IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Files: fixed security check

Browse Source
This commit is contained in:
Maksim Chegulov 2023-01-19 14:58:14 +03:00
parent 3f97d3a470
commit 6e6ae80fda
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
products/ASC.Files/Core/Core/FileStorageService.cs
View File

@ -1207,7 +1207,7 @@ public class FileStorageService<T> //: IFileStorageService
var fileDao = GetFileDao(); var fileDao = GetFileDao();
var file = await fileDao.GetFileAsync(fileId, version); var file = await fileDao.GetFileAsync(fileId, version);
ErrorIf(file == null, FilesCommonResource.ErrorMassage_FileNotFound); ErrorIf(file == null, FilesCommonResource.ErrorMassage_FileNotFound);
ErrorIf(!await _fileSecurity.CanEditAsync(file) || _userManager.IsUser(_authContext.CurrentAccount.ID), FilesCommonResource.ErrorMassage_SecurityException_EditFile); ErrorIf(!await _fileSecurity.CanEditHistoryAsync(file) || _userManager.IsUser(_authContext.CurrentAccount.ID), FilesCommonResource.ErrorMassage_SecurityException_EditFile);
ErrorIf(await _entryManager.FileLockedForMeAsync(file.Id), FilesCommonResource.ErrorMassage_LockedFile); ErrorIf(await _entryManager.FileLockedForMeAsync(file.Id), FilesCommonResource.ErrorMassage_LockedFile);
ErrorIf(file.RootFolderType == FolderType.TRASH, FilesCommonResource.ErrorMassage_ViewTrashItem); ErrorIf(file.RootFolderType == FolderType.TRASH, FilesCommonResource.ErrorMassage_ViewTrashItem);

4
products/ASC.Files/Core/Utils/EntryManager.cs
View File

@ -1568,7 +1568,7 @@ public class EntryManager
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound); throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
} }
if (checkRight && !editLink && (!await _fileSecurity.CanEditAsync(fromFile) || _userManager.IsUser(_authContext.CurrentAccount.ID))) if (checkRight && !editLink && (!await _fileSecurity.CanEditHistoryAsync(fromFile) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
{ {
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile); throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
} }
@ -1691,7 +1691,7 @@ public class EntryManager
throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound); throw new FileNotFoundException(FilesCommonResource.ErrorMassage_FileNotFound);
} }
if (checkRight && (!await _fileSecurity.CanEditAsync(fileVersion) || _userManager.IsUser(_authContext.CurrentAccount.ID))) if (checkRight && (!await _fileSecurity.CanEditHistoryAsync(fileVersion) || _userManager.IsUser(_authContext.CurrentAccount.ID)))
{ {
throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile); throw new SecurityException(FilesCommonResource.ErrorMassage_SecurityException_EditFile);
} }