public override void BuildDynamicFolders(PathIdentifier identifier, ItemQueryResponse page, FolderModel folder, bool isRestrictedView = false)
{
if (EDiscoveryUtility.IsUserEDiscovery(connection.UserAccessIdentifiers) ||
LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers))
{
return;
}
var logPathIdentifier = new PathIdentifier(identifier)
{
PathKey = LOG_READER_PATH_KEY
};
if (page.PathTree.Paths == null)
{
page.PathTree.Paths = new List <ManagerPathModel>();
}
// Last the parent / root node of 'eDiscovery'
var logPath = new ManagerPathModel
{
Identifier = logPathIdentifier,
Icons = new string[] { "fa-history" },
Name = "Logs",
FullPath = LOG_READER_PATH_KEY,
AllowedOperations = null,
Paths = new List <ManagerPathModel>(),
IsExpanded = false
};
page.PathTree.Paths.Add(logPath);
}
public override BaseItemQueryHandler GetInitialQueryHandler(PathIdentifier identifier, PathService pathService, APIConnection connection, IAuditLogStore auditLogStore, ManagerConfiguration managerConfiguration, FileService fileService)
{
// If the user is leo user, we're going to use a special query handler that
// will return only the files the user is allowed to see.
if (LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers))
{
var userKey = connection.UserIdentifier.UserKey;
// here we're going to do some basic security check. The userKey has a folder key on it. We need to make sure that matches.
var userKeyTokens = userKey.Split(':').ToList();
// now this will be an array, of tokens, keep in mind userkeys can be something like Defendant:18337980:[email protected], so we want everything before the last ':'
// so we can remove the last token, and then we'll be able to just join back everything else.
userKeyTokens.RemoveAt(userKeyTokens.Count - 1);
// also get rid of the leo: prefix
userKeyTokens.RemoveAt(0);
var folderKeyFromUser = String.Join(':', userKeyTokens);
if (folderKeyFromUser != identifier.FolderKey)
{
throw (new UnauthorizedAccessException($"You're not authorized for this Folder userKey:{userKey} tried to access: {identifier.FolderKey}"));
}
return(new LEOUserItemQueryHandler(pathService, connection, auditLogStore, this, managerConfiguration, fileService));
}
if (identifier.PathKey == LEOUploadUtility.LEO_UPLOAD_PATH_KEY)
{
return(new LEOUploadRootQueryHandler(pathService, connection, auditLogStore, this, managerConfiguration, fileService));
}
return(null);
}
public override void OnResponse(ItemQueryResponse response, PathIdentifier pathIdentifier)
{
var leoUploadPath = new PathIdentifier(pathIdentifier as FolderIdentifier, LEOUploadUtility.LEO_UPLOAD_PATH_KEY);
if (pathIdentifier.IsChildOf(leoUploadPath) && response.AllowedOperations != null)
{
if (!LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers))
{
response.AllowedOperations = response.AllowedOperations.Where(a => !(a.BatchOperation is UploadRequest));
}
}
}
public async override Task PostUploadAsync(FolderModel folderModel, FileModel fileModel)
{
if (LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers))
{
await connection.ConcurrencyRetryBlock(async() =>
{
fileModel.WriteACLs("read", new[] {
new ACLModel
{
OverrideKey = "leo",
RequiredIdentifiers = new List <string>
{
"u:system",
"x:leo",
$"u:{connection.UserIdentifier.UserKey.Replace(" ", "_")}"
}
}
});
await connection.File.PutAsync(fileModel);
});
var message = "Officer uploaded file: " + fileModel.Name;
await this.auditLogStore.AddEntry(
new AuditLogEntry()
{
EntryType = AuditLogEntryType.LEOUploadOfficerUpload,
Message = message,
ModuleType = Modules.ModuleType.LEOUpload
},
fileModel.Identifier,
connection
);
await connection.Log.PostAsync(new AuditLogEntryModel
{
Identifier = new AuditLogEntryIdentifier(fileModel.Identifier),
FileIdentifier = fileModel.Identifier,
ActionType = "LEOUpload",
Description = message,
Details = JsonConvert.SerializeObject(fileModel.Identifier),
InitiatorUserIdentifier = connection.UserIdentifier,
Generated = DateTime.UtcNow,
UserAgent = connection.UserAgent
});
}
}
public async override Task PreUploadAsync(FolderModel folderModel, FileModel fileModel)
{
if (LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers))
{
var childPath = await GetOfficerPathAsync(folderModel.Identifier);
var attemptedPath = fileModel.MetaPathIdentifierRead();
bool pathAllowed = (attemptedPath.IsChildOf(childPath) || attemptedPath.Equals(childPath));
if (!pathAllowed)
{
fileModel.MetaPathIdentifierWrite(childPath);
}
}
}
public override void OverrideAllowedOperations(FileModel fileModel, List <AllowedOperation> allowed, PathIdentifier virtualPathIdentifier)
{
var isUserLeo = LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers);
var leoUploadFolder = new PathIdentifier(fileModel.Identifier as FolderIdentifier, LEOUploadUtility.LEO_UPLOAD_PATH_KEY);
if (virtualPathIdentifier.Equals(leoUploadFolder) || virtualPathIdentifier.IsChildOf(leoUploadFolder))
{
allowed.Clear();
allowed.Add(AllowedOperation.GetAllowedOperationDownload(fileModel.Identifier, false));
allowed.Add(AllowedOperation.GetAllowedOperationMove(fileModel.Identifier));
if (isUserLeo)
{
allowed.Add(AllowedOperation.GetAllowedOperationRename(fileModel.Identifier));
}
}
}
protected override async Task Initialize(PathIdentifier identifier)
{
if (LEOUploadUtility.IsUserLeo(connection.UserAccessIdentifiers))
{
OfficerPathIdentifier = await LEOUploadModule.GetOfficerPathAsync(identifier);
IsLEOUser = true;
}
state = await pathService.OpenFolder(identifier, false);
page = new ItemQueryResponse
{
PathName = identifier.LeafName,
PathTree = state.Paths.Root,
};
filteredFiles = state.Folder.Files.Rows as IEnumerable <FileModel>; //A collection of files that we will use to build up our response.
}
public async Task <T> LoadSet <T>(FileIdentifier fileIdentifier)
where T : BaseSet
{
var file = await api.File.GetAsync(fileIdentifier);
var fileStatus = await api.File.GetOnlineStatusAsync(fileIdentifier);
var organization = await api.Organization.GetAsync(fileIdentifier as OrganizationIdentifier);
BaseSet set = null;
// this is awful, but no clear security check to perform
bool isPrivileged = !EDiscoveryUtility.IsUserEDiscovery(this.api.UserAccessIdentifiers) &&
!LEOUploadUtility.IsUserLeo(this.api.UserAccessIdentifiers);
if (typeof(T).Equals(typeof(TextSet)))
{
set = TextService.TextSetGet(file, true);
}
if (typeof(T).Equals(typeof(DocumentSet)))
{
set = DocumentSetService.DocumentSetGet(file);
}
if (typeof(T).Equals(typeof(MediaSet)))
{
set = MediaService.MediaSetGet(organization, file, isPrivileged);
}
if (typeof(T).Equals(typeof(TranscriptSet)))
{
var transcriptSet = TranscriptService.TranscriptSetGet(organization, file);
transcriptSet.Segments = await TranscriptService.LoadSegments(api, transcriptSet.Subtitles?.FirstOrDefault()?.FileIdentifier);
set = transcriptSet;
}
if (typeof(T).Equals(typeof(ClipSet)))
{
var clipSet = ClipService.ClipSetGet(organization, file);
set = clipSet;
}
if (typeof(T).Equals(typeof(ImageSet)))
{
set = ImageService.ImageSetGet(file);
}
if (typeof(T).Equals(typeof(UnknownSet)))
{
set = UnknownService.UnknownSetGet(file);
}
if (set.AllowedOperations == null)
{
set.AllowedOperations = new[]
{
AllowedOperation.GetAllowedOperationDownload(fileIdentifier, false)
}
}
;
set.RootFileIdentifier = file.Read(MetadataKeyConstants.CHILDOF, defaultValue: file.Identifier);
if (set.RootFileIdentifier.Equals(fileIdentifier))
{
set.Views = DetectFileViews(organization, file);
}
else
{
set.Views = DetectFileViews(organization, await api.File.GetAsync(set.RootFileIdentifier));
}
// some wierd logic for eDiscovery
// if eDiscovery, then no subtitles
if (set is MediaSet && EDiscoveryUtility.IsUserEDiscovery(api.UserAccessIdentifiers))
{
var media = set as MediaSet;
media.Subtitles = null;
}
if (fileStatus != FileModel.OnlineStatus.Online)
{
set.Views = new ManagerFileView[] { new ManagerFileView {
ViewerType = ManagerFileView.ViewerTypeEnum.Offline,
Identifier = set.RootFileIdentifier
} };
set.AllowedOperations = new AllowedOperation[]
{
AllowedOperation.GetAllowedOperationRequestOnlineFolder(set.RootFileIdentifier)
};
set.RootFileIdentifier = null;
}
return(set as T);
}
