private static bool VerifyModifyPermissions(HttpContext context, Models.Users.UserProfile up,
int courseID)
{
OSBLEContext _db = new OSBLEContext();
CourseUser courseUser = (
from cu in _db.CourseUsers
where cu.UserProfileID == up.ID
&&
cu.AbstractCourse is AbstractCourse
&&
cu.AbstractCourseID == courseID
select cu
).FirstOrDefault();
if (null == courseUser || !courseUser.AbstractRole.CanModify)
{
// User cannot modify this course
WriteErrorResponse(context,
"The specified user does not have permission to modify course with ID=" +
courseID.ToString() + ".");
return(false);
}
return(true);
}
private void HandleCourseFileListingRequest(HttpContext context,
Models.Users.UserProfile up, int courseID)
{
// Get the attributable file storage
OSBLEDirectory attrFiles =
Models.FileSystem.Directories.GetCourseDocs(courseID);
if (null == attrFiles)
{
WriteErrorResponse(context,
"Internal error: could not get attributable files manager for course files.");
return;
}
// The permission-oriented attributes depend on the course user
OSBLEContext db = new OSBLEContext();
CourseUser courseUser =
(from cu in db.CourseUsers
where cu.UserProfileID == up.ID &&
cu.AbstractCourse is AbstractCourse &&
cu.AbstractCourseID == courseID
select cu).FirstOrDefault();
if (null == courseUser)
{
WriteErrorResponse(context,
"User does not have permission to see files in this course.");
return;
}
// Get XML file listing packaged up and return it to the client
context.Response.Write(
"<CourseFilesOpsResponse success=\"true\">" +
attrFiles.GetXMLListing(courseUser, true) +
"</CourseFilesOpsResponse>");
}
private void HandleFileDeletionRequest(HttpContext context,
Models.Users.UserProfile up, int courseID)
{
// Make sure they have access to this course. Right now we only let
// people who can modify the course have access to this service function.
if (!VerifyModifyPermissions(context, up, courseID))
{
return;
}
// The permission-oriented attributes depend on the course user
OSBLEContext db = new OSBLEContext();
CourseUser courseUser =
(from cu in db.CourseUsers
where cu.UserProfileID == up.ID &&
cu.AbstractCourse is AbstractCourse &&
cu.AbstractCourseID == courseID
select cu).FirstOrDefault();
if (null == courseUser)
{
WriteErrorResponse(context,
"User does not have permission to view or modify files in this course.");
return;
}
// Make sure the file name parameter is present
string fileName = string.Empty;
if (!VerifyStringParam(context, "file_name", ref fileName))
{
return;
}
if (string.IsNullOrEmpty(fileName))
{
WriteErrorResponse(context,
"The following parameter cannot be an empty string: file_name");
return;
}
// Make sure the file path name is OK (doesn't go up a level with ../ or
// other things like that)
if (!VerifyPath(context, ref fileName))
{
return;
}
// Get the attributable file storage
OSBLEDirectory courseFiles =
Models.FileSystem.Directories.GetCourseDocs(courseID);
OSBLEDirectory attrFiles = courseFiles;
if (null == attrFiles)
{
WriteErrorResponse(context,
"Internal error: could not get attributable files manager for course files.");
return;
}
int slashIndex = fileName.LastIndexOf('\\');
if (-1 == slashIndex)
{
slashIndex = fileName.LastIndexOf('/');
}
if (-1 != slashIndex)
{
// If the file exists in some nested folders then get the
// correct directory object first.
attrFiles = (OSBLEDirectory)attrFiles.GetDir(fileName.Substring(0, slashIndex));
// Also remove the path from the beginning of the file name
fileName = fileName.Substring(slashIndex + 1);
}
// Perform the actual deletion
attrFiles.DeleteFile(fileName);
// Return success message with new file listing
context.Response.Write(
"<CourseFilesOpsResponse success=\"true\">" +
courseFiles.GetXMLListing(courseUser, true) +
"</CourseFilesOpsResponse>");
}
public void ProcessRequest(HttpContext context)
{
// This web service returns XML in most cases
context.Response.ContentType = "text/xml";
// We need a "cmd" parameter to tell us what to deliver
string cmdParam = context.Request.Params["cmd"];
if (string.IsNullOrEmpty(cmdParam))
{
WriteErrorResponse(context,
"Course file operations service requires a \"cmd\" parameter.");
return;
}
// We need a "courseID" parameter
int courseID = -1;
if (!VerifyIntParam(context, "courseID", ref courseID))
{
// Can't operate without this value
return;
}
// Try to get the current OSBLE user
Models.Users.UserProfile up = OSBLE.Utility.OsbleAuthentication.CurrentUser;
if (null == up)
{
// In the future what I'd like to do here is look for a user name and
// password in the request headers. This would allow this web service to
// be used by other sources, but for now it requires a logged in OSBLE user.
WriteErrorResponse(context,
"Could not get active OSBLE user for request. Please login.");
return;
}
// The permissions for service actions depend on the course user
OSBLEContext db = new OSBLEContext();
CourseUser courseUser =
(from cu in db.CourseUsers
where cu.UserProfileID == up.ID &&
cu.AbstractCourse is AbstractCourse &&
cu.AbstractCourseID == courseID
select cu).FirstOrDefault();
if (null == courseUser)
{
WriteErrorResponse(context,
"User does not have permission to perform this action.");
return;
}
// Now look at the command and handle it appropriately
if ("course_files_list" == cmdParam)
{
HandleCourseFileListingRequest(context, up, courseID);
return;
}
else if ("assignment_files_list" == cmdParam)
{
// Make sure they have access to this course. Right now we only let
// people who can modify the course have access to this service.
if (!VerifyModifyPermissions(context, up, courseID))
{
return;
}
// The client wants a list of files from the attributable storage location
// for the assignment.
// First make sure we have the "assignmentID" parameter
int aID = -1;
if (!VerifyIntParam(context, "assignmentID", ref aID))
{
return;
}
// Get the attributable file storage
OSBLEDirectory attrFiles =
Models.FileSystem.Directories.GetAssignment(courseID, aID).AttributableFiles;
if (null == attrFiles)
{
WriteErrorResponse(context,
"Internal error: could not get attributable files manager for assignment");
return;
}
// Get XML file listing packaged up and return it to the client
context.Response.Write(
"<CourseFilesOpsResponse success=\"true\">" +
attrFiles.GetXMLListing(courseUser, false) +
"</CourseFilesOpsResponse>");
return;
}
else if ("assignment_file_download" == cmdParam)
{
// First make sure we have the "assignmentID" parameter
int aID = -1;
if (!VerifyIntParam(context, "assignmentID", ref aID))
{
return;
}
// Now make sure we have the "filename" parameter
string fileName = context.Request.Params["filename"];
if (string.IsNullOrEmpty(fileName))
{
WriteErrorResponse(context, "Missing required parameter: \"filename\"");
return;
}
fileName = System.IO.Path.GetFileName(fileName);
// Get the attributable file storage
OSBLEDirectory attrFiles =
Models.FileSystem.Directories.GetAssignment(courseID, aID).AttributableFiles;
if (null == attrFiles)
{
WriteErrorResponse(context,
"Internal error: could not get attributable files manager for assignment");
return;
}
// Make sure the file exists
OSBLEFile af = attrFiles.GetFile(fileName);
if (null == af)
{
WriteErrorResponse(context,
"Internal error: could not get attributable file");
return;
}
// Make sure the user has permission to download, if the user is not able to modify the course or the assignment date is not
// past the due time plus the hours late window
if (null == courseUser || (!af.CanUserDownload(courseUser) && !DBHelper.AssignmentDueDatePast(aID, courseUser.AbstractCourseID)))
{
WriteErrorResponse(context,
"User does not have permission to download this file");
return;
}
if (fileName.ToLower().EndsWith(".pdf"))
{
context.Response.ContentType = "application/pdf";
}
else
{
context.Response.ContentType = "application/octet-stream";
}
context.Response.AddHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\"");
// Transmit file data
context.Response.TransmitFile(af.DataFileName);
return;
}
else if ("assignment_file_delete" == cmdParam)
{
// First make sure we have the "assignmentID" parameter
int aID = -1;
if (!VerifyIntParam(context, "assignmentID", ref aID))
{
return;
}
// Now make sure we have the "filename" parameter
string fileName = context.Request.Params["filename"];
if (string.IsNullOrEmpty(fileName))
{
WriteErrorResponse(context, "Missing required parameter: \"filename\"");
return;
}
fileName = System.IO.Path.GetFileName(fileName);
// Get the attributable file storage
OSBLEDirectory attrFiles =
Models.FileSystem.Directories.GetAssignment(courseID, aID).AttributableFiles;
if (null == attrFiles)
{
WriteErrorResponse(context,
"Internal error: could not get attributable files manager for assignment");
return;
}
// Make sure the file exists
OSBLEFile af = attrFiles.GetFile(fileName);
if (null == af)
{
WriteErrorResponse(context,
"Internal error: could not get attributable file");
return;
}
//Delete file
attrFiles.DeleteFile(fileName);
// Return success message with new file listing
/*context.Response.Write(
* "<CourseFilesOpsResponse success=\"true\">" +
* attrFiles.GetXMLListing(courseUser, true) +
* "</CourseFilesOpsResponse>");*/
//TODO: fix this... this is a hack...
//without redirecting to this page, the user is directed to an XML error page, and has to hit 'back' in order to see the file deleted
//This also introduces a bug where the assignment timestamp is now -7 of what it previously was...
//this code should redirect back to the page that called this event.
//context.Response.Redirect("/AssignmentWizard/Basics");
string referrer = context.Request.UrlReferrer.ToString();
if (!String.IsNullOrEmpty(referrer))
{
context.Response.Redirect(context.Request.UrlReferrer.ToString());
}
return;
}
else if ("create_folder" == cmdParam)
{
// Make sure they have access to this course. Right now we only let
// people who can modify the course have access to this service function.
if (!VerifyModifyPermissions(context, up, courseID))
{
return;
}
// Make sure the folder name parameter is present
string folderName = string.Empty;
if (!VerifyStringParam(context, "folder_name", ref folderName))
{
return;
}
if (string.IsNullOrEmpty(folderName))
{
WriteErrorResponse(context,
"The following parameter cannot be an empty string: folder_name");
return;
}
// Make sure the folder name is OK
if (!VerifyPath(context, ref folderName))
{
return;
}
// Get the attributable file storage
OSBLEDirectory attrFiles =
Models.FileSystem.Directories.GetCourseDocs(courseID);
if (null == attrFiles)
{
WriteErrorResponse(context,
"Internal error: could not get attributable files manager for course files.");
return;
}
// Create the directory
attrFiles.CreateDir(folderName);
// Return success message with new file listing
context.Response.Write(
"<CourseFilesOpsResponse success=\"true\">" +
attrFiles.GetXMLListing(courseUser, true) +
"</CourseFilesOpsResponse>");
return;
}
else if ("delete_file" == cmdParam)
{
HandleFileDeletionRequest(context, up, courseID);
}
else if ("delete_folder" == cmdParam)
{
HandleFolderDeletionRequest(context, up, courseID);
return;
}
else if ("rename_file" == cmdParam)
{
HandleFileRenameRequest(context, up, courseID, courseUser);
}
else if ("rename_folder" == cmdParam)
{
// Make sure they have access to this course. Right now we only let
// people who can modify the course have access to this service function.
if (!VerifyModifyPermissions(context, up, courseID))
{
return;
}
// Make sure the folder name parameter is present
string folderName = string.Empty;
if (!VerifyStringParam(context, "folder_name", ref folderName))
{
return;
}
if (string.IsNullOrEmpty(folderName))
{
WriteErrorResponse(context,
"The following parameter cannot be an empty string: folder_name");
return;
}
// Make sure the folder name is OK
if (!VerifyPath(context, ref folderName))
{
return;
}
// Get the attributable file storage
OSBLEDirectory attrFiles =
Models.FileSystem.Directories.GetCourseDocs(courseID);
if (null == attrFiles)
{
WriteErrorResponse(context,
"Internal error: could not get attributable files manager for course files.");
return;
}
// Combine the relative path from the request (which has been checked
// to make sure it's ok) with the path of the course files.
string path = System.IO.Path.Combine(attrFiles.GetPath(), folderName);
if (!System.IO.Directory.Exists(path))
{
// We can't rename a directory that doesn't exist
WriteErrorResponse(context,
"Error: Could not find folder to rename: " + folderName);
return;
}
// Now make sure we have the new_name parameter
string newName = string.Empty;
if (!VerifyStringParam(context, "new_name", ref newName))
{
return;
}
// Verify that it's OK
if (!VerifyPath(context, ref newName))
{
return;
}
// Also it must be just the folder name and not have / or \
if (newName.Contains('/') || newName.Contains('\\'))
{
WriteErrorResponse(context,
"New folder name must not contain a path, just the new folder name.");
return;
}
// Lastly, it must not be empty
if (string.IsNullOrEmpty(newName))
{
WriteErrorResponse(context,
"New folder name cannot be empty.");
return;
}
string newNameFull = System.IO.Path.Combine(
System.IO.Path.GetDirectoryName(path), newName);
// Do the actual rename (move)
System.IO.Directory.Move(path, newNameFull);
// Do the same for the corresponding folder in the attributable
// files directory
path = System.IO.Path.Combine(attrFiles.AttrFilesPath, folderName);
if (System.IO.Directory.Exists(path))
{
newNameFull = System.IO.Path.Combine(
System.IO.Path.GetDirectoryName(path), newName);
System.IO.Directory.Move(path, newNameFull);
}
// Return success message with new file listing
context.Response.Write(
"<CourseFilesOpsResponse success=\"true\">" +
attrFiles.GetXMLListing(courseUser, true) +
"</CourseFilesOpsResponse>");
return;
}
else
{
// Coming here implies an unknown command
WriteErrorResponse(context, "Unknown command: " + cmdParam);
}
}
private void HandleFileRenameRequest(HttpContext context, Models.Users.UserProfile up,
int courseID, CourseUser courseUser)
{
// Make sure they have access to this course. Right now we only let
// people who can modify the course have access to this service function.
if (!VerifyModifyPermissions(context, up, courseID))
{
return;
}
// Make sure the file name parameter is present
string fileName = string.Empty;
if (!VerifyStringParam(context, "file_name", ref fileName))
{
return;
}
if (string.IsNullOrEmpty(fileName))
{
WriteErrorResponse(context,
"The following parameter cannot be an empty string: file_name");
return;
}
// Make sure the path name is OK
if (!VerifyPath(context, ref fileName))
{
return;
}
// Get the attributable file storage
OSBLEDirectory courseFiles =
Models.FileSystem.Directories.GetCourseDocs(courseID);
OSBLEDirectory attrFiles = courseFiles;
if (null == attrFiles)
{
WriteErrorResponse(context,
"Internal error: could not get attributable files manager for course files.");
return;
}
int slashIndex = fileName.LastIndexOf('\\');
if (-1 == slashIndex)
{
slashIndex = fileName.LastIndexOf('/');
}
if (-1 != slashIndex)
{
// If the file exists in some nested folders then get the
// correct directory object first.
attrFiles = (OSBLEDirectory)attrFiles.GetDir(fileName.Substring(0, slashIndex));
// Also remove the path from the beginning of the file name
fileName = fileName.Substring(slashIndex + 1);
}
// Now make sure we have the new_name parameter
string newName = string.Empty;
if (!VerifyStringParam(context, "new_name", ref newName))
{
return;
}
// Verify that it's OK
if (!VerifyPath(context, ref newName))
{
return;
}
// Also it must be just the new file name and not have / or \
if (newName.Contains('/') || newName.Contains('\\'))
{
WriteErrorResponse(context,
"New file name must not contain a path, just the new file name.");
return;
}
// Lastly, it must not be empty
if (string.IsNullOrEmpty(newName))
{
WriteErrorResponse(context,
"New file name cannot be empty.");
return;
}
// Tell the file storage to do the rename
if (attrFiles.RenameFile(fileName, newName))
{
// Return success message with new file listing
context.Response.Write(
"<CourseFilesOpsResponse success=\"true\">" +
courseFiles.GetXMLListing(courseUser, true) +
"</CourseFilesOpsResponse>");
}
else
{
WriteErrorResponse(context, "Failed to rename file.");
}
}
public void ProcessRequest(HttpContext context)
{
HttpFileCollection coll;
//yc: set the max upload size
try
{
coll = context.Request.Files;
context.Response.ContentType = "text/xml";
if (0 == coll.Count)
{
WriteErrorResponse(context,
"Course file upload service requires one or more files in the request. " +
"It's possible that your browser did not correctly send the file data " +
"and you may need to update your browser if the problem persists.");
return;
}
// We're expecting the course ID to be in a parameter (required)
string courseIDParam = context.Request.Params["courseID"];
if (string.IsNullOrEmpty(courseIDParam))
{
WriteErrorResponse(context,
"Course file upload service requires a \"courseID\" parameter.");
return;
}
// Make sure the course ID is an integer and a valid course ID at that
int courseID;
if (!int.TryParse(courseIDParam, out courseID))
{
WriteErrorResponse(context,
"The course ID must be a valid integer value.");
return;
}
// There might be an optional "target_folder" parameter
string targetFolderParam = context.Request.Params["target_folder"];
// Try to get the current OSBLE user
Models.Users.UserProfile up = OSBLE.Utility.OsbleAuthentication.CurrentUser;
if (null == up)
{
// In the future what I'd like to do here is look for a user name and
// password in the request headers. This would allow this web service to
// be used by other sources, but for now it requires a logged in OSBLE user.
WriteErrorResponse(context,
"Could not get active OSBLE user for request. Please login.");
return;
}
// Make sure this user has permission to upload to this course
OSBLEContext _db = new OSBLEContext();
CourseUser courseUser = (
from cu in _db.CourseUsers
where cu.UserProfileID == up.ID
&&
cu.AbstractCourse is AbstractCourse
&&
cu.AbstractCourseID == courseID
select cu
).FirstOrDefault();
if (null == courseUser || !courseUser.AbstractRole.CanUploadFiles)
{
// User cannot upload files for this course
context.Response.Write(
"<CourseFilesUploaderResponse success=\"false\">" +
" <Message>The specified user does not have access to course with ID=" +
courseID.ToString() + ". User must be " +
"a course owner to access this service.</Message>" +
"</CourseFilesUploaderResponse>");
return;
}
// We will look for an optional "fileusage" parameter that tells us where
// the file(s) will go. By default we use "generic" if the parameter is
// absent.
string fileUsage = context.Request.Params["fileusage"];
if (string.IsNullOrEmpty(fileUsage))
{
// Default to "generic", which puts files in the CourseDocs folder.
fileUsage = "generic";
}
else
{
fileUsage = fileUsage.ToLower();
}
// Save based on the usage
if ("generic" == fileUsage)
{
OSBLEDirectory location = Models.FileSystem.Directories.GetCourseDocs(courseID);
// For now the target folder parameter is only allowed for generic files
if (!string.IsNullOrEmpty(targetFolderParam) &&
"\\" != targetFolderParam &&
"/" != targetFolderParam)
{
// We can't let it start with / or \
while (targetFolderParam.StartsWith("\\"))
{
targetFolderParam = targetFolderParam.Substring(1);
}
while (targetFolderParam.StartsWith("/"))
{
targetFolderParam = targetFolderParam.Substring(1);
}
location = location.GetDir(targetFolderParam);
if (null == location)
{
WriteErrorResponse(context,
"Could not upload to target folder: " + targetFolderParam);
return;
}
}
// Save each file to the target directory
for (int i = 0; i < coll.Count; i++)
{
HttpPostedFile postedFile = coll[i];
//yc: check the file size in MB
int size = postedFile.ContentLength / 1024 / 1024; //contentLenght(BYTES)/ 1024 (gets KB) / 1024 (GETS MB)
if (size < 30)
{
}
else
{
//too large
}
string fileName = Path.GetFileName(postedFile.FileName);
location.AddFile(fileName, postedFile.InputStream);
}
context.Response.Write(string.Format(
"<CourseFilesUploaderResponse success=\"true\">" +
" <Message>Successfully uploaded {0} files</Message>" +
"</CourseFilesUploaderResponse>", coll.Count));
return;
}
else if ("assignment_description" == fileUsage ||
"assignment_solution" == fileUsage)
{
// In this case we also need an assignment ID parameter
string aIDString = context.Request.Params["assignmentID"];
if (string.IsNullOrEmpty(aIDString))
{
WriteErrorResponse(context,
"An \"assignmentID\" parameter is required when uploading a " +
"file for an assignment " +
(("assignment_description" == fileUsage) ? "description." : "solution."));
return;
}
int aID;
if (!int.TryParse(aIDString, out aID))
{
WriteErrorResponse(context,
"The \"assignmentID\" parameter must be an integer value.");
return;
}
// Assignment must exist
Models.FileSystem.AssignmentFilePath afs =
Models.FileSystem.Directories.GetAssignment(courseID, aID);
if (null == afs)
{
WriteErrorResponse(context,
"Could not get assignment file path for assignment: " + aIDString);
return;
}
// Get the attributable files storage for this assignment
OSBLE.Models.FileSystem.OSBLEDirectory attrFiles = afs.AttributableFiles;
if (null == attrFiles)
{
WriteErrorResponse(context,
"Internal error: could not get attributable files manager for assignment");
return;
}
// Set up the system attributes for this file
Dictionary <string, string> sys = new Dictionary <string, string>();
sys.Add("created", DateTime.Now.ToString());
sys.Add(fileUsage, aIDString);
sys.Add("uploadedby", up.UserName);
if ("assignment_solution" != fileUsage)
{
sys.Add("any_course_user_can_download", null);
}
// Save each file to the target directory
for (int i = 0; i < coll.Count; i++)
{
HttpPostedFile postedFile = coll[i];
string fileName = Path.GetFileName(postedFile.FileName);
attrFiles.AddFile(fileName, postedFile.InputStream, sys, null);
}
context.Response.Write(string.Format(
"<CourseFilesUploaderResponse success=\"true\">" +
" <Message>Successfully uploaded {0} files</Message>" +
"</CourseFilesUploaderResponse>", coll.Count));
return;
}
// Coming here implies we didn't recognize the file usage
WriteErrorResponse(context, "Unsupported file usage: " + fileUsage);
}
catch (HttpException ex)
{
if (ex.WebEventCode == 3004)
{
WriteErrorResponse(context, "File exceeds 30MB upload limit");
return;
}
}
// This web service returns XML
}
