public async Task <FilesInfo> GetAttachmentsAndDocumentReferences( int artifactId, int?versionId = null, int?subArtifactId = null, bool addDrafts = true, int?baselineId = null) { if (artifactId < 1 || (subArtifactId.HasValue && subArtifactId.Value < 1) || (versionId != null && baselineId != null)) { throw new BadRequestException(); } if (addDrafts && versionId != null) { addDrafts = false; } var userId = Session.UserId; var itemId = subArtifactId.HasValue ? subArtifactId.Value : artifactId; var isDeleted = await ArtifactVersionsRepository.IsItemDeleted(itemId); var itemInfo = isDeleted && (versionId != null || baselineId != null) ? (await ArtifactVersionsRepository.GetDeletedItemInfo(itemId)) : (await ArtifactPermissionsRepository.GetItemInfo(itemId, userId, addDrafts)); if (itemInfo == null) { throw new ResourceNotFoundException("You have attempted to access an item that does not exist or you do not have permission to view.", subArtifactId.HasValue ? ErrorCodes.SubartifactNotFound : ErrorCodes.ArtifactNotFound); } if (subArtifactId.HasValue && itemInfo.ArtifactId != artifactId) { throw new BadRequestException("Please provide a proper subartifact Id"); } var result = await AttachmentsRepository.GetAttachmentsAndDocumentReferences(artifactId, userId, versionId, subArtifactId, addDrafts, baselineId); var artifactIds = new List <int> { artifactId }; foreach (var documentReference in result.DocumentReferences) { artifactIds.Add(documentReference.ArtifactId); } var permissions = await ArtifactPermissionsRepository.GetArtifactPermissions(artifactIds, userId); if (!SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Read)) { throw new AuthorizationException("You do not have permission to access the artifact"); } var docRef = result.DocumentReferences.ToList(); foreach (var documentReference in docRef) { if (!SqlArtifactPermissionsRepository.HasPermissions(documentReference.ArtifactId, permissions, RolePermissions.Read)) { result.DocumentReferences.Remove(documentReference); } } return(result); }
public async Task <ReviewRelationshipsResultSet> GetReviewRelationships(int artifactId, int userId, bool addDrafts = true, int?versionId = null) { var revisionId = await _itemInfoRepository.GetRevisionId(artifactId, userId, versionId); var reviewType = new List <int> { (int)LinkType.ReviewPackageReference }; var reviewLinks = (await GetLinkInfo(artifactId, userId, addDrafts, revisionId, reviewType)).ToList(); var result = new ReviewRelationshipsResultSet { }; if (reviewLinks != null) { var distinctReviewIds = reviewLinks.Select(a => a.SourceItemId).Distinct().ToList(); var reviewIdsWithAccess = new List <int>(); var reviewPermissions = await _artifactPermissionsRepository.GetArtifactPermissions(distinctReviewIds, userId); foreach (var reviewId in distinctReviewIds) { if (SqlArtifactPermissionsRepository.HasPermissions(reviewId, reviewPermissions, RolePermissions.Read)) { reviewIdsWithAccess.Add(reviewId); } } var itemDetailsDictionary = (await _itemInfoRepository.GetItemsDetails(userId, reviewIdsWithAccess, true, revisionId)) .ToDictionary(a => a.HolderId); var itemRawDataDictionary = (await _itemInfoRepository.GetItemsRawDataCreatedDate(userId, reviewIdsWithAccess, true, revisionId)) .ToDictionary(a => a.ItemId); var referencedReviewArtifacts = new List <ReferencedReviewArtifact>(); ItemRawDataCreatedDate itemRawDataCreatedDate; ItemDetails itemDetails; foreach (var reviewId in reviewIdsWithAccess) { if ((itemRawDataDictionary.TryGetValue(reviewId, out itemRawDataCreatedDate)) && (itemDetailsDictionary.TryGetValue(reviewId, out itemDetails))) { var status = ReviewRawDataHelper.ExtractReviewStatus(itemRawDataCreatedDate.RawData); referencedReviewArtifacts.Add(new ReferencedReviewArtifact { ItemId = reviewId, Status = status, CreatedDate = itemRawDataCreatedDate.CreatedDateTime, ItemName = itemDetails.Name, ItemTypePrefix = itemDetails.Prefix }); } } result.ReviewArtifacts = referencedReviewArtifacts; } return(result); }
private void ApplyRelationshipPermissions(Dictionary <int, RolePermissions> permissions, List <Relationship> relationships) { foreach (var relationship in relationships) { if (!SqlArtifactPermissionsRepository.HasPermissions(relationship.ArtifactId, permissions, RolePermissions.Read)) { MakeRelationshipUnauthorized(relationship); } if ((SqlArtifactPermissionsRepository.HasPermissions(relationship.ArtifactId, permissions, RolePermissions.Trace) && SqlArtifactPermissionsRepository.HasPermissions(relationship.ArtifactId, permissions, RolePermissions.Edit)) == false) { relationship.ReadOnly = true; } } }
public async Task <ReviewRelationshipsResultSet> GetReviewRelationships(int artifactId, bool addDrafts = true, int?versionId = null) { var userId = Session.UserId; if (artifactId < 1 || versionId.HasValue && versionId.Value < 1) { throw new BadRequestException(); } if (addDrafts && versionId != null) { addDrafts = false; } var isDeleted = await _artifactVersionsRepository.IsItemDeleted(artifactId); var itemInfo = isDeleted && versionId != null ? await _artifactVersionsRepository.GetDeletedItemInfo(artifactId) : await _artifactPermissionsRepository.GetItemInfo(artifactId, userId, addDrafts); if (itemInfo == null) { throw new ResourceNotFoundException(); } // We do not need drafts for historical artifacts var effectiveAddDraft = !versionId.HasValue && addDrafts; var result = await _relationshipsRepository.GetReviewRelationships(artifactId, userId, effectiveAddDraft, versionId); var artifactIds = new List <int> { artifactId }; var permissions = await _artifactPermissionsRepository.GetArtifactPermissions(artifactIds, userId); if (!SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Read)) { throw new AuthorizationException("You do not have permission to access the artifact"); } return(result); }
public async Task <RelationshipExtendedInfo> GetRelationshipDetails(int artifactId, int?subArtifactId = null) { var userId = Session.UserId; if (artifactId < 1) { throw new BadRequestException(); } var isDeleted = await _artifactVersionsRepository.IsItemDeleted(artifactId); var artifactInfo = isDeleted ? await _artifactVersionsRepository.GetDeletedItemInfo(artifactId) : await _artifactPermissionsRepository.GetItemInfo(artifactId, userId); if (artifactInfo == null && !isDeleted) // artifact might have been deleted in draft only { artifactInfo = await _artifactPermissionsRepository.GetItemInfo(artifactId, userId, false); } if (artifactInfo == null) { throw new ResourceNotFoundException("You have attempted to access an item that does not exist or you do not have permission to view.", ErrorCodes.ArtifactNotFound); } var itemIds = new List <int> { artifactId }; var permissions = await _artifactPermissionsRepository.GetArtifactPermissions(itemIds, userId); if (!SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Read)) { throw new AuthorizationException("You do not have permission to access the artifact"); } return(await _relationshipsRepository.GetRelationshipExtendedInfo(artifactId, userId, subArtifactId, isDeleted)); }
public async Task <RelationshipResultSet> GetRelationships( int artifactId, int?subArtifactId = null, bool addDrafts = true, int?versionId = null, int?baselineId = null, bool?allLinks = null) { var userId = Session.UserId; if (artifactId < 1 || (subArtifactId.HasValue && subArtifactId.Value < 1) || versionId.HasValue && versionId.Value < 1 || (versionId != null && baselineId != null)) { throw new BadRequestException(); } if (addDrafts && versionId != null) { addDrafts = false; } var itemId = subArtifactId ?? artifactId; var isDeleted = await _artifactVersionsRepository.IsItemDeleted(itemId); var itemInfo = isDeleted && (versionId != null || baselineId != null) ? await _artifactVersionsRepository.GetDeletedItemInfo(itemId) : await _artifactPermissionsRepository.GetItemInfo(itemId, userId, addDrafts); if (itemInfo == null) { throw new ResourceNotFoundException("You have attempted to access an item that does not exist or you do not have permission to view.", subArtifactId.HasValue ? ErrorCodes.SubartifactNotFound : ErrorCodes.ArtifactNotFound); } if (subArtifactId.HasValue && itemInfo.ArtifactId != artifactId) { throw new BadRequestException("Please provide a proper subartifact Id"); } // We do not need drafts for historical artifacts var effectiveAddDraft = !versionId.HasValue && addDrafts; var result = await _relationshipsRepository.GetRelationships(artifactId, userId, subArtifactId, effectiveAddDraft, allLinks.GetValueOrDefault(), versionId, baselineId); var artifactIds = new List <int> { artifactId }; artifactIds = artifactIds.Union(result.ManualTraces.Select(a => a.ArtifactId)).Union(result.OtherTraces.Select(a => a.ArtifactId)).Distinct().ToList(); var permissions = await _artifactPermissionsRepository.GetArtifactPermissions(artifactIds, userId); if (!SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Read)) { throw new AuthorizationException("You do not have permission to access the artifact"); } ApplyRelationshipPermissions(permissions, result.ManualTraces); ApplyRelationshipPermissions(permissions, result.OtherTraces); result.CanEdit = SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Trace) && SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Edit); return(result); }