IlyaSobolev/DocSpace-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1099 from ONLYOFFICE/bugfix/room-admin-permissions

Browse Source 
Bugfix/room admin permissions
This commit is contained in:
Pavel Bannov 2022-12-06 15:22:47 +03:00 committed by GitHub
commit 7d0cc5a396
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 571 additions and 256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common/ASC.Common/Security/Authorizing/Domain/Role.cs
View File

@ -38,8 +38,9 @@ public sealed class Role : IRole
public Guid ID { get; internal set; }
public string Name { get; internal set; }
public string AuthenticationType => "ASC";
public bool IsAuthenticated => false;
public bool IsAuthenticated => false;
public string Key => ID.ToString();
public Role(Guid id, string name)
{

2
common/ASC.Common/Security/Authorizing/Interfaces/IRole.cs
View File

@ -26,4 +26,4 @@
namespace ASC.Common.Security.Authorizing;
public interface IRole : ISubject { }
public interface IRole : ISubject, IRuleData { }

32
common/ASC.Common/Security/RuleData.cs Normal file
View File

@ -0,0 +1,32 @@
// (c) Copyright Ascensio System SIA 2010-2022
//
// This program is a free software product.
// You can redistribute it and/or modify it under the terms
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
// any third-party rights.
//
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
//
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
//
// The interactive user interfaces in modified source and object code versions of the Program must
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
//
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
// trademark law for use of our trademarks.
//
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
namespace ASC.Common.Security;
public interface IRuleData
{
public string Key { get; }
}

6
common/ASC.Core.Common/Caching/CachedUserService.cs
View File

@ -74,6 +74,12 @@ public class UserServiceCache
{
var key = GetUserCacheKey(userInfo.Tenant);
Cache.Remove(key);
if (Guid.TryParse(userInfo.Id, out var userId))
{
var userKey = GetUserCacheKey(userInfo.Tenant, userId);
Cache.Remove(userKey);
}
}
}
private void InvalidateCache(GroupCacheItem groupCacheItem)

25
common/ASC.Core.Common/Context/Impl/UserManager.cs
View File

@ -64,6 +64,7 @@ public class UserManager
private readonly TenantQuotaFeatureCheckerCount<CountRoomAdminFeature> _countRoomAdminChecker;
private readonly TenantQuotaFeatureCheckerCount<CountUserFeature> _activeUsersFeatureChecker;
private readonly Constants _constants;
private readonly UserFormatter _userFormatter;
private Tenant _tenant;
private Tenant Tenant => _tenant ??= _tenantManager.GetCurrentTenant();
@ -86,7 +87,8 @@ public class UserManager
ILogger<UserManager> log,
ICache cache,
TenantQuotaFeatureCheckerCount<CountRoomAdminFeature> countRoomAdrminChecker,
TenantQuotaFeatureCheckerCount<CountUserFeature> activeUsersFeatureChecker
TenantQuotaFeatureCheckerCount<CountUserFeature> activeUsersFeatureChecker,
UserFormatter userFormatter
)
{
_userService = service;
@ -103,6 +105,7 @@ public class UserManager
_countRoomAdminChecker = countRoomAdrminChecker;
_activeUsersFeatureChecker = activeUsersFeatureChecker;
_constants = _userManagerConstants.Constants;
_userFormatter = userFormatter;
}
public UserManager(
@ -119,8 +122,9 @@ public class UserManager
ICache cache,
TenantQuotaFeatureCheckerCount<CountRoomAdminFeature> tenantQuotaFeatureChecker,
TenantQuotaFeatureCheckerCount<CountUserFeature> activeUsersFeatureChecker,
IHttpContextAccessor httpContextAccessor)
: this(service, tenantManager, permissionContext, userManagerConstants, coreBaseSettings, coreSettings, instanceCrypto, radicaleClient, cardDavAddressbook, log, cache, tenantQuotaFeatureChecker, activeUsersFeatureChecker)
IHttpContextAccessor httpContextAccessor,
UserFormatter userFormatter)
: this(service, tenantManager, permissionContext, userManagerConstants, coreBaseSettings, coreSettings, instanceCrypto, radicaleClient, cardDavAddressbook, log, cache, tenantQuotaFeatureChecker, activeUsersFeatureChecker, userFormatter)
{
_accessor = httpContextAccessor;
}
@ -353,7 +357,8 @@ public class UserManager
return SystemUsers[u.Id];
}
_permissionContext.DemandPermissions(Constants.Action_AddRemoveUser);
_permissionContext.DemandPermissions(new UserSecurityProvider(u.Id, isVisitor ? EmployeeType.User : EmployeeType.RoomAdmin),
Constants.Action_AddRemoveUser);
if (!_coreBaseSettings.Personal)
{
@ -631,12 +636,15 @@ public class UserManager
{
return;
}
_permissionContext.DemandPermissions(Constants.Action_EditGroups);
var user = GetUsers(userId);
_permissionContext.DemandPermissions(new UserGroupObject(new UserAccount(user, _tenantManager.GetCurrentTenant().Id, _userFormatter), groupId),
Constants.Action_EditGroups);
_userService.SaveUserGroupRef(Tenant.Id, new UserGroupRef(userId, groupId, UserGroupRefType.Contains));
ResetGroupCache(userId);
var user = GetUsers(userId);
if (groupId == Constants.GroupUser.ID)
{
var tenant = _tenantManager.GetCurrentTenant();
@ -658,7 +666,10 @@ public class UserManager
return;
}
_permissionContext.DemandPermissions(Constants.Action_EditGroups);
var user = GetUsers(userId);
_permissionContext.DemandPermissions(new UserGroupObject(new UserAccount(user, _tenantManager.GetCurrentTenant().Id, _userFormatter), groupId),
Constants.Action_EditGroups);
_userService.RemoveUserGroupRef(Tenant.Id, userId, groupId, UserGroupRefType.Contains);

1
common/ASC.Core.Common/Core/GroupInfo.cs
View File

@ -71,4 +71,5 @@ public class GroupInfo : IRole, IRecipientsGroup
string IRecipient.Name => Name;
public string AuthenticationType => "ASC";
public bool IsAuthenticated => false;
public string Key => ID.ToString();
}

3
common/ASC.Core.Common/Security/Authorizing/AzManager.cs
View File

@ -57,7 +57,8 @@ public class AzManager
internal AzManagerAcl GetAzManagerAcl(ISubject subject, IAction action, ISecurityObjectId objectId, ISecurityObjectProvider securityObjProvider)
{
if (action.AdministratorAlwaysAllow && (Constants.DocSpaceAdmin.ID == subject.ID || _roleProvider.IsSubjectInRole(subject, Constants.DocSpaceAdmin)))
if (action.AdministratorAlwaysAllow && (Constants.DocSpaceAdmin.ID == subject.ID || _roleProvider.IsSubjectInRole(subject, Constants.DocSpaceAdmin)
|| (objectId is SecurityObject obj && obj.IsMatchDefaultRules(subject, action, _roleProvider))))
{
return AzManagerAcl.Allow;
}

57
common/ASC.Core.Common/Security/Rule.cs Normal file
View File

@ -0,0 +1,57 @@
// (c) Copyright Ascensio System SIA 2010-2022
//
// This program is a free software product.
// You can redistribute it and/or modify it under the terms
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
// any third-party rights.
//
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
//
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
//
// The interactive user interfaces in modified source and object code versions of the Program must
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
//
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
// trademark law for use of our trademarks.
//
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
namespace ASC.Core.Common.Security;
public class Rule
{
public Guid ActionId { get; }
public IRuleData Data { get; }
private readonly string _key;
public Rule(Guid actionId, IRuleData data)
{
ActionId = actionId;
Data = data;
_key = actionId.ToString() + data?.Key;
}
public Rule(Guid actionId)
{
ActionId = actionId;
_key = actionId.ToString();
}
public override int GetHashCode()
{
return _key.GetHashCode();
}
public override bool Equals(object obj)
{
return obj is Rule action && action._key == _key;
}
}

56
common/ASC.Core.Common/Security/Security.cs Normal file
View File

@ -0,0 +1,56 @@
// (c) Copyright Ascensio System SIA 2010-2022
//
// This program is a free software product.
// You can redistribute it and/or modify it under the terms
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
// any third-party rights.
//
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
//
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
//
// The interactive user interfaces in modified source and object code versions of the Program must
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
//
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
// trademark law for use of our trademarks.
//
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
using UserConstants = ASC.Core.Users.Constants;
using Constants = ASC.Common.Security.Authorizing.Constants;
namespace ASC.Core.Common.Security;
public static class Security
{
public static readonly Dictionary<Guid, Dictionary<Guid, HashSet<Rule>>> Rules = new Dictionary<Guid, Dictionary<Guid, HashSet<Rule>>>
{
{
Constants.RoomAdmin.ID, new Dictionary<Guid, HashSet<Rule>>()
{
{
Constants.User.ID, new HashSet<Rule>()
{
new Rule(UserConstants.Action_EditGroups.ID, Constants.User),
new Rule(UserConstants.Action_AddRemoveUser.ID),
}
},
{
Constants.RoomAdmin.ID, new HashSet<Rule>()
{
new Rule(UserConstants.Action_EditGroups.ID, Constants.User),
new Rule(UserConstants.Action_AddRemoveUser.ID),
}
}
}
}
};
}

75
common/ASC.Core.Common/Security/SecurityObject.cs Normal file
View File

@ -0,0 +1,75 @@
// (c) Copyright Ascensio System SIA 2010-2022
//
// This program is a free software product.
// You can redistribute it and/or modify it under the terms
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
// any third-party rights.
//
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
//
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
//
// The interactive user interfaces in modified source and object code versions of the Program must
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
//
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
// trademark law for use of our trademarks.
//
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
namespace ASC.Core.Common.Security;
public abstract class SecurityObject : ISecurityObject
{
public object SecurityId { get; protected set; }
public Type ObjectType { get; protected set; }
public string FullId { get; protected set; }
public bool InheritSupported { get; protected set; }
public bool ObjectRolesSupported { get; protected set; }
public virtual IEnumerable<IRole> GetObjectRoles(ISubject account, ISecurityObjectId objectId, SecurityCallContext callContext)
{
return null;
}
public virtual ISecurityObjectId InheritFrom(ISecurityObjectId objectId)
{
return null;
}
public bool IsMatchDefaultRules(ISubject subject, IAction action, IRoleProvider roleProvider)
{
var subjectRoles = roleProvider.GetRoles(subject);
var targetRoles = GetTargetRoles(roleProvider);
foreach (var subjectRole in subjectRoles)
{
if (Security.Rules.TryGetValue(subjectRole.ID, out var value))
{
foreach (var targetRole in targetRoles)
{
if (value.TryGetValue(targetRole.ID, out var value1))
{
var act = new Rule(action.ID, GetRuleData());
if (value1.Contains(act))
{
return true;
}
}
}
}
}
return false;
}
protected abstract IEnumerable<IRole> GetTargetRoles(IRoleProvider roleProvider);
protected abstract IRuleData GetRuleData();
}

52
common/ASC.Core.Common/Security/UserGroupObject.cs Normal file
View File

@ -0,0 +1,52 @@
// (c) Copyright Ascensio System SIA 2010-2022
//
// This program is a free software product.
// You can redistribute it and/or modify it under the terms
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
// any third-party rights.
//
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
//
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
//
// The interactive user interfaces in modified source and object code versions of the Program must
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
//
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
// trademark law for use of our trademarks.
//
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
namespace ASC.Core.Common.Security;
public class UserGroupObject : SecurityObject
{
private ISubject User { get; set; }
private Guid GroupId { get; set; }
public UserGroupObject(ISubject user, Guid groupId)
{
SecurityId = user.ID;
User = user;
GroupId = groupId;
ObjectType = typeof(UserGroupObject);
FullId = $"{ObjectType.FullName}|{User.ID}|{GroupId}";
}
protected override IEnumerable<IRole> GetTargetRoles(IRoleProvider roleProvider)
{
return roleProvider.GetRoles(User);
}
protected override IRuleData GetRuleData()
{
return new Role(GroupId, "ruleData");
}
}

36
common/ASC.Core.Common/Security/UserSecurityProvider.cs
View File

@ -24,37 +24,51 @@
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
using AuthConstants = ASC.Common.Security.Authorizing.Constants;
namespace ASC.Core.Users;
public class UserSecurityProvider : ISecurityObject
public class UserSecurityProvider : SecurityObject
{
public Type ObjectType { get; private set; }
public object SecurityId { get; private set; }
public string FullId => AzObjectIdHelper.GetFullObjectId(this);
private readonly EmployeeType _employeeType;
public UserSecurityProvider(Guid userId)
{
SecurityId = userId;
ObjectType = typeof(UserInfo);
FullId = AzObjectIdHelper.GetFullObjectId(this);
ObjectRolesSupported = true;
}
public bool ObjectRolesSupported => true;
public UserSecurityProvider(Guid userId, EmployeeType employeeType) : this(userId)
{
_employeeType = employeeType;
}
public IEnumerable<IRole> GetObjectRoles(ISubject account, ISecurityObjectId objectId, SecurityCallContext callContext)
public override IEnumerable<IRole> GetObjectRoles(ISubject account, ISecurityObjectId objectId, SecurityCallContext callContext)
{
var roles = new List<IRole>();
if (account.ID.Equals(objectId.SecurityId))
{
roles.Add(ASC.Common.Security.Authorizing.Constants.Self);
roles.Add(AuthConstants.Self);
}
return roles;
}
public bool InheritSupported => false;
public ISecurityObjectId InheritFrom(ISecurityObjectId objectId)
protected override IEnumerable<IRole> GetTargetRoles(IRoleProvider roleProvider)
{
throw new NotImplementedException();
return _employeeType switch
{
EmployeeType.DocSpaceAdmin => new[] { AuthConstants.DocSpaceAdmin },
EmployeeType.RoomAdmin => new[] { AuthConstants.RoomAdmin },
EmployeeType.User => new[] { AuthConstants.User },
_ => throw new NotImplementedException(),
};
}
protected override IRuleData GetRuleData()
{
return null;
}
}

5
common/ASC.Core.Common/Users/UserExtensions.cs
View File

@ -96,6 +96,11 @@ public static class UserExtensions
return !string.IsNullOrEmpty(ui.SsoNameId);
}
public static EmployeeType GetUserType(this UserManager userManager, Guid id)
{
return userManager.IsDocSpaceAdmin(id) ? EmployeeType.DocSpaceAdmin : userManager.IsUser(id) ? EmployeeType.User : EmployeeType.RoomAdmin;
}
private const string _extMobPhone = "extmobphone";
private const string _mobPhone = "mobphone";
private const string _extMail = "extmail";

7
products/ASC.People/Server/Api/PeopleControllerBase.cs
View File

@ -72,9 +72,12 @@ public abstract class PeopleControllerBase : ApiControllerBase
return user;
}
protected void UpdateContacts(IEnumerable<Contact> contacts, UserInfo user)
protected void UpdateContacts(IEnumerable<Contact> contacts, UserInfo user, bool checkPermissions = true)
{
_permissionContext.DemandPermissions(new UserSecurityProvider(user.Id), Constants.Action_EditUser);
if (checkPermissions)
{
_permissionContext.DemandPermissions(new UserSecurityProvider(user.Id), Constants.Action_EditUser);
}
if (contacts == null)
{

444
products/ASC.People/Server/Api/UserController.cs
View File

@ -22,18 +22,18 @@
//
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
using ASC.Common.Log;
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
using ASC.Common.Log;
namespace ASC.People.Api;
public class UserController : PeopleControllerBase
{
private Tenant Tenant => _apiContext.Tenant;
private readonly ICache _cache;
private readonly TenantManager _tenantManager;
private readonly ICache _cache;
private readonly TenantManager _tenantManager;
private readonly CookiesManager _cookiesManager;
private readonly CoreBaseSettings _coreBaseSettings;
private readonly CustomNamingPeople _customNamingPeople;
@ -56,19 +56,19 @@ public class UserController : PeopleControllerBase
private readonly StudioNotifyService _studioNotifyService;
private readonly MessageService _messageService;
private readonly AuthContext _authContext;
private readonly SetupInfo _setupInfo;
private readonly SettingsManager _settingsManager;
private readonly RoomLinkService _roomLinkService;
private readonly SetupInfo _setupInfo;
private readonly SettingsManager _settingsManager;
private readonly RoomLinkService _roomLinkService;
private readonly FileSecurity _fileSecurity;
private readonly IQuotaService _quotaService;
private readonly CountRoomAdminChecker _countRoomAdminChecker;
private readonly UsersQuotaSyncOperation _usersQuotaSyncOperation;
private readonly CountUserChecker _countUserChecker;
private readonly UsersInRoomChecker _usersInRoomChecker;
public UserController(
ICache cache,
TenantManager tenantManager,
ICache cache,
TenantManager tenantManager,
CookiesManager cookiesManager,
CoreBaseSettings coreBaseSettings,
CustomNamingPeople customNamingPeople,
@ -96,10 +96,10 @@ public class UserController : PeopleControllerBase
PermissionContext permissionContext,
ApiContext apiContext,
UserPhotoManager userPhotoManager,
IHttpClientFactory httpClientFactory,
IHttpContextAccessor httpContextAccessor,
SettingsManager settingsManager,
RoomLinkService roomLinkService,
IHttpClientFactory httpClientFactory,
IHttpContextAccessor httpContextAccessor,
SettingsManager settingsManager,
RoomLinkService roomLinkService,
FileSecurity fileSecurity,
UsersQuotaSyncOperation usersQuotaSyncOperation,
CountRoomAdminChecker countRoomAdminChecker,
@ -108,8 +108,8 @@ public class UserController : PeopleControllerBase
IQuotaService quotaService)
: base(userManager, permissionContext, apiContext, userPhotoManager, httpClientFactory, httpContextAccessor)
{
_cache = cache;
_tenantManager = tenantManager;
_cache = cache;
_tenantManager = tenantManager;
_cookiesManager = cookiesManager;
_coreBaseSettings = coreBaseSettings;
_customNamingPeople = customNamingPeople;
@ -132,14 +132,14 @@ public class UserController : PeopleControllerBase
_studioNotifyService = studioNotifyService;
_messageService = messageService;
_authContext = authContext;
_setupInfo = setupInfo;
_settingsManager = settingsManager;
_roomLinkService = roomLinkService;
_setupInfo = setupInfo;
_settingsManager = settingsManager;
_roomLinkService = roomLinkService;
_fileSecurity = fileSecurity;
_countRoomAdminChecker = countRoomAdminChecker;
_countUserChecker = activeUsersChecker;
_usersInRoomChecker = usersInRoomChecker;
_quotaService = quotaService;
_quotaService = quotaService;
_usersQuotaSyncOperation = usersQuotaSyncOperation;
}
@ -157,7 +157,7 @@ public class UserController : PeopleControllerBase
if (string.IsNullOrEmpty(inDto.Password))
{
inDto.Password = UserManagerWrapper.GeneratePassword();
inDto.Password = UserManagerWrapper.GeneratePassword();
}
else
{
@ -185,16 +185,16 @@ public class UserController : PeopleControllerBase
UpdateContacts(inDto.Contacts, user);
_cache.Insert("REWRITE_URL" + _tenantManager.GetCurrentTenant().Id, HttpContext.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
_cache.Insert("REWRITE_URL" + _tenantManager.GetCurrentTenant().Id, HttpContext.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
user = await _userManagerWrapper.AddUser(user, inDto.PasswordHash, false, false, inDto.IsUser, false, true, true);
user.ActivationStatus = EmployeeActivationStatus.Activated;
await UpdateDepartments(inDto.Department, user);
if (inDto.Files != _userPhotoManager.GetDefaultPhotoAbsoluteWebPath())
if (inDto.Files != _userPhotoManager.GetDefaultPhotoAbsoluteWebPath())
{
await UpdatePhotoUrl(inDto.Files, user);
await UpdatePhotoUrl(inDto.Files, user);
}
return await _employeeFullDtoHelper.GetFull(user);
@ -206,29 +206,28 @@ public class UserController : PeopleControllerBase
{
_apiContext.AuthByClaim();
_permissionContext.DemandPermissions(Constants.Action_AddRemoveUser);
var options = inDto.FromInviteLink ? await _roomLinkService.GetOptionsAsync(inDto.Key, inDto.Email, inDto.Type) : null;
if (options != null && !options.IsCorrect)
{
throw new SecurityException(FilesCommonResource.ErrorMessage_InvintationLink);
var options = inDto.FromInviteLink ? await _roomLinkService.GetOptionsAsync(inDto.Key, inDto.Email, inDto.Type) : null;
if (options != null && !options.IsCorrect)
{
throw new SecurityException(FilesCommonResource.ErrorMessage_InvintationLink);
}
_permissionContext.DemandPermissions(new UserSecurityProvider(Guid.Empty, inDto.Type) ,Constants.Action_AddRemoveUser);
inDto.Type = options != null ? options.EmployeeType : inDto.Type;
var user = new UserInfo();
var byEmail = options?.LinkType == LinkType.InvintationByEmail;
if (byEmail)
{
user = _userManager.GetUserByEmail(inDto.Email);
if (user == Constants.LostUser || user.ActivationStatus != EmployeeActivationStatus.Pending)
{
throw new SecurityException(FilesCommonResource.ErrorMessage_InvintationLink);
}
var user = new UserInfo();
var byEmail = options?.LinkType == LinkType.InvintationByEmail;
if (byEmail)
{
user = _userManager.GetUserByEmail(inDto.Email);
if (user == Constants.LostUser || user.ActivationStatus != EmployeeActivationStatus.Pending)
{
throw new SecurityException(FilesCommonResource.ErrorMessage_InvintationLink);
}
}
inDto.PasswordHash = (inDto.PasswordHash ?? "").Trim();
@ -238,7 +237,7 @@ public class UserController : PeopleControllerBase
if (string.IsNullOrEmpty(inDto.Password))
{
inDto.Password = UserManagerWrapper.GeneratePassword();
inDto.Password = UserManagerWrapper.GeneratePassword();
}
else
{
@ -249,8 +248,8 @@ public class UserController : PeopleControllerBase
//Validate email
var address = new MailAddress(inDto.Email);
user.Email = address.Address;
//Set common fields
user.Email = address.Address;
//Set common fields
user.CultureName = inDto.CultureName;
user.FirstName = inDto.Firstname;
user.LastName = inDto.Lastname;
@ -264,57 +263,62 @@ public class UserController : PeopleControllerBase
user.BirthDate = inDto.Birthday != null && inDto.Birthday != DateTime.MinValue ? _tenantUtil.DateTimeFromUtc(inDto.Birthday) : null;
user.WorkFromDate = inDto.Worksfrom != null && inDto.Worksfrom != DateTime.MinValue ? _tenantUtil.DateTimeFromUtc(inDto.Worksfrom) : DateTime.UtcNow.Date;
UpdateContacts(inDto.Contacts, user);
_cache.Insert("REWRITE_URL" + _tenantManager.GetCurrentTenant().Id, HttpContext.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
user = await _userManagerWrapper.AddUser(user, inDto.PasswordHash, inDto.FromInviteLink, true, inDto.Type == EmployeeType.User, inDto.FromInviteLink, true, true, byEmail, inDto.Type == EmployeeType.DocSpaceAdmin);
UpdateContacts(inDto.Contacts, user, !inDto.FromInviteLink);
_cache.Insert("REWRITE_URL" + _tenantManager.GetCurrentTenant().Id, HttpContext.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
user = await _userManagerWrapper.AddUser(user, inDto.PasswordHash, inDto.FromInviteLink, true, inDto.Type == EmployeeType.User, inDto.FromInviteLink && options.IsCorrect, true, true, byEmail, inDto.Type == EmployeeType.DocSpaceAdmin);
await UpdateDepartments(inDto.Department, user);
if (inDto.Files != _userPhotoManager.GetDefaultPhotoAbsoluteWebPath())
if (inDto.Files != _userPhotoManager.GetDefaultPhotoAbsoluteWebPath())
{
await UpdatePhotoUrl(inDto.Files, user);
}
if (options != null && options.LinkType == LinkType.InvintationToRoom)
{
var success = int.TryParse(options.RoomId, out var id);
if (success)
{
await _usersInRoomChecker.CheckAppend();
await UpdatePhotoUrl(inDto.Files, user);
}
if (options != null && options.LinkType == LinkType.InvintationToRoom)
{
var success = int.TryParse(options.RoomId, out var id);
if (success)
{
await _usersInRoomChecker.CheckAppend();
await _fileSecurity.ShareAsync(id, FileEntryType.Folder, user.Id, options.Share);
}
else
{
await _usersInRoomChecker.CheckAppend();
}
else
{
await _usersInRoomChecker.CheckAppend();
await _fileSecurity.ShareAsync(options.RoomId, FileEntryType.Folder, user.Id, options.Share);
}
}
var messageAction = inDto.IsUser ? MessageAction.GuestCreated : MessageAction.UserCreated;
}
}
var messageAction = inDto.IsUser ? MessageAction.GuestCreated : MessageAction.UserCreated;
_messageService.Send(messageAction, _messageTarget.Create(user.Id), user.DisplayUserName(false, _displayUserSettingsHelper));
return await _employeeFullDtoHelper.GetFull(user);
}
[HttpPost("invite")]
public async IAsyncEnumerable<EmployeeDto> InviteUsersAsync(InviteUsersRequestDto inDto)
{
foreach (var invite in inDto.Invitations)
{
var user = await _userManagerWrapper.AddInvitedUserAsync(invite.Email, invite.Type);
var link = _roomLinkService.GetInvitationLink(user.Email, invite.Type, _authContext.CurrentAccount.ID);
_studioNotifyService.SendDocSpaceInvite(user.Email, link);
_logger.Debug(link);
}
var users = _userManager.GetUsers().Where(u => u.ActivationStatus == EmployeeActivationStatus.Pending);
foreach (var user in users)
{
yield return await _employeeDtoHelper.Get(user);
}
[HttpPost("invite")]
public async IAsyncEnumerable<EmployeeDto> InviteUsersAsync(InviteUsersRequestDto inDto)
{
foreach (var invite in inDto.Invitations)
{
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, invite.Type), Constants.Action_AddRemoveUser))
{
continue;
}
var user = await _userManagerWrapper.AddInvitedUserAsync(invite.Email, invite.Type);
var link = _roomLinkService.GetInvitationLink(user.Email, invite.Type, _authContext.CurrentAccount.ID);
_studioNotifyService.SendDocSpaceInvite(user.Email, link);
_logger.Debug(link);
}
var users = _userManager.GetUsers().Where(u => u.ActivationStatus == EmployeeActivationStatus.Pending);
foreach (var user in users)
{
yield return await _employeeDtoHelper.Get(user);
}
}
[HttpPut("{userid}/password")]
@ -328,12 +332,12 @@ public class UserController : PeopleControllerBase
if (!_userManager.UserExists(user))
{
return null;
return null;
}
if (_userManager.IsSystemUser(user.Id))
if (_userManager.IsSystemUser(user.Id))
{
throw new SecurityException();
throw new SecurityException();
}
if (!string.IsNullOrEmpty(inDto.Email))
@ -468,10 +472,10 @@ public class UserController : PeopleControllerBase
list = list.Where(x => x.FirstName != null && x.FirstName.IndexOf(query, StringComparison.OrdinalIgnoreCase) > -1 || (x.LastName != null && x.LastName.IndexOf(query, StringComparison.OrdinalIgnoreCase) != -1) ||
(x.UserName != null && x.UserName.IndexOf(query, StringComparison.OrdinalIgnoreCase) != -1) || (x.Email != null && x.Email.IndexOf(query, StringComparison.OrdinalIgnoreCase) != -1) || (x.ContactsList != null && x.ContactsList.Any(y => y.IndexOf(query, StringComparison.OrdinalIgnoreCase) != -1)));
foreach (var item in list)
{
yield return await _employeeFullDtoHelper.GetFull(item);
foreach (var item in list)
{
yield return await _employeeFullDtoHelper.GetFull(item);
}
}
@ -480,7 +484,7 @@ public class UserController : PeopleControllerBase
{
return GetByStatus(EmployeeStatus.Active);
}
[AllowNotPayment]
[HttpGet("email")]
public async Task<EmployeeFullDto> GetByEmail([FromQuery] string email)
@ -497,7 +501,7 @@ public class UserController : PeopleControllerBase
}
return await _employeeFullDtoHelper.GetFull(user);
}
}
[AllowNotPayment]
[Authorize(AuthenticationSchemes = "confirm", Roles = "LinkInvite,Everyone")]
@ -506,18 +510,18 @@ public class UserController : PeopleControllerBase
{
if (_coreBaseSettings.Personal)
{
throw new MethodAccessException("Method not available");
}
var isInvite = _httpContextAccessor.HttpContext.User.Claims
.Any(role => role.Type == ClaimTypes.Role && ConfirmTypeExtensions.TryParse(role.Value, out var confirmType) && confirmType == ConfirmType.LinkInvite);
_apiContext.AuthByClaim();
throw new MethodAccessException("Method not available");
}
var isInvite = _httpContextAccessor.HttpContext.User.Claims
.Any(role => role.Type == ClaimTypes.Role && ConfirmTypeExtensions.TryParse(role.Value, out var confirmType) && confirmType == ConfirmType.LinkInvite);
_apiContext.AuthByClaim();
var user = _userManager.GetUserByUserName(username);
if (user.Id == Constants.LostUser.Id)
{
if (Guid.TryParse(username, out var userId))
if (Guid.TryParse(username, out var userId))
{
user = _userManager.GetUsers(userId);
}
@ -530,12 +534,12 @@ public class UserController : PeopleControllerBase
if (user.Id == Constants.LostUser.Id)
{
throw new ItemNotFoundException("User not found");
}
if (isInvite)
{
}
if (isInvite)
{
return await _employeeFullDtoHelper.GetSimple(user);
}
}
return await _employeeFullDtoHelper.GetFull(user);
}
@ -562,10 +566,10 @@ public class UserController : PeopleControllerBase
public async IAsyncEnumerable<EmployeeFullDto> GetFullByFilter(EmployeeStatus? employeeStatus, Guid? groupId, EmployeeActivationStatus? activationStatus, EmployeeType? employeeType, bool? isAdministrator, Payments? payments)
{
var users = GetByFilter(employeeStatus, groupId, activationStatus, employeeType, isAdministrator, payments);
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
}
}
@ -590,19 +594,19 @@ public class UserController : PeopleControllerBase
if (_coreBaseSettings.Personal)
{
throw new MethodAccessException("Method not available");
}
var groupId = Guid.Empty;
if ("group".Equals(_apiContext.FilterBy, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(_apiContext.FilterValue))
{
groupId = new Guid(_apiContext.FilterValue);
}
var users = _userManager.Search(query, EmployeeStatus.Active, groupId);
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
}
var groupId = Guid.Empty;
if ("group".Equals(_apiContext.FilterBy, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(_apiContext.FilterValue))
{
groupId = new Guid(_apiContext.FilterValue);
}
var users = _userManager.Search(query, EmployeeStatus.Active, groupId);
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
}
}
@ -610,10 +614,10 @@ public class UserController : PeopleControllerBase
public async IAsyncEnumerable<EmployeeDto> GetSimpleByFilter(EmployeeStatus? employeeStatus, Guid? groupId, EmployeeActivationStatus? activationStatus, EmployeeType? employeeType, bool? isAdministrator, Payments? payments)
{
var users = GetByFilter(employeeStatus, groupId, activationStatus, employeeType, isAdministrator, payments);
foreach (var user in users)
{
yield return await _employeeDtoHelper.Get(user);
foreach (var user in users)
{
yield return await _employeeDtoHelper.Get(user);
}
}
@ -644,7 +648,7 @@ public class UserController : PeopleControllerBase
foreach (var user in users)
{
if (user.Status != EmployeeStatus.Terminated)
if (user.Status != EmployeeStatus.Terminated)
{
continue;
}
@ -654,43 +658,43 @@ public class UserController : PeopleControllerBase
_queueWorkerRemove.Start(Tenant.Id, user, _securityContext.CurrentAccount.ID, false);
}
_messageService.Send(MessageAction.UsersDeleted, _messageTarget.Create(users.Select(x => x.Id)), userNames);
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
}
_messageService.Send(MessageAction.UsersDeleted, _messageTarget.Create(users.Select(x => x.Id)), userNames);
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
}
}
[HttpPut("invite")]
public async IAsyncEnumerable<EmployeeFullDto> ResendUserInvites(UpdateMembersRequestDto inDto)
public async IAsyncEnumerable<EmployeeFullDto> ResendUserInvites(UpdateMembersRequestDto inDto)
{
var users = inDto.UserIds
.Where(userId => !_userManager.IsSystemUser(userId))
.Select(userId => _userManager.GetUsers(userId))
var users = inDto.UserIds
.Where(userId => !_userManager.IsSystemUser(userId))
.Select(userId => _userManager.GetUsers(userId))
.ToList();
foreach (var user in users)
foreach (var user in users)
{
if (user.IsActive)
if (user.IsActive)
{
continue;
continue;
}
var viewer = _userManager.GetUsers(_securityContext.CurrentAccount.ID);
if (viewer == null)
{
throw new Exception(Resource.ErrorAccessDenied);
throw new Exception(Resource.ErrorAccessDenied);
}
if (_userManager.IsDocSpaceAdmin(viewer) || viewer.Id == user.Id)
if (_userManager.IsDocSpaceAdmin(viewer) || viewer.Id == user.Id)
{
if (user.ActivationStatus == EmployeeActivationStatus.Activated)
{
user.ActivationStatus = EmployeeActivationStatus.NotActivated;
}
if (user.ActivationStatus == (EmployeeActivationStatus.AutoGenerated | EmployeeActivationStatus.Activated))
if (user.ActivationStatus == (EmployeeActivationStatus.AutoGenerated | EmployeeActivationStatus.Activated))
{
user.ActivationStatus = EmployeeActivationStatus.AutoGenerated;
}
@ -698,31 +702,31 @@ public class UserController : PeopleControllerBase
await _userManager.UpdateUserInfoWithSyncCardDavAsync(user);
}
if (user.ActivationStatus == EmployeeActivationStatus.Pending)
if (user.ActivationStatus == EmployeeActivationStatus.Pending)
{
var type = _userManager.IsDocSpaceAdmin(user) ? EmployeeType.DocSpaceAdmin :
_userManager.IsUser(user) ? EmployeeType.User : EmployeeType.RoomAdmin;
_studioNotifyService.SendDocSpaceInvite(user.Email, _roomLinkService.GetInvitationLink(user.Email, type, _authContext.CurrentAccount.ID));
}
else
var type = _userManager.IsDocSpaceAdmin(user) ? EmployeeType.DocSpaceAdmin :
_userManager.IsUser(user) ? EmployeeType.User : EmployeeType.RoomAdmin;
_studioNotifyService.SendDocSpaceInvite(user.Email, _roomLinkService.GetInvitationLink(user.Email, type, _authContext.CurrentAccount.ID));
}
else
{
_studioNotifyService.SendEmailActivationInstructions(user, user.Email);
}
_studioNotifyService.SendEmailActivationInstructions(user, user.Email);
}
}
_messageService.Send(MessageAction.UsersSentActivationInstructions, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
}
_messageService.Send(MessageAction.UsersSentActivationInstructions, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
}
}
[HttpGet("theme")]
public DarkThemeSettings GetTheme()
[HttpGet("theme")]
public DarkThemeSettings GetTheme()
{
return _settingsManager.LoadForCurrentUser<DarkThemeSettings>();
return _settingsManager.LoadForCurrentUser<DarkThemeSettings>();
}
[HttpPut("theme")]
@ -740,15 +744,15 @@ public class UserController : PeopleControllerBase
[AllowNotPayment]
[HttpGet("@self")]
public async Task<EmployeeFullDto> Self()
public async Task<EmployeeFullDto> Self()
{
var user = _userManager.GetUser(_securityContext.CurrentAccount.ID, EmployeeFullDtoHelper.GetExpression(_apiContext));
var result = await _employeeFullDtoHelper.GetFull(user);
var result = await _employeeFullDtoHelper.GetFull(user);
result.Theme = _settingsManager.LoadForCurrentUser<DarkThemeSettings>().Theme;
result.Theme = _settingsManager.LoadForCurrentUser<DarkThemeSettings>().Theme;
return result;
return result;
}
[AllowNotPayment]
@ -823,7 +827,7 @@ public class UserController : PeopleControllerBase
{
var error = _userManagerWrapper.SendUserPassword(inDto.Email);
if (!string.IsNullOrEmpty(error))
{
{
_logger.ErrorPasswordRecovery(inDto.Email, error);
}
@ -992,8 +996,8 @@ public class UserController : PeopleControllerBase
}
return await _employeeFullDtoHelper.GetFull(user);
}
}
[HttpPut("status/{status}")]
public async IAsyncEnumerable<EmployeeFullDto> UpdateUserStatus(EmployeeStatus status, UpdateMembersRequestDto inDto)
{
@ -1015,13 +1019,13 @@ public class UserController : PeopleControllerBase
case EmployeeStatus.Active:
if (user.Status == EmployeeStatus.Terminated)
{
if (!_userManager.IsUser(user))
if (!_userManager.IsUser(user))
{
await _countRoomAdminChecker.CheckAppend();
await _countRoomAdminChecker.CheckAppend();
}
else
{
await _countUserChecker.CheckAppend();
else
{
await _countUserChecker.CheckAppend();
}
user.Status = EmployeeStatus.Active;
@ -1038,11 +1042,11 @@ public class UserController : PeopleControllerBase
}
}
_messageService.Send(MessageAction.UsersUpdatedStatus, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
_messageService.Send(MessageAction.UsersUpdatedStatus, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
}
}
@ -1064,33 +1068,33 @@ public class UserController : PeopleControllerBase
switch (type)
{
case EmployeeType.RoomAdmin:
await _countRoomAdminChecker.CheckAppend();
_userManager.RemoveUserFromGroup(user.Id, Constants.GroupUser.ID);
case EmployeeType.RoomAdmin:
await _countRoomAdminChecker.CheckAppend();
_userManager.RemoveUserFromGroup(user.Id, Constants.GroupUser.ID);
_webItemSecurityCache.ClearCache(Tenant.Id);
break;
case EmployeeType.User:
await _countUserChecker.CheckAppend();
case EmployeeType.User:
await _countUserChecker.CheckAppend();
await _userManager.AddUserIntoGroup(user.Id, Constants.GroupUser.ID);
_webItemSecurityCache.ClearCache(Tenant.Id);
break;
}
}
_messageService.Send(MessageAction.UsersUpdatedType, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
_messageService.Send(MessageAction.UsersUpdatedType, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
foreach (var user in users)
{
yield return await _employeeFullDtoHelper.GetFull(user);
}
}
}
[HttpGet("recalculatequota")]
public void RecalculateQuota()
{
_permissionContext.DemandPermissions(SecutiryConstants.EditPortalSettings);
_usersQuotaSyncOperation.RecalculateQuota(_tenantManager.GetCurrentTenant());
}
[HttpGet("checkrecalculatequota")]
public TaskProgressDto CheckRecalculateQuota()
{
@ -1107,31 +1111,31 @@ public class UserController : PeopleControllerBase
.ToList();
foreach (var user in users)
{
if (inDto.Quota != -1)
{
var usedSpace = Math.Max(0,
{
if (inDto.Quota != -1)
{
var usedSpace = Math.Max(0,
_quotaService.FindUserQuotaRows(
_tenantManager.GetCurrentTenant().Id,
user.Id
)
.Where(r => !string.IsNullOrEmpty(r.Tag)).Sum(r => r.Counter));
var tenanSpaceQuota = _quotaService.GetTenantQuota(Tenant.Id).MaxTotalSize;
if (tenanSpaceQuota < inDto.Quota || usedSpace > inDto.Quota)
{
continue;
}
}
var quotaSettings = _settingsManager.Load<TenantUserQuotaSettings>();
_settingsManager.SaveForUser(new UserQuotaSettings { UserQuota = inDto.Quota }, user);
_tenantManager.GetCurrentTenant().Id,
user.Id
)
.Where(r => !string.IsNullOrEmpty(r.Tag)).Sum(r => r.Counter));
var tenanSpaceQuota = _quotaService.GetTenantQuota(Tenant.Id).MaxTotalSize;
if (tenanSpaceQuota < inDto.Quota || usedSpace > inDto.Quota)
{
continue;
}
}
var quotaSettings = _settingsManager.Load<TenantUserQuotaSettings>();
_settingsManager.SaveForUser(new UserQuotaSettings { UserQuota = inDto.Quota }, user);
yield return await _employeeFullDtoHelper.GetFull(user);
}
}
}
}
private async Task UpdateDepartments(IEnumerable<Guid> department, UserInfo user)
@ -1356,7 +1360,7 @@ public class UserController : PeopleControllerBase
// lock (progressQueue.SynchRoot)
// {
// var task = progressQueue.GetItems().OfType<ImportUsersTask>().FirstOrDefault(t => (int)t.Id == TenantProvider.CurrentTenantID);
//var tenant = CoreContext.TenantManager.GetCurrentTenant();
//var tenant = CoreContext.TenantManager.GetCurrentTenant();
//Cache.Insert("REWRITE_URL" + tenant.TenantId, HttpContext.Current.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
// if (task != null && task.IsCompleted)
// {

6
web/ASC.Web.Api/Api/PortalController.cs
View File

@ -143,9 +143,9 @@ public class PortalController : ControllerBase
[HttpGet("users/invite/{employeeType}")]
public object GeInviteLink(EmployeeType employeeType)
{
if (!_webItemSecurity.IsProductAdministrator(WebItemManager.PeopleProductID, _authContext.CurrentAccount.ID))
{
throw new SecurityException("Method not available");
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, employeeType), ASC.Core.Users.Constants.Action_AddRemoveUser))
{
return string.Empty;
}
return _commonLinkUtility.GetConfirmationEmailUrl(string.Empty, ConfirmType.LinkInvite, (int)employeeType, _authContext.CurrentAccount.ID)

15
web/ASC.Web.Core/Users/UserManagerWrapper.cs
View File

@ -117,12 +117,7 @@ public sealed class UserManagerWrapper
if (_userManager.GetUserByEmail(mail.Address).Id != Constants.LostUser.Id)
{
throw new InvalidOperationException($"User with email {mail.Address} already exists or is invited");
}
if (type is EmployeeType.RoomAdmin or EmployeeType.DocSpaceAdmin)
{
await _countManagerChecker.CheckAppend();
throw new Exception(_customNamingPeople.Substitute<Resource>("ErrorEmailAlreadyExists"));
}
var user = new UserInfo
@ -135,7 +130,9 @@ public sealed class UserManagerWrapper
Status = EmployeeStatus.Active,
};
var newUser = await _userManager.SaveUserInfo(user);
user.UserName = MakeUniqueName(user);
var newUser = await _userManager.SaveUserInfo(user, type == EmployeeType.User);
var groupId = type switch
{
@ -226,11 +223,11 @@ public sealed class UserManagerWrapper
if (isUser)
{
await _userManager.AddUserIntoGroup(newUserInfo.Id, Constants.GroupUser.ID);
await _userManager.AddUserIntoGroup(newUserInfo.Id, Constants.GroupUser.ID, true);
}
else if (isAdmin)
{
await _userManager.AddUserIntoGroup(newUserInfo.Id, Constants.GroupAdmin.ID);
await _userManager.AddUserIntoGroup(newUserInfo.Id, Constants.GroupAdmin.ID, true);
}
return newUserInfo;