Prevent creating draft projects with taken ID (#1597)

* Prevent creating draft projects with a taken ID, because it's impossible to approve them.

* Fix generate-gql-schema

* Display project status instead of create form if already approved.

Author: myieye

backend/LexBoxApi/GraphQL/LexQueries.cs

@@ -120,6 +120,27 @@ public async Task<IQueryable<Project>> ProjectById(LexBoxDbContext context, IPer
         return context.Projects.AsNoTracking().Where(p => p.Id == projectId);
     }
 
+    public record ProjectStatus(Guid Id, bool Exists, bool Deleted, string? AccessibleCode);
+
+    [GraphQLName("projectStatus")]
+    public async Task<ProjectStatus> GetProjectStatus(LexBoxDbContext context, IPermissionService permissionService, LoggedInContext loggedInContext, Guid projectId)
+    {
+        var project = await context.Projects.Include(p => p.Users)
+            .AsNoTracking().IgnoreQueryFilters()
+            .SingleOrDefaultAsync(p => p.Id == projectId);
+
+        if (project is null) return new ProjectStatus(projectId, false, false, null);
+        if (project.DeletedDate != null) return new ProjectStatus(projectId, true, true, null);
+
+        // explicitly check the project users in the DB, because if this endpoint returns stale results, it will result in confusion
+        var hasPermission = project.Users.Any(u => u.UserId == loggedInContext.User.Id)
+            || await permissionService.CanViewProject(projectId);
+
+        if (!hasPermission) return new ProjectStatus(projectId, true, false, null);
+
+        return new ProjectStatus(projectId, true, false, project.Code);
+    }
+
     [UseProjection]
     public async Task<Project?> ProjectByCode(
         LexBoxDbContext dbContext,

backend/LexBoxApi/Services/DevGqlSchemaWriterService.cs

@@ -32,6 +32,7 @@ public static async Task GenerateGqlSchema(string[] args)
             .AddScoped<LexBoxDbContext>()
             .AddScoped<IPermissionService, PermissionService>()
             .AddScoped<ProjectService>()
+            .AddScoped<FwHeadlessClient>()
             .AddScoped<UserService>()
             .AddScoped<LexAuthService>()
             .AddLexGraphQL(builder.Environment, true);

backend/LexBoxApi/Services/ProjectService.cs

@@ -106,6 +106,12 @@ public async Task UpdateFLExModelVersion(Guid projectId)
 
     public async Task<Guid> CreateDraftProject(CreateProjectInput input)
     {
+        var existingProject = await dbContext.Projects.FindAsync(input.Id);
+        if (existingProject is not null)
+        {
+            throw new InvalidOperationException($"Project was already approved ({input.Id}: {existingProject.Code})");
+        }
+
         // No need for a transaction if we're just saving a single item
         var projectId = input.Id ?? Guid.NewGuid();
         dbContext.DraftProjects.Add(

frontend/schema.graphql

@@ -435,6 +435,13 @@ type ProjectMembersMustBeVerifiedForRole implements Error {
   message: String!
 }
 
+type ProjectStatus {
+  id: UUID!
+  exists: Boolean!
+  deleted: Boolean!
+  accessibleCode: String
+}
+
 type ProjectUsers {
   userId: UUID!
   user: User!
@@ -459,6 +466,7 @@ type Query {
   projectsByLangCodeAndOrg(input: ProjectsByLangCodeAndOrgInput! orderBy: [ProjectSortInput!] @cost(weight: "10")): [Project!]! @cost(weight: "10")
   projectsInMyOrg(input: ProjectsInMyOrgInput! where: ProjectFilterInput @cost(weight: "10") orderBy: [ProjectSortInput!] @cost(weight: "10")): [Project!]! @cost(weight: "10")
   projectById(projectId: UUID!): Project @cost(weight: "10")
+  projectStatus(projectId: UUID!): ProjectStatus! @cost(weight: "10")
   projectByCode(code: String!): Project @cost(weight: "10")
   orgs(where: OrganizationFilterInput @cost(weight: "10") orderBy: [OrganizationSortInput!] @cost(weight: "10")): [Organization!]! @cost(weight: "10")
   myOrgs(where: OrganizationFilterInput @cost(weight: "10") orderBy: [OrganizationSortInput!] @cost(weight: "10")): [Organization!]! @cost(weight: "10")

frontend/src/lib/i18n/locales/en.json

@@ -207,6 +207,9 @@ Lexbox is free and [open source](https://github.com/sillsdev/languageforge-lexbo
       "language_code_invalid": "Language code can only include lowercase a-z, digits and '-', and cannot start with '-'",
       "name": "Name",
       "name_description": "E.g. the name of the language you're working on",
+      "already_approved": "This project request was already approved.",
+      "already_approved_deleted": "The created project was deleted.",
+      "go_to_project": "Go to project",
       "maybe_related": "Possibly related projects:",
       "maybe_related_description": "Perhaps you want to join one of these instead?",
       "ask_to_join": "Ask to join",

frontend/src/routes/(authenticated)/project/create/+page.svelte

@@ -26,6 +26,7 @@
   $: user = data.user;
   let requestingUser : typeof data.requestingUser;
   $: myOrgs = data.myOrgs ?? [];
+  $: projectStatus = data.projectStatus;
 
   const { notifySuccess, notifyWarning } = useNotifications();
 
@@ -197,6 +198,19 @@
 </script>
 
 <TitlePage title={$t('project.create.title')}>
+{#if projectStatus?.exists}
+  <div class="text-center">
+    <div>
+      <p>{$t('project.create.already_approved')}</p>
+      {#if projectStatus.deleted}
+        <p>{$t('project.create.already_approved_deleted')}</p>
+      {/if}
+    </div>
+    {#if projectStatus.accessibleCode}
+      <a class="btn btn-primary mt-4" href={projectUrl({ code: projectStatus.accessibleCode })}>{$t('project.create.go_to_project')}</a>
+    {/if}
+  </div>
+{:else}
   <Form {enhance}>
     <Input
       label={$t('project.create.name')}
@@ -344,4 +358,5 @@
       </SubmitButton>
     {/if}
   </Form>
+{/if}
 </TitlePage>

frontend/src/routes/(authenticated)/project/create/+page.ts

@@ -1,4 +1,4 @@
-import type {$OpResult, AskToJoinProjectMutation, CreateProjectInput, CreateProjectMutation, ProjectsByLangCodeAndOrgQuery, ProjectsByNameAndOrgQuery} from '$lib/gql/types';
+import type {$OpResult, AskToJoinProjectMutation, CreateProjectInput, CreateProjectMutation, LoadRequestingUserQuery, ProjectStatus, ProjectsByLangCodeAndOrgQuery, ProjectsByNameAndOrgQuery} from '$lib/gql/types';
 import {getClient, graphql} from '$lib/gql';
 
 import type {PageLoadEvent} from './$types';
@@ -8,7 +8,7 @@ import {isGuid} from '$lib/util/guid';
 export async function load(event: PageLoadEvent) {
   const userIsAdmin = (await event.parent()).user.isAdmin;
   const requestingUserId = getSearchParam<CreateProjectInput>('projectManagerId', event.url.searchParams);
-  let requestingUser = null;
+  let requestingUser: NonNullable<NonNullable<NonNullable<LoadRequestingUserQuery>['users']>['items']>[number] | undefined;
   const client = getClient();
   if (userIsAdmin && isGuid(requestingUserId)) {
     const userResultsPromise = await client.query(graphql(`
@@ -36,7 +36,7 @@ export async function load(event: PageLoadEvent) {
     requestingUser = userResultsPromise.data?.users?.items?.[0];
   }
 
-  let orgs;
+  let orgs: undefined | { id: string, name: string }[];
   if (userIsAdmin) {
     const orgsPromise = await client.query(graphql(`
           query loadOrgs {
@@ -58,7 +58,24 @@ export async function load(event: PageLoadEvent) {
       `), {}, { fetch: event.fetch });
     orgs = myOrgsPromise.data?.myOrgs;
   }
-  return { requestingUser, myOrgs: orgs };
+
+  const projectId = getSearchParam<CreateProjectInput>('id', event.url.searchParams);
+  let projectStatus: ProjectStatus | undefined;
+  if (projectId) {
+    const projectStatusResult = await client.query(graphql(`
+        query loadProjectStatus($projectId: UUID!) {
+            projectStatus(projectId: $projectId) {
+                id
+                exists
+                deleted
+                accessibleCode
+            }
+        }
+    `), {projectId}, {fetch: event.fetch});
+    projectStatus = projectStatusResult.data?.projectStatus;
+  }
+
+  return { requestingUser, myOrgs: orgs, projectStatus };
 }
 
 export async function _createProject(input: CreateProjectInput): $OpResult<CreateProjectMutation> {