access-rights.
} }
public static Boolean Update(this Session? session, Installation? installation) public static Boolean Update(this Session? session, Installation? installation)
@ -98,13 +98,11 @@ public static class SessionMethods
var sessionUser = session?.User; var sessionUser = session?.User;
if (editedUser == null || sessionUser == null) return false; if (editedUser == null || sessionUser == null) return false;
// TODO: make specific method for changing user account settings like pwd
// Password change is only allowed for oneself // Password change is only allowed for oneself
if ( editedUser.Id != sessionUser.Id) editedUser.Password = sessionUser.Password; editedUser.Password = editedUser.Id != sessionUser.Id
else ? sessionUser.Password
{ : sessionUser.SaltAndHashPassword(editedUser.Password);
editedUser.Password = sessionUser.SaltAndHashPassword(editedUser.Password);
}
return sessionUser.HasWriteAccess return sessionUser.HasWriteAccess
&& sessionUser.HasAccessTo(editedUser) && sessionUser.HasAccessTo(editedUser)
@ -150,7 +148,7 @@ public static class SessionMethods
&& Db.Create(new FolderAccess { UserId = user.Id, FolderId = folder.Id }); && Db.Create(new FolderAccess { UserId = user.Id, FolderId = folder.Id });
} }
public static Boolean RevokeAccessTo(this Session? session, User? user, Installation? installation) public static Boolean RevokeUserAccessTo(this Session? session, User? user, Installation? installation)
{ {
var sessionUser = session?.User; var sessionUser = session?.User;
@ -163,7 +161,7 @@ public static class SessionMethods
&& Db.InstallationAccess.Delete(a => a.UserId == user.Id && a.InstallationId == installation.Id) > 0; && Db.InstallationAccess.Delete(a => a.UserId == user.Id && a.InstallationId == installation.Id) > 0;
} }
public static Boolean RevokeAccessTo(this Session? session, User? user, Folder? folder) public static Boolean RevokeUserAccessTo(this Session? session, User? user, Folder? folder)
{ {
var sessionUser = session?.User; var sessionUser = session?.User;

View File

@ -32,7 +32,9 @@ public static class UserMethods
// Distinct because the user might have direct access // Distinct because the user might have direct access
// to a child folder of a folder he has already access to // to a child folder of a folder he has already access to
// ---TODO shouldn't we prevent doubling permissions? -K" // TODO shouldn't we prevent doubling permissions? -K"
// TODO yes we should -ig (still TODO)
// however we should leave the distinct, defensive programming...
} }
public static IEnumerable<TreeNode> AccessibleFoldersAndInstallations(this User user) public static IEnumerable<TreeNode> AccessibleFoldersAndInstallations(this User user)
@ -81,7 +83,6 @@ public static class UserMethods
public static Boolean IsDescendantOf(this User user, User ancestor) public static Boolean IsDescendantOf(this User user, User ancestor)
{ {
// if (user.Id == ancestor.Id) return true;
return user return user
.Ancestors() .Ancestors()
.Any(u => u.Id == ancestor.Id); .Any(u => u.Id == ancestor.Id);

View File

@ -2,6 +2,11 @@ namespace InnovEnergy.App.Backend.S3;
public static class S3Access public static class S3Access
{ {
// TODO: put these into Json files in /Resources and read them from
// there so they can be changed without recompiling
// they should be read from disk on each use,
// so the backend does not need to be restarted on change
public static S3Cmd ReadOnly { get; } = new S3Cmd public static S3Cmd ReadOnly { get; } = new S3Cmd
( (
key : "EXO44d2979c8e570eae81ead564", key : "EXO44d2979c8e570eae81ead564",

View File

@ -9,7 +9,7 @@ public class S3Cmd
private static readonly Command Python = Cli.Wrap("python3"); private static readonly Command Python = Cli.Wrap("python3");
private const String S3CmdPath = "Resources/s3cmd.py"; private const String S3CmdPath = "Resources/s3cmd.py";
private const String BucketPrefix = "s3://"; private const String S3Prefix = "s3://";
private String[] DefaultArgs { get; } private String[] DefaultArgs { get; }
@ -52,7 +52,7 @@ public class S3Cmd
{ {
var args = DefaultArgs var args = DefaultArgs
.Append(operation) .Append(operation)
.Append(bucketName.EnsureStartsWith(BucketPrefix)) .Append(bucketName.EnsureStartsWith(S3Prefix))
.Concat(optionalArgs); .Concat(optionalArgs);
return Python return Python