Allow admins (site or org) to download projects by code (#1829)

* Backend now knows if user can download any project

Site admins and org admins can download arbitrary projects without
needing to be a member (projects owned by their org, or any project at
all in the case of site admins), so let's return a boolean flag for the
frontend to enable UI for that. The UI will still need to handle "Hey,
you're not actually authorized to download that project" because it will
be used by org admins, not only by site admins who have all access.

* Catch case where lexbox project not yet CRDT

Instead of downloading a CRDT project with no commits, which leads to
errors in FW Lite when it can't find a default writing system, we'll
check first whether the Lexbox project is a CRDT project, and refuse to
download it if it isn't. Currently this just displays an error
notification, but soon we'll display this in the dialog box instead.

* Much improved download-by-code dialog

Errors now show in dialog, dialog doesn't close until download
completed, dialog doesn't close if any errors.

* Also display error if user may not download project

Can happen if an org admin tries to download a project from another org

* Fix lint error

---------

Co-authored-by: Kevin Hahn <[email protected]>

Author: rmunn

backend/FwLite/FwLiteShared/Projects/CombinedProjectsService.cs

@@ -1,3 +1,4 @@
+using System.Text.Json.Serialization;
 using FwLiteShared.Auth;
 using FwLiteShared.Sync;
 using LcmCrdt;
@@ -9,6 +10,16 @@
 
 namespace FwLiteShared.Projects;
 
+[JsonConverter(typeof(JsonStringEnumConverter))]
+public enum DownloadProjectByCodeResult
+{
+    Success,
+    Forbidden,
+    NotCrdtProject,
+    ProjectNotFound,
+    ProjectAlreadyDownloaded,
+}
+
 public record ProjectModel(
     string Name,
     string Code,
@@ -28,7 +39,7 @@ public record ProjectModel(
         };
 }
 
-public record ServerProjects(LexboxServer Server, ProjectModel[] Projects);
+public record ServerProjects(LexboxServer Server, ProjectModel[] Projects, bool CanDownloadByCode);
 public class CombinedProjectsService(LexboxProjectService lexboxProjectService,
     CrdtProjectsService crdtProjectsService,
     IEnumerable<IProjectProvider> projectProviders,
@@ -44,21 +55,20 @@ public async Task<ServerProjects[]> RemoteProjects()
         ServerProjects[] serverProjects = new ServerProjects[lexboxServers.Length];
         for (var i = 0; i < lexboxServers.Length; i++)
         {
-            var server = lexboxServers[i];
-            var projectModels = await ServerProjects(server);
-            serverProjects[i] = new ServerProjects(server, projectModels);
+            serverProjects[i] = await ServerProjects(lexboxServers[i]);
         }
 
         return serverProjects;
     }
 
-    private async Task<ProjectModel[]> ServerProjects(LexboxServer server, bool forceRefresh = false)
+    private async Task<ServerProjects> ServerProjects(LexboxServer server, bool forceRefresh = false)
     {
         if (forceRefresh)
             lexboxProjectService.InvalidateProjectsCache(server);
         var lexboxProjects = await lexboxProjectService.GetLexboxProjects(server);
-        await UpdateProjectServerInfo(lexboxProjects, await lexboxProjectService.GetLexboxUser(server));
-        var projectModels = lexboxProjects.Select(p => new ProjectModel(
+        var user = await lexboxProjectService.GetLexboxUser(server);
+        await UpdateProjectServerInfo(lexboxProjects.Projects, user);
+        var projectModels = lexboxProjects.Projects.Select(p => new ProjectModel(
                 p.Name,
                 p.Code,
                 Crdt: p.IsCrdtProject,
@@ -68,7 +78,7 @@ private async Task<ProjectModel[]> ServerProjects(LexboxServer server, bool forc
                 server,
                 p.Id))
             .ToArray();
-        return projectModels;
+        return new(server, projectModels, lexboxProjects.CanDownloadByCode);
     }
 
     private async Task UpdateProjectServerInfo(FieldWorksLiteProject[] lexboxProjects, LexboxUser? lexboxUser)
@@ -83,10 +93,10 @@ private async Task UpdateProjectServerInfo(FieldWorksLiteProject[] lexboxProject
 
 
     [JSInvokable]
-    public async Task<ProjectModel[]> ServerProjects(string serverId, bool forceRefresh)
+    public async Task<ServerProjects?> ServerProjects(string serverId, bool forceRefresh)
     {
         var server = lexboxProjectService.Servers().FirstOrDefault(s => s.Id == serverId);
-        if (server is null) return [];
+        if (server is null) return null;
         return await ServerProjects(server, forceRefresh);
     }
 
@@ -143,12 +153,36 @@ private ProjectRole FromRole(UserProjectRole role) =>
             _ => ProjectRole.Unknown
         };
 
-    public async Task DownloadProject(string code, LexboxServer server)
+    [JSInvokable]
+    public async Task<DownloadProjectByCodeResult> DownloadProjectByCode(string code, LexboxServer server, UserProjectRole? userRole = null)
     {
         var serverProjects = await ServerProjects(server, false);
-        var project = serverProjects.FirstOrDefault(p => p.Code == code)
-            ?? throw new InvalidOperationException($"Project {code} not found on server {server.Authority}");
+        var project = serverProjects.Projects.FirstOrDefault(p => p.Code == code);
+        if (project is null)
+        {
+            if (serverProjects.CanDownloadByCode)
+            {
+                var (status, projectId) = await lexboxProjectService.GetLexboxProjectId(server, code);
+                if (status != DownloadProjectByCodeResult.Success) return status;
+                if (crdtProjectsService.ProjectExists(code)) return DownloadProjectByCodeResult.ProjectAlreadyDownloaded;
+                var role = userRole.HasValue ? FromRole(userRole.Value) : ProjectRole.Editor;
+                project = new ProjectModel(
+                    Name: code,
+                    Code: code,
+                    Crdt: true,
+                    Fwdata: false,
+                    Lexbox: true,
+                    Role: role,
+                    Server: server,
+                    Id: projectId
+                );
+                await DownloadProject(project);
+                return DownloadProjectByCodeResult.Success;
+            }
+            return DownloadProjectByCodeResult.ProjectNotFound;
+        }
         await DownloadProject(project);
+        return DownloadProjectByCodeResult.Success;
     }
 
     [JSInvokable]

backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs

@@ -64,24 +64,24 @@ public LexboxServer[] Servers()
         return Servers().FirstOrDefault(s => s.Id == projectData.ServerId);
     }
 
-    public async Task<FieldWorksLiteProject[]> GetLexboxProjects(LexboxServer server)
+    public async Task<ListProjectsResult> GetLexboxProjects(LexboxServer server)
     {
         return await cache.GetOrCreateAsync(CacheKey(server),
             async entry =>
             {
                 entry.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(5);
                 var httpClient = await clientFactory.GetClient(server).CreateHttpClient();
-                if (httpClient is null) return [];
+                if (httpClient is null) return new([], false);
                 try
                 {
-                    return await httpClient.GetFromJsonAsync<FieldWorksLiteProject[]>("api/crdt/listProjects") ?? [];
+                    return await httpClient.GetFromJsonAsync<ListProjectsResult>("api/crdt/listProjectsV2") ?? new([], false);
                 }
                 catch (Exception e)
                 {
                     logger.LogError(e, "Error getting lexbox projects");
-                    return [];
+                    return new([], false);
                 }
-            }) ?? [];
+            }) ?? new([], false);
     }
 
     public async Task<LexboxUser?> GetLexboxUser(LexboxServer server)
@@ -94,18 +94,32 @@ private static string CacheKey(LexboxServer server)
         return $"Projects|{server.Authority.Authority}";
     }
 
-    public async Task<Guid?> GetLexboxProjectId(LexboxServer server, string code)
+    public async Task<(DownloadProjectByCodeResult, Guid?)> GetLexboxProjectId(LexboxServer server, string code)
     {
         var httpClient = await clientFactory.GetClient(server).CreateHttpClient();
-        if (httpClient is null) return null;
+        if (httpClient is null) return (DownloadProjectByCodeResult.Forbidden, null);
         try
         {
-            return await httpClient.GetFromJsonAsync<Guid?>($"api/crdt/lookupProjectId?code={code}");
+            var result = await httpClient.GetAsync($"api/crdt/lookupProjectId?code={code}");
+            if (result.StatusCode == System.Net.HttpStatusCode.Forbidden) // 403
+            {
+                return (DownloadProjectByCodeResult.Forbidden, null);
+            }
+            if (result.StatusCode == System.Net.HttpStatusCode.NotFound) // 404
+            {
+                return (DownloadProjectByCodeResult.ProjectNotFound, null);
+            }
+            if (result.StatusCode == System.Net.HttpStatusCode.NotAcceptable) // 406
+            {
+                return (DownloadProjectByCodeResult.NotCrdtProject, null);
+            }
+            var guid = await result.Content.ReadFromJsonAsync<Guid?>();
+            return (DownloadProjectByCodeResult.Success, guid);
         }
         catch (Exception e)
         {
             logger.LogError(e, "Error getting lexbox project id");
-            return null;
+            return (DownloadProjectByCodeResult.Forbidden, null);
         }
     }
 

backend/FwLite/FwLiteShared/TypeGen/ReinforcedFwLiteTypingConfig.cs

@@ -140,6 +140,7 @@ private static void ConfigureFwLiteSharedTypes(ConfigurationBuilder builder)
         builder.ExportAsEnum<UserProjectRole>().UseString();
         builder.ExportAsEnum<ProjectRole>().UseString();
         builder.ExportAsEnum<SyncStatus>().UseString();
+        builder.ExportAsEnum<DownloadProjectByCodeResult>().UseString();
         builder.ExportAsEnum<SyncJobStatusEnum>().UseString();
         var serviceTypes = Enum.GetValues<DotnetService>()
             //lcm has it's own dedicated export, config is not a service just a object, and testing needs a custom export below

backend/FwLite/FwLiteWeb/Routes/ProjectRoutes.cs

@@ -53,12 +53,22 @@ public static IEndpointConventionBuilder MapProjectRoutes(this WebApplication ap
             async (IOptions<AuthConfig> options,
                 CombinedProjectsService combinedProjectsService,
                 string code,
-                string serverAuthority
+                string serverAuthority,
+                [FromQuery] UserProjectRole? role
             ) =>
             {
                 var server = options.Value.GetServerByAuthority(serverAuthority);
-                await combinedProjectsService.DownloadProject(code, server);
-                return TypedResults.Ok();
+                var result = await combinedProjectsService.DownloadProjectByCode(code, server, role);
+                return result switch
+                {
+                    DownloadProjectByCodeResult.Success => Results.Ok(),
+                    DownloadProjectByCodeResult.Forbidden => Results.Forbid(),
+                    DownloadProjectByCodeResult.NotCrdtProject => Results.InternalServerError("Not a CRDT project"),
+                    DownloadProjectByCodeResult.ProjectNotFound => Results.NotFound("Project not found"),
+                    DownloadProjectByCodeResult.ProjectAlreadyDownloaded => Results.NoContent(),
+                    // If we reach this point then we updated DownloadProjectByCodeResult and forgot to update this switch
+                    _ => Results.InternalServerError("DownloadProjectByCodeResult enum value not handled, please inform FW Lite devs")
+                };
             });
         return group;
     }

backend/FwLite/LcmCrdt/CrdtProject.cs

@@ -1,4 +1,5 @@
-using LcmCrdt.Project;
+using System.Text.Json.Serialization;
+using LcmCrdt.Project;
 using Microsoft.Extensions.Caching.Memory;
 
 namespace LcmCrdt;
@@ -40,6 +41,7 @@ public record ProjectData(string Name, string Code, Guid Id, string? OriginDomai
     public bool IsReadonly => Role is not UserProjectRole.Editor and not UserProjectRole.Manager;
 }
 
+[JsonConverter(typeof(JsonStringEnumConverter))]
 public enum UserProjectRole
 {
     Unknown,

backend/LexBoxApi/Controllers/CrdtController.cs

@@ -93,19 +93,43 @@ public async Task<ActionResult<FieldWorksLiteProject[]>> ListProjects()
         return myProjects;
     }
 
+    [HttpGet("listProjectsV2")]
+    // Will eventually become `listProjects`, once current clients have been updated, at which point we'll
+    // retire the V2 endpoint
+    public async Task<ActionResult<ListProjectsResult>> ListProjectsWithDownloadRights()
+    {
+        var myProjects = await projectService.UserProjects(loggedInContext.User.Id)
+            .Where(p => p.Type == ProjectType.FLEx)
+            .Select(p => new FieldWorksLiteProject(p.Id,
+                p.Code,
+                p.Name,
+                p.LastCommit != null,
+                dbContext.Set<ServerCommit>().Any(c => c.ProjectId == p.Id),
+                p.Users.Where(u => u.UserId == loggedInContext.User.Id).Select(m => m.Role).FirstOrDefault()))
+            .ToArrayAsync();
+        if (loggedInContext.User.IsOutOfSyncWithMyProjects(myProjects))
+        {
+            await lexAuthService.RefreshUser(LexAuthConstants.ProjectsClaimType);
+        }
+        return new ListProjectsResult(myProjects, loggedInContext.User.CanDownloadProjectsWithoutMembership());
+    }
+
     [HttpGet("lookupProjectId")]
     [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status403Forbidden)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
+    [ProducesResponseType(StatusCodes.Status406NotAcceptable)] // Closest HTTP code that fits the semantics for "not a CRDT project"
     [ProducesDefaultResponseType]
     public async Task<ActionResult<Guid>> GetProjectId(string code)
     {
-        await permissionService.AssertCanViewProject(code);
+        var allowed = await permissionService.CanViewProject(code);
+        if (!allowed) return Forbid();
         var projectId = await projectService.LookupProjectId(code);
-        if (projectId is null)
-        {
-            return NotFound();
-        }
-
+        if (projectId is null) return NotFound();
+        allowed = await permissionService.CanDownloadProject(projectId.Value);
+        if (!allowed) return Forbid();
+        var isCrdt = projectService.IsCrdtProject(projectId.Value);
+        if (!isCrdt) return StatusCode(StatusCodes.Status406NotAcceptable);
         return Ok(projectId.Value);
     }
 

backend/LexBoxApi/Services/ProjectService.cs

@@ -364,4 +364,9 @@ public IQueryable<Project> UserProjects(Guid userId)
     {
         return dbContext.Projects.Where(p => p.Users.Select(u => u.UserId).Contains(userId));
     }
+
+    public bool IsCrdtProject(Guid projectId)
+    {
+        return dbContext.CrdtCommits(projectId).Any();
+    }
 }

backend/LexCore/Auth/LexAuthUser.cs

@@ -315,6 +315,13 @@ public bool IsProjectMember(Guid projectId, params Span<ProjectRole> roles)
         return false;
     }
 
+    public bool CanDownloadProjectsWithoutMembership()
+    {
+        if (IsAdmin) return true;
+        if (Orgs.Any(o => o.Role == OrgRole.Admin)) return true;
+        return false;
+    }
+
     public bool HasFeature(FeatureFlag feature)
     {
         if (FeatureFlags is null) return false;

backend/LexCore/Entities/Project.cs

@@ -82,6 +82,10 @@ public record FieldWorksLiteProject(
     bool IsCrdtProject,
     [property:JsonConverter(typeof(JsonStringEnumConverter))]ProjectRole Role);
 
+public record ListProjectsResult(
+    FieldWorksLiteProject[] Projects,
+    bool CanDownloadByCode);
+
 public enum ProjectMigrationStatus
 {
     //default value

backend/LexCore/ServiceInterfaces/IPermissionService.cs

@@ -10,6 +10,7 @@ public interface IPermissionService
     ValueTask<bool> CanSyncProject(Guid projectId);
     ValueTask AssertCanSyncProject(string projectCode);
     ValueTask AssertCanSyncProject(Guid projectId);
+    ValueTask<bool> CanDownloadProject(Guid projectId);
     ValueTask AssertCanDownloadProject(Guid projectId);
     ValueTask<bool> CanViewProject(Guid projectId, LexAuthUser? overrideUser = null);
     ValueTask AssertCanViewProject(Guid projectId, LexAuthUser? overrideUser = null);