pavelbannov
26947072c6
# Conflicts: # common/ASC.Common/Threading/DistributedTaskProgress.cs # common/ASC.Common/Threading/DistributedTaskQueue.cs # common/ASC.Core.Common/Configuration/AmiPublicDnsSyncService.cs # common/ASC.Core.Common/Notify/Engine/NotifyRequest.cs # common/ASC.Core.Common/Notify/Model/NotifyClientImpl.cs # common/ASC.Core.Common/Security/EmailValidationKeyProvider.cs # common/ASC.Data.Reassigns/QueueWorker.cs # common/ASC.Data.Reassigns/ReassignProgressItem.cs # common/ASC.Data.Reassigns/RemoveProgressItem.cs # common/ASC.Data.Storage/StaticUploader.cs # products/ASC.Files/Core/ApiModels/ResponseDto/FileDto.cs # products/ASC.Files/Core/ApiModels/ResponseDto/FolderDto.cs # products/ASC.Files/Core/Core/Dao/TeamlabDao/FileDao.cs # products/ASC.Files/Core/Core/Dao/TeamlabDao/FolderDao.cs # products/ASC.Files/Core/Core/Dao/TeamlabDao/TagDao.cs # products/ASC.Files/Core/Core/Thirdparty/Box/BoxDaoBase.cs # products/ASC.Files/Core/Core/Thirdparty/Dropbox/DropboxDaoBase.cs # products/ASC.Files/Core/Core/Thirdparty/GoogleDrive/GoogleDriveDaoBase.cs # products/ASC.Files/Core/Core/Thirdparty/IThirdPartyProviderDao.cs # products/ASC.Files/Core/Core/Thirdparty/OneDrive/OneDriveDaoBase.cs # products/ASC.Files/Core/Core/Thirdparty/ProviderDao/ProviderSecutiryDao.cs # products/ASC.Files/Core/Core/Thirdparty/Sharpbox/SharpBoxDaoBase.cs # products/ASC.Files/Core/HttpHandlers/FileHandler.ashx.cs # products/ASC.Files/Core/HttpHandlers/ThirdPartyAppHandler.ashx.cs # products/ASC.Files/Core/HttpHandlers/docusignhandler.ashx.cs # products/ASC.Files/Core/Services/DocumentService/DocumentServiceTracker.cs # products/ASC.Files/Core/Services/WCFService/FileOperations/FileDownloadOperation.cs # products/ASC.Files/Core/Services/WCFService/FileOperations/FileOperation.cs # products/ASC.Files/Core/Utils/EntryManager.cs # web/ASC.Web.Core/CollaboratorSettings.cs # web/ASC.Web.Core/CustomNavigationSettings.cs # web/ASC.Web.Core/EmailActivationSettings.cs # web/ASC.Web.Core/Notify/NotifyConfiguration.cs # web/ASC.Web.Core/Notify/SpamEmailSettings.cs # web/ASC.Web.Core/Notify/StudioNotifyHelper.cs # web/ASC.Web.Core/Notify/StudioNotifyService.cs # web/ASC.Web.Core/Notify/StudioNotifyServiceSender.cs # web/ASC.Web.Core/Notify/StudioPeriodicNotify.cs # web/ASC.Web.Core/Notify/StudioWhatsNewNotify.cs # web/ASC.Web.Core/PersonalSettings.cs # web/ASC.Web.Core/PrivacyRoomSettings.cs # web/ASC.Web.Core/PromotionsSettings.cs # web/ASC.Web.Core/QuotaSync.cs # web/ASC.Web.Core/Sms/SmsSender.cs # web/ASC.Web.Core/Sms/StudioSmsNotificationSettings.cs # web/ASC.Web.Core/StudioAdminMessageSettings.cs # web/ASC.Web.Core/StudioDefaultPageSettings.cs # web/ASC.Web.Core/StudioTrustedDomainSettings.cs # web/ASC.Web.Core/TariffSettings.cs # web/ASC.Web.Core/Tfa/TfaAppAuthSettings.cs # web/ASC.Web.Core/Tfa/TfaAppUserSettings.cs # web/ASC.Web.Core/TipsSettings.cs # web/ASC.Web.Core/Users/CustomNamingPeople.cs # web/ASC.Web.Core/Users/UserHelpTourSettings.cs # web/ASC.Web.Core/Users/UserPhotoManager.cs # web/ASC.Web.Core/Users/UserPhotoThumbnailManager.cs # web/ASC.Web.Core/Users/UserPhotoThumbnailSettings.cs # web/ASC.Web.Core/Utility/ColorThemesSettings.cs # web/ASC.Web.Core/Utility/PasswordSettings.cs # web/ASC.Web.Core/Utility/Settings/TenantAccessSettings.cs # web/ASC.Web.Core/Utility/Settings/WebItemSettings.cs # web/ASC.Web.Core/Utility/Settings/WizardSettings.cs # web/ASC.Web.Core/Utility/TenantExtra.cs # web/ASC.Web.Core/WhiteLabel/AdditionalWhiteLabelSettings.cs # web/ASC.Web.Core/WhiteLabel/CompanyWhiteLabelSettings.cs # web/ASC.Web.Core/WhiteLabel/TenantInfoSettings.cs # web/ASC.Web.Core/WhiteLabel/TenantWhiteLabelSettings.cs
281 lines
11 KiB
C#
281 lines
11 KiB
C#
// (c) Copyright Ascensio System SIA 2010-2022
|
|
//
|
|
// This program is a free software product.
|
|
// You can redistribute it and/or modify it under the terms
|
|
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
|
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
|
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
|
// any third-party rights.
|
|
//
|
|
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
|
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
|
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
|
//
|
|
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
|
//
|
|
// The interactive user interfaces in modified source and object code versions of the Program must
|
|
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
|
//
|
|
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
|
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
|
// trademark law for use of our trademarks.
|
|
//
|
|
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
|
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
|
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
|
|
|
namespace ASC.Web.Api.Controllers.Settings;
|
|
|
|
public class SecurityController : BaseSettingsController
|
|
{
|
|
private readonly MessageService _messageService;
|
|
private readonly EmployeeDtoHelper _employeeHelperDto;
|
|
private readonly UserManager _userManager;
|
|
private readonly AuthContext _authContext;
|
|
private readonly WebItemSecurity _webItemSecurity;
|
|
private readonly PermissionContext _permissionContext;
|
|
private readonly SettingsManager _settingsManager;
|
|
private readonly WebItemManagerSecurity _webItemManagerSecurity;
|
|
private readonly DisplayUserSettingsHelper _displayUserSettingsHelper;
|
|
private readonly MessageTarget _messageTarget;
|
|
|
|
public SecurityController(
|
|
MessageService messageService,
|
|
ApiContext apiContext,
|
|
UserManager userManager,
|
|
AuthContext authContext,
|
|
WebItemSecurity webItemSecurity,
|
|
PermissionContext permissionContext,
|
|
SettingsManager settingsManager,
|
|
WebItemManager webItemManager,
|
|
WebItemManagerSecurity webItemManagerSecurity,
|
|
DisplayUserSettingsHelper displayUserSettingsHelper,
|
|
EmployeeDtoHelper employeeWraperHelper,
|
|
MessageTarget messageTarget,
|
|
IMemoryCache memoryCache) : base(apiContext, memoryCache, webItemManager)
|
|
{
|
|
_employeeHelperDto = employeeWraperHelper;
|
|
_messageService = messageService;
|
|
_userManager = userManager;
|
|
_authContext = authContext;
|
|
_webItemSecurity = webItemSecurity;
|
|
_permissionContext = permissionContext;
|
|
_settingsManager = settingsManager;
|
|
_webItemManagerSecurity = webItemManagerSecurity;
|
|
_displayUserSettingsHelper = displayUserSettingsHelper;
|
|
_messageTarget = messageTarget;
|
|
}
|
|
|
|
[Read("security")]
|
|
public IEnumerable<SecurityDto> GetWebItemSecurityInfo([FromQuery] IEnumerable<string> ids)
|
|
{
|
|
if (ids == null || !ids.Any())
|
|
{
|
|
ids = WebItemManager.GetItemsAll().Select(i => i.ID.ToString());
|
|
}
|
|
|
|
var subItemList = WebItemManager.GetItemsAll().Where(item => item.IsSubItem()).Select(i => i.ID.ToString());
|
|
|
|
return ids.Select(r => _webItemSecurity.GetSecurityInfo(r))
|
|
.Select(i => new SecurityDto
|
|
{
|
|
WebItemId = i.WebItemId,
|
|
Enabled = i.Enabled,
|
|
Users = i.Users.Select(_employeeHelperDto.Get),
|
|
Groups = i.Groups.Select(g => new GroupSummaryDto(g, _userManager)),
|
|
IsSubItem = subItemList.Contains(i.WebItemId),
|
|
}).ToList();
|
|
}
|
|
|
|
[Read("security/{id}")]
|
|
public bool GetWebItemSecurityInfo(Guid id)
|
|
{
|
|
var module = WebItemManager[id];
|
|
|
|
return module != null && !module.IsDisabled(_webItemSecurity, _authContext);
|
|
}
|
|
|
|
[Read("security/modules")]
|
|
public object GetEnabledModules()
|
|
{
|
|
var EnabledModules = _webItemManagerSecurity.GetItems(WebZoneType.All, ItemAvailableState.Normal)
|
|
.Where(item => !item.IsSubItem() && item.Visible)
|
|
.Select(item => new
|
|
{
|
|
id = item.ProductClassName.HtmlEncode(),
|
|
title = item.Name.HtmlEncode()
|
|
});
|
|
|
|
return EnabledModules;
|
|
}
|
|
|
|
[Read("security/password", Check = false)]
|
|
[Authorize(AuthenticationSchemes = "confirm", Roles = "Everyone")]
|
|
public object GetPasswordSettings()
|
|
{
|
|
var UserPasswordSettings = _settingsManager.Load<PasswordSettings>();
|
|
|
|
return UserPasswordSettings;
|
|
}
|
|
|
|
[Update("security")]
|
|
public IEnumerable<SecurityDto> SetWebItemSecurityFromBody([FromBody] WebItemSecurityRequestsDto inDto)
|
|
{
|
|
return SetWebItemSecurity(inDto);
|
|
}
|
|
|
|
[Update("security")]
|
|
[Consumes("application/x-www-form-urlencoded")]
|
|
public IEnumerable<SecurityDto> SetWebItemSecurityFromForm([FromForm] WebItemSecurityRequestsDto inDto)
|
|
{
|
|
return SetWebItemSecurity(inDto);
|
|
}
|
|
|
|
private IEnumerable<SecurityDto> SetWebItemSecurity(WebItemSecurityRequestsDto inDto)
|
|
{
|
|
_permissionContext.DemandPermissions(SecutiryConstants.EditPortalSettings);
|
|
|
|
_webItemSecurity.SetSecurity(inDto.Id, inDto.Enabled, inDto.Subjects?.ToArray());
|
|
var securityInfo = GetWebItemSecurityInfo(new List<string> { inDto.Id });
|
|
|
|
if (inDto.Subjects == null)
|
|
{
|
|
return securityInfo;
|
|
}
|
|
|
|
var productName = GetProductName(new Guid(inDto.Id));
|
|
|
|
if (!inDto.Subjects.Any())
|
|
{
|
|
_messageService.Send(MessageAction.ProductAccessOpened, productName);
|
|
}
|
|
else
|
|
{
|
|
foreach (var info in securityInfo)
|
|
{
|
|
if (info.Groups.Any())
|
|
{
|
|
_messageService.Send(MessageAction.GroupsOpenedProductAccess, productName, info.Groups.Select(x => x.Name));
|
|
}
|
|
if (info.Users.Any())
|
|
{
|
|
_messageService.Send(MessageAction.UsersOpenedProductAccess, productName, info.Users.Select(x => HttpUtility.HtmlDecode(x.DisplayName)));
|
|
}
|
|
}
|
|
}
|
|
|
|
return securityInfo;
|
|
}
|
|
|
|
[Update("security/access")]
|
|
public IEnumerable<SecurityDto> SetAccessToWebItemsFromBody([FromBody] WebItemSecurityRequestsDto inDto)
|
|
{
|
|
return SetAccessToWebItems(inDto);
|
|
}
|
|
|
|
[Update("security/access")]
|
|
[Consumes("application/x-www-form-urlencoded")]
|
|
public IEnumerable<SecurityDto> SetAccessToWebItemsFromForm([FromForm] WebItemSecurityRequestsDto inDto)
|
|
{
|
|
return SetAccessToWebItems(inDto);
|
|
}
|
|
|
|
private IEnumerable<SecurityDto> SetAccessToWebItems(WebItemSecurityRequestsDto inDto)
|
|
{
|
|
_permissionContext.DemandPermissions(SecutiryConstants.EditPortalSettings);
|
|
|
|
var itemList = new ItemDictionary<string, bool>();
|
|
|
|
foreach (var item in inDto.Items)
|
|
{
|
|
if (!itemList.ContainsKey(item.Key))
|
|
{
|
|
itemList.Add(item.Key, item.Value);
|
|
}
|
|
}
|
|
|
|
var defaultPageSettings = _settingsManager.Load<StudioDefaultPageSettings>();
|
|
|
|
foreach (var item in itemList)
|
|
{
|
|
Guid[] subjects = null;
|
|
var productId = new Guid(item.Key);
|
|
|
|
if (item.Value)
|
|
{
|
|
if (WebItemManager[productId] is IProduct webItem || productId == WebItemManager.MailProductID)
|
|
{
|
|
var productInfo = _webItemSecurity.GetSecurityInfo(item.Key);
|
|
var selectedGroups = productInfo.Groups.Select(group => group.ID).ToList();
|
|
var selectedUsers = productInfo.Users.Select(user => user.Id).ToList();
|
|
selectedUsers.AddRange(selectedGroups);
|
|
if (selectedUsers.Count > 0)
|
|
{
|
|
subjects = selectedUsers.ToArray();
|
|
}
|
|
}
|
|
}
|
|
else if (productId == defaultPageSettings.DefaultProductID)
|
|
{
|
|
_settingsManager.Save(_settingsManager.GetDefault<StudioDefaultPageSettings>());
|
|
}
|
|
|
|
_webItemSecurity.SetSecurity(item.Key, item.Value, subjects);
|
|
}
|
|
|
|
_messageService.Send(MessageAction.ProductsListUpdated);
|
|
|
|
return GetWebItemSecurityInfo(itemList.Keys.ToList());
|
|
}
|
|
|
|
[Read("security/administrator/{productid}")]
|
|
public IEnumerable<EmployeeDto> GetProductAdministrators(Guid productid)
|
|
{
|
|
return _webItemSecurity.GetProductAdministrators(productid)
|
|
.Select(_employeeHelperDto.Get)
|
|
.ToList();
|
|
}
|
|
|
|
[Read("security/administrator")]
|
|
public object IsProductAdministrator(Guid productid, Guid userid)
|
|
{
|
|
var result = _webItemSecurity.IsProductAdministrator(productid, userid);
|
|
return new { ProductId = productid, UserId = userid, Administrator = result };
|
|
}
|
|
|
|
[Update("security/administrator")]
|
|
public object SetProductAdministratorFromBody([FromBody] SecurityRequestsDto inDto)
|
|
{
|
|
return SetProductAdministrator(inDto);
|
|
}
|
|
|
|
[Update("security/administrator")]
|
|
[Consumes("application/x-www-form-urlencoded")]
|
|
public object SetProductAdministratorFromForm([FromForm] SecurityRequestsDto inDto)
|
|
{
|
|
return SetProductAdministrator(inDto);
|
|
}
|
|
|
|
private object SetProductAdministrator(SecurityRequestsDto inDto)
|
|
{
|
|
_permissionContext.DemandPermissions(SecutiryConstants.EditPortalSettings);
|
|
|
|
_webItemSecurity.SetProductAdministrator(inDto.ProductId, inDto.UserId, inDto.Administrator);
|
|
|
|
var admin = _userManager.GetUsers(inDto.UserId);
|
|
|
|
if (inDto.ProductId == Guid.Empty)
|
|
{
|
|
var messageAction = inDto.Administrator ? MessageAction.AdministratorOpenedFullAccess : MessageAction.AdministratorDeleted;
|
|
_messageService.Send(messageAction, _messageTarget.Create(admin.Id), admin.DisplayUserName(false, _displayUserSettingsHelper));
|
|
}
|
|
else
|
|
{
|
|
var messageAction = inDto.Administrator ? MessageAction.ProductAddedAdministrator : MessageAction.ProductDeletedAdministrator;
|
|
_messageService.Send(messageAction, _messageTarget.Create(admin.Id), GetProductName(inDto.ProductId), admin.DisplayUserName(false, _displayUserSettingsHelper));
|
|
}
|
|
|
|
return new { inDto.ProductId, inDto.UserId, inDto.Administrator };
|
|
}
|
|
}
|