fix Bug 63942
This commit is contained in:
parent
54b6742b6b
commit
4439425625
@ -109,22 +109,11 @@ public class InvitationLinkService
|
||||
return new InvitationLinkData { Result = EmailValidationKeyProvider.ValidationResult.Invalid };
|
||||
}
|
||||
|
||||
if (userId != default)
|
||||
{
|
||||
var account = _authManager.GetAccountByID(tenant.Id, userId);
|
||||
|
||||
if (!_permissionContext.CheckPermissions(account, new UserSecurityProvider(employeeType), Constants.Action_AddRemoveUser))
|
||||
{
|
||||
return linkData;
|
||||
}
|
||||
}
|
||||
|
||||
var validationResult = await _invitationLinkHelper.ValidateAsync(key, email, employeeType);
|
||||
linkData.Result = validationResult.Result;
|
||||
linkData.LinkType = validationResult.LinkType;
|
||||
linkData.EmployeeType = employeeType;
|
||||
|
||||
|
||||
if (validationResult.LinkId == default)
|
||||
{
|
||||
if (!await CheckQuota(linkData.LinkType, employeeType))
|
||||
|
@ -545,6 +545,11 @@ public class FileSharing
|
||||
|
||||
if (isRoom && r.IsLink)
|
||||
{
|
||||
if (!canEditAccess)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
w.Link = _invitationLinkService.GetInvitationLink(r.Subject, _authContext.CurrentAccount.ID);
|
||||
w.SubjectGroup = true;
|
||||
w.CanEditAccess = false;
|
||||
@ -561,7 +566,7 @@ public class FileSharing
|
||||
result.Add(w);
|
||||
}
|
||||
|
||||
if (isRoom)
|
||||
if (isRoom && canEditAccess)
|
||||
{
|
||||
var id = Guid.NewGuid();
|
||||
|
||||
|
@ -352,9 +352,12 @@ public class UserController : PeopleControllerBase
|
||||
[HttpPost("invite")]
|
||||
public async Task<List<EmployeeDto>> InviteUsersAsync(InviteUsersRequestDto inDto)
|
||||
{
|
||||
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||
|
||||
foreach (var invite in inDto.Invitations)
|
||||
{
|
||||
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, invite.Type), Constants.Action_AddRemoveUser))
|
||||
if ((invite.Type == EmployeeType.DocSpaceAdmin && !currentUser.IsOwner(_tenantManager.GetCurrentTenant())) ||
|
||||
!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, invite.Type), Constants.Action_AddRemoveUser))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
@ -186,7 +186,10 @@ public class PortalController : ControllerBase
|
||||
[HttpGet("users/invite/{employeeType}")]
|
||||
public object GeInviteLink(EmployeeType employeeType)
|
||||
{
|
||||
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, employeeType), ASC.Core.Users.Constants.Action_AddRemoveUser))
|
||||
var currentUser = _userManager.GetUsers(_authContext.CurrentAccount.ID);
|
||||
|
||||
if ((employeeType == EmployeeType.DocSpaceAdmin && !currentUser.IsOwner(_tenantManager.GetCurrentTenant()))
|
||||
|| !_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, employeeType), ASC.Core.Users.Constants.Action_AddRemoveUser))
|
||||
{
|
||||
return string.Empty;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user