Files: fixed security check
This commit is contained in:
parent
3f97d3a470
commit
6e6ae80fda
@ -1207,7 +1207,7 @@ public class FileStorageService<T> //: IFileStorageService
|
|||||||
var fileDao = GetFileDao();
|
var fileDao = GetFileDao();
|
||||||
var file = await fileDao.GetFileAsync(fileId, version);
|
var file = await fileDao.GetFileAsync(fileId, version);
|
||||||
ErrorIf(file == null, FilesCommonResource.ErrorMassage_FileNotFound);
|
ErrorIf(file == null, FilesCommonResource.ErrorMassage_FileNotFound);
|
||||||
ErrorIf(!await _fileSecurity.CanEditAsync(file) || _userManager.IsUser(_authContext.CurrentAccount.ID), FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
ErrorIf(!await _fileSecurity.CanEditHistoryAsync(file) || _userManager.IsUser(_authContext.CurrentAccount.ID), FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
||||||
ErrorIf(await _entryManager.FileLockedForMeAsync(file.Id), FilesCommonResource.ErrorMassage_LockedFile);
|
ErrorIf(await _entryManager.FileLockedForMeAsync(file.Id), FilesCommonResource.ErrorMassage_LockedFile);
|
||||||
ErrorIf(file.RootFolderType == FolderType.TRASH, FilesCommonResource.ErrorMassage_ViewTrashItem);
|
ErrorIf(file.RootFolderType == FolderType.TRASH, FilesCommonResource.ErrorMassage_ViewTrashItem);
|
||||||
|
|
||||||
|
@ -1568,7 +1568,7 @@ public class EntryManager
|
|||||||
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
|
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (checkRight && !editLink && (!await _fileSecurity.CanEditAsync(fromFile) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
|
if (checkRight && !editLink && (!await _fileSecurity.CanEditHistoryAsync(fromFile) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
|
||||||
{
|
{
|
||||||
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
||||||
}
|
}
|
||||||
@ -1691,7 +1691,7 @@ public class EntryManager
|
|||||||
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
|
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (checkRight && (!await _fileSecurity.CanEditAsync(fileVersion) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
|
if (checkRight && (!await _fileSecurity.CanEditHistoryAsync(fileVersion) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
|
||||||
{
|
{
|
||||||
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user