public async Task <DiscussionResultSet> GetDiscussions(int artifactId, int?subArtifactId = null) { ValidateRequestParameters(artifactId, subArtifactId); var userId = Session.UserId; var itemId = subArtifactId.HasValue ? subArtifactId.Value : artifactId; var revisionId = int.MaxValue; var isDeleted = await _artifactVersionsRepository.IsItemDeleted(itemId); var itemInfo = isDeleted ? await _artifactVersionsRepository.GetDeletedItemInfo(itemId) : await _artifactPermissionsRepository.GetItemInfo(itemId, userId, false); if (itemInfo == null) { throw new ResourceNotFoundException("You have attempted to access an item that does not exist or you do not have permission to view.", subArtifactId.HasValue ? ErrorCodes.SubartifactNotFound : ErrorCodes.ArtifactNotFound); } if (subArtifactId.HasValue && itemInfo.ArtifactId != artifactId) { throw new BadRequestException("Please provide a proper subartifact Id"); } if (isDeleted) { revisionId = ((DeletedItemInfo)itemInfo).VersionId; } var permissions = await _artifactPermissionsRepository.GetArtifactPermissions(new[] { artifactId }, userId, false, revisionId); var projectPermissions = await _artifactPermissionsRepository.GetProjectPermissions(itemInfo.ProjectId); RolePermissions permission = RolePermissions.None; if (!permissions.TryGetValue(artifactId, out permission) || !permission.HasFlag(RolePermissions.Read)) { throw new AuthorizationException("You do not have permission to access the artifact"); } var discussions = await _discussionsRepository.GetDiscussions(itemId, itemInfo.ProjectId); foreach (var discussion in discussions) { discussion.CanDelete = !projectPermissions.HasFlag(ProjectPermissions.CommentsDeletionDisabled) && permissions.TryGetValue(artifactId, out permission) && (permission.HasFlag(RolePermissions.DeleteAnyComment) || (permission.HasFlag(RolePermissions.Comment) && discussion.UserId == userId)); discussion.CanEdit = !projectPermissions.HasFlag(ProjectPermissions.CommentsModificationDisabled) && permissions.TryGetValue(artifactId, out permission) && (permission.HasFlag(RolePermissions.Comment) && discussion.UserId == userId); } var availableStatuses = await _discussionsRepository.GetThreadStatusCollection(itemInfo.ProjectId); var result = new DiscussionResultSet { CanDelete = !projectPermissions.HasFlag(ProjectPermissions.CommentsDeletionDisabled) && permission.HasFlag(RolePermissions.DeleteAnyComment) && revisionId == int.MaxValue, CanCreate = permission.HasFlag(RolePermissions.Comment) && revisionId == int.MaxValue, Discussions = discussions, EmailDiscussionsEnabled = await _discussionsRepository.AreEmailDiscussionsEnabled(itemInfo.ProjectId), ThreadStatuses = availableStatuses }; return(result); }