public async Task <IActionResult> GetProjectToken(int id)
{
var project = await service.GetAsync(id);
if (project == null)
{
return(NotFound($"Project id={id} not found"));
}
if (project.WorkflowProjectUrl == null)
{
return(NotFound($"Project id={id}: WorkflowProjectUrl is null"));
}
var roles = await ProjectService.GetUserRolesForProject(project, CurrentUser.Id);
bool readOnly;
if (CurrentUser.Id == project.OwnerId)
{
readOnly = false;
}
else if (roles != null && roles.Exists(role => role.RoleName == RoleName.OrganizationAdmin))
{
readOnly = true;
}
else if (CurrentUser.HasRole(RoleName.SuperAdmin))
{
readOnly = true;
}
else
{
return(NotFound($"Project id={id}, user={CurrentUser.Name} does not have permission"));
}
var token = await BuildEngineProjectService.GetProjectTokenAsync(id, readOnly);
if (token == null)
{
return(NotFound($"Project id={id}: GetProjectToken returned null"));
}
if (token.SecretAccessKey == null)
{
return(NotFound($"Project id={id}: Token.SecretAccessKey is null"));
}
var projectToken = new ProjectToken
{
Id = id,
SessionToken = token.SessionToken,
SecretAccessKey = token.SecretAccessKey,
AccessKeyId = token.AccessKeyId,
Expiration = token.Expiration,
Url = project.WorkflowProjectUrl,
Region = token.Region,
ReadOnly = token.ReadOnly
};
return(Ok(projectToken));
}
public async Task <IActionResult> GetProjectToken(int id)
{
string tokenUse = null;
if (HttpContext.Request.Headers.ContainsKey(TOKEN_USE_HEADER))
{
tokenUse = HttpContext.Request.Headers[TOKEN_USE_HEADER];
}
var project = await service.GetAsync(id);
if (project == null)
{
return(NotFound($"Project id={id} not found"));
}
if (project.WorkflowProjectUrl == null)
{
return(NotFound($"Project id={id}: WorkflowProjectUrl is null"));
}
// Check ownership
bool?readOnly = null;
if (CurrentUser.Id == project.OwnerId)
{
readOnly = false;
}
// Check roles
if (!readOnly.HasValue)
{
var roles = await ProjectService.GetUserRolesForProject(project, CurrentUser.Id);
if ((roles != null) && roles.Exists(role => role.RoleName == RoleName.OrganizationAdmin))
{
readOnly = true;
}
else if (CurrentUser.HasRole(RoleName.SuperAdmin))
{
readOnly = true;
}
}
// Check authors
if (!readOnly.HasValue)
{
var authors = await ProjectService.GetAuthorsForProject(project);
Author author = null;
if ((authors != null) && ((author = authors.Find(a => a.UserId == CurrentUser.Id)) != null))
{
// Kalaam now wants authors to be able to update at any time. In the future, we can add a setting
// on the author to whether they are a restricted author or not. I don't have time to add the UI at the moment.
//readOnly = !author.CanUpdate;
readOnly = false;
}
}
if (!readOnly.HasValue)
{
var message = $"Project id={id}, user='******' with email='{CurrentUser.Email}' does not have permission to access";
return(JsonResult(403, message));
}
if (tokenUse != null && tokenUse.Equals(TOKEN_USE_UPLOAD) && readOnly.Value)
{
var message = $"Project id={id}, user='******' with email='{CurrentUser.Email}' does not have permission to Upload";
return(JsonResult(403, message));
}
var token = await BuildEngineProjectService.GetProjectTokenAsync(id, readOnly.Value);
if (token == null)
{
var message = $"Project id={id}: GetProjectToken returned null";
return(JsonResult(400, message));
}
if (token.SecretAccessKey == null)
{
var message = $"Project id={id}: Token.SecretAccessKey is null";
return(JsonResult(400, message));
}
var projectToken = new ProjectToken
{
Id = id,
SessionToken = token.SessionToken,
SecretAccessKey = token.SecretAccessKey,
AccessKeyId = token.AccessKeyId,
Expiration = token.Expiration,
Url = project.WorkflowProjectUrl,
Region = token.Region,
ReadOnly = token.ReadOnly
};
var use = readOnly.Value ? "ReadOnly Access" : "ReadWrite Access";
if (HttpContext.Request.Headers.ContainsKey(TOKEN_USE_HEADER))
{
use = HttpContext.Request.Headers[TOKEN_USE_HEADER];
}
ProjectService.AddTokenUse(project, CurrentUser, use);
return(Ok(projectToken));
}
