IlyaSobolev/DocSpace-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix Bug 63942

Browse Source
This commit is contained in:
Maksim Chegulov 2023-09-01 16:00:56 +03:00
parent 54b6742b6b
commit 4439425625
4 changed files with 268 additions and 268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
products/ASC.Files/Core/Core/VirtualRooms/InvitationLinkService.cs
View File

@ -109,22 +109,11 @@ public class InvitationLinkService
return new InvitationLinkData { Result = EmailValidationKeyProvider.ValidationResult.Invalid };
}
if (userId != default)
{
var account = _authManager.GetAccountByID(tenant.Id, userId);
if (!_permissionContext.CheckPermissions(account, new UserSecurityProvider(employeeType), Constants.Action_AddRemoveUser))
{
return linkData;
}
}
var validationResult = await _invitationLinkHelper.ValidateAsync(key, email, employeeType);
linkData.Result = validationResult.Result;
linkData.LinkType = validationResult.LinkType;
linkData.EmployeeType = employeeType;
if (validationResult.LinkId == default)
{
if (!await CheckQuota(linkData.LinkType, employeeType))

7
products/ASC.Files/Core/Utils/FileSharing.cs
View File

@ -545,6 +545,11 @@ public class FileSharing
if (isRoom && r.IsLink)
{
if (!canEditAccess)
{
continue;
}
w.Link = _invitationLinkService.GetInvitationLink(r.Subject, _authContext.CurrentAccount.ID);
w.SubjectGroup = true;
w.CanEditAccess = false;
@ -561,7 +566,7 @@ public class FileSharing
result.Add(w);
}
if (isRoom)
if (isRoom && canEditAccess)
{
var id = Guid.NewGuid();

5
products/ASC.People/Server/Api/UserController.cs
View File

@ -352,9 +352,12 @@ public class UserController : PeopleControllerBase
[HttpPost("invite")]
public async Task<List<EmployeeDto>> InviteUsersAsync(InviteUsersRequestDto inDto)
{
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
foreach (var invite in inDto.Invitations)
{
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, invite.Type), Constants.Action_AddRemoveUser))
if ((invite.Type == EmployeeType.DocSpaceAdmin && !currentUser.IsOwner(_tenantManager.GetCurrentTenant())) ||
!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, invite.Type), Constants.Action_AddRemoveUser))
{
continue;
}

5
web/ASC.Web.Api/Api/PortalController.cs
View File

@ -186,7 +186,10 @@ public class PortalController : ControllerBase
[HttpGet("users/invite/{employeeType}")]
public object GeInviteLink(EmployeeType employeeType)
{
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, employeeType), ASC.Core.Users.Constants.Action_AddRemoveUser))
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
if ((employeeType == EmployeeType.DocSpaceAdmin && !currentUser.IsOwner(_tenantManager.GetCurrentTenant()))
|| !_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, employeeType), ASC.Core.Users.Constants.Action_AddRemoveUser))
{
return string.Empty;
}