/// <summary>
/// Gets an access uri for a given file.
/// </summary>
/// <remarks>
/// The default <paramref name="accessType"/> is read.
/// </remarks>
/// <param name="containerName">The container name.</param>
/// <param name="fileName">The file name.</param>
/// <param name="hoursValid">How many hours the link should be valid.</param>
/// <param name="accessType">Indicates what we want to do with the link.</param>
/// <returns>Access <see cref="Uri"/>.</returns>
public Task <Uri> GetAccessUriAsync(string containerName, string fileName, double hoursValid, FileAccessType fileAccesType, CancellationToken token)
{
containerName.ThrowIfNullOrEmpty();
fileName.ThrowIfNullOrEmpty();
if (hoursValid <= 0)
{
throw new ArgumentOutOfRangeException(nameof(hoursValid));
}
// TODO Doesn't use token anywhere.
try
{
var uri = new Uri(client.GetPreSignedURL(new GetPreSignedUrlRequest
{
BucketName = _options.BlobStorageName,
//Key = string.IsNullOrEmpty(containerName) ? fileName : $"{WithTrailingSlash(containerName)}{fileName}",
Expires = DateTime.UtcNow.AddHours(hoursValid),
Verb = fileAccesType switch
{
FileAccessType.Read => HttpVerb.GET,
FileAccessType.Write => HttpVerb.PUT,
_ => throw new InvalidOperationException(nameof(fileAccesType))
}
}));
return(Task.FromResult(uri));
}
public void GrantAccess(int fileId, FileAccessType accessType, User toUser, DateTime?expires = null, Guid?token = null)
{
var access = new FileAccess()
{
Type = accessType,
User = toUser
};
if (expires.HasValue)
{
access.Expire = expires.Value;
}
if (token.HasValue)
{
access.Token = token.Value;
}
var q = new EntityQuery2(File.ENTITY, fileId);
q.Include(User.ENTITY, Roles.Access);
var file = new File(_repository.Read(q));
if (_securityService.CurrentUser.UserType == UserTypes.Admin || HasAccessInternal(_securityService.CurrentUser, file.Access, FileAccessType.Owner, null) || HasAccessInternal(_securityService.CurrentUser, file.Access, FileAccessType.Full, null))
{
if (!HasAccessInternal(toUser, file.Access, token)) //TODO: FileService - upgrade access
{
_repository.Attach(file, access);
}
}
else
{
throw new UnauthorizedAccessException("You don't have permissions to grant/deny permissions on that file.");//TODO: UnauthorizedAccessException
}
}
public bool HasAccess(User user, int fileId, FileAccessType accessType, Guid?token = null)
{
if (user.UserType == UserTypes.Admin)
{
return(true);
}
else if (_securityService.HasModulePermission(user, FilesModule.Id, Permissions.ManageAll))
{
return(true);
}
var q = new EntityQuery2(File.ENTITY, fileId);
q.Include(User.ENTITY, Roles.Access);
var relQuery = new RelationQuery(User.ENTITY, Roles.Access, user.Id);
relQuery.RelationRules.Add(new Condition("Type", Condition.Is, accessType));
q.WhereRelated(relQuery);
var e = _repository.Read(q);
if (e == null)
{
return(false);
}
var file = new File(e);
if (file.Access == null)
{
return(false);
}
return(HasAccessInternal(user, file.Access, token));
}
/// <summary>
/// Gets the file by its id. Returns an opened stream.
/// </summary>
/// <param name="id">
/// The id of the file. When this is a new id, the file will be created.
/// </param>
/// <param name="access">
/// The file access. Can be read or write.
/// </param>
/// <returns>
/// The stream.
/// </returns>
public Task <Stream> GetFileAsync(int id, FileAccessType access)
{
if (!this.files.TryGetValue(id, out var path))
{
this.files[id] = path = Path.GetTempFileName();
}
return(Task.FromResult <Stream>(
access == FileAccessType.Read
? File.Open(path, FileMode.Open, FileAccess.Read, FileShare.Read)
: File.Open(path, FileMode.Truncate, FileAccess.Write, FileShare.Read)));
}
private bool HasAccessInternal(User user, IEnumerable<NbuLibrary.Core.Domain.FileAccess> fileAccesses, FileAccessType accessType, Guid? token)
{
if (fileAccesses == null)
return false;
foreach (var a in fileAccesses)
{
if (a.Type != accessType)
continue;
else if (accessType == FileAccessType.Token
&& a.Token.HasValue
&& token.HasValue
&& token.Value == a.Token.Value
&& (!a.Expire.HasValue || a.Expire.Value > DateTime.Now))
{
return true;
}
else if (accessType == FileAccessType.Temporary
&& (!a.Expire.HasValue || a.Expire.Value > DateTime.Now))
{
return true;
}
else if (accessType == FileAccessType.Owner || accessType == FileAccessType.Full || accessType == FileAccessType.Read)
return true;
}
return false;
}
public bool HasAccess(User user, int fileId, FileAccessType accessType, Guid? token = null)
{
if (user.UserType == UserTypes.Admin)
return true;
else if (_securityService.HasModulePermission(user, FilesModule.Id, Permissions.ManageAll))
return true;
var q = new EntityQuery2(File.ENTITY, fileId);
q.Include(User.ENTITY, Roles.Access);
var relQuery = new RelationQuery(User.ENTITY, Roles.Access, user.Id);
relQuery.RelationRules.Add(new Condition("Type", Condition.Is, accessType));
q.WhereRelated(relQuery);
var e = _repository.Read(q);
if (e == null)
return false;
var file = new File(e);
if (file.Access == null)
return false;
return HasAccessInternal(user, file.Access, token);
}
public void GrantAccess(int fileId, FileAccessType accessType, User toUser, DateTime? expires = null, Guid? token = null)
{
var access = new FileAccess()
{
Type = accessType,
User = toUser
};
if (expires.HasValue)
access.Expire = expires.Value;
if (token.HasValue)
access.Token = token.Value;
var q = new EntityQuery2(File.ENTITY, fileId);
q.Include(User.ENTITY, Roles.Access);
var file = new File(_repository.Read(q));
if (_securityService.CurrentUser.UserType == UserTypes.Admin || HasAccessInternal(_securityService.CurrentUser, file.Access, FileAccessType.Owner, null) || HasAccessInternal(_securityService.CurrentUser, file.Access, FileAccessType.Full, null))
{
if (!HasAccessInternal(toUser, file.Access, token)) //TODO: FileService - upgrade access
_repository.Attach(file, access);
}
else
throw new UnauthorizedAccessException("You don't have permissions to grant/deny permissions on that file.");//TODO: UnauthorizedAccessException
}
public void AddMarker(string markerName, FileAccessType accessType, MetaDataFiller metaDataFiller, int metadataCount)
{
m_Markers.Add(markerName, new FileAccessMarkerInfo(accessType, metaDataFiller, metadataCount));
m_MarkerToIDMap.Add(markerName, FrameDataView.invalidMarkerId);
}
public FileAccessMarkerInfo(FileAccessType _fileAccessType, MetaDataFiller _metadataFunction, int _metadataCount)
{
fileAccessType = _fileAccessType;
metaDataFiller = _metadataFunction;
metadataCount = _metadataCount;
}
private bool HasAccessInternal(User user, IEnumerable <NbuLibrary.Core.Domain.FileAccess> fileAccesses, FileAccessType accessType, Guid?token)
{
if (fileAccesses == null)
{
return(false);
}
foreach (var a in fileAccesses)
{
if (a.Type != accessType)
{
continue;
}
else if (accessType == FileAccessType.Token &&
a.Token.HasValue &&
token.HasValue &&
token.Value == a.Token.Value &&
(!a.Expire.HasValue || a.Expire.Value > DateTime.Now))
{
return(true);
}
else if (accessType == FileAccessType.Temporary &&
(!a.Expire.HasValue || a.Expire.Value > DateTime.Now))
{
return(true);
}
else if (accessType == FileAccessType.Owner || accessType == FileAccessType.Full || accessType == FileAccessType.Read)
{
return(true);
}
}
return(false);
}
