Web.Api: changed permissions validation logic
This commit is contained in:
parent
837cee5b8f
commit
2d1a5f1fb2
@ -143,11 +143,9 @@ public class PortalController : ControllerBase
|
||||
[HttpGet("users/invite/{employeeType}")]
|
||||
public object GeInviteLink(EmployeeType employeeType)
|
||||
{
|
||||
var currentUserType = _userManager.GetUserType(_authContext.CurrentAccount.ID);
|
||||
|
||||
if (currentUserType == EmployeeType.User)
|
||||
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, employeeType), ASC.Core.Users.Constants.Action_AddRemoveUser))
|
||||
{
|
||||
throw new SecurityException(Resource.ErrorAccessDenied);
|
||||
return string.Empty;
|
||||
}
|
||||
|
||||
return _commonLinkUtility.GetConfirmationEmailUrl(string.Empty, ConfirmType.LinkInvite, (int)employeeType, _authContext.CurrentAccount.ID)
|
||||
|
Loading…
Reference in New Issue
Block a user