refactor: separate methods in privacy filter

Author: semrosin

HwProj.APIGateway/HwProj.APIGateway.API/Controllers/FilesController.cs

@@ -1,3 +1,4 @@
+using System.Linq;
 using System.Net;
 using System.Threading.Tasks;
 using HwProj.APIGateway.API.Filters;
@@ -29,15 +30,14 @@ public FilesController(IAuthServiceClient authServiceClient,
 
     [HttpPost("process")]
     [ProducesResponseType((int)HttpStatusCode.OK)]
-    [ProducesResponseType(typeof(string), (int)HttpStatusCode.Forbidden)]
+    [ProducesResponseType((int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.ServiceUnavailable)]
     public async Task<IActionResult> Process([FromForm] ProcessFilesDTO processFilesDto)
     {
-        var checkRights = await _privacyFilter.CheckRights(User,
-            processFilesDto.FilesScope,
-            FilesPrivacyFilter.Method.Upload
-        );
-        if (!checkRights) return StatusCode((int)HttpStatusCode.Forbidden, "Недостаточно прав для загрузки файлов");
+        var checkRights = await _privacyFilter.CheckUploadRights(
+            User.Claims.FirstOrDefault(claim => claim.Type.ToString() == "_id")?.Value,
+            processFilesDto.FilesScope);
+        if (!checkRights) return Forbid("Недостаточно прав для загрузки файлов");
 
         var checkCountLimit = await _countFilter.CheckCountLimit(processFilesDto);
         if (!checkCountLimit) return StatusCode((int)HttpStatusCode.Forbidden, "Слишком много файлов в решении." 
@@ -50,16 +50,15 @@ public async Task<IActionResult> Process([FromForm] ProcessFilesDTO processFiles
     }
 
     [HttpPost("statuses")]
+    [ProducesResponseType((int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(FileInfoDTO[]), (int)HttpStatusCode.OK)]
-    [ProducesResponseType(typeof(string), (int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.ServiceUnavailable)]
     public async Task<IActionResult> GetStatuses(ScopeDTO filesScope)
     {
-        var checkRights = await _privacyFilter.CheckRights(User,
-            filesScope,
-            FilesPrivacyFilter.Method.Upload
-        );
-        if (!checkRights) return StatusCode((int)HttpStatusCode.Forbidden, "Недостаточно прав для получения информации о файлах");
+        var checkRights = await _privacyFilter.CheckUploadRights(
+            User.Claims.FirstOrDefault(claim => claim.Type.ToString() == "_id")?.Value,
+            filesScope);
+        if (!checkRights) return Forbid("Недостаточно прав для получения информации о файлах");
 
         var filesStatusesResult = await _contentServiceClient.GetFilesStatuses(filesScope);
         return filesStatusesResult.Succeeded
@@ -68,22 +67,28 @@ public async Task<IActionResult> GetStatuses(ScopeDTO filesScope)
     }
 
     [HttpGet("downloadLink")]
+    [ProducesResponseType((int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(string), (int)HttpStatusCode.OK)]
-    [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.Forbidden)]
     [ProducesResponseType(typeof(string[]), (int)HttpStatusCode.NotFound)]
     public async Task<IActionResult> GetDownloadLink([FromQuery] long fileId)
     {
         var linkDto = await _contentServiceClient.GetDownloadLinkAsync(fileId);
         if(!linkDto.Succeeded) return StatusCode((int)HttpStatusCode.ServiceUnavailable, linkDto.Errors);
 
-        var checkRights = await _privacyFilter.CheckRights(User,
-            linkDto.Value.fileScope,
-            FilesPrivacyFilter.Method.Download
-        );
+        var userId = User.Claims.FirstOrDefault(claim => claim.Type.ToString() == "_id")?.Value;
+        var hasRights = false;
+        foreach (var scope in linkDto.Value.fileScopes)
+        {
+            if (await _privacyFilter.CheckDownloadRights(userId, scope))
+            {
+                hasRights = true;
+                break;
+            }
+        }
 
-        return checkRights
+        return hasRights
             ? Ok(linkDto.Value.DownloadUrl)
-            : StatusCode((int)HttpStatusCode.Forbidden, "Недостаточно прав для получения ссылки на файл");
+            : Forbid("Недостаточно прав для получения ссылки на файл");
     }
 
     [HttpGet("info/course/{courseId}")]

HwProj.APIGateway/HwProj.APIGateway.API/Filters/FilesPrivacyFilter.cs

@@ -1,22 +1,14 @@
 using System.Collections.Generic;
 using System.Linq;
-using System.Security.Claims;
 using System.Threading.Tasks;
 using HwProj.CoursesService.Client;
 using HwProj.Models.ContentService.DTO;
-using HwProj.Models.Roles;
 using HwProj.SolutionsService.Client;
 
 namespace HwProj.APIGateway.API.Filters;
 
 public class FilesPrivacyFilter
 {
-    public enum Method
-    {
-        Upload,
-        Download
-    }
-    
     private readonly ICoursesServiceClient _coursesServiceClient;
     private readonly ISolutionsServiceClient _solutionsServiceClient;
 
@@ -26,45 +18,47 @@ public FilesPrivacyFilter(ICoursesServiceClient coursesServiceClient, ISolutions
         _solutionsServiceClient = solutionsServiceClient;
     }
 
-    public async Task<bool> CheckRights(ClaimsPrincipal user, ScopeDTO fileScope, Method method)
+    public async Task<bool> CheckDownloadRights(string? userId, ScopeDTO fileScope)
     {
-        var userId = user.Claims
-            .FirstOrDefault(claim => claim.Type.ToString() == "_id")?.Value;
-        if (userId == null) return false;
-        
-        var userRole = user.Claims
-            .FirstOrDefault(claim => claim.Type.ToString().EndsWith("role"))?.Value;
-        if (userRole == null) return false;
+        if (fileScope.CourseUnitType == "Homework") return true;
+        if (fileScope.CourseUnitType == "Solution")
+        {
+            if(userId == null) return false;
+            var studentIds = new HashSet<string>();
+            var solution = await _solutionsServiceClient.GetSolutionById(fileScope.CourseUnitId);
+            studentIds.Add(solution.StudentId);
+            var groupIds = await _coursesServiceClient.GetGroupsById(solution.GroupId ?? 0);
+
+            var mentorIds = await _coursesServiceClient.GetCourseLecturersIds(fileScope.CourseId);
+            if (!mentorIds.Contains(userId)) return false;
+            studentIds.UnionWith(groupIds.FirstOrDefault()?.StudentsIds.ToHashSet() ?? new());
+
+            if (!studentIds.Contains(userId) && !mentorIds.Contains(userId)) return false;
+
+            return true;
+        }
+
+        return false;
+    }
 
+    public async Task<bool> CheckUploadRights(string? userId, ScopeDTO fileScope)
+    {
+        if(userId == null) return false;
         if (fileScope.CourseUnitType == "Homework")
         {
-            if (method == Method.Download) return true; 
-            if (method == Method.Upload)
-            {
-                var mentorIds = await _coursesServiceClient.GetCourseLecturersIds(fileScope.CourseId);
-                if (!mentorIds.Contains(userId))
-                {
-                    return false;
-                }
-                return true;
-            }
-        } else if (fileScope.CourseUnitType == "Solution")
+            var mentorIds = await _coursesServiceClient.GetCourseLecturersIds(fileScope.CourseId);
+            if (!mentorIds.Contains(userId)) return false;
+            return true;
+        } 
+        if (fileScope.CourseUnitType == "Solution")
         {
+            var studentIds = new HashSet<string>();
+            var solution = await _solutionsServiceClient.GetSolutionById(fileScope.CourseUnitId);
+            studentIds.Add(solution.StudentId);
+            var group = await _coursesServiceClient.GetGroupsById(solution.GroupId ?? 0);
+            studentIds.UnionWith(group.FirstOrDefault()?.StudentsIds.ToHashSet() ?? new());
 
-            if (userRole == Roles.StudentRole)
-            {
-                var studentIds = new HashSet<string>();
-                var solution = await _solutionsServiceClient.GetSolutionById(fileScope.CourseUnitId);
-                studentIds.Add(solution.StudentId);
-                var group = await _coursesServiceClient.GetGroupsById(solution.GroupId ?? 0);
-                studentIds.UnionWith(group.FirstOrDefault()?.StudentsIds.ToHashSet() ?? new());
-
-                if (!studentIds.Contains(userId)) return false;
-            } else if(method == Method.Download)
-            {
-                var mentorIds = await _coursesServiceClient.GetCourseLecturersIds(fileScope.CourseId);
-                if (!mentorIds.Contains(userId)) return false;
-            }
+            if (!studentIds.Contains(userId)) return false;
 
             return true;
         }

HwProj.Common/HwProj.Models/ContentService/DTO/FileLinkDTO.cs

@@ -1,9 +1,11 @@
+using System.Collections.Generic;
+
 namespace HwProj.Models.ContentService.DTO
 {
 
     public class FileLinkDTO
     {
         public string DownloadUrl { get; set; }
-        public ScopeDTO fileScope { get; set; }
+        public List<ScopeDTO> fileScopes { get; set; }
     }
 }

HwProj.ContentService/HwProj.ContentService.API/Controllers/FilesController.cs

@@ -81,22 +81,22 @@ public async Task<IActionResult> GetStatuses(ScopeDTO scopeDto)
     }
 
     [HttpGet("downloadLink")]
-    [ProducesResponseType(typeof(FileLinkDTO), (int)HttpStatusCode.OK)]
+    [ProducesResponseType(typeof(FileLinkDTO[]), (int)HttpStatusCode.OK)]
     public async Task<IActionResult> GetDownloadLink([FromQuery] long fileId)
     {
         var externalKey = await _filesInfoService.GetFileExternalKeyAsync(fileId);
         if (externalKey is null) return Ok(Result<FileLinkDTO>.Failed("Файл не найден"));
 
-        var fileScope = await _filesInfoService.GetFileScopeAsync(fileId);
-        if (fileScope is null) return Ok(Result<FileLinkDTO>.Failed("Файл не найден"));
+        var fileScopes = await _filesInfoService.GetFileScopesAsync(fileId);
+        if (fileScopes is null) return Ok(Result<FileLinkDTO>.Failed("Файл не найден"));
 
         var downloadUrl = await _s3FilesService.GetDownloadUrl(externalKey);
         if (!downloadUrl.Succeeded) return Ok(Result<FileLinkDTO>.Failed(downloadUrl.Errors));
 
         var result = new FileLinkDTO
         {
             DownloadUrl = downloadUrl.Value,
-            fileScope = fileScope.ToScopeDTO()
+            fileScopes = fileScopes.Select(fs => fs.ToScopeDTO()).ToList()
         };
 
         return Ok(result);

HwProj.ContentService/HwProj.ContentService.API/Repositories/FileRecordRepository.cs

@@ -52,12 +52,12 @@ public async Task UpdateStatusAsync(List<long> fileRecordIds, FileStatus newStat
             .AsNoTracking()
             .SingleOrDefaultAsync(fr => fr.Id == fileRecordId);
 
-    public async Task<Scope?> GetScopeByRecordIdAsync(long fileRecordId)
+    public async Task<List<Scope>?> GetScopesAsync(long fileRecordId)
         => await _contentContext.FileToCourseUnits
             .AsNoTracking()
             .Where(fr => fr.FileRecordId == fileRecordId)
             .Select(fc => fc.ToScope())
-            .SingleOrDefaultAsync();
+            .ToListAsync();
 
     public async Task<List<FileRecord>> GetByScopeAsync(Scope scope)
         => await _contentContext.FileToCourseUnits

HwProj.ContentService/HwProj.ContentService.API/Repositories/IFileRecordRepository.cs

@@ -13,7 +13,7 @@ public interface IFileRecordRepository
     public Task UpdateAsync(long id,
         Expression<Func<SetPropertyCalls<FileRecord>, SetPropertyCalls<FileRecord>>> setPropertyCalls);
     public Task<FileRecord?> GetFileRecordByIdAsync(long fileRecordId);
-    public Task<Scope?> GetScopeByRecordIdAsync(long fileRecordId);
+    public Task<List<Scope>?> GetScopesAsync(long fileRecordId);
     public Task<List<FileRecord>> GetByScopeAsync(Scope scope);
     public Task<List<FileToCourseUnit>> GetByCourseIdAsync(long courseId);
     public Task<List<FileToCourseUnit>> GetByCourseIdAndStatusAsync(long courseId, FileStatus filesStatus);

HwProj.ContentService/HwProj.ContentService.API/Services/FilesInfoService.cs

@@ -37,9 +37,9 @@ public async Task<List<FileInfoDTO>> GetFilesStatusesAsync(Scope filesScope)
         return fileRecord?.ExternalKey;
     }
 
-    public async Task<Scope?> GetFileScopeAsync(long fileId)
+    public async Task<List<Scope>?> GetFileScopesAsync(long fileId)
     {
-        var fileToCourseUnit = await _fileRecordRepository.GetScopeByRecordIdAsync(fileId);
+        var fileToCourseUnit = await _fileRecordRepository.GetScopesAsync(fileId);
         return fileToCourseUnit;
     }
 

HwProj.ContentService/HwProj.ContentService.API/Services/Interfaces/IFilesInfoService.cs

@@ -9,7 +9,7 @@ public interface IFilesInfoService
 {
     public Task<List<FileInfoDTO>> GetFilesStatusesAsync(Scope filesScope);
     public Task<string?> GetFileExternalKeyAsync(long fileId);
-    public Task<Scope?> GetFileScopeAsync(long fileId);
+    public Task<List<Scope>?> GetFileScopesAsync(long fileId);
     public Task<List<FileInfoDTO>> GetFilesInfoAsync(long courseId);
     public Task<List<FileInfoDTO>> GetFilesInfoAsync(long courseId, FileStatus filesStatus);
     public Task TransferFilesFromCourse(CourseFilesTransferDto filesTransfer);