Files: added permission check for link generation
This commit is contained in:
parent
1f65ea35a7
commit
2b8b7c9898
@ -167,10 +167,12 @@ public abstract class VirtualRoomsController<T> : ApiControllerBase
|
||||
}
|
||||
|
||||
[HttpGet("rooms/{id}/links")]
|
||||
public object GetInvitationLink(T id, InviteLinkDto inDto)
|
||||
public async Task<object> GetInvitationLinkAsync(T id, InviteLinkDto inDto)
|
||||
{
|
||||
ErrorIfNotDocSpace();
|
||||
|
||||
await ErrorIfNotEditable(id);
|
||||
|
||||
return _roomLinksService.GenerateLink(id, (int)inDto.Access, EmployeeType.User, _authContext.CurrentAccount.ID);
|
||||
}
|
||||
|
||||
@ -179,12 +181,7 @@ public abstract class VirtualRoomsController<T> : ApiControllerBase
|
||||
{
|
||||
ErrorIfNotDocSpace();
|
||||
|
||||
var room = await _fileStorageService.GetFolderAsync(id);
|
||||
|
||||
if (!await _fileSecurity.CanEditRoomAsync(room))
|
||||
{
|
||||
throw new InvalidOperationException("You don't have the rights to invite users to the room");
|
||||
}
|
||||
await ErrorIfNotEditable(id);
|
||||
|
||||
var results = new List<InviteResultDto>();
|
||||
|
||||
@ -300,6 +297,16 @@ public abstract class VirtualRoomsController<T> : ApiControllerBase
|
||||
|
||||
return await _securityControllerHelper.SetFolderSecurityInfoAsync(id, new[] { share }, false, null, true);
|
||||
}
|
||||
|
||||
private async Task ErrorIfNotEditable(T id)
|
||||
{
|
||||
var room = await _fileStorageService.GetFolderAsync(id);
|
||||
|
||||
if (!await _fileSecurity.CanEditRoomAsync(room))
|
||||
{
|
||||
throw new InvalidOperationException("You don't have the rights to invite users to the room");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public class VirtualRoomsCommonController : ApiControllerBase
|
||||
|
Loading…
Reference in New Issue
Block a user