IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Files: added permission check for link generation

Browse Source
This commit is contained in:
Maksim Chegulov 2022-06-17 10:59:03 +03:00
parent 1f65ea35a7
commit 2b8b7c9898
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
products/ASC.Files/Server/Api/VirtualRoomsController.cs
View File

@ -167,10 +167,12 @@ public abstract class VirtualRoomsController<T> : ApiControllerBase
}
[HttpGet("rooms/{id}/links")]
public object GetInvitationLink(T id, InviteLinkDto inDto)
public async Task<object> GetInvitationLinkAsync(T id, InviteLinkDto inDto)
{
ErrorIfNotDocSpace();
await ErrorIfNotEditable(id);
return _roomLinksService.GenerateLink(id, (int)inDto.Access, EmployeeType.User, _authContext.CurrentAccount.ID);
}
@ -179,12 +181,7 @@ public abstract class VirtualRoomsController<T> : ApiControllerBase
{
ErrorIfNotDocSpace();
var room = await _fileStorageService.GetFolderAsync(id);
if (!await _fileSecurity.CanEditRoomAsync(room))
{
throw new InvalidOperationException("You don't have the rights to invite users to the room");
}
await ErrorIfNotEditable(id);
var results = new List<InviteResultDto>();
@ -300,6 +297,16 @@ public abstract class VirtualRoomsController<T> : ApiControllerBase
return await _securityControllerHelper.SetFolderSecurityInfoAsync(id, new[] { share }, false, null, true);
}
private async Task ErrorIfNotEditable(T id)
{
var room = await _fileStorageService.GetFolderAsync(id);
if (!await _fileSecurity.CanEditRoomAsync(room))
{
throw new InvalidOperationException("You don't have the rights to invite users to the room");
}
}
}
public class VirtualRoomsCommonController : ApiControllerBase