Exemplo n.º 1
0
        public bool DeleteFile(string file, int courseId, string authToken)
        {
            if (!IsValidKey(authToken))
            {
                return(false);
            }

            //pull the current user for easier access
            UserProfile currentUser = activeSessions[authToken].UserProfile;

            //make sure that the selected user has write privileges for the supplied course
            CourseUser currentCourse = (from cu in db.CourseUsers
                                        where cu.AbstractCourseID == courseId && cu.UserProfileID == currentUser.ID
                                        select cu).FirstOrDefault();

            //make sure that we got something back
            if (null == currentCourse)
            {
                return(false);
            }

            //only allow those that can modify the course (probably instructors) to remove
            //files
            if (!currentCourse.AbstractRole.CanModify && !currentCourse.AbstractRole.CanUploadFiles)
            {
                return(false);
            }

            // Get the course documents
            OSBLEDirectory dir = Directories.GetCourseDocs(courseId);

            //do a simple pattern match to make sure that the file to be uploaded is in
            //the correct course folder
            string coursePath = dir.GetPath();

            if (file.IndexOf(coursePath) > -1)
            {
                if (Directory.Exists(file))
                {
                    FileSystem.EmptyFolder(file);
                    Directory.Delete(file);
                    return(true);
                }
                else if (File.Exists(file))
                {
                    File.Delete(file);
                    return(true);
                }
            }
            return(false);
        }
Exemplo n.º 2
0
        public void ProcessRequest(HttpContext context)
        {
            // This web service returns XML in most cases
            context.Response.ContentType = "text/xml";

            // We need a "cmd" parameter to tell us what to deliver
            string cmdParam = context.Request.Params["cmd"];

            if (string.IsNullOrEmpty(cmdParam))
            {
                WriteErrorResponse(context,
                                   "Course file operations service requires a \"cmd\" parameter.");
                return;
            }

            // We need a "courseID" parameter
            int courseID = -1;

            if (!VerifyIntParam(context, "courseID", ref courseID))
            {
                // Can't operate without this value
                return;
            }

            // Try to get the current OSBLE user
            Models.Users.UserProfile up = OSBLE.Utility.OsbleAuthentication.CurrentUser;
            if (null == up)
            {
                // In the future what I'd like to do here is look for a user name and
                // password in the request headers. This would allow this web service to
                // be used by other sources, but for now it requires a logged in OSBLE user.
                WriteErrorResponse(context,
                                   "Could not get active OSBLE user for request. Please login.");
                return;
            }

            // The permissions for service actions depend on the course user
            OSBLEContext db         = new OSBLEContext();
            CourseUser   courseUser =
                (from cu in db.CourseUsers
                 where cu.UserProfileID == up.ID &&
                 cu.AbstractCourse is AbstractCourse &&
                 cu.AbstractCourseID == courseID
                 select cu).FirstOrDefault();

            if (null == courseUser)
            {
                WriteErrorResponse(context,
                                   "User does not have permission to perform this action.");
                return;
            }

            // Now look at the command and handle it appropriately
            if ("course_files_list" == cmdParam)
            {
                HandleCourseFileListingRequest(context, up, courseID);
                return;
            }
            else if ("assignment_files_list" == cmdParam)
            {
                // Make sure they have access to this course. Right now we only let
                // people who can modify the course have access to this service.
                if (!VerifyModifyPermissions(context, up, courseID))
                {
                    return;
                }

                // The client wants a list of files from the attributable storage location
                // for the assignment.

                // First make sure we have the "assignmentID" parameter
                int aID = -1;
                if (!VerifyIntParam(context, "assignmentID", ref aID))
                {
                    return;
                }

                // Get the attributable file storage
                OSBLEDirectory attrFiles =
                    Models.FileSystem.Directories.GetAssignment(courseID, aID).AttributableFiles;
                if (null == attrFiles)
                {
                    WriteErrorResponse(context,
                                       "Internal error: could not get attributable files manager for assignment");
                    return;
                }

                // Get XML file listing packaged up and return it to the client
                context.Response.Write(
                    "<CourseFilesOpsResponse success=\"true\">" +
                    attrFiles.GetXMLListing(courseUser, false) +
                    "</CourseFilesOpsResponse>");
                return;
            }
            else if ("assignment_file_download" == cmdParam)
            {
                // First make sure we have the "assignmentID" parameter
                int aID = -1;
                if (!VerifyIntParam(context, "assignmentID", ref aID))
                {
                    return;
                }

                // Now make sure we have the "filename" parameter
                string fileName = context.Request.Params["filename"];
                if (string.IsNullOrEmpty(fileName))
                {
                    WriteErrorResponse(context, "Missing required parameter: \"filename\"");
                    return;
                }
                fileName = System.IO.Path.GetFileName(fileName);

                // Get the attributable file storage
                OSBLEDirectory attrFiles =
                    Models.FileSystem.Directories.GetAssignment(courseID, aID).AttributableFiles;
                if (null == attrFiles)
                {
                    WriteErrorResponse(context,
                                       "Internal error: could not get attributable files manager for assignment");
                    return;
                }

                // Make sure the file exists
                OSBLEFile af = attrFiles.GetFile(fileName);
                if (null == af)
                {
                    WriteErrorResponse(context,
                                       "Internal error: could not get attributable file");
                    return;
                }

                // Make sure the user has permission to download, if the user is not able to modify the course or the assignment date is not
                // past the due time plus the hours late window
                if (null == courseUser || (!af.CanUserDownload(courseUser) && !DBHelper.AssignmentDueDatePast(aID, courseUser.AbstractCourseID)))
                {
                    WriteErrorResponse(context,
                                       "User does not have permission to download this file");
                    return;
                }

                if (fileName.ToLower().EndsWith(".pdf"))
                {
                    context.Response.ContentType = "application/pdf";
                }
                else
                {
                    context.Response.ContentType = "application/octet-stream";
                }
                context.Response.AddHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\"");

                // Transmit file data
                context.Response.TransmitFile(af.DataFileName);
                return;
            }
            else if ("assignment_file_delete" == cmdParam)
            {
                // First make sure we have the "assignmentID" parameter
                int aID = -1;
                if (!VerifyIntParam(context, "assignmentID", ref aID))
                {
                    return;
                }

                // Now make sure we have the "filename" parameter
                string fileName = context.Request.Params["filename"];
                if (string.IsNullOrEmpty(fileName))
                {
                    WriteErrorResponse(context, "Missing required parameter: \"filename\"");
                    return;
                }
                fileName = System.IO.Path.GetFileName(fileName);

                // Get the attributable file storage
                OSBLEDirectory attrFiles =
                    Models.FileSystem.Directories.GetAssignment(courseID, aID).AttributableFiles;
                if (null == attrFiles)
                {
                    WriteErrorResponse(context,
                                       "Internal error: could not get attributable files manager for assignment");
                    return;
                }

                // Make sure the file exists
                OSBLEFile af = attrFiles.GetFile(fileName);
                if (null == af)
                {
                    WriteErrorResponse(context,
                                       "Internal error: could not get attributable file");
                    return;
                }

                //Delete file
                attrFiles.DeleteFile(fileName);

                // Return success message with new file listing

                /*context.Response.Write(
                 *   "<CourseFilesOpsResponse success=\"true\">" +
                 *   attrFiles.GetXMLListing(courseUser, true) +
                 *   "</CourseFilesOpsResponse>");*/
                //TODO: fix this... this is a hack...
                //without redirecting to this page, the user is directed to an XML error page, and has to hit 'back' in order to see the file deleted
                //This also introduces a bug where the assignment timestamp is now -7 of what it previously was...
                //this code should redirect back to the page that called this event.
                //context.Response.Redirect("/AssignmentWizard/Basics");
                string referrer = context.Request.UrlReferrer.ToString();
                if (!String.IsNullOrEmpty(referrer))
                {
                    context.Response.Redirect(context.Request.UrlReferrer.ToString());
                }

                return;
            }
            else if ("create_folder" == cmdParam)
            {
                // Make sure they have access to this course. Right now we only let
                // people who can modify the course have access to this service function.
                if (!VerifyModifyPermissions(context, up, courseID))
                {
                    return;
                }

                // Make sure the folder name parameter is present
                string folderName = string.Empty;
                if (!VerifyStringParam(context, "folder_name", ref folderName))
                {
                    return;
                }

                if (string.IsNullOrEmpty(folderName))
                {
                    WriteErrorResponse(context,
                                       "The following parameter cannot be an empty string: folder_name");
                    return;
                }

                // Make sure the folder name is OK
                if (!VerifyPath(context, ref folderName))
                {
                    return;
                }

                // Get the attributable file storage
                OSBLEDirectory attrFiles =
                    Models.FileSystem.Directories.GetCourseDocs(courseID);
                if (null == attrFiles)
                {
                    WriteErrorResponse(context,
                                       "Internal error: could not get attributable files manager for course files.");
                    return;
                }

                // Create the directory
                attrFiles.CreateDir(folderName);

                // Return success message with new file listing
                context.Response.Write(
                    "<CourseFilesOpsResponse success=\"true\">" +
                    attrFiles.GetXMLListing(courseUser, true) +
                    "</CourseFilesOpsResponse>");
                return;
            }
            else if ("delete_file" == cmdParam)
            {
                HandleFileDeletionRequest(context, up, courseID);
            }
            else if ("delete_folder" == cmdParam)
            {
                HandleFolderDeletionRequest(context, up, courseID);
                return;
            }
            else if ("rename_file" == cmdParam)
            {
                HandleFileRenameRequest(context, up, courseID, courseUser);
            }
            else if ("rename_folder" == cmdParam)
            {
                // Make sure they have access to this course. Right now we only let
                // people who can modify the course have access to this service function.
                if (!VerifyModifyPermissions(context, up, courseID))
                {
                    return;
                }

                // Make sure the folder name parameter is present
                string folderName = string.Empty;
                if (!VerifyStringParam(context, "folder_name", ref folderName))
                {
                    return;
                }

                if (string.IsNullOrEmpty(folderName))
                {
                    WriteErrorResponse(context,
                                       "The following parameter cannot be an empty string: folder_name");
                    return;
                }

                // Make sure the folder name is OK
                if (!VerifyPath(context, ref folderName))
                {
                    return;
                }

                // Get the attributable file storage
                OSBLEDirectory attrFiles =
                    Models.FileSystem.Directories.GetCourseDocs(courseID);
                if (null == attrFiles)
                {
                    WriteErrorResponse(context,
                                       "Internal error: could not get attributable files manager for course files.");
                    return;
                }

                // Combine the relative path from the request (which has been checked
                // to make sure it's ok) with the path of the course files.
                string path = System.IO.Path.Combine(attrFiles.GetPath(), folderName);
                if (!System.IO.Directory.Exists(path))
                {
                    // We can't rename a directory that doesn't exist
                    WriteErrorResponse(context,
                                       "Error: Could not find folder to rename: " + folderName);
                    return;
                }

                // Now make sure we have the new_name parameter
                string newName = string.Empty;
                if (!VerifyStringParam(context, "new_name", ref newName))
                {
                    return;
                }

                // Verify that it's OK
                if (!VerifyPath(context, ref newName))
                {
                    return;
                }
                // Also it must be just the folder name and not have / or \
                if (newName.Contains('/') || newName.Contains('\\'))
                {
                    WriteErrorResponse(context,
                                       "New folder name must not contain a path, just the new folder name.");
                    return;
                }
                // Lastly, it must not be empty
                if (string.IsNullOrEmpty(newName))
                {
                    WriteErrorResponse(context,
                                       "New folder name cannot be empty.");
                    return;
                }

                string newNameFull = System.IO.Path.Combine(
                    System.IO.Path.GetDirectoryName(path), newName);

                // Do the actual rename (move)
                System.IO.Directory.Move(path, newNameFull);

                // Do the same for the corresponding folder in the attributable
                // files directory
                path = System.IO.Path.Combine(attrFiles.AttrFilesPath, folderName);
                if (System.IO.Directory.Exists(path))
                {
                    newNameFull = System.IO.Path.Combine(
                        System.IO.Path.GetDirectoryName(path), newName);
                    System.IO.Directory.Move(path, newNameFull);
                }

                // Return success message with new file listing
                context.Response.Write(
                    "<CourseFilesOpsResponse success=\"true\">" +
                    attrFiles.GetXMLListing(courseUser, true) +
                    "</CourseFilesOpsResponse>");
                return;
            }
            else
            {
                // Coming here implies an unknown command
                WriteErrorResponse(context, "Unknown command: " + cmdParam);
            }
        }