IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix Bug 63538

Browse Source
This commit is contained in:
Andrey Savihin 2023-08-04 17:30:58 +03:00
parent 5f135c4ad2
commit c2e284f110
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
products/ASC.People/Server/Api/UserController.cs
View File

@ -1081,14 +1081,21 @@ public class UserController : PeopleControllerBase
} }
var viewer = _userManager.GetUsers(_securityContext.CurrentAccount.ID); var viewer = _userManager.GetUsers(_securityContext.CurrentAccount.ID);
var viewerIsAdmin = _userManager.IsDocSpaceAdmin(viewer);
var user = _userManager.GetUsers(userid); var user = _userManager.GetUsers(userid);
if (user == null) if (_userManager.IsSystemUser(user.Id))
{ {
throw new Exception(Resource.ErrorUserNotFound); throw new Exception(Resource.ErrorUserNotFound);
} }
if (viewer == null || (user.IsOwner(Tenant) && viewer.Id != user.Id)) if (!viewerIsAdmin && viewer.Id != user.Id)
{
throw new Exception(Resource.ErrorAccessDenied);
}
if (user.IsOwner(Tenant) && viewer.Id != user.Id)
{ {
throw new Exception(Resource.ErrorAccessDenied); throw new Exception(Resource.ErrorAccessDenied);
} }
@ -1100,7 +1107,7 @@ public class UserController : PeopleControllerBase
throw new Exception(_customNamingPeople.Substitute<Resource>("ErrorEmailAlreadyExists")); throw new Exception(_customNamingPeople.Substitute<Resource>("ErrorEmailAlreadyExists"));
} }
if (!_userManager.IsDocSpaceAdmin(viewer)) if (!viewerIsAdmin)
{ {
_studioNotifyService.SendEmailChangeInstructions(user, email); _studioNotifyService.SendEmailChangeInstructions(user, email);
} }