Files: fixed security check
This commit is contained in:
parent
3f97d3a470
commit
6e6ae80fda
@ -1207,7 +1207,7 @@ public class FileStorageService<T> //: IFileStorageService
|
||||
var fileDao = GetFileDao();
|
||||
var file = await fileDao.GetFileAsync(fileId, version);
|
||||
ErrorIf(file == null, FilesCommonResource.ErrorMassage_FileNotFound);
|
||||
ErrorIf(!await _fileSecurity.CanEditAsync(file) || _userManager.IsUser(_authContext.CurrentAccount.ID), FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
||||
ErrorIf(!await _fileSecurity.CanEditHistoryAsync(file) || _userManager.IsUser(_authContext.CurrentAccount.ID), FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
||||
ErrorIf(await _entryManager.FileLockedForMeAsync(file.Id), FilesCommonResource.ErrorMassage_LockedFile);
|
||||
ErrorIf(file.RootFolderType == FolderType.TRASH, FilesCommonResource.ErrorMassage_ViewTrashItem);
|
||||
|
||||
|
@ -1568,7 +1568,7 @@ public class EntryManager
|
||||
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
|
||||
}
|
||||
|
||||
if (checkRight && !editLink && (!await _fileSecurity.CanEditAsync(fromFile) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
|
||||
if (checkRight && !editLink && (!await _fileSecurity.CanEditHistoryAsync(fromFile) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
|
||||
{
|
||||
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
||||
}
|
||||
@ -1691,7 +1691,7 @@ public class EntryManager
|
||||
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
|
||||
}
|
||||
|
||||
if (checkRight && (!await _fileSecurity.CanEditAsync(fileVersion) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
|
||||
if (checkRight && (!await _fileSecurity.CanEditHistoryAsync(fileVersion) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
|
||||
{
|
||||
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user