RevokeAccessTo => RevokeUserAccessTo, BucketPrefix => S3Prefix
This commit is contained in:
parent
ed7c65be2c
commit
0541918beb
|
@ -176,23 +176,6 @@ public class Controller
|
||||||
: user.AccessibleFolders();
|
: user.AccessibleFolders();
|
||||||
}
|
}
|
||||||
|
|
||||||
// [Returns<Folder[]>] // assuming swagger knows about arrays but not lists (JSON)
|
|
||||||
// [Returns(Unauthorized)]
|
|
||||||
// [HttpGet($"{nameof(GetUsersOfFolder)}/")]
|
|
||||||
// public Object GetUsersOfFolder(Int64 folderId)
|
|
||||||
// {
|
|
||||||
// var caller = GetCaller();
|
|
||||||
// if (caller == null)
|
|
||||||
// return new HttpResponseMessage(Unauthorized);
|
|
||||||
//
|
|
||||||
// var folder = Db.GetFolderById(folderId);
|
|
||||||
//
|
|
||||||
// if (folder is null || !caller.HasAccessTo(folder))
|
|
||||||
// return new HttpResponseMessage(Unauthorized);
|
|
||||||
//
|
|
||||||
// return descendantUsers;
|
|
||||||
// }
|
|
||||||
|
|
||||||
[Returns<TreeNode[]>] // assuming swagger knows about arrays but not lists (JSON)
|
[Returns<TreeNode[]>] // assuming swagger knows about arrays but not lists (JSON)
|
||||||
[Returns(Unauthorized)]
|
[Returns(Unauthorized)]
|
||||||
[HttpGet($"{nameof(GetAllFoldersAndInstallations)}/")]
|
[HttpGet($"{nameof(GetAllFoldersAndInstallations)}/")]
|
||||||
|
@ -281,7 +264,7 @@ public class Controller
|
||||||
var user = id is not null ? Db.GetUserById(id) : session?.User;
|
var user = id is not null ? Db.GetUserById(id) : session?.User;
|
||||||
|
|
||||||
|
|
||||||
return session.RevokeAccessTo(user, Db.GetInstallationById(installationId))
|
return session.RevokeUserAccessTo(user, Db.GetInstallationById(installationId))
|
||||||
? _Ok
|
? _Ok
|
||||||
: _Unauthorized;
|
: _Unauthorized;
|
||||||
}
|
}
|
||||||
|
@ -294,8 +277,7 @@ public class Controller
|
||||||
var session = GetSession();
|
var session = GetSession();
|
||||||
var user = id is not null ? Db.GetUserById(id) : session?.User;
|
var user = id is not null ? Db.GetUserById(id) : session?.User;
|
||||||
|
|
||||||
|
return session.RevokeUserAccessTo(user, Db.GetFolderById(folderId))
|
||||||
return session.RevokeAccessTo(user, Db.GetFolderById(folderId))
|
|
||||||
? _Ok
|
? _Ok
|
||||||
: _Unauthorized;
|
: _Unauthorized;
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,15 +45,15 @@ public static class SessionMethods
|
||||||
{
|
{
|
||||||
var user = session?.User;
|
var user = session?.User;
|
||||||
|
|
||||||
//Note: keep generation of access _after_ generation of object to prevent "zombie" access-rights.
|
|
||||||
|
|
||||||
return user is not null
|
return user is not null
|
||||||
&& installation is not null
|
&& installation is not null
|
||||||
&& user.HasWriteAccess
|
&& user.HasWriteAccess
|
||||||
&& user.HasAccessTo(installation.Parent())
|
&& user.HasAccessTo(installation.Parent())
|
||||||
&& Db.Create(installation)
|
&& Db.Create(installation)
|
||||||
|
&& Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id })
|
||||||
&& installation.CreateBucket().Result // TODO: await?
|
&& installation.CreateBucket().Result // TODO: await?
|
||||||
&& Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id });
|
&& installation.RenewS3BucketUrl().Result; // generation of access _after_ generation of
|
||||||
|
// bucket to prevent "zombie" access-rights.
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Boolean Update(this Session? session, Installation? installation)
|
public static Boolean Update(this Session? session, Installation? installation)
|
||||||
|
@ -98,13 +98,11 @@ public static class SessionMethods
|
||||||
var sessionUser = session?.User;
|
var sessionUser = session?.User;
|
||||||
if (editedUser == null || sessionUser == null) return false;
|
if (editedUser == null || sessionUser == null) return false;
|
||||||
|
|
||||||
|
// TODO: make specific method for changing user account settings like pwd
|
||||||
// Password change is only allowed for oneself
|
// Password change is only allowed for oneself
|
||||||
if ( editedUser.Id != sessionUser.Id) editedUser.Password = sessionUser.Password;
|
editedUser.Password = editedUser.Id != sessionUser.Id
|
||||||
else
|
? sessionUser.Password
|
||||||
{
|
: sessionUser.SaltAndHashPassword(editedUser.Password);
|
||||||
editedUser.Password = sessionUser.SaltAndHashPassword(editedUser.Password);
|
|
||||||
}
|
|
||||||
|
|
||||||
return sessionUser.HasWriteAccess
|
return sessionUser.HasWriteAccess
|
||||||
&& sessionUser.HasAccessTo(editedUser)
|
&& sessionUser.HasAccessTo(editedUser)
|
||||||
|
@ -150,7 +148,7 @@ public static class SessionMethods
|
||||||
&& Db.Create(new FolderAccess { UserId = user.Id, FolderId = folder.Id });
|
&& Db.Create(new FolderAccess { UserId = user.Id, FolderId = folder.Id });
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Boolean RevokeAccessTo(this Session? session, User? user, Installation? installation)
|
public static Boolean RevokeUserAccessTo(this Session? session, User? user, Installation? installation)
|
||||||
{
|
{
|
||||||
var sessionUser = session?.User;
|
var sessionUser = session?.User;
|
||||||
|
|
||||||
|
@ -163,7 +161,7 @@ public static class SessionMethods
|
||||||
&& Db.InstallationAccess.Delete(a => a.UserId == user.Id && a.InstallationId == installation.Id) > 0;
|
&& Db.InstallationAccess.Delete(a => a.UserId == user.Id && a.InstallationId == installation.Id) > 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Boolean RevokeAccessTo(this Session? session, User? user, Folder? folder)
|
public static Boolean RevokeUserAccessTo(this Session? session, User? user, Folder? folder)
|
||||||
{
|
{
|
||||||
var sessionUser = session?.User;
|
var sessionUser = session?.User;
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,9 @@ public static class UserMethods
|
||||||
|
|
||||||
// Distinct because the user might have direct access
|
// Distinct because the user might have direct access
|
||||||
// to a child folder of a folder he has already access to
|
// to a child folder of a folder he has already access to
|
||||||
// ---TODO shouldn't we prevent doubling permissions? -K"
|
// TODO shouldn't we prevent doubling permissions? -K"
|
||||||
|
// TODO yes we should -ig (still TODO)
|
||||||
|
// however we should leave the distinct, defensive programming...
|
||||||
}
|
}
|
||||||
|
|
||||||
public static IEnumerable<TreeNode> AccessibleFoldersAndInstallations(this User user)
|
public static IEnumerable<TreeNode> AccessibleFoldersAndInstallations(this User user)
|
||||||
|
@ -81,7 +83,6 @@ public static class UserMethods
|
||||||
|
|
||||||
public static Boolean IsDescendantOf(this User user, User ancestor)
|
public static Boolean IsDescendantOf(this User user, User ancestor)
|
||||||
{
|
{
|
||||||
// if (user.Id == ancestor.Id) return true;
|
|
||||||
return user
|
return user
|
||||||
.Ancestors()
|
.Ancestors()
|
||||||
.Any(u => u.Id == ancestor.Id);
|
.Any(u => u.Id == ancestor.Id);
|
||||||
|
|
|
@ -2,6 +2,11 @@ namespace InnovEnergy.App.Backend.S3;
|
||||||
|
|
||||||
public static class S3Access
|
public static class S3Access
|
||||||
{
|
{
|
||||||
|
// TODO: put these into Json files in /Resources and read them from
|
||||||
|
// there so they can be changed without recompiling
|
||||||
|
// they should be read from disk on each use,
|
||||||
|
// so the backend does not need to be restarted on change
|
||||||
|
|
||||||
public static S3Cmd ReadOnly { get; } = new S3Cmd
|
public static S3Cmd ReadOnly { get; } = new S3Cmd
|
||||||
(
|
(
|
||||||
key : "EXO44d2979c8e570eae81ead564",
|
key : "EXO44d2979c8e570eae81ead564",
|
||||||
|
|
|
@ -9,7 +9,7 @@ public class S3Cmd
|
||||||
private static readonly Command Python = Cli.Wrap("python3");
|
private static readonly Command Python = Cli.Wrap("python3");
|
||||||
|
|
||||||
private const String S3CmdPath = "Resources/s3cmd.py";
|
private const String S3CmdPath = "Resources/s3cmd.py";
|
||||||
private const String BucketPrefix = "s3://";
|
private const String S3Prefix = "s3://";
|
||||||
|
|
||||||
private String[] DefaultArgs { get; }
|
private String[] DefaultArgs { get; }
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ public class S3Cmd
|
||||||
{
|
{
|
||||||
var args = DefaultArgs
|
var args = DefaultArgs
|
||||||
.Append(operation)
|
.Append(operation)
|
||||||
.Append(bucketName.EnsureStartsWith(BucketPrefix))
|
.Append(bucketName.EnsureStartsWith(S3Prefix))
|
||||||
.Concat(optionalArgs);
|
.Concat(optionalArgs);
|
||||||
|
|
||||||
return Python
|
return Python
|
||||||
|
|
Loading…
Reference in New Issue