RevokeAccessTo => RevokeUserAccessTo, BucketPrefix => S3Prefix
This commit is contained in:
parent
ed7c65be2c
commit
0541918beb
|
@ -176,23 +176,6 @@ public class Controller
|
|||
: user.AccessibleFolders();
|
||||
}
|
||||
|
||||
// [Returns<Folder[]>] // assuming swagger knows about arrays but not lists (JSON)
|
||||
// [Returns(Unauthorized)]
|
||||
// [HttpGet($"{nameof(GetUsersOfFolder)}/")]
|
||||
// public Object GetUsersOfFolder(Int64 folderId)
|
||||
// {
|
||||
// var caller = GetCaller();
|
||||
// if (caller == null)
|
||||
// return new HttpResponseMessage(Unauthorized);
|
||||
//
|
||||
// var folder = Db.GetFolderById(folderId);
|
||||
//
|
||||
// if (folder is null || !caller.HasAccessTo(folder))
|
||||
// return new HttpResponseMessage(Unauthorized);
|
||||
//
|
||||
// return descendantUsers;
|
||||
// }
|
||||
|
||||
[Returns<TreeNode[]>] // assuming swagger knows about arrays but not lists (JSON)
|
||||
[Returns(Unauthorized)]
|
||||
[HttpGet($"{nameof(GetAllFoldersAndInstallations)}/")]
|
||||
|
@ -281,7 +264,7 @@ public class Controller
|
|||
var user = id is not null ? Db.GetUserById(id) : session?.User;
|
||||
|
||||
|
||||
return session.RevokeAccessTo(user, Db.GetInstallationById(installationId))
|
||||
return session.RevokeUserAccessTo(user, Db.GetInstallationById(installationId))
|
||||
? _Ok
|
||||
: _Unauthorized;
|
||||
}
|
||||
|
@ -294,8 +277,7 @@ public class Controller
|
|||
var session = GetSession();
|
||||
var user = id is not null ? Db.GetUserById(id) : session?.User;
|
||||
|
||||
|
||||
return session.RevokeAccessTo(user, Db.GetFolderById(folderId))
|
||||
return session.RevokeUserAccessTo(user, Db.GetFolderById(folderId))
|
||||
? _Ok
|
||||
: _Unauthorized;
|
||||
}
|
||||
|
|
|
@ -45,15 +45,15 @@ public static class SessionMethods
|
|||
{
|
||||
var user = session?.User;
|
||||
|
||||
//Note: keep generation of access _after_ generation of object to prevent "zombie" access-rights.
|
||||
|
||||
return user is not null
|
||||
&& installation is not null
|
||||
&& user.HasWriteAccess
|
||||
&& user.HasAccessTo(installation.Parent())
|
||||
&& Db.Create(installation)
|
||||
&& Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id })
|
||||
&& installation.CreateBucket().Result // TODO: await?
|
||||
&& Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id });
|
||||
&& installation.RenewS3BucketUrl().Result; // generation of access _after_ generation of
|
||||
// bucket to prevent "zombie" access-rights.
|
||||
}
|
||||
|
||||
public static Boolean Update(this Session? session, Installation? installation)
|
||||
|
@ -77,7 +77,7 @@ public static class SessionMethods
|
|||
&& installation is not null
|
||||
&& user.HasWriteAccess
|
||||
&& user.HasAccessTo(installation)
|
||||
// && installation.DeleteBucket().Result // TODO: await?
|
||||
// && installation.DeleteBucket().Result // TODO: await?
|
||||
&& Db.Delete(installation);
|
||||
}
|
||||
|
||||
|
@ -98,13 +98,11 @@ public static class SessionMethods
|
|||
var sessionUser = session?.User;
|
||||
if (editedUser == null || sessionUser == null) return false;
|
||||
|
||||
|
||||
//Password change is only allowed for oneself
|
||||
if ( editedUser.Id != sessionUser.Id) editedUser.Password = sessionUser.Password;
|
||||
else
|
||||
{
|
||||
editedUser.Password = sessionUser.SaltAndHashPassword(editedUser.Password);
|
||||
}
|
||||
// TODO: make specific method for changing user account settings like pwd
|
||||
// Password change is only allowed for oneself
|
||||
editedUser.Password = editedUser.Id != sessionUser.Id
|
||||
? sessionUser.Password
|
||||
: sessionUser.SaltAndHashPassword(editedUser.Password);
|
||||
|
||||
return sessionUser.HasWriteAccess
|
||||
&& sessionUser.HasAccessTo(editedUser)
|
||||
|
@ -150,7 +148,7 @@ public static class SessionMethods
|
|||
&& Db.Create(new FolderAccess { UserId = user.Id, FolderId = folder.Id });
|
||||
}
|
||||
|
||||
public static Boolean RevokeAccessTo(this Session? session, User? user, Installation? installation)
|
||||
public static Boolean RevokeUserAccessTo(this Session? session, User? user, Installation? installation)
|
||||
{
|
||||
var sessionUser = session?.User;
|
||||
|
||||
|
@ -163,7 +161,7 @@ public static class SessionMethods
|
|||
&& Db.InstallationAccess.Delete(a => a.UserId == user.Id && a.InstallationId == installation.Id) > 0;
|
||||
}
|
||||
|
||||
public static Boolean RevokeAccessTo(this Session? session, User? user, Folder? folder)
|
||||
public static Boolean RevokeUserAccessTo(this Session? session, User? user, Folder? folder)
|
||||
{
|
||||
var sessionUser = session?.User;
|
||||
|
||||
|
|
|
@ -32,7 +32,9 @@ public static class UserMethods
|
|||
|
||||
// Distinct because the user might have direct access
|
||||
// to a child folder of a folder he has already access to
|
||||
// ---TODO shouldn't we prevent doubling permissions? -K"
|
||||
// TODO shouldn't we prevent doubling permissions? -K"
|
||||
// TODO yes we should -ig (still TODO)
|
||||
// however we should leave the distinct, defensive programming...
|
||||
}
|
||||
|
||||
public static IEnumerable<TreeNode> AccessibleFoldersAndInstallations(this User user)
|
||||
|
@ -81,7 +83,6 @@ public static class UserMethods
|
|||
|
||||
public static Boolean IsDescendantOf(this User user, User ancestor)
|
||||
{
|
||||
// if (user.Id == ancestor.Id) return true;
|
||||
return user
|
||||
.Ancestors()
|
||||
.Any(u => u.Id == ancestor.Id);
|
||||
|
|
|
@ -2,6 +2,11 @@ namespace InnovEnergy.App.Backend.S3;
|
|||
|
||||
public static class S3Access
|
||||
{
|
||||
// TODO: put these into Json files in /Resources and read them from
|
||||
// there so they can be changed without recompiling
|
||||
// they should be read from disk on each use,
|
||||
// so the backend does not need to be restarted on change
|
||||
|
||||
public static S3Cmd ReadOnly { get; } = new S3Cmd
|
||||
(
|
||||
key : "EXO44d2979c8e570eae81ead564",
|
||||
|
|
|
@ -9,7 +9,7 @@ public class S3Cmd
|
|||
private static readonly Command Python = Cli.Wrap("python3");
|
||||
|
||||
private const String S3CmdPath = "Resources/s3cmd.py";
|
||||
private const String BucketPrefix = "s3://";
|
||||
private const String S3Prefix = "s3://";
|
||||
|
||||
private String[] DefaultArgs { get; }
|
||||
|
||||
|
@ -52,7 +52,7 @@ public class S3Cmd
|
|||
{
|
||||
var args = DefaultArgs
|
||||
.Append(operation)
|
||||
.Append(bucketName.EnsureStartsWith(BucketPrefix))
|
||||
.Append(bucketName.EnsureStartsWith(S3Prefix))
|
||||
.Concat(optionalArgs);
|
||||
|
||||
return Python
|
||||
|
|
Loading…
Reference in New Issue