diff --git a/common/ASC.Core.Common/Core/TenantRegistrationInfo.cs b/common/ASC.Core.Common/Core/TenantRegistrationInfo.cs index fc0f7aeaeb..2257b4d4a4 100644 --- a/common/ASC.Core.Common/Core/TenantRegistrationInfo.cs +++ b/common/ASC.Core.Common/Core/TenantRegistrationInfo.cs @@ -44,6 +44,7 @@ public class TenantRegistrationInfo public bool Spam { get; set; } public bool Calls { get; set; } public string Campaign { get; set; } + public bool LimitedAccessSpace { get; set; } public TenantRegistrationInfo() { diff --git a/common/ASC.Core.Common/HostedSolution.cs b/common/ASC.Core.Common/HostedSolution.cs index 66de8d47e3..c416bdb47b 100644 --- a/common/ASC.Core.Common/HostedSolution.cs +++ b/common/ASC.Core.Common/HostedSolution.cs @@ -32,15 +32,15 @@ namespace ASC.Core; [Scope] public class HostedSolution { - internal ITenantService TenantService { get; set; } - internal IUserService UserService { get; set; } - internal IQuotaService QuotaService { get; set; } - internal ITariffService TariffService { get; set; } - internal UserFormatter UserFormatter { get; set; } - internal TenantManager ClientTenantManager { get; set; } - internal TenantUtil TenantUtil { get; set; } - internal SettingsManager SettingsManager { get; set; } - internal CoreSettings CoreSettings { get; set; } + private readonly ITenantService _tenantService; + private readonly IUserService _userService; + private readonly IQuotaService _quotaService; + private readonly ITariffService _tariffService; + private readonly UserFormatter _userFormatter; + private readonly TenantManager _clientTenantManager; + private readonly TenantUtil _tenantUtil; + private readonly SettingsManager _settingsManager; + private readonly CoreSettings _coreSettings; public HostedSolution(ITenantService tenantService, IUserService userService, @@ -52,50 +52,50 @@ public class HostedSolution SettingsManager settingsManager, CoreSettings coreSettings) { - TenantService = tenantService; - UserService = userService; - QuotaService = quotaService; - TariffService = tariffService; - UserFormatter = userFormatter; - ClientTenantManager = clientTenantManager; - TenantUtil = tenantUtil; - SettingsManager = settingsManager; - CoreSettings = coreSettings; + _tenantService = tenantService; + _userService = userService; + _quotaService = quotaService; + _tariffService = tariffService; + _userFormatter = userFormatter; + _clientTenantManager = clientTenantManager; + _tenantUtil = tenantUtil; + _settingsManager = settingsManager; + _coreSettings = coreSettings; } public async Task> GetTenantsAsync(DateTime from) { - return (await TenantService.GetTenantsAsync(from)).ToList(); + return (await _tenantService.GetTenantsAsync(from)).ToList(); } public async Task> FindTenantsAsync(string login, string passwordHash = null) { - if (!string.IsNullOrEmpty(passwordHash) && await UserService.GetUserByPasswordHashAsync(Tenant.DefaultTenant, login, passwordHash) == null) - { + if (!string.IsNullOrEmpty(passwordHash) && _userService.GetUserByPasswordHashAsync(Tenant.DefaultTenant, login, passwordHash) == null) + { throw new SecurityException("Invalid login or password."); } - return (await TenantService.GetTenantsAsync(login, passwordHash)).ToList(); + return (await _tenantService.GetTenantsAsync(login, passwordHash)).ToList(); } public async Task GetTenantAsync(string domain) { - return await TenantService.GetTenantAsync(domain); + return await _tenantService.GetTenantAsync(domain); } public async Task GetTenantAsync(int id) { - return await TenantService.GetTenantAsync(id); + return await _tenantService.GetTenantAsync(id); } public Tenant GetTenant(int id) { - return TenantService.GetTenant(id); + return _tenantService.GetTenant(id); } public async Task CheckTenantAddressAsync(string address) { - await TenantService.ValidateDomainAsync(address); + await _tenantService.ValidateDomainAsync(address); } public async Task RegisterTenantAsync(TenantRegistrationInfo registrationInfo) @@ -118,7 +118,7 @@ public class HostedSolution { throw new Exception("Account lastname can not be empty"); } - if (!UserFormatter.IsValidUserName(registrationInfo.FirstName, registrationInfo.LastName)) + if (!_userFormatter.IsValidUserName(registrationInfo.FirstName, registrationInfo.LastName)) { throw new Exception("Incorrect firstname or lastname"); } @@ -142,7 +142,7 @@ public class HostedSolution Calls = registrationInfo.Calls }; - tenant = await TenantService.SaveTenantAsync(CoreSettings, tenant); + tenant = await _tenantService.SaveTenantAsync(_coreSettings, tenant); // create user var user = new UserInfo @@ -152,33 +152,35 @@ public class HostedSolution FirstName = registrationInfo.FirstName, Email = registrationInfo.Email, MobilePhone = registrationInfo.MobilePhone, - WorkFromDate = TenantUtil.DateTimeNow(tenant.TimeZone), + WorkFromDate = _tenantUtil.DateTimeNow(tenant.TimeZone), ActivationStatus = registrationInfo.ActivationStatus }; - user = await UserService.SaveUserAsync(tenant.Id, user); - await UserService.SetUserPasswordHashAsync(tenant.Id, user.Id, registrationInfo.PasswordHash); - await UserService.SaveUserGroupRefAsync(tenant.Id, new UserGroupRef(user.Id, Constants.GroupAdmin.ID, UserGroupRefType.Contains)); + user = await _userService.SaveUserAsync(tenant.Id, user); + await _userService.SetUserPasswordHashAsync(tenant.Id, user.Id, registrationInfo.PasswordHash); + await _userService.SaveUserGroupRefAsync(tenant.Id, new UserGroupRef(user.Id, Constants.GroupAdmin.ID, UserGroupRefType.Contains)); // save tenant owner tenant.OwnerId = user.Id; - tenant = await TenantService.SaveTenantAsync(CoreSettings, tenant); + + await _settingsManager.SaveAsync(new TenantAccessSpaceSettings { LimitedAccessSpace = registrationInfo.LimitedAccessSpace }, tenant.Id); + return tenant; } public async Task SaveTenantAsync(Tenant tenant) { - return await TenantService.SaveTenantAsync(CoreSettings, tenant); + return await _tenantService.SaveTenantAsync(_coreSettings, tenant); } public async Task RemoveTenantAsync(Tenant tenant) { - await TenantService.RemoveTenantAsync(tenant.Id); + await _tenantService.RemoveTenantAsync(tenant.Id); } public async Task CreateAuthenticationCookieAsync(CookieStorage cookieStorage, int tenantId, Guid userId) { - var u = await UserService.GetUserAsync(tenantId, userId); + var u = await _userService.GetUserAsync(tenantId, userId); return await CreateAuthenticationCookieAsync(cookieStorage, tenantId, u); } @@ -190,49 +192,49 @@ public class HostedSolution return null; } - var tenantSettings = await SettingsManager.LoadAsync(tenantId, Guid.Empty); + var tenantSettings = await _settingsManager.LoadAsync(tenantId, Guid.Empty); var expires = tenantSettings.IsDefault() ? DateTime.UtcNow.AddYears(1) : DateTime.UtcNow.AddMinutes(tenantSettings.LifeTime); - var userSettings = await SettingsManager.LoadAsync(tenantId, user.Id); + var userSettings = await _settingsManager.LoadAsync(tenantId, user.Id); return cookieStorage.EncryptCookie(tenantId, user.Id, tenantSettings.Index, expires, userSettings.Index, 0); } public async Task GetTariffAsync(int tenant, bool withRequestToPaymentSystem = true) { - return await TariffService.GetTariffAsync(tenant, withRequestToPaymentSystem); + return await _tariffService.GetTariffAsync(tenant, withRequestToPaymentSystem); } public async Task GetTenantQuotaAsync(int tenant) { - return await ClientTenantManager.GetTenantQuotaAsync(tenant); + return await _clientTenantManager.GetTenantQuotaAsync(tenant); } public async Task> GetTenantQuotasAsync() { - return await ClientTenantManager.GetTenantQuotasAsync(); + return await _clientTenantManager.GetTenantQuotasAsync(); } public async Task SaveTenantQuotaAsync(TenantQuota quota) { - return await ClientTenantManager.SaveTenantQuotaAsync(quota); + return await _clientTenantManager.SaveTenantQuotaAsync(quota); } public async Task SetTariffAsync(int tenant, bool paid) { - var quota = (await QuotaService.GetTenantQuotasAsync()).FirstOrDefault(q => paid ? q.NonProfit : q.Trial); + var quota = (await _quotaService.GetTenantQuotasAsync()).FirstOrDefault(q => paid ? q.NonProfit : q.Trial); if (quota != null) { - await TariffService.SetTariffAsync(tenant, new Tariff { Quotas = new List { new Quota(quota.TenantId, 1) }, DueDate = DateTime.MaxValue, }); + await _tariffService.SetTariffAsync(tenant, new Tariff { Quotas = new List { new Quota(quota.TenantId, 1) }, DueDate = DateTime.MaxValue, }); } } public async Task SetTariffAsync(int tenant, Tariff tariff) { - await TariffService.SetTariffAsync(tenant, tariff); + await _tariffService.SetTariffAsync(tenant, tariff); } public async Task> FindUsersAsync(IEnumerable userIds) { - return await UserService.GetUsersAllTenantsAsync(userIds); + return await _userService.GetUsersAllTenantsAsync(userIds); } } diff --git a/common/ASC.Core.Common/Tenants/TenantAccessSpaceSettings.cs b/common/ASC.Core.Common/Tenants/TenantAccessSpaceSettings.cs new file mode 100644 index 0000000000..6482818a96 --- /dev/null +++ b/common/ASC.Core.Common/Tenants/TenantAccessSpaceSettings.cs @@ -0,0 +1,48 @@ +// (c) Copyright Ascensio System SIA 2010-2022 +// +// This program is a free software product. +// You can redistribute it and/or modify it under the terms +// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software +// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended +// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of +// any third-party rights. +// +// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty +// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see +// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html +// +// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021. +// +// The interactive user interfaces in modified source and object code versions of the Program must +// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3. +// +// Pursuant to Section 7(b) of the License you must retain the original Product logo when +// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under +// trademark law for use of our trademarks. +// +// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing +// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0 +// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode + +namespace ASC.Core.Tenants; + +[Scope] +[Serializable] +public class TenantAccessSpaceSettings : ISettings +{ + public bool LimitedAccessSpace { get; set; } + + [JsonIgnore] + public Guid ID + { + get { return new Guid("{880585C4-52CD-4AE2-8DA4-3B8E2772753B}"); } + } + + public TenantAccessSpaceSettings GetDefault() + { + return new TenantAccessSpaceSettings + { + LimitedAccessSpace = false + }; + } +} \ No newline at end of file diff --git a/common/services/ASC.Data.Backup/Api/BackupController.cs b/common/services/ASC.Data.Backup/Api/BackupController.cs index f6524f87c9..4e7e833d6f 100644 --- a/common/services/ASC.Data.Backup/Api/BackupController.cs +++ b/common/services/ASC.Data.Backup/Api/BackupController.cs @@ -32,6 +32,8 @@ namespace ASC.Data.Backup.Controllers; public class BackupController : ControllerBase { private readonly BackupAjaxHandler _backupHandler; + private readonly CoreBaseSettings _coreBaseSettings; + private readonly TenantExtra _tenantExtra; private readonly IEventBus _eventBus; private readonly Guid _currentUserId; private readonly int _tenantId; @@ -40,11 +42,15 @@ public class BackupController : ControllerBase BackupAjaxHandler backupAjaxHandler, TenantManager tenantManager, SecurityContext securityContext, + CoreBaseSettings coreBaseSettings, + TenantExtra tenantExtra, IEventBus eventBus) { _currentUserId = securityContext.CurrentAccount.ID; _tenantId = tenantManager.GetCurrentTenant().Id; _backupHandler = backupAjaxHandler; + _coreBaseSettings = coreBaseSettings; + _tenantExtra = tenantExtra; _eventBus = eventBus; } /// @@ -55,6 +61,11 @@ public class BackupController : ControllerBase [HttpGet("getbackupschedule")] public async Task GetBackupSchedule() { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + return await _backupHandler.GetScheduleAsync(); } @@ -69,6 +80,11 @@ public class BackupController : ControllerBase [HttpPost("createbackupschedule")] public async Task CreateBackupScheduleAsync(BackupScheduleDto backupSchedule) { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + var storageType = backupSchedule.StorageType == null ? BackupStorageType.Documents : (BackupStorageType)Int32.Parse(backupSchedule.StorageType); var storageParams = backupSchedule.StorageParams == null ? new Dictionary() : backupSchedule.StorageParams.ToDictionary(r => r.Key.ToString(), r => r.Value.ToString()); var backupStored = backupSchedule.BackupsStored == null ? 0 : Int32.Parse(backupSchedule.BackupsStored); @@ -89,6 +105,11 @@ public class BackupController : ControllerBase [HttpDelete("deletebackupschedule")] public async Task DeleteBackupSchedule() { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + await _backupHandler.DeleteScheduleAsync(); return true; @@ -105,6 +126,11 @@ public class BackupController : ControllerBase [HttpPost("startbackup")] public async Task StartBackupAsync(BackupDto backup) { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + var storageType = backup.StorageType == null ? BackupStorageType.Documents : (BackupStorageType)Int32.Parse(backup.StorageType); var storageParams = backup.StorageParams == null ? new Dictionary() : backup.StorageParams.ToDictionary(r => r.Key.ToString(), r => r.Value.ToString()); @@ -127,6 +153,11 @@ public class BackupController : ControllerBase [HttpGet("getbackupprogress")] public async Task GetBackupProgressAsync() { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + return await _backupHandler.GetBackupProgressAsync(); } @@ -138,6 +169,11 @@ public class BackupController : ControllerBase [HttpGet("getbackuphistory")] public async Task> GetBackupHistory() { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + return await _backupHandler.GetBackupHistory(); } @@ -148,6 +184,11 @@ public class BackupController : ControllerBase [HttpDelete("deletebackup/{id}")] public async Task DeleteBackup(Guid id) { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + await _backupHandler.DeleteBackupAsync(id); return true; } @@ -160,6 +201,10 @@ public class BackupController : ControllerBase [HttpDelete("deletebackuphistory")] public async Task DeleteBackupHistory() { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } await _backupHandler.DeleteAllBackupsAsync(); return true; } @@ -176,6 +221,11 @@ public class BackupController : ControllerBase [HttpPost("startrestore")] public async Task StartBackupRestoreAsync(BackupRestoreDto backupRestore) { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + var storageParams = backupRestore.StorageParams == null ? new Dictionary() : backupRestore.StorageParams.ToDictionary(r => r.Key.ToString(), r => r.Value.ToString()); _eventBus.Publish(new BackupRestoreRequestIntegrationEvent( @@ -201,13 +251,23 @@ public class BackupController : ControllerBase [AllowNotPayment] public async Task GetRestoreProgressAsync() { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + return await _backupHandler.GetRestoreProgressAsync(); } ///false [HttpGet("backuptmp")] - public object GetTempPath() + public async Task GetTempPath() { + if (_coreBaseSettings.Standalone) + { + await _tenantExtra.DemandAccessSpacePermissionAsync(); + } + return _backupHandler.GetTmpFolder(); } } diff --git a/web/ASC.Web.Api/Api/Settings/SettingsController.cs b/web/ASC.Web.Api/Api/Settings/SettingsController.cs index e31bea94b2..c1ee22c260 100644 --- a/web/ASC.Web.Api/Api/Settings/SettingsController.cs +++ b/web/ASC.Web.Api/Api/Settings/SettingsController.cs @@ -95,7 +95,7 @@ public class SettingsController : BaseSettingsController CustomColorThemesSettingsHelper customColorThemesSettingsHelper, QuotaSyncOperation quotaSyncOperation, QuotaUsageManager quotaUsageManager, - TenantDomainValidator tenantDomainValidator, + TenantDomainValidator tenantDomainValidator, ExternalShare externalShare ) : base(apiContext, memoryCache, webItemManager, httpContextAccessor) { @@ -174,6 +174,7 @@ public class SettingsController : BaseSettingsController settings.BookTrainingEmail = _setupInfo.BookTrainingEmail; settings.DocumentationEmail = _setupInfo.DocumentationEmail; settings.SocketUrl = _configuration["web:hub:url"] ?? ""; + settings.LimitedAccessSpace = (await _settingsManager.LoadAsync()).LimitedAccessSpace; settings.Firebase = new FirebaseDto { @@ -452,7 +453,7 @@ public class SettingsController : BaseSettingsController catch { throw; - } + } finally { _semaphore.Release(); @@ -486,7 +487,7 @@ public class SettingsController : BaseSettingsController if (settings.Selected == id) { settings.Selected = settings.Themes.Min(r => r.Id); - await _messageService.SendAsync(MessageAction.ColorThemeChanged); + await _messageService.SendAsync(MessageAction.ColorThemeChanged); } await _settingsManager.SaveAsync(settings); @@ -793,7 +794,7 @@ public class SettingsController : BaseSettingsController [HttpGet("telegramisconnected")] public async Task TelegramIsConnectedAsync() { - return (int) await _telegramHelper.UserIsConnectedAsync(_authContext.CurrentAccount.ID, Tenant.Id); + return (int)await _telegramHelper.UserIsConnectedAsync(_authContext.CurrentAccount.ID, Tenant.Id); } /// diff --git a/web/ASC.Web.Api/Api/Settings/StorageController.cs b/web/ASC.Web.Api/Api/Settings/StorageController.cs index b4b6d6ceca..b45397cb6a 100644 --- a/web/ASC.Web.Api/Api/Settings/StorageController.cs +++ b/web/ASC.Web.Api/Api/Settings/StorageController.cs @@ -25,7 +25,6 @@ // International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode using ASC.Data.Storage.Encryption.IntegrationEvents.Events; -using ASC.EventBus.Abstractions; namespace ASC.Web.Api.Controllers.Settings; @@ -48,6 +47,7 @@ public class StorageController : BaseSettingsController, IDisposable private readonly BackupAjaxHandler _backupAjaxHandler; private readonly ICacheNotify _cacheDeleteSchedule; private readonly EncryptionWorker _encryptionWorker; + private readonly TenantExtra _tenantExtra; private readonly ILogger _log; private readonly IEventBus _eventBus; private readonly SecurityContext _securityContext; @@ -75,7 +75,8 @@ public class StorageController : BaseSettingsController, IDisposable BackupAjaxHandler backupAjaxHandler, ICacheNotify cacheDeleteSchedule, EncryptionWorker encryptionWorker, - IHttpContextAccessor httpContextAccessor) : base(apiContext, memoryCache, webItemManager, httpContextAccessor) + IHttpContextAccessor httpContextAccessor, + TenantExtra tenantExtra) : base(apiContext, memoryCache, webItemManager, httpContextAccessor) { _log = option.CreateLogger("ASC.Api"); _eventBus = eventBus; @@ -94,6 +95,7 @@ public class StorageController : BaseSettingsController, IDisposable _backupAjaxHandler = backupAjaxHandler; _cacheDeleteSchedule = cacheDeleteSchedule; _encryptionWorker = encryptionWorker; + _tenantExtra = tenantExtra; _securityContext = securityContext; } @@ -102,10 +104,7 @@ public class StorageController : BaseSettingsController, IDisposable { await _permissionContext.DemandPermissionsAsync(SecutiryConstants.EditPortalSettings); - if (!_coreBaseSettings.Standalone) - { - throw new SecurityException(Resource.ErrorAccessDenied); - } + await _tenantExtra.DemandAccessSpacePermissionAsync(); var current = await _settingsManager.LoadAsync(); var consumers = _consumerFactory.GetAll(); @@ -171,6 +170,8 @@ public class StorageController : BaseSettingsController, IDisposable await _permissionContext.DemandPermissionsAsync(SecutiryConstants.EditPortalSettings); + await _tenantExtra.DemandAccessSpacePermissionAsync(); + var storages = await GetAllStoragesAsync(); if (storages.Any(s => s.Current)) @@ -276,13 +277,10 @@ public class StorageController : BaseSettingsController, IDisposable throw new NotSupportedException(); } - if (!_coreBaseSettings.Standalone) - { - throw new SecurityException(Resource.ErrorAccessDenied); - } - await _permissionContext.DemandPermissionsAsync(SecutiryConstants.EditPortalSettings); + await _tenantExtra.DemandAccessSpacePermissionAsync(); + var settings = await _encryptionSettingsHelper.LoadAsync(); settings.Password = string.Empty; // Don't show password @@ -324,10 +322,7 @@ public class StorageController : BaseSettingsController, IDisposable { await _permissionContext.DemandPermissionsAsync(SecutiryConstants.EditPortalSettings); - if (!_coreBaseSettings.Standalone) - { - throw new SecurityException(Resource.ErrorAccessDenied); - } + await _tenantExtra.DemandAccessSpacePermissionAsync(); var consumer = _consumerFactory.GetByKey(inDto.Module); if (!consumer.IsSet) @@ -361,10 +356,7 @@ public class StorageController : BaseSettingsController, IDisposable { await _permissionContext.DemandPermissionsAsync(SecutiryConstants.EditPortalSettings); - if (!_coreBaseSettings.Standalone) - { - throw new SecurityException(Resource.ErrorAccessDenied); - } + await _tenantExtra.DemandAccessSpacePermissionAsync(); var settings = await _settingsManager.LoadAsync(); @@ -386,10 +378,7 @@ public class StorageController : BaseSettingsController, IDisposable { await _permissionContext.DemandPermissionsAsync(SecutiryConstants.EditPortalSettings); - if (!_coreBaseSettings.Standalone) - { - throw new SecurityException(Resource.ErrorAccessDenied); - } + await _tenantExtra.DemandAccessSpacePermissionAsync(); var current = await _settingsManager.LoadAsync(); var consumers = _consumerFactory.GetAll().Where(r => r.Cdn != null); @@ -401,10 +390,7 @@ public class StorageController : BaseSettingsController, IDisposable { await _permissionContext.DemandPermissionsAsync(SecutiryConstants.EditPortalSettings); - if (!_coreBaseSettings.Standalone) - { - throw new SecurityException(Resource.ErrorAccessDenied); - } + await _tenantExtra.DemandAccessSpacePermissionAsync(); var consumer = _consumerFactory.GetByKey(inDto.Module); if (!consumer.IsSet) @@ -439,10 +425,7 @@ public class StorageController : BaseSettingsController, IDisposable { await _permissionContext.DemandPermissionsAsync(SecutiryConstants.EditPortalSettings); - if (!_coreBaseSettings.Standalone) - { - throw new SecurityException(Resource.ErrorAccessDenied); - } + await _tenantExtra.DemandAccessSpacePermissionAsync(); await _storageSettingsHelper.ClearAsync(await _settingsManager.LoadAsync()); } @@ -452,6 +435,8 @@ public class StorageController : BaseSettingsController, IDisposable { await _permissionContext.DemandPermissionsAsync(SecutiryConstants.EditPortalSettings); + await _tenantExtra.DemandAccessSpacePermissionAsync(); + var schedule = await _backupAjaxHandler.GetScheduleAsync(); var current = new StorageSettings(); diff --git a/web/ASC.Web.Api/Api/Settings/WhitelabelController.cs b/web/ASC.Web.Api/Api/Settings/WhitelabelController.cs index 4469a8632a..b8f78cf2b3 100644 --- a/web/ASC.Web.Api/Api/Settings/WhitelabelController.cs +++ b/web/ASC.Web.Api/Api/Settings/WhitelabelController.cs @@ -38,8 +38,9 @@ public class WhitelabelController : BaseSettingsController private readonly CoreBaseSettings _coreBaseSettings; private readonly CommonLinkUtility _commonLinkUtility; private readonly IMapper _mapper; - private readonly CompanyWhiteLabelSettingsHelper _companyWhiteLabelSettingsHelper; - + private readonly CompanyWhiteLabelSettingsHelper _companyWhiteLabelSettingsHelper; + private readonly TenantExtra _tenantExtra; + public WhitelabelController( ApiContext apiContext, PermissionContext permissionContext, @@ -53,7 +54,9 @@ public class WhitelabelController : BaseSettingsController IMemoryCache memoryCache, IHttpContextAccessor httpContextAccessor, IMapper mapper, - CompanyWhiteLabelSettingsHelper companyWhiteLabelSettingsHelper) : base(apiContext, memoryCache, webItemManager, httpContextAccessor) + CompanyWhiteLabelSettingsHelper companyWhiteLabelSettingsHelper, + TenantExtra tenantExtra) + : base(apiContext, memoryCache, webItemManager, httpContextAccessor) { _permissionContext = permissionContext; _settingsManager = settingsManager; @@ -64,6 +67,7 @@ public class WhitelabelController : BaseSettingsController _commonLinkUtility = commonLinkUtility; _mapper = mapper; _companyWhiteLabelSettingsHelper = companyWhiteLabelSettingsHelper; + _tenantExtra = tenantExtra; } ///false @@ -410,7 +414,9 @@ public class WhitelabelController : BaseSettingsController private async Task DemandRebrandingPermissionAsync() { - if (!_coreBaseSettings.Standalone || _coreBaseSettings.CustomMode) + await _tenantExtra.DemandAccessSpacePermissionAsync(); + + if (_coreBaseSettings.CustomMode) { throw new SecurityException(Resource.ErrorAccessDenied); } diff --git a/web/ASC.Web.Api/ApiModels/ResponseDto/SettingsDto.cs b/web/ASC.Web.Api/ApiModels/ResponseDto/SettingsDto.cs index e62f3f6c96..1816438fdd 100644 --- a/web/ASC.Web.Api/ApiModels/ResponseDto/SettingsDto.cs +++ b/web/ASC.Web.Api/ApiModels/ResponseDto/SettingsDto.cs @@ -61,6 +61,7 @@ public class SettingsDto public string DocumentationEmail { get; set; } public string LegalTerms { get; set; } public bool CookieSettingsEnabled { get; set; } + public bool LimitedAccessSpace { get; set; } public PluginsDto Plugins { get; set; } diff --git a/web/ASC.Web.Core/Utility/TenantExtra.cs b/web/ASC.Web.Core/Utility/TenantExtra.cs index b0bcef347f..ce7ad5460f 100644 --- a/web/ASC.Web.Core/Utility/TenantExtra.cs +++ b/web/ASC.Web.Core/Utility/TenantExtra.cs @@ -148,4 +148,12 @@ public class TenantExtra } return _setupInfo.ChunkUploadSize; } + + public async Task DemandAccessSpacePermissionAsync() + { + if (!_coreBaseSettings.Standalone || (await _settingsManager.LoadAsync()).LimitedAccessSpace) + { + throw new SecurityException(Resource.ErrorAccessDenied); + } + } }