diff --git a/csharp/App/Backend/Controllers/Controller.cs b/csharp/App/Backend/Controllers/Controller.cs index 2cb2ba46f..d6db3ec68 100644 --- a/csharp/App/Backend/Controllers/Controller.cs +++ b/csharp/App/Backend/Controllers/Controller.cs @@ -46,58 +46,58 @@ public class Controller } - // [Returns] - // [Returns(HttpStatusCode.Unauthorized)] - // [HttpGet($"{nameof(GetUserById)}")] - // public Object GetUserById(Int64 id) - // { - // var caller = GetCaller(); - // if (caller is null) - // return new HttpResponseMessage(HttpStatusCode.Unauthorized); - // - // var user = Db.GetUserById(id); - // - // if (user is null || !caller.HasAccessTo(user)) - // return new HttpResponseMessage(HttpStatusCode.Unauthorized); - // - // return user; - // } - - // - // [Returns] - // [Returns(HttpStatusCode.Unauthorized)] - // [HttpGet($"{nameof(GetInstallationById)}")] - // public Object GetInstallationById(Int64 id) - // { - // var caller = GetCaller(); - // if (caller == null) - // return new HttpResponseMessage(HttpStatusCode.Unauthorized); - // - // var installation = Db.GetInstallationById(id); - // - // if (installation is null || !caller.HasAccessTo(installation)) - // return new HttpResponseMessage(HttpStatusCode.Unauthorized); - // - // return installation; - // } + [Returns] + [Returns(Unauthorized)] + [HttpGet($"{nameof(GetUserById)}")] + public Object GetUserById(Int64 id) + { + var caller = GetSession()?.User; + if (caller == null) + return _Unauthorized; + + var user = Db.GetUserById(id); + + if (user is null || !caller.HasAccessTo(user)) + return _Unauthorized; + + return user; + } - // [Returns] - // [Returns(HttpStatusCode.Unauthorized)] - // [HttpGet($"{nameof(GetFolderById)}")] - // public Object GetFolderById(Int64 id) - // { - // var caller = GetCaller(); - // if (caller == null) - // return new HttpResponseMessage(HttpStatusCode.Unauthorized); - // - // var folder = Db.GetFolderById(id); - // - // if (folder is null || !caller.HasAccessTo(folder)) - // return new HttpResponseMessage(HttpStatusCode.Unauthorized); - // - // return folder; - // } + [Returns] + [Returns(Unauthorized)] + [HttpGet($"{nameof(GetInstallationById)}")] + public Object GetInstallationById(Int64 id) + { + var user = GetSession()?.User; + if (user == null) + return _Unauthorized; + + var installation = Db.GetInstallationById(id); + + if (installation is null || !user.HasAccessTo(installation)) + return _Unauthorized; + + return installation; + } + + + [Returns] + [Returns(Unauthorized)] + [HttpGet($"{nameof(GetFolderById)}")] + public Object GetFolderById(Int64 id) + { + var user = GetSession()?.User; + if (user == null) + return _Unauthorized; + + var folder = Db.GetFolderById(id); + + if (folder is null || !user.HasAccessTo(folder)) + return _Unauthorized; + + return folder; + } [Returns] // assuming swagger knows about arrays but not lists (JSON) diff --git a/csharp/App/Backend/DataTypes/Methods/Installation.cs b/csharp/App/Backend/DataTypes/Methods/Installation.cs index 6d50415fc..f3488b08d 100644 --- a/csharp/App/Backend/DataTypes/Methods/Installation.cs +++ b/csharp/App/Backend/DataTypes/Methods/Installation.cs @@ -16,10 +16,11 @@ public static class InstallationMethods { //secret 55MAqyO_FqUmh7O64VIO0egq50ERn_WIAWuc2QC44QU const String apiKey = "EXO44d2979c8e570eae81ead564"; + const String salt = "3e5b3069-214a-43ee-8d85-57d72000c19d"; var cmd = Cli .Wrap("s3cmd") - .WithArguments(new[] { "signurl",$"s3://{installation.Name.Replace(" ", "-")}", validity.TotalSeconds.ToString(), "--access_key", apiKey}); + .WithArguments(new[] { "signurl",$"s3://{installation.Id}-{salt}", validity.TotalSeconds.ToString(), "--access_key", apiKey}); var x = await cmd.ExecuteBufferedAsync(); installation.S3Url = x.StandardOutput.Replace("\n", "").Replace(" ", ""); diff --git a/csharp/App/Backend/DataTypes/Methods/User.cs b/csharp/App/Backend/DataTypes/Methods/User.cs index e0b47f0a6..1de1086b9 100644 --- a/csharp/App/Backend/DataTypes/Methods/User.cs +++ b/csharp/App/Backend/DataTypes/Methods/User.cs @@ -45,7 +45,7 @@ public static class UserMethods public static IEnumerable DirectlyAccessibleInstallations(this User user) { return Db - .User2Installation + .InstallationAccess .Where(r => r.UserId == user.Id) .Select(r => r.InstallationId) .Select(Db.GetInstallationById) @@ -56,7 +56,7 @@ public static class UserMethods public static IEnumerable DirectlyAccessibleFolders(this User user) { return Db - .User2Folder + .FolderAccess .Where(r => r.UserId == user.Id) .Select(r => r.FolderId) .Select(Db.GetFolderById) @@ -125,7 +125,7 @@ public static class UserMethods public static Boolean HasDirectAccessTo(this User user, Folder folder) { return Db - .User2Folder + .FolderAccess .Any(r => r.FolderId == folder.Id && r.UserId == user.Id); } @@ -143,7 +143,7 @@ public static class UserMethods public static Boolean HasDirectAccessTo(this User user, Installation installation) { return Db - .User2Installation + .InstallationAccess .Any(r => r.UserId == user.Id && r.InstallationId == installation.Id); } diff --git a/csharp/App/Backend/Database/Db.cs b/csharp/App/Backend/Database/Db.cs index b8100663e..f7eaafd7f 100644 --- a/csharp/App/Backend/Database/Db.cs +++ b/csharp/App/Backend/Database/Db.cs @@ -20,8 +20,8 @@ public static partial class Db public static TableQuery Folders => Connection.Table(); public static TableQuery Installations => Connection.Table(); public static TableQuery Users => Connection.Table(); - public static TableQuery User2Folder => Connection.Table(); - public static TableQuery User2Installation => Connection.Table(); + public static TableQuery FolderAccess => Connection.Table(); + public static TableQuery InstallationAccess => Connection.Table(); static Db() diff --git a/csharp/App/Backend/Database/Delete.cs b/csharp/App/Backend/Database/Delete.cs index 0e495afde..200b63855 100644 --- a/csharp/App/Backend/Database/Delete.cs +++ b/csharp/App/Backend/Database/Delete.cs @@ -21,7 +21,7 @@ public static partial class Db Boolean DeleteDescendantFolderAndItsDependencies(Folder f) { - User2Folder .Delete(r => r.FolderId == f.Id); + FolderAccess .Delete(r => r.FolderId == f.Id); Installations.Delete(r => r.ParentId == f.Id); return Folders.Delete(r => r.Id == f.Id) > 0; @@ -34,7 +34,7 @@ public static partial class Db Boolean DeleteInstallationAndItsDependencies() { - User2Installation.Delete(i => i.InstallationId == installation.Id); + InstallationAccess.Delete(i => i.InstallationId == installation.Id); return Installations.Delete(i => i.Id == installation.Id) > 0; } } @@ -45,8 +45,8 @@ public static partial class Db Boolean DeleteUserAndHisDependencies() { - User2Folder .Delete(u => u.UserId == user.Id); - User2Installation.Delete(u => u.UserId == user.Id); + FolderAccess .Delete(u => u.UserId == user.Id); + InstallationAccess.Delete(u => u.UserId == user.Id); return Users.Delete(u => u.Id == user.Id) > 0; } diff --git a/csharp/App/Backend/Database/Fake.cs b/csharp/App/Backend/Database/Fake.cs index ce00e87a4..af7a4e7ee 100644 --- a/csharp/App/Backend/Database/Fake.cs +++ b/csharp/App/Backend/Database/Fake.cs @@ -61,7 +61,7 @@ public static partial class Db private static void GiveFakeUsersAccessToFolders() { - foreach (var uf in User2Folder) // remove existing relations + foreach (var uf in FolderAccess) // remove existing relations Connection.Delete(uf); var nFolders = Folders.Count(); @@ -81,7 +81,7 @@ public static partial class Db private static void GiveFakeUsersAccessToInstallations() { - foreach (var ui in User2Installation) // remove existing relations + foreach (var ui in InstallationAccess) // remove existing relations Connection.Delete(ui); var nbInstallations = Installations.Count(); diff --git a/csharp/App/Backend/db.sqlite b/csharp/App/Backend/db.sqlite index f0db31089..f209c9536 100644 Binary files a/csharp/App/Backend/db.sqlite and b/csharp/App/Backend/db.sqlite differ