IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Files: updated the rights

Browse Source
This commit is contained in:
Maksim Chegulov 2022-12-11 23:34:18 +03:00
parent d58fe4fabe
commit def75f8e6f
4 changed files with 43 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
products/ASC.Files/Core/Core/Security/FileSecurity.cs
View File

@ -762,6 +762,12 @@ public class FileSecurity : IFileSecurity
return false;
}
if (e.RootFolderType == FolderType.Archive && (action == FilesSecurityActions.Delete || action == FilesSecurityActions.Move)
&& !isRoom)
{
return false;
}
if ((action == FilesSecurityActions.ReadHistory ||
action == FilesSecurityActions.EditHistory) &&
e.ProviderEntry)

4
products/ASC.Files/Core/Core/VirtualRooms/RoomLogoManager.cs
View File

@ -104,12 +104,12 @@ public class RoomLogoManager
return room;
}
public async Task<Folder<T>> DeleteAsync<T>(T id)
public async Task<Folder<T>> DeleteAsync<T>(T id, bool checkPermissions = true)
{
var folderDao = _daoFactory.GetFolderDao<T>();
var room = await folderDao.GetFolderAsync(id);
if (!await _fileSecurity.CanEditRoomAsync(room))
if (checkPermissions && !await _fileSecurity.CanEditRoomAsync(room))
{
throw new InvalidOperationException("You don't have permission to edit the room");
}

26
products/ASC.Files/Core/Services/WCFService/FileOperations/FileDeleteOperation.cs
View File

@ -106,7 +106,7 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
}
}
private async Task DeleteFoldersAsync(IEnumerable<T> folderIds, IServiceScope scope, bool isNeedSendActions = false)
private async Task DeleteFoldersAsync(IEnumerable<T> folderIds, IServiceScope scope, bool isNeedSendActions = false, bool checkPermissions = true)
{
var scopeClass = scope.ServiceProvider.GetService<FileDeleteOperationScope>();
var (fileMarker, filesMessageService, roomLogoManager) = scopeClass;
@ -127,7 +127,7 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException_DeleteFolder;
}
else if (!_ignoreException && !await FilesSecurity.CanDeleteAsync(folder))
else if (!_ignoreException && checkPermissions && !await FilesSecurity.CanDeleteAsync(folder))
{
canCalculate = FolderDao.CanCalculateSubitems(folderId) ? default : folderId;
@ -135,6 +135,8 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
}
else
{
checkPermissions = isRoom ? false : checkPermissions;
canCalculate = FolderDao.CanCalculateSubitems(folderId) ? default : folderId;
await fileMarker.RemoveMarkAsNewForAllAsync(folder);
@ -148,7 +150,7 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
if (providerInfo.FolderId != null)
{
await roomLogoManager.DeleteAsync(providerInfo.FolderId);
await roomLogoManager.DeleteAsync(providerInfo.FolderId, checkPermissions);
}
}
@ -167,16 +169,16 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
if (immediately && FolderDao.UseRecursiveOperation(folder.Id, default(T)))
{
var files = await FileDao.GetFilesAsync(folder.Id).ToListAsync();
await DeleteFilesAsync(files, scope);
await DeleteFilesAsync(files, scope, checkPermissions: checkPermissions);
var folders = await FolderDao.GetFoldersAsync(folder.Id).ToListAsync();
await DeleteFoldersAsync(folders.Select(f => f.Id).ToList(), scope);
await DeleteFoldersAsync(folders.Select(f => f.Id).ToList(), scope, checkPermissions: checkPermissions);
if (await FolderDao.IsEmptyAsync(folder.Id))
{
if (isRoom)
{
await roomLogoManager.DeleteAsync(folder.Id);
await roomLogoManager.DeleteAsync(folder.Id, checkPermissions);
}
await FolderDao.DeleteFolderAsync(folder.Id);
@ -194,7 +196,7 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
else
{
var files = await FileDao.GetFilesAsync(folder.Id, new OrderBy(SortedByType.AZ, true), FilterType.FilesOnly, false, Guid.Empty, string.Empty, false, true).ToListAsync();
var (isError, message) = await WithErrorAsync(scope, files, true);
var (isError, message) = await WithErrorAsync(scope, files, true, checkPermissions);
if (!_ignoreException && isError)
{
this[Err] = message;
@ -205,7 +207,7 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
{
if (isRoom)
{
await roomLogoManager.DeleteAsync(folder.Id);
await roomLogoManager.DeleteAsync(folder.Id, checkPermissions);
}
await FolderDao.DeleteFolderAsync(folder.Id);
@ -238,7 +240,7 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
}
}
private async Task DeleteFilesAsync(IEnumerable<T> fileIds, IServiceScope scope, bool isNeedSendActions = false)
private async Task DeleteFilesAsync(IEnumerable<T> fileIds, IServiceScope scope, bool isNeedSendActions = false, bool checkPermissions = true)
{
var scopeClass = scope.ServiceProvider.GetService<FileDeleteOperationScope>();
var socketManager = scope.ServiceProvider.GetService<SocketManager>();
@ -249,7 +251,7 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
CancellationToken.ThrowIfCancellationRequested();
var file = await FileDao.GetFileAsync(fileId);
var (isError, message) = await WithErrorAsync(scope, new[] { file }, false);
var (isError, message) = await WithErrorAsync(scope, new[] { file }, false, checkPermissions);
if (file == null)
{
this[Err] = FilesCommonResource.ErrorMassage_FileNotFound;
@ -316,7 +318,7 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
}
}
private async Task<(bool isError, string message)> WithErrorAsync(IServiceScope scope, IEnumerable<File<T>> files, bool folder)
private async Task<(bool isError, string message)> WithErrorAsync(IServiceScope scope, IEnumerable<File<T>> files, bool folder, bool checkPermissions)
{
var entryManager = scope.ServiceProvider.GetService<EntryManager>();
var fileTracker = scope.ServiceProvider.GetService<FileTrackerHelper>();
@ -324,7 +326,7 @@ class FileDeleteOperation<T> : FileOperation<FileDeleteOperationData<T>, T>
string error = null;
foreach (var file in files)
{
if (!await FilesSecurity.CanDeleteAsync(file))
if (checkPermissions && !await FilesSecurity.CanDeleteAsync(file))
{
error = FilesCommonResource.ErrorMassage_SecurityException_DeleteFile;

38
products/ASC.Files/Core/Services/WCFService/FileOperations/FileMoveCopyOperation.cs
View File

@ -204,7 +204,7 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
}
}
private async Task<List<FileEntry<TTo>>> MoveOrCopyFoldersAsync<TTo>(IServiceScope scope, List<T> folderIds, Folder<TTo> toFolder, bool copy, IEnumerable<Folder<TTo>> toFolderParents)
private async Task<List<FileEntry<TTo>>> MoveOrCopyFoldersAsync<TTo>(IServiceScope scope, List<T> folderIds, Folder<TTo> toFolder, bool copy, IEnumerable<Folder<TTo>> toFolderParents, bool checkPermissions = true)
{
var needToMark = new List<FileEntry<TTo>>();
@ -228,7 +228,6 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
CancellationToken.ThrowIfCancellationRequested();
var folder = await FolderDao.GetFolderAsync(folderId);
var (isError, message) = await WithErrorAsync(scope, await FileDao.GetFilesAsync(folder.Id, new OrderBy(SortedByType.AZ, true), FilterType.FilesOnly, false, Guid.Empty, string.Empty, false, true).ToListAsync());
var isRoom = DocSpaceHelper.IsRoom(folder.FolderType);
@ -236,11 +235,11 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
{
this[Err] = FilesCommonResource.ErrorMassage_FolderNotFound;
}
else if (copy && !await FilesSecurity.CanCopyAsync(folder))
else if (copy && checkPermissions && !await FilesSecurity.CanCopyAsync(folder))
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException_CopyFolder;
}
else if (!copy && !await FilesSecurity.CanMoveAsync(folder))
else if (!copy && checkPermissions && !await FilesSecurity.CanMoveAsync(folder))
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException_MoveFolder;
}
@ -256,7 +255,7 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException_MoveFolder;
}
else if (!await FilesSecurity.CanDownloadAsync(folder))
else if (checkPermissions && !await FilesSecurity.CanDownloadAsync(folder))
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException;
}
@ -267,6 +266,11 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
}
else if (!Equals(folder.ParentId ?? default, toFolderId) || _resolveType == FileConflictResolveType.Duplicate)
{
checkPermissions = isRoom ? false : checkPermissions;
var files = await FileDao.GetFilesAsync(folder.Id, new OrderBy(SortedByType.AZ, true), FilterType.FilesOnly, false, Guid.Empty, string.Empty, false, true).ToListAsync();
var (isError, message) = await WithErrorAsync(scope, files, checkPermissions);
try
{
//if destination folder contains folder with same name then merge folders
@ -305,12 +309,12 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
if (toFolder.ProviderId == folder.ProviderId // crossDao operation is always recursive
&& FolderDao.UseRecursiveOperation(folder.Id, toFolderId))
{
await MoveOrCopyFilesAsync(scope, await FileDao.GetFilesAsync(folder.Id).ToListAsync(), newFolder, copy, toFolderParents);
await MoveOrCopyFoldersAsync(scope, await FolderDao.GetFoldersAsync(folder.Id).Select(f => f.Id).ToListAsync(), newFolder, copy, toFolderParents);
await MoveOrCopyFilesAsync(scope, await FileDao.GetFilesAsync(folder.Id).ToListAsync(), newFolder, copy, toFolderParents, checkPermissions);
await MoveOrCopyFoldersAsync(scope, await FolderDao.GetFoldersAsync(folder.Id).Select(f => f.Id).ToListAsync(), newFolder, copy, toFolderParents, checkPermissions);
if (!copy)
{
if (!await FilesSecurity.CanMoveAsync(folder))
if (checkPermissions && !await FilesSecurity.CanMoveAsync(folder))
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException_MoveFolder;
}
@ -346,7 +350,7 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
sb.Append($"folder_{newFolderId}{SplitChar}");
}
}
else if (!await FilesSecurity.CanMoveAsync(folder))
else if (checkPermissions && !await FilesSecurity.CanMoveAsync(folder))
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException_MoveFolder;
}
@ -377,7 +381,7 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
}
else
{
if (!await FilesSecurity.CanMoveAsync(folder))
if (checkPermissions && !await FilesSecurity.CanMoveAsync(folder))
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException_MoveFolder;
}
@ -458,7 +462,7 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
return needToMark;
}
private async Task<List<FileEntry<TTo>>> MoveOrCopyFilesAsync<TTo>(IServiceScope scope, List<T> fileIds, Folder<TTo> toFolder, bool copy, IEnumerable<Folder<TTo>> toParentFolders)
private async Task<List<FileEntry<TTo>>> MoveOrCopyFilesAsync<TTo>(IServiceScope scope, List<T> fileIds, Folder<TTo> toFolder, bool copy, IEnumerable<Folder<TTo>> toParentFolders, bool checkPermissions = true)
{
var needToMark = new List<FileEntry<TTo>>();
@ -480,7 +484,7 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
CancellationToken.ThrowIfCancellationRequested();
var file = await FileDao.GetFileAsync(fileId);
var (isError, message) = await WithErrorAsync(scope, new[] { file });
var (isError, message) = await WithErrorAsync(scope, new[] { file }, checkPermissions);
if (file == null)
{
@ -494,11 +498,11 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException_CopyFile;
}
else if (!copy && !await FilesSecurity.CanMoveAsync(file))
else if (!copy && checkPermissions && !await FilesSecurity.CanMoveAsync(file))
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException_MoveFile;
}
else if (!await FilesSecurity.CanDownloadAsync(file))
else if (checkPermissions && !await FilesSecurity.CanDownloadAsync(file))
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException;
}
@ -606,7 +610,7 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
{
if (_resolveType == FileConflictResolveType.Overwrite)
{
if (!await FilesSecurity.CanEditAsync(conflict))
if (checkPermissions && !await FilesSecurity.CanEditAsync(conflict))
{
this[Err] = FilesCommonResource.ErrorMassage_SecurityException;
}
@ -719,14 +723,14 @@ class FileMoveCopyOperation<T> : FileOperation<FileMoveCopyOperationData<T>, T>
return needToMark;
}
private async Task<(bool isError, string message)> WithErrorAsync(IServiceScope scope, IEnumerable<File<T>> files)
private async Task<(bool isError, string message)> WithErrorAsync(IServiceScope scope, IEnumerable<File<T>> files, bool checkPermissions = true)
{
var entryManager = scope.ServiceProvider.GetService<EntryManager>();
var fileTracker = scope.ServiceProvider.GetService<FileTrackerHelper>();
string error = null;
foreach (var file in files)
{
if (!await FilesSecurity.CanDeleteAsync(file))
if(checkPermissions && !await FilesSecurity.CanMoveAsync(file))
{
error = FilesCommonResource.ErrorMassage_SecurityException_MoveFile;