public bool DeleteFile(string file, int courseId, string authToken) { if (!IsValidKey(authToken)) { return(false); } //pull the current user for easier access UserProfile currentUser = activeSessions[authToken].UserProfile; //make sure that the selected user has write privileges for the supplied course CourseUser currentCourse = (from cu in db.CourseUsers where cu.AbstractCourseID == courseId && cu.UserProfileID == currentUser.ID select cu).FirstOrDefault(); //make sure that we got something back if (null == currentCourse) { return(false); } //only allow those that can modify the course (probably instructors) to remove //files if (!currentCourse.AbstractRole.CanModify && !currentCourse.AbstractRole.CanUploadFiles) { return(false); } // Get the course documents OSBLEDirectory dir = Directories.GetCourseDocs(courseId); //do a simple pattern match to make sure that the file to be uploaded is in //the correct course folder string coursePath = dir.GetPath(); if (file.IndexOf(coursePath) > -1) { if (Directory.Exists(file)) { FileSystem.EmptyFolder(file); Directory.Delete(file); return(true); } else if (File.Exists(file)) { File.Delete(file); return(true); } } return(false); }
public void ProcessRequest(HttpContext context) { // This web service returns XML in most cases context.Response.ContentType = "text/xml"; // We need a "cmd" parameter to tell us what to deliver string cmdParam = context.Request.Params["cmd"]; if (string.IsNullOrEmpty(cmdParam)) { WriteErrorResponse(context, "Course file operations service requires a \"cmd\" parameter."); return; } // We need a "courseID" parameter int courseID = -1; if (!VerifyIntParam(context, "courseID", ref courseID)) { // Can't operate without this value return; } // Try to get the current OSBLE user Models.Users.UserProfile up = OSBLE.Utility.OsbleAuthentication.CurrentUser; if (null == up) { // In the future what I'd like to do here is look for a user name and // password in the request headers. This would allow this web service to // be used by other sources, but for now it requires a logged in OSBLE user. WriteErrorResponse(context, "Could not get active OSBLE user for request. Please login."); return; } // The permissions for service actions depend on the course user OSBLEContext db = new OSBLEContext(); CourseUser courseUser = (from cu in db.CourseUsers where cu.UserProfileID == up.ID && cu.AbstractCourse is AbstractCourse && cu.AbstractCourseID == courseID select cu).FirstOrDefault(); if (null == courseUser) { WriteErrorResponse(context, "User does not have permission to perform this action."); return; } // Now look at the command and handle it appropriately if ("course_files_list" == cmdParam) { HandleCourseFileListingRequest(context, up, courseID); return; } else if ("assignment_files_list" == cmdParam) { // Make sure they have access to this course. Right now we only let // people who can modify the course have access to this service. if (!VerifyModifyPermissions(context, up, courseID)) { return; } // The client wants a list of files from the attributable storage location // for the assignment. // First make sure we have the "assignmentID" parameter int aID = -1; if (!VerifyIntParam(context, "assignmentID", ref aID)) { return; } // Get the attributable file storage OSBLEDirectory attrFiles = Models.FileSystem.Directories.GetAssignment(courseID, aID).AttributableFiles; if (null == attrFiles) { WriteErrorResponse(context, "Internal error: could not get attributable files manager for assignment"); return; } // Get XML file listing packaged up and return it to the client context.Response.Write( "<CourseFilesOpsResponse success=\"true\">" + attrFiles.GetXMLListing(courseUser, false) + "</CourseFilesOpsResponse>"); return; } else if ("assignment_file_download" == cmdParam) { // First make sure we have the "assignmentID" parameter int aID = -1; if (!VerifyIntParam(context, "assignmentID", ref aID)) { return; } // Now make sure we have the "filename" parameter string fileName = context.Request.Params["filename"]; if (string.IsNullOrEmpty(fileName)) { WriteErrorResponse(context, "Missing required parameter: \"filename\""); return; } fileName = System.IO.Path.GetFileName(fileName); // Get the attributable file storage OSBLEDirectory attrFiles = Models.FileSystem.Directories.GetAssignment(courseID, aID).AttributableFiles; if (null == attrFiles) { WriteErrorResponse(context, "Internal error: could not get attributable files manager for assignment"); return; } // Make sure the file exists OSBLEFile af = attrFiles.GetFile(fileName); if (null == af) { WriteErrorResponse(context, "Internal error: could not get attributable file"); return; } // Make sure the user has permission to download, if the user is not able to modify the course or the assignment date is not // past the due time plus the hours late window if (null == courseUser || (!af.CanUserDownload(courseUser) && !DBHelper.AssignmentDueDatePast(aID, courseUser.AbstractCourseID))) { WriteErrorResponse(context, "User does not have permission to download this file"); return; } if (fileName.ToLower().EndsWith(".pdf")) { context.Response.ContentType = "application/pdf"; } else { context.Response.ContentType = "application/octet-stream"; } context.Response.AddHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\""); // Transmit file data context.Response.TransmitFile(af.DataFileName); return; } else if ("assignment_file_delete" == cmdParam) { // First make sure we have the "assignmentID" parameter int aID = -1; if (!VerifyIntParam(context, "assignmentID", ref aID)) { return; } // Now make sure we have the "filename" parameter string fileName = context.Request.Params["filename"]; if (string.IsNullOrEmpty(fileName)) { WriteErrorResponse(context, "Missing required parameter: \"filename\""); return; } fileName = System.IO.Path.GetFileName(fileName); // Get the attributable file storage OSBLEDirectory attrFiles = Models.FileSystem.Directories.GetAssignment(courseID, aID).AttributableFiles; if (null == attrFiles) { WriteErrorResponse(context, "Internal error: could not get attributable files manager for assignment"); return; } // Make sure the file exists OSBLEFile af = attrFiles.GetFile(fileName); if (null == af) { WriteErrorResponse(context, "Internal error: could not get attributable file"); return; } //Delete file attrFiles.DeleteFile(fileName); // Return success message with new file listing /*context.Response.Write( * "<CourseFilesOpsResponse success=\"true\">" + * attrFiles.GetXMLListing(courseUser, true) + * "</CourseFilesOpsResponse>");*/ //TODO: fix this... this is a hack... //without redirecting to this page, the user is directed to an XML error page, and has to hit 'back' in order to see the file deleted //This also introduces a bug where the assignment timestamp is now -7 of what it previously was... //this code should redirect back to the page that called this event. //context.Response.Redirect("/AssignmentWizard/Basics"); string referrer = context.Request.UrlReferrer.ToString(); if (!String.IsNullOrEmpty(referrer)) { context.Response.Redirect(context.Request.UrlReferrer.ToString()); } return; } else if ("create_folder" == cmdParam) { // Make sure they have access to this course. Right now we only let // people who can modify the course have access to this service function. if (!VerifyModifyPermissions(context, up, courseID)) { return; } // Make sure the folder name parameter is present string folderName = string.Empty; if (!VerifyStringParam(context, "folder_name", ref folderName)) { return; } if (string.IsNullOrEmpty(folderName)) { WriteErrorResponse(context, "The following parameter cannot be an empty string: folder_name"); return; } // Make sure the folder name is OK if (!VerifyPath(context, ref folderName)) { return; } // Get the attributable file storage OSBLEDirectory attrFiles = Models.FileSystem.Directories.GetCourseDocs(courseID); if (null == attrFiles) { WriteErrorResponse(context, "Internal error: could not get attributable files manager for course files."); return; } // Create the directory attrFiles.CreateDir(folderName); // Return success message with new file listing context.Response.Write( "<CourseFilesOpsResponse success=\"true\">" + attrFiles.GetXMLListing(courseUser, true) + "</CourseFilesOpsResponse>"); return; } else if ("delete_file" == cmdParam) { HandleFileDeletionRequest(context, up, courseID); } else if ("delete_folder" == cmdParam) { HandleFolderDeletionRequest(context, up, courseID); return; } else if ("rename_file" == cmdParam) { HandleFileRenameRequest(context, up, courseID, courseUser); } else if ("rename_folder" == cmdParam) { // Make sure they have access to this course. Right now we only let // people who can modify the course have access to this service function. if (!VerifyModifyPermissions(context, up, courseID)) { return; } // Make sure the folder name parameter is present string folderName = string.Empty; if (!VerifyStringParam(context, "folder_name", ref folderName)) { return; } if (string.IsNullOrEmpty(folderName)) { WriteErrorResponse(context, "The following parameter cannot be an empty string: folder_name"); return; } // Make sure the folder name is OK if (!VerifyPath(context, ref folderName)) { return; } // Get the attributable file storage OSBLEDirectory attrFiles = Models.FileSystem.Directories.GetCourseDocs(courseID); if (null == attrFiles) { WriteErrorResponse(context, "Internal error: could not get attributable files manager for course files."); return; } // Combine the relative path from the request (which has been checked // to make sure it's ok) with the path of the course files. string path = System.IO.Path.Combine(attrFiles.GetPath(), folderName); if (!System.IO.Directory.Exists(path)) { // We can't rename a directory that doesn't exist WriteErrorResponse(context, "Error: Could not find folder to rename: " + folderName); return; } // Now make sure we have the new_name parameter string newName = string.Empty; if (!VerifyStringParam(context, "new_name", ref newName)) { return; } // Verify that it's OK if (!VerifyPath(context, ref newName)) { return; } // Also it must be just the folder name and not have / or \ if (newName.Contains('/') || newName.Contains('\\')) { WriteErrorResponse(context, "New folder name must not contain a path, just the new folder name."); return; } // Lastly, it must not be empty if (string.IsNullOrEmpty(newName)) { WriteErrorResponse(context, "New folder name cannot be empty."); return; } string newNameFull = System.IO.Path.Combine( System.IO.Path.GetDirectoryName(path), newName); // Do the actual rename (move) System.IO.Directory.Move(path, newNameFull); // Do the same for the corresponding folder in the attributable // files directory path = System.IO.Path.Combine(attrFiles.AttrFilesPath, folderName); if (System.IO.Directory.Exists(path)) { newNameFull = System.IO.Path.Combine( System.IO.Path.GetDirectoryName(path), newName); System.IO.Directory.Move(path, newNameFull); } // Return success message with new file listing context.Response.Write( "<CourseFilesOpsResponse success=\"true\">" + attrFiles.GetXMLListing(courseUser, true) + "</CourseFilesOpsResponse>"); return; } else { // Coming here implies an unknown command WriteErrorResponse(context, "Unknown command: " + cmdParam); } }