public async Task <FilesInfo> GetAttachmentsAndDocumentReferences( int artifactId, int?versionId = null, int?subArtifactId = null, bool addDrafts = true, int?baselineId = null) { if (artifactId < 1 || (subArtifactId.HasValue && subArtifactId.Value < 1) || (versionId != null && baselineId != null)) { throw new BadRequestException(); } if (addDrafts && versionId != null) { addDrafts = false; } var userId = Session.UserId; var itemId = subArtifactId.HasValue ? subArtifactId.Value : artifactId; var isDeleted = await ArtifactVersionsRepository.IsItemDeleted(itemId); var itemInfo = isDeleted && (versionId != null || baselineId != null) ? (await ArtifactVersionsRepository.GetDeletedItemInfo(itemId)) : (await ArtifactPermissionsRepository.GetItemInfo(itemId, userId, addDrafts)); if (itemInfo == null) { throw new ResourceNotFoundException("You have attempted to access an item that does not exist or you do not have permission to view.", subArtifactId.HasValue ? ErrorCodes.SubartifactNotFound : ErrorCodes.ArtifactNotFound); } if (subArtifactId.HasValue && itemInfo.ArtifactId != artifactId) { throw new BadRequestException("Please provide a proper subartifact Id"); } var result = await AttachmentsRepository.GetAttachmentsAndDocumentReferences(artifactId, userId, versionId, subArtifactId, addDrafts, baselineId); var artifactIds = new List <int> { artifactId }; foreach (var documentReference in result.DocumentReferences) { artifactIds.Add(documentReference.ArtifactId); } var permissions = await ArtifactPermissionsRepository.GetArtifactPermissions(artifactIds, userId); if (!SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Read)) { throw new AuthorizationException("You do not have permission to access the artifact"); } var docRef = result.DocumentReferences.ToList(); foreach (var documentReference in docRef) { if (!SqlArtifactPermissionsRepository.HasPermissions(documentReference.ArtifactId, permissions, RolePermissions.Read)) { result.DocumentReferences.Remove(documentReference); } } return(result); }
public async Task <ArtifactHistoryResultSet> GetArtifactHistory(int artifactId, int limit = DEFAULT_LIMIT, int offset = DEFAULT_OFFSET, int?userId = null, bool asc = false, bool includeDrafts = true) { var sessionUserId = Session.UserId; if (limit < MIN_LIMIT || offset < 0 || userId < 1) { throw new HttpResponseException(HttpStatusCode.BadRequest); } if (limit > MAX_LIMIT) { limit = MAX_LIMIT; } var revisionId = int.MaxValue; var isDeleted = await ArtifactVersionsRepository.IsItemDeleted(artifactId); if (isDeleted) { var deletedInfo = await ArtifactVersionsRepository.GetDeletedItemInfo(artifactId); revisionId = deletedInfo.VersionId; } var artifactIds = new[] { artifactId }; var permissions = await ArtifactPermissionsRepository.GetArtifactPermissions(artifactIds, sessionUserId, false, revisionId); RolePermissions permission = RolePermissions.None; if (!permissions.TryGetValue(artifactId, out permission) || !permission.HasFlag(RolePermissions.Read)) { throw new HttpResponseException(HttpStatusCode.Forbidden); } var result = await ArtifactVersionsRepository.GetArtifactVersions(artifactId, limit, offset, userId, asc, sessionUserId, includeDrafts); return(result); }
public async Task <RelationshipResultSet> GetRelationships( int artifactId, int?subArtifactId = null, bool addDrafts = true, int?versionId = null, int?baselineId = null, bool?allLinks = null) { var userId = Session.UserId; if (artifactId < 1 || (subArtifactId.HasValue && subArtifactId.Value < 1) || versionId.HasValue && versionId.Value < 1 || (versionId != null && baselineId != null)) { throw new BadRequestException(); } if (addDrafts && versionId != null) { addDrafts = false; } var itemId = subArtifactId ?? artifactId; var isDeleted = await _artifactVersionsRepository.IsItemDeleted(itemId); var itemInfo = isDeleted && (versionId != null || baselineId != null) ? await _artifactVersionsRepository.GetDeletedItemInfo(itemId) : await _artifactPermissionsRepository.GetItemInfo(itemId, userId, addDrafts); if (itemInfo == null) { throw new ResourceNotFoundException("You have attempted to access an item that does not exist or you do not have permission to view.", subArtifactId.HasValue ? ErrorCodes.SubartifactNotFound : ErrorCodes.ArtifactNotFound); } if (subArtifactId.HasValue && itemInfo.ArtifactId != artifactId) { throw new BadRequestException("Please provide a proper subartifact Id"); } // We do not need drafts for historical artifacts var effectiveAddDraft = !versionId.HasValue && addDrafts; var result = await _relationshipsRepository.GetRelationships(artifactId, userId, subArtifactId, effectiveAddDraft, allLinks.GetValueOrDefault(), versionId, baselineId); var artifactIds = new List <int> { artifactId }; artifactIds = artifactIds.Union(result.ManualTraces.Select(a => a.ArtifactId)).Union(result.OtherTraces.Select(a => a.ArtifactId)).Distinct().ToList(); var permissions = await _artifactPermissionsRepository.GetArtifactPermissions(artifactIds, userId); if (!SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Read)) { throw new AuthorizationException("You do not have permission to access the artifact"); } ApplyRelationshipPermissions(permissions, result.ManualTraces); ApplyRelationshipPermissions(permissions, result.OtherTraces); result.CanEdit = SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Trace) && SqlArtifactPermissionsRepository.HasPermissions(artifactId, permissions, RolePermissions.Edit); return(result); }
public async Task <DiscussionResultSet> GetDiscussions(int artifactId, int?subArtifactId = null) { ValidateRequestParameters(artifactId, subArtifactId); var userId = Session.UserId; var itemId = subArtifactId.HasValue ? subArtifactId.Value : artifactId; var revisionId = int.MaxValue; var isDeleted = await _artifactVersionsRepository.IsItemDeleted(itemId); var itemInfo = isDeleted ? await _artifactVersionsRepository.GetDeletedItemInfo(itemId) : await _artifactPermissionsRepository.GetItemInfo(itemId, userId, false); if (itemInfo == null) { throw new ResourceNotFoundException("You have attempted to access an item that does not exist or you do not have permission to view.", subArtifactId.HasValue ? ErrorCodes.SubartifactNotFound : ErrorCodes.ArtifactNotFound); } if (subArtifactId.HasValue && itemInfo.ArtifactId != artifactId) { throw new BadRequestException("Please provide a proper subartifact Id"); } if (isDeleted) { revisionId = ((DeletedItemInfo)itemInfo).VersionId; } var permissions = await _artifactPermissionsRepository.GetArtifactPermissions(new[] { artifactId }, userId, false, revisionId); var projectPermissions = await _artifactPermissionsRepository.GetProjectPermissions(itemInfo.ProjectId); RolePermissions permission = RolePermissions.None; if (!permissions.TryGetValue(artifactId, out permission) || !permission.HasFlag(RolePermissions.Read)) { throw new AuthorizationException("You do not have permission to access the artifact"); } var discussions = await _discussionsRepository.GetDiscussions(itemId, itemInfo.ProjectId); foreach (var discussion in discussions) { discussion.CanDelete = !projectPermissions.HasFlag(ProjectPermissions.CommentsDeletionDisabled) && permissions.TryGetValue(artifactId, out permission) && (permission.HasFlag(RolePermissions.DeleteAnyComment) || (permission.HasFlag(RolePermissions.Comment) && discussion.UserId == userId)); discussion.CanEdit = !projectPermissions.HasFlag(ProjectPermissions.CommentsModificationDisabled) && permissions.TryGetValue(artifactId, out permission) && (permission.HasFlag(RolePermissions.Comment) && discussion.UserId == userId); } var availableStatuses = await _discussionsRepository.GetThreadStatusCollection(itemInfo.ProjectId); var result = new DiscussionResultSet { CanDelete = !projectPermissions.HasFlag(ProjectPermissions.CommentsDeletionDisabled) && permission.HasFlag(RolePermissions.DeleteAnyComment) && revisionId == int.MaxValue, CanCreate = permission.HasFlag(RolePermissions.Comment) && revisionId == int.MaxValue, Discussions = discussions, EmailDiscussionsEnabled = await _discussionsRepository.AreEmailDiscussionsEnabled(itemInfo.ProjectId), ThreadStatuses = availableStatuses }; return(result); }