From afb555442589ceb8ef3f5cb9e747fdf7cf1b498f Mon Sep 17 00:00:00 2001
From: Paul Schneider <paul@pschneider.fr>
Date: Mon, 5 Aug 2019 06:18:38 +0200
Subject: [PATCH] ui for fs acl by circle

---
 src/Yavsc.Server/Constants.cs                 |   1 +
 .../Access/CircleAuthorizationToFile.cs       |   4 +
 .../Communicating/CircleController.cs         |  33 +++--
 .../Communicating/MyFSRulesController.cs      | 121 ++++++++++++++++++
 src/Yavsc/Views/Circle/Create.cshtml          |   9 +-
 src/Yavsc/Views/Circle/Index.cshtml           |   6 -
 src/Yavsc/Views/MyFSRules/Create.cshtml       |  43 +++++++
 src/Yavsc/Views/MyFSRules/Delete.cshtml       |  30 +++++
 src/Yavsc/Views/MyFSRules/Details.cshtml      |  24 ++++
 src/Yavsc/Views/MyFSRules/Edit.cshtml         |  44 +++++++
 src/Yavsc/Views/MyFSRules/Index.cshtml        |  29 +++++
 11 files changed, 323 insertions(+), 21 deletions(-)
 create mode 100644 src/Yavsc/Controllers/Communicating/MyFSRulesController.cs
 create mode 100644 src/Yavsc/Views/MyFSRules/Create.cshtml
 create mode 100644 src/Yavsc/Views/MyFSRules/Delete.cshtml
 create mode 100644 src/Yavsc/Views/MyFSRules/Details.cshtml
 create mode 100644 src/Yavsc/Views/MyFSRules/Edit.cshtml
 create mode 100644 src/Yavsc/Views/MyFSRules/Index.cshtml

diff --git a/src/Yavsc.Server/Constants.cs b/src/Yavsc.Server/Constants.cs
index d50a5331..154600bd 100644
--- a/src/Yavsc.Server/Constants.cs
+++ b/src/Yavsc.Server/Constants.cs
@@ -8,6 +8,7 @@ namespace Yavsc
         public const string ApplicationName = "Yavsc",
             CompanyClaimType = "https://schemas.pschneider.fr/identity/claims/Company",
             UserNameRegExp = @"^[a-zA-Z][a-zA-Z0-9._-]*$",
+            UserFileNamePatternRegExp = @"^([a-zA-Z0-9._-]*/)*[a-zA-Z0-9._-]+$",
             AuthorizePath = "~/authorize",
         	TokenPath = "~/token",
             LoginPath = "~/signin",
diff --git a/src/Yavsc.Server/Models/Access/CircleAuthorizationToFile.cs b/src/Yavsc.Server/Models/Access/CircleAuthorizationToFile.cs
index 43d43f1c..37e271fd 100644
--- a/src/Yavsc.Server/Models/Access/CircleAuthorizationToFile.cs
+++ b/src/Yavsc.Server/Models/Access/CircleAuthorizationToFile.cs
@@ -2,12 +2,14 @@ using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
 using Newtonsoft.Json;
 using Yavsc.Abstract.Identity.Security;
+using Yavsc.Attributes.Validation;
 using Yavsc.Models.Relationship;
 
 namespace Yavsc.Server.Models.Access
 {
     public class CircleAuthorizationToFile : ICircleAuthorization
     {
+
         [Required]
         public long CircleId
         {
@@ -15,6 +17,8 @@ namespace Yavsc.Server.Models.Access
         }
         
         [Required]
+        [YaStringLength(48)]
+        [YaRegularExpression(Constants.UserFileNamePatternRegExp)]
         public string FullPath
         {
             get; set;
diff --git a/src/Yavsc/Controllers/Communicating/CircleController.cs b/src/Yavsc/Controllers/Communicating/CircleController.cs
index 840b2b69..000077ff 100644
--- a/src/Yavsc/Controllers/Communicating/CircleController.cs
+++ b/src/Yavsc/Controllers/Communicating/CircleController.cs
@@ -1,4 +1,5 @@
 
+using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Mvc;
@@ -20,7 +21,7 @@ namespace Yavsc.Controllers
         // GET: Circle
         public async Task<IActionResult> Index()
         {
-            return View(await _context.Circle.ToListAsync());
+            return View(await _context.Circle.Where(c=>c.OwnerId==User.GetUserId()).ToListAsync());
         }
 
         // GET: Circle/Details/5
@@ -36,14 +37,15 @@ namespace Yavsc.Controllers
             {
                 return HttpNotFound();
             }
-
+            var uid = User.GetUserId();
+            if (uid != circle.OwnerId) return this.HttpUnauthorized();
             return View(circle);
         }
 
         // GET: Circle/Create
         public IActionResult Create()
         {
-            return View();
+            return View(new Circle { OwnerId = User.GetUserId() } );
         }
 
         // POST: Circle/Create
@@ -51,10 +53,14 @@ namespace Yavsc.Controllers
         [ValidateAntiForgeryToken]
         public async Task<IActionResult> Create(Circle circle)
         {
+            var uid = User.GetUserId();
             if (ModelState.IsValid)
             {
+                if (uid != circle.OwnerId)
+                    return this.HttpUnauthorized();
+
                 _context.Circle.Add(circle);
-                await _context.SaveChangesAsync(User.GetUserId());
+                await _context.SaveChangesAsync(uid);
                 return RedirectToAction("Index");
             }
             return View(circle);
@@ -69,10 +75,14 @@ namespace Yavsc.Controllers
             }
 
             Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
+            
             if (circle == null)
             {
                 return HttpNotFound();
             }
+            var uid = User.GetUserId();
+            if (uid != circle.OwnerId)
+                return this.HttpUnauthorized();
             return View(circle);
         }
 
@@ -81,10 +91,13 @@ namespace Yavsc.Controllers
         [ValidateAntiForgeryToken]
         public async Task<IActionResult> Edit(Circle circle)
         {
+
             if (ModelState.IsValid)
             {
+                var uid = User.GetUserId();
+                if (uid != circle.OwnerId) return this.HttpUnauthorized();
                 _context.Update(circle);
-                await _context.SaveChangesAsync(User.GetUserId());
+                await _context.SaveChangesAsync(uid);
                 return RedirectToAction("Index");
             }
             return View(circle);
@@ -100,11 +113,13 @@ namespace Yavsc.Controllers
             }
 
             Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
-            if (circle == null)
+             if (circle == null)
             {
                 return HttpNotFound();
             }
-
+             var uid = User.GetUserId();
+             if (uid != circle.OwnerId) return this.HttpUnauthorized();
+            
             return View(circle);
         }
 
@@ -114,8 +129,10 @@ namespace Yavsc.Controllers
         public async Task<IActionResult> DeleteConfirmed(long id)
         {
             Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
+             var uid = User.GetUserId();
+             if (uid != circle.OwnerId) return this.HttpUnauthorized();
             _context.Circle.Remove(circle);
-            await _context.SaveChangesAsync(User.GetUserId());
+            await _context.SaveChangesAsync(uid);
             return RedirectToAction("Index");
         }
     }
diff --git a/src/Yavsc/Controllers/Communicating/MyFSRulesController.cs b/src/Yavsc/Controllers/Communicating/MyFSRulesController.cs
new file mode 100644
index 00000000..1d2934e8
--- /dev/null
+++ b/src/Yavsc/Controllers/Communicating/MyFSRulesController.cs
@@ -0,0 +1,121 @@
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNet.Authorization;
+using Microsoft.AspNet.Mvc;
+using Microsoft.AspNet.Mvc.Rendering;
+using Microsoft.Data.Entity;
+using Microsoft.Extensions.Logging;
+using Yavsc.Models;
+using Yavsc.Server.Models.Access;
+
+namespace Yavsc.Controllers
+{
+    [Authorize()]
+    public class MyFSRulesController : Controller
+    {
+        private ApplicationDbContext _context;
+        private ILogger _logger;
+
+        public MyFSRulesController(ApplicationDbContext context,
+         ILoggerFactory loggerFactory)
+        {
+            _context = context;    
+            _logger = loggerFactory.CreateLogger<MyFSRulesController>();
+        }
+
+        // GET: MyFSRules
+        public async Task<IActionResult> Index()
+        {
+            var applicationDbContext = _context.CircleAuthorizationToFile.Include(c => c.Circle)
+            .Where (m=>m.Circle.OwnerId == User.GetUserId());
+            return View(await applicationDbContext.ToListAsync());
+        }
+
+        // GET: MyFSRules/Details/5
+        public async Task<IActionResult> Details(long circleId, string fullPath)
+        {
+
+            var uid = User.GetUserId();
+            _logger.LogInformation($"Searching fsa for {uid} :\n {circleId}/{fullPath}");
+            CircleAuthorizationToFile circleAuthorizationToFile =
+             await _context.CircleAuthorizationToFile
+             .Include(m=>m.Circle)
+             .SingleOrDefaultAsync(m => ((m.CircleId == circleId) && (m.FullPath == fullPath) && 
+              (m.Circle.OwnerId == uid)));
+            if (circleAuthorizationToFile == null)
+            {
+                return HttpNotFound();
+            }
+
+            return View(circleAuthorizationToFile);
+        }
+
+        // GET: MyFSRules/Create
+        public IActionResult Create()
+        {
+            var uid = User.GetUserId();
+            var userCircles = _context.Circle.Where(c=>c.OwnerId == uid);
+            ViewBag.CircleId = new SelectList(userCircles, "Id", "Name");
+            var uccount = userCircles.Count();
+            _logger.LogInformation($"User circle count : {uccount}");
+            return View();
+        }
+
+        // POST: MyFSRules/Create
+        [HttpPost]
+        [ValidateAntiForgeryToken]
+        public async Task<IActionResult> Create(CircleAuthorizationToFile circleAuthorizationToFile)
+        {
+            var uid = User.GetUserId();
+            if (ModelState.IsValid)
+            {
+                //  refuse to allow files to other circle than user's ones.
+                var circle = await _context.Circle.SingleOrDefaultAsync(c=>c.Id==circleAuthorizationToFile.CircleId);
+                if (circle.OwnerId != uid) return this.HttpUnauthorized();
+                _context.CircleAuthorizationToFile.Add(circleAuthorizationToFile);
+                await _context.SaveChangesAsync();
+                return RedirectToAction("Index");
+            }
+            var userCircles = _context.Circle.Where(c=>c.OwnerId == uid);
+            ViewBag.CircleId = new SelectList(userCircles, "Id", "Name");
+            return View(circleAuthorizationToFile);
+        }
+
+        // GET: MyFSRules/Delete/5
+        [ActionName("Delete")]
+        public async Task<IActionResult> Delete(long circleId, string fullPath)
+        {
+            var uid = User.GetUserId();
+            CircleAuthorizationToFile circleAuthorizationToFile = 
+            await _context.CircleAuthorizationToFile
+            .Include(a=>a.Circle).SingleOrDefaultAsync(m => m.CircleId == circleId && m.FullPath == fullPath);
+            if (circleAuthorizationToFile == null)
+            {
+                return HttpNotFound();
+            }
+            if (circleAuthorizationToFile.Circle.OwnerId != uid) return HttpUnauthorized();
+            return View(circleAuthorizationToFile);
+        }
+
+        // POST: MyFSRules/Delete/5
+        [HttpPost, ActionName("Delete")]
+        [ValidateAntiForgeryToken]
+        public async Task<IActionResult> DeleteConfirmed(long circleId, string fullPath)
+        {
+            var uid = User.GetUserId();
+            CircleAuthorizationToFile circleAuthorizationToFile = 
+            await _context.CircleAuthorizationToFile
+            .Include(a=> a.Circle)
+            .SingleOrDefaultAsync(m => m.CircleId == circleId && m.FullPath == fullPath);
+            if (circleAuthorizationToFile == null)
+            {
+                return HttpNotFound();
+            }
+            if (circleAuthorizationToFile.Circle.OwnerId != uid) return HttpUnauthorized();
+            _context.CircleAuthorizationToFile.Remove(circleAuthorizationToFile);
+            await _context.SaveChangesAsync();
+            return RedirectToAction("Index");
+        }
+    }
+}
diff --git a/src/Yavsc/Views/Circle/Create.cshtml b/src/Yavsc/Views/Circle/Create.cshtml
index 204b1c92..85d6beb1 100644
--- a/src/Yavsc/Views/Circle/Create.cshtml
+++ b/src/Yavsc/Views/Circle/Create.cshtml
@@ -11,6 +11,8 @@
         <h4>Circle</h4>
         <hr />
         <div asp-validation-summary="ValidationSummary.ModelOnly" class="text-danger"></div>
+                <span asp-validation-for="OwnerId" class="text-danger" ></span>
+                <input asp-for="OwnerId" type="hidden" />
         <div class="form-group">
             <label asp-for="Name" class="col-md-2 control-label"></label>
             <div class="col-md-10">
@@ -18,13 +20,6 @@
                 <span asp-validation-for="Name" class="text-danger" ></span>
             </div>
         </div>
-        <div class="form-group">
-            <label asp-for="OwnerId" class="col-md-2 control-label"></label>
-            <div class="col-md-10">
-                <input asp-for="OwnerId" class="form-control" />
-                <span asp-validation-for="OwnerId" class="text-danger" ></span>
-            </div>
-        </div>
         <div class="form-group">
             <div class="col-md-offset-2 col-md-10">
                 <input type="submit" value="Create" class="btn btn-default" />
diff --git a/src/Yavsc/Views/Circle/Index.cshtml b/src/Yavsc/Views/Circle/Index.cshtml
index ed204235..c43b4e77 100644
--- a/src/Yavsc/Views/Circle/Index.cshtml
+++ b/src/Yavsc/Views/Circle/Index.cshtml
@@ -14,9 +14,6 @@
         <th>
             @Html.DisplayNameFor(model => model.Name)
         </th>
-        <th>
-            @Html.DisplayNameFor(model => model.OwnerId)
-        </th>
         <th></th>
     </tr>
     
@@ -25,9 +22,6 @@
         <td>
             @Html.DisplayFor(modelItem => item.Name)
         </td>
-        <td>
-            @Html.DisplayFor(modelItem => item.OwnerId)
-        </td>
         <td>
             <a asp-action="Edit" asp-route-id="@item.Id">Edit</a> |
             <a asp-action="Details" asp-route-id="@item.Id">Details</a> |
diff --git a/src/Yavsc/Views/MyFSRules/Create.cshtml b/src/Yavsc/Views/MyFSRules/Create.cshtml
new file mode 100644
index 00000000..56f3ec11
--- /dev/null
+++ b/src/Yavsc/Views/MyFSRules/Create.cshtml
@@ -0,0 +1,43 @@
+@model Yavsc.Server.Models.Access.CircleAuthorizationToFile
+
+@{
+    ViewData["Title"] = "Create";
+}
+
+<h2>Create</h2>
+
+<form asp-action="Create">
+    <div class="form-horizontal">
+        <h4>CircleAuthorizationToFile</h4>
+        <hr />
+        <div asp-validation-summary="ValidationSummary.ModelOnly" class="text-danger"></div>
+        <div class="form-group">
+            <label asp-for="FullPath" class="col-md-2 control-label"></label>
+            <div class="col-md-10">
+                <input asp-for="FullPath" class="form-control" />
+                <span asp-validation-for="FullPath" class="text-danger"  ></span>
+            </div>
+        </div>
+
+        <div class="form-group">
+            <label asp-for="CircleId" class="col-md-2 control-label"></label>
+            <div class="col-md-10">
+                <select asp-for="CircleId" 
+                class="form-control" asp-items="@ViewBag.CircleId" >
+                    </select>
+                <span asp-validation-for="CircleId" class="text-danger"  ></span>
+            </div>
+        </div>
+
+        <div class="form-group">
+            <div class="col-md-offset-2 col-md-10">
+                <input type="submit" value="Create" class="btn btn-default" />
+            </div>
+        </div>
+    </div>
+</form>
+
+<div>
+    <a asp-action="Index">Back to List</a>
+</div>
+
diff --git a/src/Yavsc/Views/MyFSRules/Delete.cshtml b/src/Yavsc/Views/MyFSRules/Delete.cshtml
new file mode 100644
index 00000000..b46c1a87
--- /dev/null
+++ b/src/Yavsc/Views/MyFSRules/Delete.cshtml
@@ -0,0 +1,30 @@
+@model Yavsc.Server.Models.Access.CircleAuthorizationToFile
+
+@{
+    ViewData["Title"] = "Delete";
+}
+
+<h2>Delete</h2>
+
+<h3>Are you sure you want to delete this?</h3>
+<div>
+    <h4>CircleAuthorizationToFile</h4>
+    <hr />
+    <dl class="dl-horizontal">
+    </dl>
+    
+    <form asp-action="Delete">
+        <div class="form-actions no-color">
+            <dl class="dl-horizontal">
+                <dt><label >@SR["Circle"]</label></dt>
+                <dd>@Model.Circle.Name</dd>
+                <dt><label asp-for="FullPath" ></label></dt>
+                <dd>@Model.FullPath</dd>
+            </dl>
+            <input type="hidden" asp-for="FullPath" />
+            <input type="hidden" asp-for="CircleId" />
+            <input type="submit" value="Delete" class="btn btn-default" /> |
+            <a asp-action="Index">Back to List</a>
+        </div>
+    </form>
+</div>
diff --git a/src/Yavsc/Views/MyFSRules/Details.cshtml b/src/Yavsc/Views/MyFSRules/Details.cshtml
new file mode 100644
index 00000000..12f90e5f
--- /dev/null
+++ b/src/Yavsc/Views/MyFSRules/Details.cshtml
@@ -0,0 +1,24 @@
+@model Yavsc.Server.Models.Access.CircleAuthorizationToFile
+
+@{
+    ViewData["Title"] = "Details";
+}
+
+<h2>@SR["Details"]</h2>
+
+<div>
+    <h4>@SR["CircleAuthorizationToFile"]</h4>
+    <hr />
+
+            <dl class="dl-horizontal">
+                <dt><label >@SR["Circle"]</label></dt>
+                <dd>@Model.Circle.Name</dd>
+                <dt><label asp-for="FullPath" ></label></dt>
+                <dd>@Model.FullPath</dd>
+            </dl>
+    </dl>
+</div>
+<p>
+    @Html.ActionLink("Edit", "Edit",  new { circleId=Model.CircleId, fullPath=Model.FullPath }) |
+    <a asp-action="Index">@SR["Back to List"]</a>
+</p>
diff --git a/src/Yavsc/Views/MyFSRules/Edit.cshtml b/src/Yavsc/Views/MyFSRules/Edit.cshtml
new file mode 100644
index 00000000..bb87924d
--- /dev/null
+++ b/src/Yavsc/Views/MyFSRules/Edit.cshtml
@@ -0,0 +1,44 @@
+@model Yavsc.Server.Models.Access.CircleAuthorizationToFile
+
+@{
+    ViewData["Title"] = "Edit";
+}
+
+<h2>Edit</h2>
+
+<form asp-action="Edit">
+    <div class="form-horizontal">
+        <h4>@SR["Autorisation au fichier"]</h4>
+        <hr />
+        <div asp-validation-summary="ValidationSummary.ModelOnly" class="text-danger"></div>
+        <input type="hidden" asp-for="FullPath" />
+        <input type="hidden" name="oldcid" value="@Model.CircleId" />
+        <div class="form-group">
+            <label asp-for="FullPath" class="col-md-2 control-label"></label>
+            <div class="col-md-10">
+                @Html.DisplayFor(m=>m.FullPath)
+                <span asp-validation-for="FullPath" class="text-danger" ></span>
+            </div>
+        </div>
+
+        <div class="form-group">
+            <label asp-for="CircleId" class="col-md-2 control-label"></label>
+            <div class="col-md-10">
+                <select asp-for="CircleId" 
+                class="form-control" asp-items="@ViewBag.CircleId" >
+                    </select>
+                <span asp-validation-for="CircleId" class="text-danger"  ></span>
+            </div>
+        </div>
+        <div class="form-group">
+            <div class="col-md-offset-2 col-md-10">
+                <input type="submit" value="Save" class="btn btn-default" />
+            </div>
+        </div>
+    </div>
+</form>
+
+<div>
+    <a asp-action="Index">Back to List</a>
+</div>
+
diff --git a/src/Yavsc/Views/MyFSRules/Index.cshtml b/src/Yavsc/Views/MyFSRules/Index.cshtml
new file mode 100644
index 00000000..8340d2b4
--- /dev/null
+++ b/src/Yavsc/Views/MyFSRules/Index.cshtml
@@ -0,0 +1,29 @@
+@model IEnumerable<Yavsc.Server.Models.Access.CircleAuthorizationToFile>
+
+@{
+    ViewData["Title"] = "Index";
+}
+
+<h2>Index</h2>
+
+<p>
+    <a asp-action="Create">Create New</a>
+</p>
+<table class="table">
+    <tr>
+        <th>@SR["Circle"]</th>
+        <th>@SR["Path"]</th>
+        <th></th>
+    </tr>
+    
+@foreach (var item in Model) {
+    <tr>
+    <td>@item.Circle.Name</td>
+    <td>@item.FullPath</td>
+        <td>
+            @Html.ActionLink("Details", "Details", new { circleId=item.CircleId, fullPath=item.FullPath }) |
+            @Html.ActionLink("Delete", "Delete",  new { circleId=item.CircleId, fullPath=item.FullPath })
+        </td>
+    </tr>
+}
+</table>