public override void BuildDynamicFolders(PathIdentifier identifier, ItemQueryResponse page, FolderModel folder, bool isRestrictedView = false) { if (EDiscoveryUtility.IsUserEDiscovery(connection.UserAccessIdentifiers) || LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers)) { return; } var logPathIdentifier = new PathIdentifier(identifier) { PathKey = LOG_READER_PATH_KEY }; if (page.PathTree.Paths == null) { page.PathTree.Paths = new List <ManagerPathModel>(); } // Last the parent / root node of 'eDiscovery' var logPath = new ManagerPathModel { Identifier = logPathIdentifier, Icons = new string[] { "fa-history" }, Name = "Logs", FullPath = LOG_READER_PATH_KEY, AllowedOperations = null, Paths = new List <ManagerPathModel>(), IsExpanded = false }; page.PathTree.Paths.Add(logPath); }
public override BaseItemQueryHandler GetInitialQueryHandler(PathIdentifier identifier, PathService pathService, APIConnection connection, IAuditLogStore auditLogStore, ManagerConfiguration managerConfiguration, FileService fileService) { // If the user is leo user, we're going to use a special query handler that // will return only the files the user is allowed to see. if (LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers)) { var userKey = connection.UserIdentifier.UserKey; // here we're going to do some basic security check. The userKey has a folder key on it. We need to make sure that matches. var userKeyTokens = userKey.Split(':').ToList(); // now this will be an array, of tokens, keep in mind userkeys can be something like Defendant:18337980:[email protected], so we want everything before the last ':' // so we can remove the last token, and then we'll be able to just join back everything else. userKeyTokens.RemoveAt(userKeyTokens.Count - 1); // also get rid of the leo: prefix userKeyTokens.RemoveAt(0); var folderKeyFromUser = String.Join(':', userKeyTokens); if (folderKeyFromUser != identifier.FolderKey) { throw (new UnauthorizedAccessException($"You're not authorized for this Folder userKey:{userKey} tried to access: {identifier.FolderKey}")); } return(new LEOUserItemQueryHandler(pathService, connection, auditLogStore, this, managerConfiguration, fileService)); } if (identifier.PathKey == LEOUploadUtility.LEO_UPLOAD_PATH_KEY) { return(new LEOUploadRootQueryHandler(pathService, connection, auditLogStore, this, managerConfiguration, fileService)); } return(null); }
public override void OnResponse(ItemQueryResponse response, PathIdentifier pathIdentifier) { var leoUploadPath = new PathIdentifier(pathIdentifier as FolderIdentifier, LEOUploadUtility.LEO_UPLOAD_PATH_KEY); if (pathIdentifier.IsChildOf(leoUploadPath) && response.AllowedOperations != null) { if (!LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers)) { response.AllowedOperations = response.AllowedOperations.Where(a => !(a.BatchOperation is UploadRequest)); } } }
public async override Task PostUploadAsync(FolderModel folderModel, FileModel fileModel) { if (LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers)) { await connection.ConcurrencyRetryBlock(async() => { fileModel.WriteACLs("read", new[] { new ACLModel { OverrideKey = "leo", RequiredIdentifiers = new List <string> { "u:system", "x:leo", $"u:{connection.UserIdentifier.UserKey.Replace(" ", "_")}" } } }); await connection.File.PutAsync(fileModel); }); var message = "Officer uploaded file: " + fileModel.Name; await this.auditLogStore.AddEntry( new AuditLogEntry() { EntryType = AuditLogEntryType.LEOUploadOfficerUpload, Message = message, ModuleType = Modules.ModuleType.LEOUpload }, fileModel.Identifier, connection ); await connection.Log.PostAsync(new AuditLogEntryModel { Identifier = new AuditLogEntryIdentifier(fileModel.Identifier), FileIdentifier = fileModel.Identifier, ActionType = "LEOUpload", Description = message, Details = JsonConvert.SerializeObject(fileModel.Identifier), InitiatorUserIdentifier = connection.UserIdentifier, Generated = DateTime.UtcNow, UserAgent = connection.UserAgent }); } }
public async override Task PreUploadAsync(FolderModel folderModel, FileModel fileModel) { if (LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers)) { var childPath = await GetOfficerPathAsync(folderModel.Identifier); var attemptedPath = fileModel.MetaPathIdentifierRead(); bool pathAllowed = (attemptedPath.IsChildOf(childPath) || attemptedPath.Equals(childPath)); if (!pathAllowed) { fileModel.MetaPathIdentifierWrite(childPath); } } }
public override void OverrideAllowedOperations(FileModel fileModel, List <AllowedOperation> allowed, PathIdentifier virtualPathIdentifier) { var isUserLeo = LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers); var leoUploadFolder = new PathIdentifier(fileModel.Identifier as FolderIdentifier, LEOUploadUtility.LEO_UPLOAD_PATH_KEY); if (virtualPathIdentifier.Equals(leoUploadFolder) || virtualPathIdentifier.IsChildOf(leoUploadFolder)) { allowed.Clear(); allowed.Add(AllowedOperation.GetAllowedOperationDownload(fileModel.Identifier, false)); allowed.Add(AllowedOperation.GetAllowedOperationMove(fileModel.Identifier)); if (isUserLeo) { allowed.Add(AllowedOperation.GetAllowedOperationRename(fileModel.Identifier)); } } }
protected override async Task Initialize(PathIdentifier identifier) { if (LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers)) { OfficerPathIdentifier = await LEOUploadModule.GetOfficerPathAsync(identifier); IsLEOUser = true; } state = await pathService.OpenFolder(identifier, false); page = new ItemQueryResponse { PathName = identifier.LeafName, PathTree = state.Paths.Root, }; filteredFiles = state.Folder.Files.Rows as IEnumerable <FileModel>; //A collection of files that we will use to build up our response. }
public async Task <T> LoadSet <T>(FileIdentifier fileIdentifier) where T : BaseSet { var file = await api.File.GetAsync(fileIdentifier); var fileStatus = await api.File.GetOnlineStatusAsync(fileIdentifier); var organization = await api.Organization.GetAsync(fileIdentifier as OrganizationIdentifier); BaseSet set = null; // this is awful, but no clear security check to perform bool isPrivileged = !EDiscoveryUtility.IsUserEDiscovery(this.api.UserAccessIdentifiers) && !LEOUploadUtility.IsUserLeo(this.api.UserAccessIdentifiers); if (typeof(T).Equals(typeof(TextSet))) { set = TextService.TextSetGet(file, true); } if (typeof(T).Equals(typeof(DocumentSet))) { set = DocumentSetService.DocumentSetGet(file); } if (typeof(T).Equals(typeof(MediaSet))) { set = MediaService.MediaSetGet(organization, file, isPrivileged); } if (typeof(T).Equals(typeof(TranscriptSet))) { var transcriptSet = TranscriptService.TranscriptSetGet(organization, file); transcriptSet.Segments = await TranscriptService.LoadSegments(api, transcriptSet.Subtitles?.FirstOrDefault()?.FileIdentifier); set = transcriptSet; } if (typeof(T).Equals(typeof(ClipSet))) { var clipSet = ClipService.ClipSetGet(organization, file); set = clipSet; } if (typeof(T).Equals(typeof(ImageSet))) { set = ImageService.ImageSetGet(file); } if (typeof(T).Equals(typeof(UnknownSet))) { set = UnknownService.UnknownSetGet(file); } if (set.AllowedOperations == null) { set.AllowedOperations = new[] { AllowedOperation.GetAllowedOperationDownload(fileIdentifier, false) } } ; set.RootFileIdentifier = file.Read(MetadataKeyConstants.CHILDOF, defaultValue: file.Identifier); if (set.RootFileIdentifier.Equals(fileIdentifier)) { set.Views = DetectFileViews(organization, file); } else { set.Views = DetectFileViews(organization, await api.File.GetAsync(set.RootFileIdentifier)); } // some wierd logic for eDiscovery // if eDiscovery, then no subtitles if (set is MediaSet && EDiscoveryUtility.IsUserEDiscovery(api.UserAccessIdentifiers)) { var media = set as MediaSet; media.Subtitles = null; } if (fileStatus != FileModel.OnlineStatus.Online) { set.Views = new ManagerFileView[] { new ManagerFileView { ViewerType = ManagerFileView.ViewerTypeEnum.Offline, Identifier = set.RootFileIdentifier } }; set.AllowedOperations = new AllowedOperation[] { AllowedOperation.GetAllowedOperationRequestOnlineFolder(set.RootFileIdentifier) }; set.RootFileIdentifier = null; } return(set as T); }