ls1intum · krusche · Nov 13, 2024 · Nov 11, 2024 · Nov 12, 2024 · Nov 13, 2024
@@ -832,7 +832,7 @@ public List<StudentDTO> importUsers(List<StudentDTO> userDtos) {
      * @return the users participation vcs access token, or throws an exception if it does not exist
      */
     public ParticipationVCSAccessToken getParticipationVcsAccessTokenForUserAndParticipationIdOrElseThrow(User user, Long participationId) {
-        return participationVCSAccessTokenService.findByUserIdAndParticipationIdOrElseThrow(user.getId(), participationId);
+        return participationVCSAccessTokenService.findByUserAndParticipationIdOrElseThrow(user, participationId);
     }
 
     /**

@@ -233,7 +233,7 @@ public ResponseEntity<String> getVcsAccessToken(@RequestParam("participationId")
     }
 
     /**
-     * PUT account/participation-vcs-access-token : get the vcsToken for of a user for a participation
+     * PUT account/participation-vcs-access-token : add a vcsToken for of a user for a participation
      *
      * @param participationId the participation for which the access token should be fetched
      *

@@ -8,6 +8,7 @@
 import org.springframework.stereotype.Service;
 
 import de.tum.cit.aet.artemis.core.domain.User;
+import de.tum.cit.aet.artemis.core.exception.AccessForbiddenException;
 import de.tum.cit.aet.artemis.exercise.domain.participation.StudentParticipation;
 import de.tum.cit.aet.artemis.programming.domain.ParticipationVCSAccessToken;
 import de.tum.cit.aet.artemis.programming.repository.ParticipationVCSAccessTokenRepository;
@@ -46,18 +47,24 @@ public ParticipationVCSAccessToken createParticipationVCSAccessToken(User user,
     }
 
     /**
-     * Retrieves the participationVCSAccessToken for a User,Participation pair if it exists
+     * Retrieves the participationVCSAccessToken for a User,Participation pair if it exists and if the user owns the participation
      *
-     * @param userId          the user's id which is owner of the token
+     * @param user            the user which is owner of the token
      * @param participationId the participation's id which the token belongs to
      * @return an Optional participationVCSAccessToken,
      */
-    public ParticipationVCSAccessToken findByUserIdAndParticipationIdOrElseThrow(long userId, long participationId) {
-        return participationVcsAccessTokenRepository.findByUserIdAndParticipationIdOrElseThrow(userId, participationId);
+    public ParticipationVCSAccessToken findByUserAndParticipationIdOrElseThrow(User user, long participationId) {
+        var participation = programmingExerciseStudentParticipationRepository.findByIdElseThrow(participationId);
+        if (participation.isOwnedBy(user)) {
+            return participationVcsAccessTokenRepository.findByUserIdAndParticipationIdOrElseThrow(user.getId(), participationId);
+        }
+        else {
+            throw new AccessForbiddenException("Participation not owned by user");
+        }
     }
 
     /**
-     * Checks if the participationVCSAccessToken for a User,Participation pair exists, and creates a new one if not
+     * Checks if the participationVCSAccessToken for a User,Participation pair exists, and creates a new one if not; if the user owns the participation
      *
      * @param user            the user's id which is owner of the token
      * @param participationId the participation's id which the token belongs to
@@ -66,7 +73,12 @@ public ParticipationVCSAccessToken findByUserIdAndParticipationIdOrElseThrow(lon
     public ParticipationVCSAccessToken createVcsAccessTokenForUserAndParticipationIdOrElseThrow(User user, long participationId) {
         participationVcsAccessTokenRepository.findByUserIdAndParticipationIdAndThrowIfExists(user.getId(), participationId);
         var participation = programmingExerciseStudentParticipationRepository.findByIdElseThrow(participationId);
-        return createParticipationVCSAccessToken(user, participation);
+        if (participation.isOwnedBy(user)) {
+            return createParticipationVCSAccessToken(user, participation);
+        }
+        else {
+            throw new AccessForbiddenException("Participation not owned by user");
+        }
     }
 
     /**

@@ -47,6 +47,8 @@ <h1 jhiTranslate="artemisApp.repository.source"></h1>
                         [smallButtons]="false"
                         [routerLinkForRepositoryView]="'.'"
                         [repositoryUri]="repositoryUri"
+                        [participations]="[participation]"
+                        [useParticipationVcsAccessToken]="true"
                         [exercise]="exercise"
                     />
                 }

@@ -17,10 +17,10 @@
         @if (useSsh && !copyEnabled) {
             <div class="alert alert-warning" [innerHTML]="sshKeyMissingTip"></div>
         }
-        @if (useToken && !copyEnabled && tokenMissing) {
+        @if (useToken && tokenMissing) {
             <div class="alert alert-warning" [innerHTML]="tokenMissingTip"></div>
         }
-        @if (useToken && !copyEnabled && tokenExpired) {
+        @if (useToken && tokenExpired) {
             <div class="alert alert-warning" [innerHTML]="tokenExpiredTip"></div>
         }
         @if (participations && participations.length > 1) {

@@ -92,7 +92,6 @@ export class CodeButtonComponent implements OnInit, OnChanges {
         this.copyEnabled = true;
         this.useSsh = this.localStorage.retrieve('useSsh') || false;
         this.useToken = this.localStorage.retrieve('useToken') || false;
-        this.loadParticipationVcsAccessTokens();
 
         // Get ssh information from the user
         this.profileService.getProfileInfo().subscribe((profileInfo) => {
@@ -124,6 +123,7 @@ export class CodeButtonComponent implements OnInit, OnChanges {
             if (this.useToken) {
                 this.useHttpsUrlWithToken();
             }
+            this.loadParticipationVcsAccessTokens();
         });
 
         this.ideSettingsService.loadIdePreferences().then((programmingLanguageToIde) => {
@@ -159,7 +159,7 @@ export class CodeButtonComponent implements OnInit, OnChanges {
     public useHttpsUrlWithToken() {
         this.useSsh = false;
         this.useToken = true;
-        this.copyEnabled = !!(this.accessTokensEnabled && this.useToken && ((!!this.user.vcsAccessToken && !this.isTokenExpired()) || this.useParticipationVcsAccessToken));
+        this.copyEnabled = !!(this.accessTokensEnabled && ((!!this.user.vcsAccessToken && !this.isTokenExpired()) || this.useParticipationVcsAccessToken));
         this.refreshTokenState();
         this.storeToLocalStorage();
     }
@@ -233,6 +233,9 @@ export class CodeButtonComponent implements OnInit, OnChanges {
                 if (error.status == 404) {
                     this.createNewVcsAccessToken(participation);
                 }
+                if (error.status == 403) {
+                    this.useParticipationVcsAccessToken = false;
+                }
             },
         });
     }
@@ -250,7 +253,11 @@ export class CodeButtonComponent implements OnInit, OnChanges {
                     }
                 }
             },
-            error: () => {},
+            error: (error: HttpErrorResponse) => {
+                if (error.status == 403) {
+                    this.useParticipationVcsAccessToken = false;
+                }
+            },
         });
     }
 

@@ -110,7 +110,7 @@ void testFetchPush_repositoryDoesNotExist() throws IOException, GitAPIException,
     void testFetchPush_usingVcsAccessToken() {
         var programmingParticipation = localVCLocalCITestService.createParticipation(programmingExercise, student1Login);
         var student = userUtilService.getUserByLogin(student1Login);
-        var participationVcsAccessToken = localVCLocalCITestService.getParticipationVcsAccessToken(student.getId(), programmingParticipation.getId());
+        var participationVcsAccessToken = localVCLocalCITestService.getParticipationVcsAccessToken(student, programmingParticipation.getId());
         var token = participationVcsAccessToken.getVcsAccessToken();
         programmingExerciseRepository.save(programmingExercise);
 

@@ -676,13 +676,13 @@ public void verifyRepositoryFoldersExist(ProgrammingExercise programmingExercise
     /**
      * Gets the participationVcsAccessToken belonging to a user and a participation
      *
-     * @param userId                     The user's id
+     * @param user                       The user
      * @param programmingParticipationId The participation's id
      *
      * @return the participationVcsAccessToken of the user for the given participationId
      */
-    public ParticipationVCSAccessToken getParticipationVcsAccessToken(Long userId, Long programmingParticipationId) {
-        return participationVcsAccessTokenService.findByUserIdAndParticipationIdOrElseThrow(userId, programmingParticipationId);
+    public ParticipationVCSAccessToken getParticipationVcsAccessToken(User user, Long programmingParticipationId) {
+        return participationVcsAccessTokenService.findByUserAndParticipationIdOrElseThrow(user, programmingParticipationId);
     }
 
     /**
-Original file line number
+Diff line change
@@ Expand Up @@
         }
         /**
-         * PUT account/participation-vcs-access-token : get the vcsToken for of a user for a participation
+         * PUT account/participation-vcs-access-token : add a vcsToken for of a user for a participation
          *
          * @param participationId the participation for which the access token should be fetched
          *
@@ Expand Down @@