public async Task <IEnumerable <Reply> > GetReplies(int artifactId, int discussionId, int?subArtifactId = null)
        {
            ValidateRequestParameters(artifactId, subArtifactId);

            if (discussionId < 1)
            {
                throw new BadRequestException(I18NHelper.FormatInvariant("Parameter: {0} is out of the range of valid values", nameof(discussionId)));
            }

            var userId = Session.UserId;

            var itemId     = subArtifactId.HasValue ? subArtifactId.Value : artifactId;
            var revisionId = int.MaxValue;
            var isDeleted  = await _artifactVersionsRepository.IsItemDeleted(itemId);

            var itemInfo = isDeleted ?
                           await _artifactVersionsRepository.GetDeletedItemInfo(itemId) :
                           await _artifactPermissionsRepository.GetItemInfo(itemId, userId, false);

            if (itemInfo == null || await _discussionsRepository.IsDiscussionDeleted(discussionId))
            {
                throw new ResourceNotFoundException();
            }

            if (subArtifactId.HasValue && itemInfo.ArtifactId != artifactId)
            {
                throw new BadRequestException("Please provide a proper subartifact Id");
            }

            if (isDeleted)
            {
                revisionId = ((DeletedItemInfo)itemInfo).VersionId;
            }

            var permissions = await _artifactPermissionsRepository.GetArtifactPermissions(new[] { artifactId }, Session.UserId, false, revisionId);

            if (permissions.IsEmpty())
            {
                permissions = await _artifactPermissionsRepository.GetArtifactPermissionDirectly(itemId, Session.UserId, itemInfo.ProjectId);
            }
            var projectPermissions = await _artifactPermissionsRepository.GetProjectPermissions(itemInfo.ProjectId);

            RolePermissions permission = RolePermissions.None;

            if (!permissions.TryGetValue(artifactId, out permission) || !permission.HasFlag(RolePermissions.Read))
            {
                throw new AuthorizationException("You do not have permission to access the artifact");
            }
            var result = await _discussionsRepository.GetReplies(discussionId, itemInfo.ProjectId);

            foreach (var reply in result)
            {
                reply.CanDelete = !projectPermissions.HasFlag(ProjectPermissions.CommentsDeletionDisabled) && permissions.TryGetValue(artifactId, out permission) &&
                                  (permission.HasFlag(RolePermissions.DeleteAnyComment) || (permission.HasFlag(RolePermissions.Comment) && reply.UserId == userId));
                reply.CanEdit = !projectPermissions.HasFlag(ProjectPermissions.CommentsModificationDisabled) &&
                                permissions.TryGetValue(artifactId, out permission) && (permission.HasFlag(RolePermissions.Comment) && reply.UserId == userId);
            }

            return(result);
        }
Beispiel #2
0
        /// <summary>
        /// Returns the octal string respentation of this RolePermissions.
        /// </summary>
        /// <returns>String.</returns>
        public static string ToSymbolicRolePermissions(this RolePermissions rolePermissions)
        {
            StringBuilder stringBuilder = new StringBuilder();

            stringBuilder.Append(rolePermissions.HasFlag(RolePermissions.Read) ? "r" : "-");
            stringBuilder.Append(rolePermissions.HasFlag(RolePermissions.Write) ? "w" : "-");
            stringBuilder.Append(rolePermissions.HasFlag(RolePermissions.Execute) ? "x" : "-");

            return(stringBuilder.ToString());
        }
Beispiel #3
0
        /// <summary>
        /// Returns the octal string representation of this RolePermissions.
        /// </summary>
        /// <returns>String.</returns>
        public static string ToOctalRolePermissions(this RolePermissions rolePermissions)
        {
            int result = 0;

            if (rolePermissions.HasFlag(RolePermissions.Read))
            {
                result |= 4;
            }

            if (rolePermissions.HasFlag(RolePermissions.Write))
            {
                result |= 2;
            }

            if (rolePermissions.HasFlag(RolePermissions.Execute))
            {
                result |= 1;
            }

            return(result.ToString(CultureInfo.InvariantCulture));
        }
Beispiel #4
0
        public async Task <ArtifactHistoryResultSet> GetArtifactHistory(int artifactId, int limit = DEFAULT_LIMIT, int offset = DEFAULT_OFFSET, int?userId = null, bool asc = false, bool includeDrafts = true)
        {
            var sessionUserId = Session.UserId;

            if (limit < MIN_LIMIT || offset < 0 || userId < 1)
            {
                throw new HttpResponseException(HttpStatusCode.BadRequest);
            }
            if (limit > MAX_LIMIT)
            {
                limit = MAX_LIMIT;
            }

            var revisionId = int.MaxValue;
            var isDeleted  = await ArtifactVersionsRepository.IsItemDeleted(artifactId);

            if (isDeleted)
            {
                var deletedInfo = await ArtifactVersionsRepository.GetDeletedItemInfo(artifactId);

                revisionId = deletedInfo.VersionId;
            }

            var artifactIds = new[] { artifactId };
            var permissions = await ArtifactPermissionsRepository.GetArtifactPermissions(artifactIds, sessionUserId, false, revisionId);

            RolePermissions permission = RolePermissions.None;

            if (!permissions.TryGetValue(artifactId, out permission) || !permission.HasFlag(RolePermissions.Read))
            {
                throw new HttpResponseException(HttpStatusCode.Forbidden);
            }

            var result = await ArtifactVersionsRepository.GetArtifactVersions(artifactId, limit, offset, userId, asc, sessionUserId, includeDrafts);

            return(result);
        }
        public async Task <DiscussionResultSet> GetDiscussions(int artifactId, int?subArtifactId = null)
        {
            ValidateRequestParameters(artifactId, subArtifactId);
            var userId = Session.UserId;

            var itemId     = subArtifactId.HasValue ? subArtifactId.Value : artifactId;
            var revisionId = int.MaxValue;
            var isDeleted  = await _artifactVersionsRepository.IsItemDeleted(itemId);

            var itemInfo = isDeleted ?
                           await _artifactVersionsRepository.GetDeletedItemInfo(itemId) :
                           await _artifactPermissionsRepository.GetItemInfo(itemId, userId, false);

            if (itemInfo == null)
            {
                throw new ResourceNotFoundException("You have attempted to access an item that does not exist or you do not have permission to view.",
                                                    subArtifactId.HasValue ? ErrorCodes.SubartifactNotFound : ErrorCodes.ArtifactNotFound);
            }
            if (subArtifactId.HasValue && itemInfo.ArtifactId != artifactId)
            {
                throw new BadRequestException("Please provide a proper subartifact Id");
            }
            if (isDeleted)
            {
                revisionId = ((DeletedItemInfo)itemInfo).VersionId;
            }

            var permissions = await _artifactPermissionsRepository.GetArtifactPermissions(new[] { artifactId }, userId, false, revisionId);

            var projectPermissions = await _artifactPermissionsRepository.GetProjectPermissions(itemInfo.ProjectId);

            RolePermissions permission = RolePermissions.None;

            if (!permissions.TryGetValue(artifactId, out permission) || !permission.HasFlag(RolePermissions.Read))
            {
                throw new AuthorizationException("You do not have permission to access the artifact");
            }

            var discussions = await _discussionsRepository.GetDiscussions(itemId, itemInfo.ProjectId);

            foreach (var discussion in discussions)
            {
                discussion.CanDelete = !projectPermissions.HasFlag(ProjectPermissions.CommentsDeletionDisabled) &&
                                       permissions.TryGetValue(artifactId, out permission) &&
                                       (permission.HasFlag(RolePermissions.DeleteAnyComment) || (permission.HasFlag(RolePermissions.Comment) && discussion.UserId == userId));
                discussion.CanEdit = !projectPermissions.HasFlag(ProjectPermissions.CommentsModificationDisabled) &&
                                     permissions.TryGetValue(artifactId, out permission) && (permission.HasFlag(RolePermissions.Comment) && discussion.UserId == userId);
            }

            var availableStatuses = await _discussionsRepository.GetThreadStatusCollection(itemInfo.ProjectId);

            var result = new DiscussionResultSet
            {
                CanDelete = !projectPermissions.HasFlag(ProjectPermissions.CommentsDeletionDisabled) &&
                            permission.HasFlag(RolePermissions.DeleteAnyComment) && revisionId == int.MaxValue,
                CanCreate               = permission.HasFlag(RolePermissions.Comment) && revisionId == int.MaxValue,
                Discussions             = discussions,
                EmailDiscussionsEnabled = await _discussionsRepository.AreEmailDiscussionsEnabled(itemInfo.ProjectId),
                ThreadStatuses          = availableStatuses
            };

            return(result);
        }