public async Task <IActionResult> GetUser(int userId) { User currentUser = await HttpContext.GetContextUser(userService) .ConfigureAwait(false); bool isAllowed = await authorizationHelper.UserIsAllowed(currentUser, nameof(Defaults.Scopes.UserRead), nameof(Defaults.Scopes.InstitutionUserRead), userId); if (!isAllowed) { return(Forbid()); } if (userId < 0) { ProblemDetails problem = new ProblemDetails { Title = "Failed getting the user account.", Detail = "The user id is less then zero and therefore cannot exist in the database.", Instance = "EAF7FEA1-47E9-4CF8-8415-4D3BC843FB71" }; return(BadRequest(problem)); } User user = await userService.FindAsync(userId); if (user == null) { ProblemDetails problem = new ProblemDetails { Title = "Failed getting the user account.", Detail = "The user could not be found in the database.", Instance = "140B718F-9ECD-4F68-B441-F85C1DC7DC32" }; return(NotFound(problem)); } return(Ok(mapper.Map <User, UserResourceResult>(user))); }
public async Task <IActionResult> DeleteEmbeddedProject(string guid) { EmbeddedProject embeddedProject = await embedService.FindAsync(new Guid(guid)); if (embeddedProject == null) { ProblemDetails problem = new ProblemDetails { Title = "Embedded project not found.", Detail = "There was no embedded project found with this GUID.", Instance = "35730158-1DED-4767-9C70-253C7A975715" }; return(NotFound(problem)); } string identity = HttpContext.User.GetIdentityId(HttpContext); User user = await userService.GetUserByIdentityIdAsync(identity); bool isAllowed = await authorizationHelper.UserIsAllowed(user, nameof(Defaults.Scopes.EmbedWrite), nameof(Defaults.Scopes.InstitutionEmbedWrite), embeddedProject.UserId); if (!(embeddedProject.User.IdentityId == identity || isAllowed)) { ProblemDetails problem = new ProblemDetails { Title = "User is not allowed to delete the embedded project.", Detail = "The user does not own the project and does not have enough privileges to delete an embed project.", Instance = "35730158-1DED-4767-9C70-253C7A975715" }; return(Unauthorized(problem)); } await embedService.RemoveAsync(embeddedProject.Id); embedService.Save(); return(Ok()); }
public async Task <IActionResult> DeleteProject(int projectId) { Project project = await projectService.FindAsync(projectId) .ConfigureAwait(false); if (project == null) { ProblemDetails problem = new ProblemDetails { Title = "Failed to delete the project.", Detail = "The project could not be found in the database.", Instance = "AF63CF48-ECAA-4996-BAA0-BF52926D12AC" }; return(NotFound(problem)); } User user = await HttpContext.GetContextUser(userService) .ConfigureAwait(false); bool isAllowed = await authorizationHelper.UserIsAllowed(user, nameof(Defaults.Scopes.ProjectWrite), nameof(Defaults.Scopes.InstitutionProjectWrite), project.UserId); if (!(project.UserId == user.Id || isAllowed)) { ProblemDetails problem = new ProblemDetails { Title = "Failed to delete the project.", Detail = "The user is not allowed to delete the project.", Instance = "D0363680-5B4F-40A1-B381-0A7544C70164" }; return(Unauthorized(problem)); } if (project.ProjectIconId.HasValue) { // We need to delete the old file. File fileToDelete = await fileService.FindAsync(project.ProjectIconId.Value); try { // Remove the file from the database await fileService.RemoveAsync(fileToDelete.Id) .ConfigureAwait(false); fileService.Save(); // Remove the file from the filesystem fileUploader.DeleteFileFromDirectory(fileToDelete); } catch (FileNotFoundException) { ProblemDetails problem = new ProblemDetails { Title = "File could not be deleted because the path does not exist.", Detail = "File could not be found.", Instance = "367594c4-1fab-47ae-beb4-a41b53c65a18" }; return(NotFound(problem)); } } await projectService.RemoveAsync(projectId) .ConfigureAwait(false); projectService.Save(); return(Ok()); }