public async Task <IActionResult> GetProjectToken(int id) { var project = await service.GetAsync(id); if (project == null) { return(NotFound($"Project id={id} not found")); } if (project.WorkflowProjectUrl == null) { return(NotFound($"Project id={id}: WorkflowProjectUrl is null")); } var roles = await ProjectService.GetUserRolesForProject(project, CurrentUser.Id); bool readOnly; if (CurrentUser.Id == project.OwnerId) { readOnly = false; } else if (roles != null && roles.Exists(role => role.RoleName == RoleName.OrganizationAdmin)) { readOnly = true; } else if (CurrentUser.HasRole(RoleName.SuperAdmin)) { readOnly = true; } else { return(NotFound($"Project id={id}, user={CurrentUser.Name} does not have permission")); } var token = await BuildEngineProjectService.GetProjectTokenAsync(id, readOnly); if (token == null) { return(NotFound($"Project id={id}: GetProjectToken returned null")); } if (token.SecretAccessKey == null) { return(NotFound($"Project id={id}: Token.SecretAccessKey is null")); } var projectToken = new ProjectToken { Id = id, SessionToken = token.SessionToken, SecretAccessKey = token.SecretAccessKey, AccessKeyId = token.AccessKeyId, Expiration = token.Expiration, Url = project.WorkflowProjectUrl, Region = token.Region, ReadOnly = token.ReadOnly }; return(Ok(projectToken)); }
public async Task <IActionResult> GetProjectToken(int id) { string tokenUse = null; if (HttpContext.Request.Headers.ContainsKey(TOKEN_USE_HEADER)) { tokenUse = HttpContext.Request.Headers[TOKEN_USE_HEADER]; } var project = await service.GetAsync(id); if (project == null) { return(NotFound($"Project id={id} not found")); } if (project.WorkflowProjectUrl == null) { return(NotFound($"Project id={id}: WorkflowProjectUrl is null")); } // Check ownership bool?readOnly = null; if (CurrentUser.Id == project.OwnerId) { readOnly = false; } // Check roles if (!readOnly.HasValue) { var roles = await ProjectService.GetUserRolesForProject(project, CurrentUser.Id); if ((roles != null) && roles.Exists(role => role.RoleName == RoleName.OrganizationAdmin)) { readOnly = true; } else if (CurrentUser.HasRole(RoleName.SuperAdmin)) { readOnly = true; } } // Check authors if (!readOnly.HasValue) { var authors = await ProjectService.GetAuthorsForProject(project); Author author = null; if ((authors != null) && ((author = authors.Find(a => a.UserId == CurrentUser.Id)) != null)) { // Kalaam now wants authors to be able to update at any time. In the future, we can add a setting // on the author to whether they are a restricted author or not. I don't have time to add the UI at the moment. //readOnly = !author.CanUpdate; readOnly = false; } } if (!readOnly.HasValue) { var message = $"Project id={id}, user='******' with email='{CurrentUser.Email}' does not have permission to access"; return(JsonResult(403, message)); } if (tokenUse != null && tokenUse.Equals(TOKEN_USE_UPLOAD) && readOnly.Value) { var message = $"Project id={id}, user='******' with email='{CurrentUser.Email}' does not have permission to Upload"; return(JsonResult(403, message)); } var token = await BuildEngineProjectService.GetProjectTokenAsync(id, readOnly.Value); if (token == null) { var message = $"Project id={id}: GetProjectToken returned null"; return(JsonResult(400, message)); } if (token.SecretAccessKey == null) { var message = $"Project id={id}: Token.SecretAccessKey is null"; return(JsonResult(400, message)); } var projectToken = new ProjectToken { Id = id, SessionToken = token.SessionToken, SecretAccessKey = token.SecretAccessKey, AccessKeyId = token.AccessKeyId, Expiration = token.Expiration, Url = project.WorkflowProjectUrl, Region = token.Region, ReadOnly = token.ReadOnly }; var use = readOnly.Value ? "ReadOnly Access" : "ReadWrite Access"; if (HttpContext.Request.Headers.ContainsKey(TOKEN_USE_HEADER)) { use = HttpContext.Request.Headers[TOKEN_USE_HEADER]; } ProjectService.AddTokenUse(project, CurrentUser, use); return(Ok(projectToken)); }