public async Task <IActionResult> GetUser(int userId)
        {
            User currentUser = await HttpContext.GetContextUser(userService)
                               .ConfigureAwait(false);

            bool isAllowed = await authorizationHelper.UserIsAllowed(currentUser,
                                                                     nameof(Defaults.Scopes.UserRead),
                                                                     nameof(Defaults.Scopes.InstitutionUserRead),
                                                                     userId);

            if (!isAllowed)
            {
                return(Forbid());
            }

            if (userId < 0)
            {
                ProblemDetails problem = new ProblemDetails
                {
                    Title  = "Failed getting the user account.",
                    Detail =
                        "The user id is less then zero and therefore cannot exist in the database.",
                    Instance = "EAF7FEA1-47E9-4CF8-8415-4D3BC843FB71"
                };
                return(BadRequest(problem));
            }

            User user = await userService.FindAsync(userId);

            if (user == null)
            {
                ProblemDetails problem = new ProblemDetails
                {
                    Title    = "Failed getting the user account.",
                    Detail   = "The user could not be found in the database.",
                    Instance = "140B718F-9ECD-4F68-B441-F85C1DC7DC32"
                };
                return(NotFound(problem));
            }

            return(Ok(mapper.Map <User, UserResourceResult>(user)));
        }
Esempio n. 2
0
        public async Task <IActionResult> DeleteEmbeddedProject(string guid)
        {
            EmbeddedProject embeddedProject = await embedService.FindAsync(new Guid(guid));

            if (embeddedProject == null)
            {
                ProblemDetails problem = new ProblemDetails
                {
                    Title    = "Embedded project not found.",
                    Detail   = "There was no embedded project found with this GUID.",
                    Instance = "35730158-1DED-4767-9C70-253C7A975715"
                };
                return(NotFound(problem));
            }

            string identity = HttpContext.User.GetIdentityId(HttpContext);
            User   user     = await userService.GetUserByIdentityIdAsync(identity);

            bool isAllowed = await authorizationHelper.UserIsAllowed(user,
                                                                     nameof(Defaults.Scopes.EmbedWrite),
                                                                     nameof(Defaults.Scopes.InstitutionEmbedWrite),
                                                                     embeddedProject.UserId);

            if (!(embeddedProject.User.IdentityId == identity || isAllowed))
            {
                ProblemDetails problem = new ProblemDetails
                {
                    Title  = "User is not allowed to delete the embedded project.",
                    Detail =
                        "The user does not own the project and does not have enough privileges to delete an embed project.",
                    Instance = "35730158-1DED-4767-9C70-253C7A975715"
                };
                return(Unauthorized(problem));
            }

            await embedService.RemoveAsync(embeddedProject.Id);

            embedService.Save();
            return(Ok());
        }
Esempio n. 3
0
        public async Task <IActionResult> DeleteProject(int projectId)
        {
            Project project = await projectService.FindAsync(projectId)
                              .ConfigureAwait(false);

            if (project == null)
            {
                ProblemDetails problem = new ProblemDetails
                {
                    Title    = "Failed to delete the project.",
                    Detail   = "The project could not be found in the database.",
                    Instance = "AF63CF48-ECAA-4996-BAA0-BF52926D12AC"
                };
                return(NotFound(problem));
            }

            User user = await HttpContext.GetContextUser(userService)
                        .ConfigureAwait(false);

            bool isAllowed = await authorizationHelper.UserIsAllowed(user,
                                                                     nameof(Defaults.Scopes.ProjectWrite),
                                                                     nameof(Defaults.Scopes.InstitutionProjectWrite),
                                                                     project.UserId);

            if (!(project.UserId == user.Id || isAllowed))
            {
                ProblemDetails problem = new ProblemDetails
                {
                    Title    = "Failed to delete the project.",
                    Detail   = "The user is not allowed to delete the project.",
                    Instance = "D0363680-5B4F-40A1-B381-0A7544C70164"
                };
                return(Unauthorized(problem));
            }

            if (project.ProjectIconId.HasValue)
            {
                // We need to delete the old file.
                File fileToDelete = await fileService.FindAsync(project.ProjectIconId.Value);

                try
                {
                    // Remove the file from the database
                    await fileService.RemoveAsync(fileToDelete.Id)
                    .ConfigureAwait(false);

                    fileService.Save();

                    // Remove the file from the filesystem
                    fileUploader.DeleteFileFromDirectory(fileToDelete);
                } catch (FileNotFoundException)
                {
                    ProblemDetails problem = new ProblemDetails
                    {
                        Title    = "File could not be deleted because the path does not exist.",
                        Detail   = "File could not be found.",
                        Instance = "367594c4-1fab-47ae-beb4-a41b53c65a18"
                    };

                    return(NotFound(problem));
                }
            }

            await projectService.RemoveAsync(projectId)
            .ConfigureAwait(false);

            projectService.Save();

            return(Ok());
        }