IlyaSobolev/DocSpace-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Web.Api: changed permissions validation logic

Browse Source
This commit is contained in:
Maksim Chegulov 2022-12-06 01:58:03 +03:00
parent 837cee5b8f
commit 2d1a5f1fb2
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/ASC.Web.Api/Api/PortalController.cs
View File

@ -143,11 +143,9 @@ public class PortalController : ControllerBase
[HttpGet("users/invite/{employeeType}")]
public object GeInviteLink(EmployeeType employeeType)
{
var currentUserType = _userManager.GetUserType(_authContext.CurrentAccount.ID);
if (currentUserType == EmployeeType.User)
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, employeeType), ASC.Core.Users.Constants.Action_AddRemoveUser))
{
throw new SecurityException(Resource.ErrorAccessDenied);
return string.Empty;
}
return _commonLinkUtility.GetConfirmationEmailUrl(string.Empty, ConfirmType.LinkInvite, (int)employeeType, _authContext.CurrentAccount.ID)