RevokeAccessTo => RevokeUserAccessTo, BucketPrefix => S3Prefix

This commit is contained in:
ig 2023-03-19 17:02:18 +01:00
parent ed7c65be2c
commit 0541918beb
5 changed files with 26 additions and 40 deletions

View File

@ -176,23 +176,6 @@ public class Controller
: user.AccessibleFolders();
}
// [Returns<Folder[]>] // assuming swagger knows about arrays but not lists (JSON)
// [Returns(Unauthorized)]
// [HttpGet($"{nameof(GetUsersOfFolder)}/")]
// public Object GetUsersOfFolder(Int64 folderId)
// {
// var caller = GetCaller();
// if (caller == null)
// return new HttpResponseMessage(Unauthorized);
//
// var folder = Db.GetFolderById(folderId);
//
// if (folder is null || !caller.HasAccessTo(folder))
// return new HttpResponseMessage(Unauthorized);
//
// return descendantUsers;
// }
[Returns<TreeNode[]>] // assuming swagger knows about arrays but not lists (JSON)
[Returns(Unauthorized)]
[HttpGet($"{nameof(GetAllFoldersAndInstallations)}/")]
@ -281,7 +264,7 @@ public class Controller
var user = id is not null ? Db.GetUserById(id) : session?.User;
return session.RevokeAccessTo(user, Db.GetInstallationById(installationId))
return session.RevokeUserAccessTo(user, Db.GetInstallationById(installationId))
? _Ok
: _Unauthorized;
}
@ -294,8 +277,7 @@ public class Controller
var session = GetSession();
var user = id is not null ? Db.GetUserById(id) : session?.User;
return session.RevokeAccessTo(user, Db.GetFolderById(folderId))
return session.RevokeUserAccessTo(user, Db.GetFolderById(folderId))
? _Ok
: _Unauthorized;
}

View File

@ -45,15 +45,15 @@ public static class SessionMethods
{
var user = session?.User;
//Note: keep generation of access _after_ generation of object to prevent "zombie" access-rights.
return user is not null
&& installation is not null
&& user.HasWriteAccess
&& user.HasAccessTo(installation.Parent())
&& Db.Create(installation)
&& installation.CreateBucket().Result // TODO: await?
&& Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id });
&& Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id })
&& installation.CreateBucket().Result // TODO: await?
&& installation.RenewS3BucketUrl().Result; // generation of access _after_ generation of
// bucket to prevent "zombie" access-rights.
}
public static Boolean Update(this Session? session, Installation? installation)
@ -77,7 +77,7 @@ public static class SessionMethods
&& installation is not null
&& user.HasWriteAccess
&& user.HasAccessTo(installation)
// && installation.DeleteBucket().Result // TODO: await?
// && installation.DeleteBucket().Result // TODO: await?
&& Db.Delete(installation);
}
@ -98,13 +98,11 @@ public static class SessionMethods
var sessionUser = session?.User;
if (editedUser == null || sessionUser == null) return false;
//Password change is only allowed for oneself
if ( editedUser.Id != sessionUser.Id) editedUser.Password = sessionUser.Password;
else
{
editedUser.Password = sessionUser.SaltAndHashPassword(editedUser.Password);
}
// TODO: make specific method for changing user account settings like pwd
// Password change is only allowed for oneself
editedUser.Password = editedUser.Id != sessionUser.Id
? sessionUser.Password
: sessionUser.SaltAndHashPassword(editedUser.Password);
return sessionUser.HasWriteAccess
&& sessionUser.HasAccessTo(editedUser)
@ -150,7 +148,7 @@ public static class SessionMethods
&& Db.Create(new FolderAccess { UserId = user.Id, FolderId = folder.Id });
}
public static Boolean RevokeAccessTo(this Session? session, User? user, Installation? installation)
public static Boolean RevokeUserAccessTo(this Session? session, User? user, Installation? installation)
{
var sessionUser = session?.User;
@ -163,7 +161,7 @@ public static class SessionMethods
&& Db.InstallationAccess.Delete(a => a.UserId == user.Id && a.InstallationId == installation.Id) > 0;
}
public static Boolean RevokeAccessTo(this Session? session, User? user, Folder? folder)
public static Boolean RevokeUserAccessTo(this Session? session, User? user, Folder? folder)
{
var sessionUser = session?.User;

View File

@ -32,7 +32,9 @@ public static class UserMethods
// Distinct because the user might have direct access
// to a child folder of a folder he has already access to
// ---TODO shouldn't we prevent doubling permissions? -K"
// TODO shouldn't we prevent doubling permissions? -K"
// TODO yes we should -ig (still TODO)
// however we should leave the distinct, defensive programming...
}
public static IEnumerable<TreeNode> AccessibleFoldersAndInstallations(this User user)
@ -81,7 +83,6 @@ public static class UserMethods
public static Boolean IsDescendantOf(this User user, User ancestor)
{
// if (user.Id == ancestor.Id) return true;
return user
.Ancestors()
.Any(u => u.Id == ancestor.Id);

View File

@ -2,6 +2,11 @@ namespace InnovEnergy.App.Backend.S3;
public static class S3Access
{
// TODO: put these into Json files in /Resources and read them from
// there so they can be changed without recompiling
// they should be read from disk on each use,
// so the backend does not need to be restarted on change
public static S3Cmd ReadOnly { get; } = new S3Cmd
(
key : "EXO44d2979c8e570eae81ead564",

View File

@ -9,7 +9,7 @@ public class S3Cmd
private static readonly Command Python = Cli.Wrap("python3");
private const String S3CmdPath = "Resources/s3cmd.py";
private const String BucketPrefix = "s3://";
private const String S3Prefix = "s3://";
private String[] DefaultArgs { get; }
@ -52,7 +52,7 @@ public class S3Cmd
{
var args = DefaultArgs
.Append(operation)
.Append(bucketName.EnsureStartsWith(BucketPrefix))
.Append(bucketName.EnsureStartsWith(S3Prefix))
.Concat(optionalArgs);
return Python