diff --git a/products/ASC.Files/Core/Core/FileStorageService.cs b/products/ASC.Files/Core/Core/FileStorageService.cs index d72cccd403..bd4e67a93d 100644 --- a/products/ASC.Files/Core/Core/FileStorageService.cs +++ b/products/ASC.Files/Core/Core/FileStorageService.cs @@ -1320,7 +1320,7 @@ public class FileStorageService //: IFileStorageService } ErrorIf(file == null, FilesCommonResource.ErrorMassage_FileNotFound); - ErrorIf(!readLink && !await _fileSecurity.CanReadAsync(file), FilesCommonResource.ErrorMassage_SecurityException_ReadFile); + ErrorIf(!readLink && !await _fileSecurity.CanEditHistory(file), FilesCommonResource.ErrorMassage_SecurityException_ReadFile); ErrorIf(file.ProviderEntry, FilesCommonResource.ErrorMassage_BadRequest); await foreach (var f in fileDao.GetEditHistoryAsync(_documentServiceHelper, file.Id)) @@ -1348,7 +1348,7 @@ public class FileStorageService //: IFileStorageService } ErrorIf(file == null, FilesCommonResource.ErrorMassage_FileNotFound); - ErrorIf(!readLink && !await _fileSecurity.CanReadAsync(file), FilesCommonResource.ErrorMassage_SecurityException_ReadFile); + ErrorIf(!readLink && !await _fileSecurity.CanEditHistory(file), FilesCommonResource.ErrorMassage_SecurityException_ReadFile); ErrorIf(file.ProviderEntry, FilesCommonResource.ErrorMassage_BadRequest); var result = new EditHistoryDataDto diff --git a/products/ASC.Files/Core/Core/Security/FileSecurity.cs b/products/ASC.Files/Core/Core/Security/FileSecurity.cs index 15c39291fe..18ca57e512 100644 --- a/products/ASC.Files/Core/Core/Security/FileSecurity.cs +++ b/products/ASC.Files/Core/Core/Security/FileSecurity.cs @@ -318,6 +318,11 @@ public class FileSecurity : IFileSecurity return CanAsync(entry, _authContext.CurrentAccount.ID, FilesSecurityActions.RemoveShare); } + public Task CanEditHistory(FileEntry entry) + { + return CanAsync(entry, _authContext.CurrentAccount.ID, FilesSecurityActions.EditHistory); + } + public Task> WhoCanReadAsync(FileEntry entry) { return WhoCanAsync(entry, FilesSecurityActions.Read); @@ -748,7 +753,6 @@ public class FileSecurity : IFileSecurity if (e.RootFolderType == FolderType.Archive && action != FilesSecurityActions.Read && action != FilesSecurityActions.Delete && - action != FilesSecurityActions.EditRoom && action != FilesSecurityActions.ReadHistory && action != FilesSecurityActions.Copy && action != FilesSecurityActions.RemoveShare && @@ -758,7 +762,9 @@ public class FileSecurity : IFileSecurity return false; } - if (action == FilesSecurityActions.ReadHistory && e.ProviderEntry) + if ((action == FilesSecurityActions.ReadHistory || + action == FilesSecurityActions.EditHistory) && + e.ProviderEntry) { return false; } @@ -770,10 +776,10 @@ public class FileSecurity : IFileSecurity return true; } - var parentRoom = await _daoFactory.GetFolderDao().GetParentFoldersAsync(e.ParentId) + var myRoom = await _daoFactory.GetFolderDao().GetParentFoldersAsync(e.ParentId) .Where(f => DocSpaceHelper.IsRoom(f.FolderType) && f.CreateBy == userId).FirstOrDefaultAsync(); - if (parentRoom != null) + if (myRoom != null) { return true; } @@ -870,7 +876,8 @@ public class FileSecurity : IFileSecurity if (e.Access == FileShare.Review || e.Access == FileShare.ReadWrite || e.Access == FileShare.RoomAdmin || - e.Access == FileShare.Editing) + e.Access == FileShare.Editing || + e.Access == FileShare.FillForms) { return true; } @@ -938,8 +945,7 @@ public class FileSecurity : IFileSecurity break; case FilesSecurityActions.EditHistory: if (e.Access == FileShare.ReadWrite || - e.Access == FileShare.RoomAdmin || - e.Access == FileShare.Editing) + e.Access == FileShare.RoomAdmin) { return file != null && !file.Encrypted; }