IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Files: fixed security check

Browse Source
This commit is contained in:
Maksim Chegulov 2023-01-19 14:58:14 +03:00
parent 3f97d3a470
commit 6e6ae80fda
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
products/ASC.Files/Core/Core/FileStorageService.cs
View File

@ -1207,7 +1207,7 @@ public class FileStorageService<T> //: IFileStorageService
var fileDao = GetFileDao();
var file = await fileDao.GetFileAsync(fileId, version);
ErrorIf(file == null, FilesCommonResource.ErrorMassage_FileNotFound);
ErrorIf(!await _fileSecurity.CanEditAsync(file) || _userManager.IsUser(_authContext.CurrentAccount.ID), FilesCommonResource.ErrorMassage_SecurityException_EditFile);
ErrorIf(!await _fileSecurity.CanEditHistoryAsync(file) || _userManager.IsUser(_authContext.CurrentAccount.ID), FilesCommonResource.ErrorMassage_SecurityException_EditFile);
ErrorIf(await _entryManager.FileLockedForMeAsync(file.Id), FilesCommonResource.ErrorMassage_LockedFile);
ErrorIf(file.RootFolderType == FolderType.TRASH, FilesCommonResource.ErrorMassage_ViewTrashItem);

4
products/ASC.Files/Core/Utils/EntryManager.cs
View File

@ -1568,7 +1568,7 @@ public class EntryManager
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
}
if (checkRight && !editLink && (!await _fileSecurity.CanEditAsync(fromFile) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
if (checkRight && !editLink && (!await _fileSecurity.CanEditHistoryAsync(fromFile) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
{
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
}
@ -1691,7 +1691,7 @@ public class EntryManager
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
}
if (checkRight && (!await _fileSecurity.CanEditAsync(fileVersion) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
if (checkRight && (!await _fileSecurity.CanEditHistoryAsync(fileVersion) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
{
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
}