Merge pull request #1099 from ONLYOFFICE/bugfix/room-admin-permissions
Bugfix/room admin permissions
This commit is contained in:
commit
7d0cc5a396
@ -38,8 +38,9 @@ public sealed class Role : IRole
|
||||
public Guid ID { get; internal set; }
|
||||
public string Name { get; internal set; }
|
||||
public string AuthenticationType => "ASC";
|
||||
public bool IsAuthenticated => false;
|
||||
|
||||
public bool IsAuthenticated => false;
|
||||
|
||||
public string Key => ID.ToString();
|
||||
|
||||
public Role(Guid id, string name)
|
||||
{
|
||||
|
@ -26,4 +26,4 @@
|
||||
|
||||
namespace ASC.Common.Security.Authorizing;
|
||||
|
||||
public interface IRole : ISubject { }
|
||||
public interface IRole : ISubject, IRuleData { }
|
||||
|
32
common/ASC.Common/Security/RuleData.cs
Normal file
32
common/ASC.Common/Security/RuleData.cs
Normal file
@ -0,0 +1,32 @@
|
||||
// (c) Copyright Ascensio System SIA 2010-2022
|
||||
//
|
||||
// This program is a free software product.
|
||||
// You can redistribute it and/or modify it under the terms
|
||||
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
||||
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
||||
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
||||
// any third-party rights.
|
||||
//
|
||||
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
||||
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
||||
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
||||
//
|
||||
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
||||
//
|
||||
// The interactive user interfaces in modified source and object code versions of the Program must
|
||||
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
||||
//
|
||||
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
||||
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
||||
// trademark law for use of our trademarks.
|
||||
//
|
||||
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
namespace ASC.Common.Security;
|
||||
|
||||
public interface IRuleData
|
||||
{
|
||||
public string Key { get; }
|
||||
}
|
@ -74,6 +74,12 @@ public class UserServiceCache
|
||||
{
|
||||
var key = GetUserCacheKey(userInfo.Tenant);
|
||||
Cache.Remove(key);
|
||||
|
||||
if (Guid.TryParse(userInfo.Id, out var userId))
|
||||
{
|
||||
var userKey = GetUserCacheKey(userInfo.Tenant, userId);
|
||||
Cache.Remove(userKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
private void InvalidateCache(GroupCacheItem groupCacheItem)
|
||||
|
@ -64,6 +64,7 @@ public class UserManager
|
||||
private readonly TenantQuotaFeatureCheckerCount<CountRoomAdminFeature> _countRoomAdminChecker;
|
||||
private readonly TenantQuotaFeatureCheckerCount<CountUserFeature> _activeUsersFeatureChecker;
|
||||
private readonly Constants _constants;
|
||||
private readonly UserFormatter _userFormatter;
|
||||
|
||||
private Tenant _tenant;
|
||||
private Tenant Tenant => _tenant ??= _tenantManager.GetCurrentTenant();
|
||||
@ -86,7 +87,8 @@ public class UserManager
|
||||
ILogger<UserManager> log,
|
||||
ICache cache,
|
||||
TenantQuotaFeatureCheckerCount<CountRoomAdminFeature> countRoomAdrminChecker,
|
||||
TenantQuotaFeatureCheckerCount<CountUserFeature> activeUsersFeatureChecker
|
||||
TenantQuotaFeatureCheckerCount<CountUserFeature> activeUsersFeatureChecker,
|
||||
UserFormatter userFormatter
|
||||
)
|
||||
{
|
||||
_userService = service;
|
||||
@ -103,6 +105,7 @@ public class UserManager
|
||||
_countRoomAdminChecker = countRoomAdrminChecker;
|
||||
_activeUsersFeatureChecker = activeUsersFeatureChecker;
|
||||
_constants = _userManagerConstants.Constants;
|
||||
_userFormatter = userFormatter;
|
||||
}
|
||||
|
||||
public UserManager(
|
||||
@ -119,8 +122,9 @@ public class UserManager
|
||||
ICache cache,
|
||||
TenantQuotaFeatureCheckerCount<CountRoomAdminFeature> tenantQuotaFeatureChecker,
|
||||
TenantQuotaFeatureCheckerCount<CountUserFeature> activeUsersFeatureChecker,
|
||||
IHttpContextAccessor httpContextAccessor)
|
||||
: this(service, tenantManager, permissionContext, userManagerConstants, coreBaseSettings, coreSettings, instanceCrypto, radicaleClient, cardDavAddressbook, log, cache, tenantQuotaFeatureChecker, activeUsersFeatureChecker)
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
UserFormatter userFormatter)
|
||||
: this(service, tenantManager, permissionContext, userManagerConstants, coreBaseSettings, coreSettings, instanceCrypto, radicaleClient, cardDavAddressbook, log, cache, tenantQuotaFeatureChecker, activeUsersFeatureChecker, userFormatter)
|
||||
{
|
||||
_accessor = httpContextAccessor;
|
||||
}
|
||||
@ -353,7 +357,8 @@ public class UserManager
|
||||
return SystemUsers[u.Id];
|
||||
}
|
||||
|
||||
_permissionContext.DemandPermissions(Constants.Action_AddRemoveUser);
|
||||
_permissionContext.DemandPermissions(new UserSecurityProvider(u.Id, isVisitor ? EmployeeType.User : EmployeeType.RoomAdmin),
|
||||
Constants.Action_AddRemoveUser);
|
||||
|
||||
if (!_coreBaseSettings.Personal)
|
||||
{
|
||||
@ -631,12 +636,15 @@ public class UserManager
|
||||
{
|
||||
return;
|
||||
}
|
||||
_permissionContext.DemandPermissions(Constants.Action_EditGroups);
|
||||
|
||||
var user = GetUsers(userId);
|
||||
|
||||
_permissionContext.DemandPermissions(new UserGroupObject(new UserAccount(user, _tenantManager.GetCurrentTenant().Id, _userFormatter), groupId),
|
||||
Constants.Action_EditGroups);
|
||||
|
||||
_userService.SaveUserGroupRef(Tenant.Id, new UserGroupRef(userId, groupId, UserGroupRefType.Contains));
|
||||
|
||||
ResetGroupCache(userId);
|
||||
var user = GetUsers(userId);
|
||||
if (groupId == Constants.GroupUser.ID)
|
||||
{
|
||||
var tenant = _tenantManager.GetCurrentTenant();
|
||||
@ -658,7 +666,10 @@ public class UserManager
|
||||
return;
|
||||
}
|
||||
|
||||
_permissionContext.DemandPermissions(Constants.Action_EditGroups);
|
||||
var user = GetUsers(userId);
|
||||
|
||||
_permissionContext.DemandPermissions(new UserGroupObject(new UserAccount(user, _tenantManager.GetCurrentTenant().Id, _userFormatter), groupId),
|
||||
Constants.Action_EditGroups);
|
||||
|
||||
_userService.RemoveUserGroupRef(Tenant.Id, userId, groupId, UserGroupRefType.Contains);
|
||||
|
||||
|
@ -71,4 +71,5 @@ public class GroupInfo : IRole, IRecipientsGroup
|
||||
string IRecipient.Name => Name;
|
||||
public string AuthenticationType => "ASC";
|
||||
public bool IsAuthenticated => false;
|
||||
public string Key => ID.ToString();
|
||||
}
|
||||
|
@ -57,7 +57,8 @@ public class AzManager
|
||||
|
||||
internal AzManagerAcl GetAzManagerAcl(ISubject subject, IAction action, ISecurityObjectId objectId, ISecurityObjectProvider securityObjProvider)
|
||||
{
|
||||
if (action.AdministratorAlwaysAllow && (Constants.DocSpaceAdmin.ID == subject.ID || _roleProvider.IsSubjectInRole(subject, Constants.DocSpaceAdmin)))
|
||||
if (action.AdministratorAlwaysAllow && (Constants.DocSpaceAdmin.ID == subject.ID || _roleProvider.IsSubjectInRole(subject, Constants.DocSpaceAdmin)
|
||||
|| (objectId is SecurityObject obj && obj.IsMatchDefaultRules(subject, action, _roleProvider))))
|
||||
{
|
||||
return AzManagerAcl.Allow;
|
||||
}
|
||||
|
57
common/ASC.Core.Common/Security/Rule.cs
Normal file
57
common/ASC.Core.Common/Security/Rule.cs
Normal file
@ -0,0 +1,57 @@
|
||||
// (c) Copyright Ascensio System SIA 2010-2022
|
||||
//
|
||||
// This program is a free software product.
|
||||
// You can redistribute it and/or modify it under the terms
|
||||
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
||||
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
||||
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
||||
// any third-party rights.
|
||||
//
|
||||
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
||||
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
||||
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
||||
//
|
||||
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
||||
//
|
||||
// The interactive user interfaces in modified source and object code versions of the Program must
|
||||
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
||||
//
|
||||
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
||||
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
||||
// trademark law for use of our trademarks.
|
||||
//
|
||||
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
namespace ASC.Core.Common.Security;
|
||||
|
||||
public class Rule
|
||||
{
|
||||
public Guid ActionId { get; }
|
||||
public IRuleData Data { get; }
|
||||
private readonly string _key;
|
||||
|
||||
public Rule(Guid actionId, IRuleData data)
|
||||
{
|
||||
ActionId = actionId;
|
||||
Data = data;
|
||||
_key = actionId.ToString() + data?.Key;
|
||||
}
|
||||
|
||||
public Rule(Guid actionId)
|
||||
{
|
||||
ActionId = actionId;
|
||||
_key = actionId.ToString();
|
||||
}
|
||||
|
||||
public override int GetHashCode()
|
||||
{
|
||||
return _key.GetHashCode();
|
||||
}
|
||||
|
||||
public override bool Equals(object obj)
|
||||
{
|
||||
return obj is Rule action && action._key == _key;
|
||||
}
|
||||
}
|
56
common/ASC.Core.Common/Security/Security.cs
Normal file
56
common/ASC.Core.Common/Security/Security.cs
Normal file
@ -0,0 +1,56 @@
|
||||
// (c) Copyright Ascensio System SIA 2010-2022
|
||||
//
|
||||
// This program is a free software product.
|
||||
// You can redistribute it and/or modify it under the terms
|
||||
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
||||
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
||||
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
||||
// any third-party rights.
|
||||
//
|
||||
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
||||
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
||||
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
||||
//
|
||||
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
||||
//
|
||||
// The interactive user interfaces in modified source and object code versions of the Program must
|
||||
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
||||
//
|
||||
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
||||
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
||||
// trademark law for use of our trademarks.
|
||||
//
|
||||
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
using UserConstants = ASC.Core.Users.Constants;
|
||||
using Constants = ASC.Common.Security.Authorizing.Constants;
|
||||
|
||||
namespace ASC.Core.Common.Security;
|
||||
|
||||
public static class Security
|
||||
{
|
||||
public static readonly Dictionary<Guid, Dictionary<Guid, HashSet<Rule>>> Rules = new Dictionary<Guid, Dictionary<Guid, HashSet<Rule>>>
|
||||
{
|
||||
{
|
||||
Constants.RoomAdmin.ID, new Dictionary<Guid, HashSet<Rule>>()
|
||||
{
|
||||
{
|
||||
Constants.User.ID, new HashSet<Rule>()
|
||||
{
|
||||
new Rule(UserConstants.Action_EditGroups.ID, Constants.User),
|
||||
new Rule(UserConstants.Action_AddRemoveUser.ID),
|
||||
}
|
||||
},
|
||||
{
|
||||
Constants.RoomAdmin.ID, new HashSet<Rule>()
|
||||
{
|
||||
new Rule(UserConstants.Action_EditGroups.ID, Constants.User),
|
||||
new Rule(UserConstants.Action_AddRemoveUser.ID),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
}
|
75
common/ASC.Core.Common/Security/SecurityObject.cs
Normal file
75
common/ASC.Core.Common/Security/SecurityObject.cs
Normal file
@ -0,0 +1,75 @@
|
||||
// (c) Copyright Ascensio System SIA 2010-2022
|
||||
//
|
||||
// This program is a free software product.
|
||||
// You can redistribute it and/or modify it under the terms
|
||||
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
||||
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
||||
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
||||
// any third-party rights.
|
||||
//
|
||||
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
||||
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
||||
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
||||
//
|
||||
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
||||
//
|
||||
// The interactive user interfaces in modified source and object code versions of the Program must
|
||||
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
||||
//
|
||||
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
||||
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
||||
// trademark law for use of our trademarks.
|
||||
//
|
||||
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
namespace ASC.Core.Common.Security;
|
||||
|
||||
public abstract class SecurityObject : ISecurityObject
|
||||
{
|
||||
public object SecurityId { get; protected set; }
|
||||
public Type ObjectType { get; protected set; }
|
||||
public string FullId { get; protected set; }
|
||||
public bool InheritSupported { get; protected set; }
|
||||
public bool ObjectRolesSupported { get; protected set; }
|
||||
|
||||
public virtual IEnumerable<IRole> GetObjectRoles(ISubject account, ISecurityObjectId objectId, SecurityCallContext callContext)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
public virtual ISecurityObjectId InheritFrom(ISecurityObjectId objectId)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
public bool IsMatchDefaultRules(ISubject subject, IAction action, IRoleProvider roleProvider)
|
||||
{
|
||||
var subjectRoles = roleProvider.GetRoles(subject);
|
||||
var targetRoles = GetTargetRoles(roleProvider);
|
||||
|
||||
foreach (var subjectRole in subjectRoles)
|
||||
{
|
||||
if (Security.Rules.TryGetValue(subjectRole.ID, out var value))
|
||||
{
|
||||
foreach (var targetRole in targetRoles)
|
||||
{
|
||||
if (value.TryGetValue(targetRole.ID, out var value1))
|
||||
{
|
||||
var act = new Rule(action.ID, GetRuleData());
|
||||
if (value1.Contains(act))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
protected abstract IEnumerable<IRole> GetTargetRoles(IRoleProvider roleProvider);
|
||||
protected abstract IRuleData GetRuleData();
|
||||
}
|
52
common/ASC.Core.Common/Security/UserGroupObject.cs
Normal file
52
common/ASC.Core.Common/Security/UserGroupObject.cs
Normal file
@ -0,0 +1,52 @@
|
||||
// (c) Copyright Ascensio System SIA 2010-2022
|
||||
//
|
||||
// This program is a free software product.
|
||||
// You can redistribute it and/or modify it under the terms
|
||||
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
||||
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
||||
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
||||
// any third-party rights.
|
||||
//
|
||||
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
||||
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
||||
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
||||
//
|
||||
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
||||
//
|
||||
// The interactive user interfaces in modified source and object code versions of the Program must
|
||||
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
||||
//
|
||||
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
||||
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
||||
// trademark law for use of our trademarks.
|
||||
//
|
||||
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
namespace ASC.Core.Common.Security;
|
||||
|
||||
public class UserGroupObject : SecurityObject
|
||||
{
|
||||
private ISubject User { get; set; }
|
||||
private Guid GroupId { get; set; }
|
||||
|
||||
public UserGroupObject(ISubject user, Guid groupId)
|
||||
{
|
||||
SecurityId = user.ID;
|
||||
User = user;
|
||||
GroupId = groupId;
|
||||
ObjectType = typeof(UserGroupObject);
|
||||
FullId = $"{ObjectType.FullName}|{User.ID}|{GroupId}";
|
||||
}
|
||||
|
||||
protected override IEnumerable<IRole> GetTargetRoles(IRoleProvider roleProvider)
|
||||
{
|
||||
return roleProvider.GetRoles(User);
|
||||
}
|
||||
|
||||
protected override IRuleData GetRuleData()
|
||||
{
|
||||
return new Role(GroupId, "ruleData");
|
||||
}
|
||||
}
|
@ -24,37 +24,51 @@
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
using AuthConstants = ASC.Common.Security.Authorizing.Constants;
|
||||
|
||||
namespace ASC.Core.Users;
|
||||
|
||||
public class UserSecurityProvider : ISecurityObject
|
||||
public class UserSecurityProvider : SecurityObject
|
||||
{
|
||||
public Type ObjectType { get; private set; }
|
||||
public object SecurityId { get; private set; }
|
||||
public string FullId => AzObjectIdHelper.GetFullObjectId(this);
|
||||
private readonly EmployeeType _employeeType;
|
||||
|
||||
public UserSecurityProvider(Guid userId)
|
||||
{
|
||||
SecurityId = userId;
|
||||
ObjectType = typeof(UserInfo);
|
||||
FullId = AzObjectIdHelper.GetFullObjectId(this);
|
||||
ObjectRolesSupported = true;
|
||||
}
|
||||
|
||||
public bool ObjectRolesSupported => true;
|
||||
public UserSecurityProvider(Guid userId, EmployeeType employeeType) : this(userId)
|
||||
{
|
||||
_employeeType = employeeType;
|
||||
}
|
||||
|
||||
public IEnumerable<IRole> GetObjectRoles(ISubject account, ISecurityObjectId objectId, SecurityCallContext callContext)
|
||||
public override IEnumerable<IRole> GetObjectRoles(ISubject account, ISecurityObjectId objectId, SecurityCallContext callContext)
|
||||
{
|
||||
var roles = new List<IRole>();
|
||||
if (account.ID.Equals(objectId.SecurityId))
|
||||
{
|
||||
roles.Add(ASC.Common.Security.Authorizing.Constants.Self);
|
||||
roles.Add(AuthConstants.Self);
|
||||
}
|
||||
|
||||
return roles;
|
||||
}
|
||||
|
||||
public bool InheritSupported => false;
|
||||
|
||||
public ISecurityObjectId InheritFrom(ISecurityObjectId objectId)
|
||||
protected override IEnumerable<IRole> GetTargetRoles(IRoleProvider roleProvider)
|
||||
{
|
||||
throw new NotImplementedException();
|
||||
return _employeeType switch
|
||||
{
|
||||
EmployeeType.DocSpaceAdmin => new[] { AuthConstants.DocSpaceAdmin },
|
||||
EmployeeType.RoomAdmin => new[] { AuthConstants.RoomAdmin },
|
||||
EmployeeType.User => new[] { AuthConstants.User },
|
||||
_ => throw new NotImplementedException(),
|
||||
};
|
||||
}
|
||||
|
||||
protected override IRuleData GetRuleData()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@ -96,6 +96,11 @@ public static class UserExtensions
|
||||
return !string.IsNullOrEmpty(ui.SsoNameId);
|
||||
}
|
||||
|
||||
public static EmployeeType GetUserType(this UserManager userManager, Guid id)
|
||||
{
|
||||
return userManager.IsDocSpaceAdmin(id) ? EmployeeType.DocSpaceAdmin : userManager.IsUser(id) ? EmployeeType.User : EmployeeType.RoomAdmin;
|
||||
}
|
||||
|
||||
private const string _extMobPhone = "extmobphone";
|
||||
private const string _mobPhone = "mobphone";
|
||||
private const string _extMail = "extmail";
|
||||
|
@ -72,9 +72,12 @@ public abstract class PeopleControllerBase : ApiControllerBase
|
||||
return user;
|
||||
}
|
||||
|
||||
protected void UpdateContacts(IEnumerable<Contact> contacts, UserInfo user)
|
||||
protected void UpdateContacts(IEnumerable<Contact> contacts, UserInfo user, bool checkPermissions = true)
|
||||
{
|
||||
_permissionContext.DemandPermissions(new UserSecurityProvider(user.Id), Constants.Action_EditUser);
|
||||
if (checkPermissions)
|
||||
{
|
||||
_permissionContext.DemandPermissions(new UserSecurityProvider(user.Id), Constants.Action_EditUser);
|
||||
}
|
||||
|
||||
if (contacts == null)
|
||||
{
|
||||
|
@ -22,18 +22,18 @@
|
||||
//
|
||||
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
using ASC.Common.Log;
|
||||
|
||||
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||
|
||||
using ASC.Common.Log;
|
||||
|
||||
namespace ASC.People.Api;
|
||||
|
||||
public class UserController : PeopleControllerBase
|
||||
{
|
||||
private Tenant Tenant => _apiContext.Tenant;
|
||||
|
||||
private readonly ICache _cache;
|
||||
private readonly TenantManager _tenantManager;
|
||||
private readonly ICache _cache;
|
||||
private readonly TenantManager _tenantManager;
|
||||
private readonly CookiesManager _cookiesManager;
|
||||
private readonly CoreBaseSettings _coreBaseSettings;
|
||||
private readonly CustomNamingPeople _customNamingPeople;
|
||||
@ -56,19 +56,19 @@ public class UserController : PeopleControllerBase
|
||||
private readonly StudioNotifyService _studioNotifyService;
|
||||
private readonly MessageService _messageService;
|
||||
private readonly AuthContext _authContext;
|
||||
private readonly SetupInfo _setupInfo;
|
||||
private readonly SettingsManager _settingsManager;
|
||||
private readonly RoomLinkService _roomLinkService;
|
||||
private readonly SetupInfo _setupInfo;
|
||||
private readonly SettingsManager _settingsManager;
|
||||
private readonly RoomLinkService _roomLinkService;
|
||||
private readonly FileSecurity _fileSecurity;
|
||||
private readonly IQuotaService _quotaService;
|
||||
private readonly CountRoomAdminChecker _countRoomAdminChecker;
|
||||
private readonly UsersQuotaSyncOperation _usersQuotaSyncOperation;
|
||||
private readonly CountUserChecker _countUserChecker;
|
||||
private readonly UsersInRoomChecker _usersInRoomChecker;
|
||||
|
||||
|
||||
public UserController(
|
||||
ICache cache,
|
||||
TenantManager tenantManager,
|
||||
ICache cache,
|
||||
TenantManager tenantManager,
|
||||
CookiesManager cookiesManager,
|
||||
CoreBaseSettings coreBaseSettings,
|
||||
CustomNamingPeople customNamingPeople,
|
||||
@ -96,10 +96,10 @@ public class UserController : PeopleControllerBase
|
||||
PermissionContext permissionContext,
|
||||
ApiContext apiContext,
|
||||
UserPhotoManager userPhotoManager,
|
||||
IHttpClientFactory httpClientFactory,
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
SettingsManager settingsManager,
|
||||
RoomLinkService roomLinkService,
|
||||
IHttpClientFactory httpClientFactory,
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
SettingsManager settingsManager,
|
||||
RoomLinkService roomLinkService,
|
||||
FileSecurity fileSecurity,
|
||||
UsersQuotaSyncOperation usersQuotaSyncOperation,
|
||||
CountRoomAdminChecker countRoomAdminChecker,
|
||||
@ -108,8 +108,8 @@ public class UserController : PeopleControllerBase
|
||||
IQuotaService quotaService)
|
||||
: base(userManager, permissionContext, apiContext, userPhotoManager, httpClientFactory, httpContextAccessor)
|
||||
{
|
||||
_cache = cache;
|
||||
_tenantManager = tenantManager;
|
||||
_cache = cache;
|
||||
_tenantManager = tenantManager;
|
||||
_cookiesManager = cookiesManager;
|
||||
_coreBaseSettings = coreBaseSettings;
|
||||
_customNamingPeople = customNamingPeople;
|
||||
@ -132,14 +132,14 @@ public class UserController : PeopleControllerBase
|
||||
_studioNotifyService = studioNotifyService;
|
||||
_messageService = messageService;
|
||||
_authContext = authContext;
|
||||
_setupInfo = setupInfo;
|
||||
_settingsManager = settingsManager;
|
||||
_roomLinkService = roomLinkService;
|
||||
_setupInfo = setupInfo;
|
||||
_settingsManager = settingsManager;
|
||||
_roomLinkService = roomLinkService;
|
||||
_fileSecurity = fileSecurity;
|
||||
_countRoomAdminChecker = countRoomAdminChecker;
|
||||
_countUserChecker = activeUsersChecker;
|
||||
_usersInRoomChecker = usersInRoomChecker;
|
||||
_quotaService = quotaService;
|
||||
_quotaService = quotaService;
|
||||
_usersQuotaSyncOperation = usersQuotaSyncOperation;
|
||||
}
|
||||
|
||||
@ -157,7 +157,7 @@ public class UserController : PeopleControllerBase
|
||||
|
||||
if (string.IsNullOrEmpty(inDto.Password))
|
||||
{
|
||||
inDto.Password = UserManagerWrapper.GeneratePassword();
|
||||
inDto.Password = UserManagerWrapper.GeneratePassword();
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -185,16 +185,16 @@ public class UserController : PeopleControllerBase
|
||||
|
||||
UpdateContacts(inDto.Contacts, user);
|
||||
|
||||
_cache.Insert("REWRITE_URL" + _tenantManager.GetCurrentTenant().Id, HttpContext.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
|
||||
_cache.Insert("REWRITE_URL" + _tenantManager.GetCurrentTenant().Id, HttpContext.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
|
||||
user = await _userManagerWrapper.AddUser(user, inDto.PasswordHash, false, false, inDto.IsUser, false, true, true);
|
||||
|
||||
user.ActivationStatus = EmployeeActivationStatus.Activated;
|
||||
|
||||
await UpdateDepartments(inDto.Department, user);
|
||||
|
||||
if (inDto.Files != _userPhotoManager.GetDefaultPhotoAbsoluteWebPath())
|
||||
if (inDto.Files != _userPhotoManager.GetDefaultPhotoAbsoluteWebPath())
|
||||
{
|
||||
await UpdatePhotoUrl(inDto.Files, user);
|
||||
await UpdatePhotoUrl(inDto.Files, user);
|
||||
}
|
||||
|
||||
return await _employeeFullDtoHelper.GetFull(user);
|
||||
@ -206,29 +206,28 @@ public class UserController : PeopleControllerBase
|
||||
{
|
||||
_apiContext.AuthByClaim();
|
||||
|
||||
_permissionContext.DemandPermissions(Constants.Action_AddRemoveUser);
|
||||
|
||||
var options = inDto.FromInviteLink ? await _roomLinkService.GetOptionsAsync(inDto.Key, inDto.Email, inDto.Type) : null;
|
||||
|
||||
if (options != null && !options.IsCorrect)
|
||||
{
|
||||
throw new SecurityException(FilesCommonResource.ErrorMessage_InvintationLink);
|
||||
var options = inDto.FromInviteLink ? await _roomLinkService.GetOptionsAsync(inDto.Key, inDto.Email, inDto.Type) : null;
|
||||
if (options != null && !options.IsCorrect)
|
||||
{
|
||||
throw new SecurityException(FilesCommonResource.ErrorMessage_InvintationLink);
|
||||
}
|
||||
|
||||
|
||||
_permissionContext.DemandPermissions(new UserSecurityProvider(Guid.Empty, inDto.Type) ,Constants.Action_AddRemoveUser);
|
||||
|
||||
inDto.Type = options != null ? options.EmployeeType : inDto.Type;
|
||||
|
||||
var user = new UserInfo();
|
||||
|
||||
var byEmail = options?.LinkType == LinkType.InvintationByEmail;
|
||||
|
||||
if (byEmail)
|
||||
{
|
||||
user = _userManager.GetUserByEmail(inDto.Email);
|
||||
|
||||
if (user == Constants.LostUser || user.ActivationStatus != EmployeeActivationStatus.Pending)
|
||||
{
|
||||
throw new SecurityException(FilesCommonResource.ErrorMessage_InvintationLink);
|
||||
}
|
||||
var user = new UserInfo();
|
||||
|
||||
var byEmail = options?.LinkType == LinkType.InvintationByEmail;
|
||||
|
||||
if (byEmail)
|
||||
{
|
||||
user = _userManager.GetUserByEmail(inDto.Email);
|
||||
|
||||
if (user == Constants.LostUser || user.ActivationStatus != EmployeeActivationStatus.Pending)
|
||||
{
|
||||
throw new SecurityException(FilesCommonResource.ErrorMessage_InvintationLink);
|
||||
}
|
||||
}
|
||||
|
||||
inDto.PasswordHash = (inDto.PasswordHash ?? "").Trim();
|
||||
@ -238,7 +237,7 @@ public class UserController : PeopleControllerBase
|
||||
|
||||
if (string.IsNullOrEmpty(inDto.Password))
|
||||
{
|
||||
inDto.Password = UserManagerWrapper.GeneratePassword();
|
||||
inDto.Password = UserManagerWrapper.GeneratePassword();
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -249,8 +248,8 @@ public class UserController : PeopleControllerBase
|
||||
|
||||
//Validate email
|
||||
var address = new MailAddress(inDto.Email);
|
||||
user.Email = address.Address;
|
||||
//Set common fields
|
||||
user.Email = address.Address;
|
||||
//Set common fields
|
||||
user.CultureName = inDto.CultureName;
|
||||
user.FirstName = inDto.Firstname;
|
||||
user.LastName = inDto.Lastname;
|
||||
@ -264,57 +263,62 @@ public class UserController : PeopleControllerBase
|
||||
user.BirthDate = inDto.Birthday != null && inDto.Birthday != DateTime.MinValue ? _tenantUtil.DateTimeFromUtc(inDto.Birthday) : null;
|
||||
user.WorkFromDate = inDto.Worksfrom != null && inDto.Worksfrom != DateTime.MinValue ? _tenantUtil.DateTimeFromUtc(inDto.Worksfrom) : DateTime.UtcNow.Date;
|
||||
|
||||
UpdateContacts(inDto.Contacts, user);
|
||||
_cache.Insert("REWRITE_URL" + _tenantManager.GetCurrentTenant().Id, HttpContext.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
|
||||
user = await _userManagerWrapper.AddUser(user, inDto.PasswordHash, inDto.FromInviteLink, true, inDto.Type == EmployeeType.User, inDto.FromInviteLink, true, true, byEmail, inDto.Type == EmployeeType.DocSpaceAdmin);
|
||||
UpdateContacts(inDto.Contacts, user, !inDto.FromInviteLink);
|
||||
_cache.Insert("REWRITE_URL" + _tenantManager.GetCurrentTenant().Id, HttpContext.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
|
||||
user = await _userManagerWrapper.AddUser(user, inDto.PasswordHash, inDto.FromInviteLink, true, inDto.Type == EmployeeType.User, inDto.FromInviteLink && options.IsCorrect, true, true, byEmail, inDto.Type == EmployeeType.DocSpaceAdmin);
|
||||
|
||||
await UpdateDepartments(inDto.Department, user);
|
||||
|
||||
if (inDto.Files != _userPhotoManager.GetDefaultPhotoAbsoluteWebPath())
|
||||
if (inDto.Files != _userPhotoManager.GetDefaultPhotoAbsoluteWebPath())
|
||||
{
|
||||
await UpdatePhotoUrl(inDto.Files, user);
|
||||
}
|
||||
|
||||
if (options != null && options.LinkType == LinkType.InvintationToRoom)
|
||||
{
|
||||
var success = int.TryParse(options.RoomId, out var id);
|
||||
|
||||
if (success)
|
||||
{
|
||||
await _usersInRoomChecker.CheckAppend();
|
||||
await UpdatePhotoUrl(inDto.Files, user);
|
||||
}
|
||||
|
||||
if (options != null && options.LinkType == LinkType.InvintationToRoom)
|
||||
{
|
||||
var success = int.TryParse(options.RoomId, out var id);
|
||||
|
||||
if (success)
|
||||
{
|
||||
await _usersInRoomChecker.CheckAppend();
|
||||
await _fileSecurity.ShareAsync(id, FileEntryType.Folder, user.Id, options.Share);
|
||||
}
|
||||
else
|
||||
{
|
||||
await _usersInRoomChecker.CheckAppend();
|
||||
}
|
||||
else
|
||||
{
|
||||
await _usersInRoomChecker.CheckAppend();
|
||||
await _fileSecurity.ShareAsync(options.RoomId, FileEntryType.Folder, user.Id, options.Share);
|
||||
}
|
||||
}
|
||||
|
||||
var messageAction = inDto.IsUser ? MessageAction.GuestCreated : MessageAction.UserCreated;
|
||||
}
|
||||
}
|
||||
|
||||
var messageAction = inDto.IsUser ? MessageAction.GuestCreated : MessageAction.UserCreated;
|
||||
_messageService.Send(messageAction, _messageTarget.Create(user.Id), user.DisplayUserName(false, _displayUserSettingsHelper));
|
||||
|
||||
return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
|
||||
[HttpPost("invite")]
|
||||
public async IAsyncEnumerable<EmployeeDto> InviteUsersAsync(InviteUsersRequestDto inDto)
|
||||
{
|
||||
foreach (var invite in inDto.Invitations)
|
||||
{
|
||||
var user = await _userManagerWrapper.AddInvitedUserAsync(invite.Email, invite.Type);
|
||||
var link = _roomLinkService.GetInvitationLink(user.Email, invite.Type, _authContext.CurrentAccount.ID);
|
||||
|
||||
_studioNotifyService.SendDocSpaceInvite(user.Email, link);
|
||||
_logger.Debug(link);
|
||||
}
|
||||
|
||||
var users = _userManager.GetUsers().Where(u => u.ActivationStatus == EmployeeActivationStatus.Pending);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeDtoHelper.Get(user);
|
||||
}
|
||||
[HttpPost("invite")]
|
||||
public async IAsyncEnumerable<EmployeeDto> InviteUsersAsync(InviteUsersRequestDto inDto)
|
||||
{
|
||||
foreach (var invite in inDto.Invitations)
|
||||
{
|
||||
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, invite.Type), Constants.Action_AddRemoveUser))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
var user = await _userManagerWrapper.AddInvitedUserAsync(invite.Email, invite.Type);
|
||||
var link = _roomLinkService.GetInvitationLink(user.Email, invite.Type, _authContext.CurrentAccount.ID);
|
||||
|
||||
_studioNotifyService.SendDocSpaceInvite(user.Email, link);
|
||||
_logger.Debug(link);
|
||||
}
|
||||
|
||||
var users = _userManager.GetUsers().Where(u => u.ActivationStatus == EmployeeActivationStatus.Pending);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeDtoHelper.Get(user);
|
||||
}
|
||||
}
|
||||
|
||||
[HttpPut("{userid}/password")]
|
||||
@ -328,12 +332,12 @@ public class UserController : PeopleControllerBase
|
||||
|
||||
if (!_userManager.UserExists(user))
|
||||
{
|
||||
return null;
|
||||
return null;
|
||||
}
|
||||
|
||||
if (_userManager.IsSystemUser(user.Id))
|
||||
if (_userManager.IsSystemUser(user.Id))
|
||||
{
|
||||
throw new SecurityException();
|
||||
throw new SecurityException();
|
||||
}
|
||||
|
||||
if (!string.IsNullOrEmpty(inDto.Email))
|
||||
@ -468,10 +472,10 @@ public class UserController : PeopleControllerBase
|
||||
|
||||
list = list.Where(x => x.FirstName != null && x.FirstName.IndexOf(query, StringComparison.OrdinalIgnoreCase) > -1 || (x.LastName != null && x.LastName.IndexOf(query, StringComparison.OrdinalIgnoreCase) != -1) ||
|
||||
(x.UserName != null && x.UserName.IndexOf(query, StringComparison.OrdinalIgnoreCase) != -1) || (x.Email != null && x.Email.IndexOf(query, StringComparison.OrdinalIgnoreCase) != -1) || (x.ContactsList != null && x.ContactsList.Any(y => y.IndexOf(query, StringComparison.OrdinalIgnoreCase) != -1)));
|
||||
|
||||
foreach (var item in list)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(item);
|
||||
|
||||
foreach (var item in list)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(item);
|
||||
}
|
||||
}
|
||||
|
||||
@ -480,7 +484,7 @@ public class UserController : PeopleControllerBase
|
||||
{
|
||||
return GetByStatus(EmployeeStatus.Active);
|
||||
}
|
||||
|
||||
|
||||
[AllowNotPayment]
|
||||
[HttpGet("email")]
|
||||
public async Task<EmployeeFullDto> GetByEmail([FromQuery] string email)
|
||||
@ -497,7 +501,7 @@ public class UserController : PeopleControllerBase
|
||||
}
|
||||
|
||||
return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
}
|
||||
|
||||
[AllowNotPayment]
|
||||
[Authorize(AuthenticationSchemes = "confirm", Roles = "LinkInvite,Everyone")]
|
||||
@ -506,18 +510,18 @@ public class UserController : PeopleControllerBase
|
||||
{
|
||||
if (_coreBaseSettings.Personal)
|
||||
{
|
||||
throw new MethodAccessException("Method not available");
|
||||
}
|
||||
|
||||
var isInvite = _httpContextAccessor.HttpContext.User.Claims
|
||||
.Any(role => role.Type == ClaimTypes.Role && ConfirmTypeExtensions.TryParse(role.Value, out var confirmType) && confirmType == ConfirmType.LinkInvite);
|
||||
|
||||
_apiContext.AuthByClaim();
|
||||
throw new MethodAccessException("Method not available");
|
||||
}
|
||||
|
||||
var isInvite = _httpContextAccessor.HttpContext.User.Claims
|
||||
.Any(role => role.Type == ClaimTypes.Role && ConfirmTypeExtensions.TryParse(role.Value, out var confirmType) && confirmType == ConfirmType.LinkInvite);
|
||||
|
||||
_apiContext.AuthByClaim();
|
||||
|
||||
var user = _userManager.GetUserByUserName(username);
|
||||
if (user.Id == Constants.LostUser.Id)
|
||||
{
|
||||
if (Guid.TryParse(username, out var userId))
|
||||
if (Guid.TryParse(username, out var userId))
|
||||
{
|
||||
user = _userManager.GetUsers(userId);
|
||||
}
|
||||
@ -530,12 +534,12 @@ public class UserController : PeopleControllerBase
|
||||
if (user.Id == Constants.LostUser.Id)
|
||||
{
|
||||
throw new ItemNotFoundException("User not found");
|
||||
}
|
||||
|
||||
if (isInvite)
|
||||
{
|
||||
}
|
||||
|
||||
if (isInvite)
|
||||
{
|
||||
return await _employeeFullDtoHelper.GetSimple(user);
|
||||
}
|
||||
}
|
||||
|
||||
return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
@ -562,10 +566,10 @@ public class UserController : PeopleControllerBase
|
||||
public async IAsyncEnumerable<EmployeeFullDto> GetFullByFilter(EmployeeStatus? employeeStatus, Guid? groupId, EmployeeActivationStatus? activationStatus, EmployeeType? employeeType, bool? isAdministrator, Payments? payments)
|
||||
{
|
||||
var users = GetByFilter(employeeStatus, groupId, activationStatus, employeeType, isAdministrator, payments);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
}
|
||||
|
||||
@ -590,19 +594,19 @@ public class UserController : PeopleControllerBase
|
||||
if (_coreBaseSettings.Personal)
|
||||
{
|
||||
throw new MethodAccessException("Method not available");
|
||||
}
|
||||
|
||||
var groupId = Guid.Empty;
|
||||
if ("group".Equals(_apiContext.FilterBy, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(_apiContext.FilterValue))
|
||||
{
|
||||
groupId = new Guid(_apiContext.FilterValue);
|
||||
}
|
||||
|
||||
var users = _userManager.Search(query, EmployeeStatus.Active, groupId);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
|
||||
var groupId = Guid.Empty;
|
||||
if ("group".Equals(_apiContext.FilterBy, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(_apiContext.FilterValue))
|
||||
{
|
||||
groupId = new Guid(_apiContext.FilterValue);
|
||||
}
|
||||
|
||||
var users = _userManager.Search(query, EmployeeStatus.Active, groupId);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
}
|
||||
|
||||
@ -610,10 +614,10 @@ public class UserController : PeopleControllerBase
|
||||
public async IAsyncEnumerable<EmployeeDto> GetSimpleByFilter(EmployeeStatus? employeeStatus, Guid? groupId, EmployeeActivationStatus? activationStatus, EmployeeType? employeeType, bool? isAdministrator, Payments? payments)
|
||||
{
|
||||
var users = GetByFilter(employeeStatus, groupId, activationStatus, employeeType, isAdministrator, payments);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeDtoHelper.Get(user);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeDtoHelper.Get(user);
|
||||
}
|
||||
}
|
||||
|
||||
@ -644,7 +648,7 @@ public class UserController : PeopleControllerBase
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
if (user.Status != EmployeeStatus.Terminated)
|
||||
if (user.Status != EmployeeStatus.Terminated)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
@ -654,43 +658,43 @@ public class UserController : PeopleControllerBase
|
||||
_queueWorkerRemove.Start(Tenant.Id, user, _securityContext.CurrentAccount.ID, false);
|
||||
}
|
||||
|
||||
_messageService.Send(MessageAction.UsersDeleted, _messageTarget.Create(users.Select(x => x.Id)), userNames);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
_messageService.Send(MessageAction.UsersDeleted, _messageTarget.Create(users.Select(x => x.Id)), userNames);
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
}
|
||||
|
||||
[HttpPut("invite")]
|
||||
public async IAsyncEnumerable<EmployeeFullDto> ResendUserInvites(UpdateMembersRequestDto inDto)
|
||||
public async IAsyncEnumerable<EmployeeFullDto> ResendUserInvites(UpdateMembersRequestDto inDto)
|
||||
{
|
||||
var users = inDto.UserIds
|
||||
.Where(userId => !_userManager.IsSystemUser(userId))
|
||||
.Select(userId => _userManager.GetUsers(userId))
|
||||
var users = inDto.UserIds
|
||||
.Where(userId => !_userManager.IsSystemUser(userId))
|
||||
.Select(userId => _userManager.GetUsers(userId))
|
||||
.ToList();
|
||||
|
||||
foreach (var user in users)
|
||||
foreach (var user in users)
|
||||
{
|
||||
if (user.IsActive)
|
||||
if (user.IsActive)
|
||||
{
|
||||
continue;
|
||||
continue;
|
||||
}
|
||||
|
||||
var viewer = _userManager.GetUsers(_securityContext.CurrentAccount.ID);
|
||||
|
||||
if (viewer == null)
|
||||
{
|
||||
throw new Exception(Resource.ErrorAccessDenied);
|
||||
throw new Exception(Resource.ErrorAccessDenied);
|
||||
}
|
||||
|
||||
if (_userManager.IsDocSpaceAdmin(viewer) || viewer.Id == user.Id)
|
||||
if (_userManager.IsDocSpaceAdmin(viewer) || viewer.Id == user.Id)
|
||||
{
|
||||
if (user.ActivationStatus == EmployeeActivationStatus.Activated)
|
||||
{
|
||||
user.ActivationStatus = EmployeeActivationStatus.NotActivated;
|
||||
}
|
||||
if (user.ActivationStatus == (EmployeeActivationStatus.AutoGenerated | EmployeeActivationStatus.Activated))
|
||||
if (user.ActivationStatus == (EmployeeActivationStatus.AutoGenerated | EmployeeActivationStatus.Activated))
|
||||
{
|
||||
user.ActivationStatus = EmployeeActivationStatus.AutoGenerated;
|
||||
}
|
||||
@ -698,31 +702,31 @@ public class UserController : PeopleControllerBase
|
||||
await _userManager.UpdateUserInfoWithSyncCardDavAsync(user);
|
||||
}
|
||||
|
||||
if (user.ActivationStatus == EmployeeActivationStatus.Pending)
|
||||
if (user.ActivationStatus == EmployeeActivationStatus.Pending)
|
||||
{
|
||||
var type = _userManager.IsDocSpaceAdmin(user) ? EmployeeType.DocSpaceAdmin :
|
||||
_userManager.IsUser(user) ? EmployeeType.User : EmployeeType.RoomAdmin;
|
||||
|
||||
_studioNotifyService.SendDocSpaceInvite(user.Email, _roomLinkService.GetInvitationLink(user.Email, type, _authContext.CurrentAccount.ID));
|
||||
}
|
||||
else
|
||||
var type = _userManager.IsDocSpaceAdmin(user) ? EmployeeType.DocSpaceAdmin :
|
||||
_userManager.IsUser(user) ? EmployeeType.User : EmployeeType.RoomAdmin;
|
||||
|
||||
_studioNotifyService.SendDocSpaceInvite(user.Email, _roomLinkService.GetInvitationLink(user.Email, type, _authContext.CurrentAccount.ID));
|
||||
}
|
||||
else
|
||||
{
|
||||
_studioNotifyService.SendEmailActivationInstructions(user, user.Email);
|
||||
}
|
||||
_studioNotifyService.SendEmailActivationInstructions(user, user.Email);
|
||||
}
|
||||
}
|
||||
|
||||
_messageService.Send(MessageAction.UsersSentActivationInstructions, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
_messageService.Send(MessageAction.UsersSentActivationInstructions, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
}
|
||||
|
||||
[HttpGet("theme")]
|
||||
public DarkThemeSettings GetTheme()
|
||||
[HttpGet("theme")]
|
||||
public DarkThemeSettings GetTheme()
|
||||
{
|
||||
return _settingsManager.LoadForCurrentUser<DarkThemeSettings>();
|
||||
return _settingsManager.LoadForCurrentUser<DarkThemeSettings>();
|
||||
}
|
||||
|
||||
[HttpPut("theme")]
|
||||
@ -740,15 +744,15 @@ public class UserController : PeopleControllerBase
|
||||
|
||||
[AllowNotPayment]
|
||||
[HttpGet("@self")]
|
||||
public async Task<EmployeeFullDto> Self()
|
||||
public async Task<EmployeeFullDto> Self()
|
||||
{
|
||||
var user = _userManager.GetUser(_securityContext.CurrentAccount.ID, EmployeeFullDtoHelper.GetExpression(_apiContext));
|
||||
|
||||
var result = await _employeeFullDtoHelper.GetFull(user);
|
||||
var result = await _employeeFullDtoHelper.GetFull(user);
|
||||
|
||||
result.Theme = _settingsManager.LoadForCurrentUser<DarkThemeSettings>().Theme;
|
||||
result.Theme = _settingsManager.LoadForCurrentUser<DarkThemeSettings>().Theme;
|
||||
|
||||
return result;
|
||||
return result;
|
||||
}
|
||||
|
||||
[AllowNotPayment]
|
||||
@ -823,7 +827,7 @@ public class UserController : PeopleControllerBase
|
||||
{
|
||||
var error = _userManagerWrapper.SendUserPassword(inDto.Email);
|
||||
if (!string.IsNullOrEmpty(error))
|
||||
{
|
||||
{
|
||||
_logger.ErrorPasswordRecovery(inDto.Email, error);
|
||||
}
|
||||
|
||||
@ -992,8 +996,8 @@ public class UserController : PeopleControllerBase
|
||||
}
|
||||
|
||||
return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
[HttpPut("status/{status}")]
|
||||
public async IAsyncEnumerable<EmployeeFullDto> UpdateUserStatus(EmployeeStatus status, UpdateMembersRequestDto inDto)
|
||||
{
|
||||
@ -1015,13 +1019,13 @@ public class UserController : PeopleControllerBase
|
||||
case EmployeeStatus.Active:
|
||||
if (user.Status == EmployeeStatus.Terminated)
|
||||
{
|
||||
if (!_userManager.IsUser(user))
|
||||
if (!_userManager.IsUser(user))
|
||||
{
|
||||
await _countRoomAdminChecker.CheckAppend();
|
||||
await _countRoomAdminChecker.CheckAppend();
|
||||
}
|
||||
else
|
||||
{
|
||||
await _countUserChecker.CheckAppend();
|
||||
else
|
||||
{
|
||||
await _countUserChecker.CheckAppend();
|
||||
}
|
||||
|
||||
user.Status = EmployeeStatus.Active;
|
||||
@ -1038,11 +1042,11 @@ public class UserController : PeopleControllerBase
|
||||
}
|
||||
}
|
||||
|
||||
_messageService.Send(MessageAction.UsersUpdatedStatus, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
_messageService.Send(MessageAction.UsersUpdatedStatus, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1064,33 +1068,33 @@ public class UserController : PeopleControllerBase
|
||||
|
||||
switch (type)
|
||||
{
|
||||
case EmployeeType.RoomAdmin:
|
||||
await _countRoomAdminChecker.CheckAppend();
|
||||
_userManager.RemoveUserFromGroup(user.Id, Constants.GroupUser.ID);
|
||||
case EmployeeType.RoomAdmin:
|
||||
await _countRoomAdminChecker.CheckAppend();
|
||||
_userManager.RemoveUserFromGroup(user.Id, Constants.GroupUser.ID);
|
||||
_webItemSecurityCache.ClearCache(Tenant.Id);
|
||||
break;
|
||||
case EmployeeType.User:
|
||||
await _countUserChecker.CheckAppend();
|
||||
case EmployeeType.User:
|
||||
await _countUserChecker.CheckAppend();
|
||||
await _userManager.AddUserIntoGroup(user.Id, Constants.GroupUser.ID);
|
||||
_webItemSecurityCache.ClearCache(Tenant.Id);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
_messageService.Send(MessageAction.UsersUpdatedType, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
_messageService.Send(MessageAction.UsersUpdatedType, _messageTarget.Create(users.Select(x => x.Id)), users.Select(x => x.DisplayUserName(false, _displayUserSettingsHelper)));
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
}
|
||||
}
|
||||
[HttpGet("recalculatequota")]
|
||||
public void RecalculateQuota()
|
||||
{
|
||||
_permissionContext.DemandPermissions(SecutiryConstants.EditPortalSettings);
|
||||
_usersQuotaSyncOperation.RecalculateQuota(_tenantManager.GetCurrentTenant());
|
||||
}
|
||||
|
||||
|
||||
[HttpGet("checkrecalculatequota")]
|
||||
public TaskProgressDto CheckRecalculateQuota()
|
||||
{
|
||||
@ -1107,31 +1111,31 @@ public class UserController : PeopleControllerBase
|
||||
.ToList();
|
||||
|
||||
foreach (var user in users)
|
||||
{
|
||||
if (inDto.Quota != -1)
|
||||
{
|
||||
var usedSpace = Math.Max(0,
|
||||
{
|
||||
if (inDto.Quota != -1)
|
||||
{
|
||||
var usedSpace = Math.Max(0,
|
||||
_quotaService.FindUserQuotaRows(
|
||||
_tenantManager.GetCurrentTenant().Id,
|
||||
user.Id
|
||||
)
|
||||
.Where(r => !string.IsNullOrEmpty(r.Tag)).Sum(r => r.Counter));
|
||||
|
||||
var tenanSpaceQuota = _quotaService.GetTenantQuota(Tenant.Id).MaxTotalSize;
|
||||
|
||||
if (tenanSpaceQuota < inDto.Quota || usedSpace > inDto.Quota)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
var quotaSettings = _settingsManager.Load<TenantUserQuotaSettings>();
|
||||
|
||||
_settingsManager.SaveForUser(new UserQuotaSettings { UserQuota = inDto.Quota }, user);
|
||||
|
||||
_tenantManager.GetCurrentTenant().Id,
|
||||
user.Id
|
||||
)
|
||||
.Where(r => !string.IsNullOrEmpty(r.Tag)).Sum(r => r.Counter));
|
||||
|
||||
var tenanSpaceQuota = _quotaService.GetTenantQuota(Tenant.Id).MaxTotalSize;
|
||||
|
||||
if (tenanSpaceQuota < inDto.Quota || usedSpace > inDto.Quota)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
var quotaSettings = _settingsManager.Load<TenantUserQuotaSettings>();
|
||||
|
||||
_settingsManager.SaveForUser(new UserQuotaSettings { UserQuota = inDto.Quota }, user);
|
||||
|
||||
yield return await _employeeFullDtoHelper.GetFull(user);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
private async Task UpdateDepartments(IEnumerable<Guid> department, UserInfo user)
|
||||
@ -1356,7 +1360,7 @@ public class UserController : PeopleControllerBase
|
||||
// lock (progressQueue.SynchRoot)
|
||||
// {
|
||||
// var task = progressQueue.GetItems().OfType<ImportUsersTask>().FirstOrDefault(t => (int)t.Id == TenantProvider.CurrentTenantID);
|
||||
//var tenant = CoreContext.TenantManager.GetCurrentTenant();
|
||||
//var tenant = CoreContext.TenantManager.GetCurrentTenant();
|
||||
//Cache.Insert("REWRITE_URL" + tenant.TenantId, HttpContext.Current.Request.GetUrlRewriter().ToString(), TimeSpan.FromMinutes(5));
|
||||
// if (task != null && task.IsCompleted)
|
||||
// {
|
||||
|
@ -143,9 +143,9 @@ public class PortalController : ControllerBase
|
||||
[HttpGet("users/invite/{employeeType}")]
|
||||
public object GeInviteLink(EmployeeType employeeType)
|
||||
{
|
||||
if (!_webItemSecurity.IsProductAdministrator(WebItemManager.PeopleProductID, _authContext.CurrentAccount.ID))
|
||||
{
|
||||
throw new SecurityException("Method not available");
|
||||
if (!_permissionContext.CheckPermissions(new UserSecurityProvider(Guid.Empty, employeeType), ASC.Core.Users.Constants.Action_AddRemoveUser))
|
||||
{
|
||||
return string.Empty;
|
||||
}
|
||||
|
||||
return _commonLinkUtility.GetConfirmationEmailUrl(string.Empty, ConfirmType.LinkInvite, (int)employeeType, _authContext.CurrentAccount.ID)
|
||||
|
@ -117,12 +117,7 @@ public sealed class UserManagerWrapper
|
||||
|
||||
if (_userManager.GetUserByEmail(mail.Address).Id != Constants.LostUser.Id)
|
||||
{
|
||||
throw new InvalidOperationException($"User with email {mail.Address} already exists or is invited");
|
||||
}
|
||||
|
||||
if (type is EmployeeType.RoomAdmin or EmployeeType.DocSpaceAdmin)
|
||||
{
|
||||
await _countManagerChecker.CheckAppend();
|
||||
throw new Exception(_customNamingPeople.Substitute<Resource>("ErrorEmailAlreadyExists"));
|
||||
}
|
||||
|
||||
var user = new UserInfo
|
||||
@ -135,7 +130,9 @@ public sealed class UserManagerWrapper
|
||||
Status = EmployeeStatus.Active,
|
||||
};
|
||||
|
||||
var newUser = await _userManager.SaveUserInfo(user);
|
||||
user.UserName = MakeUniqueName(user);
|
||||
|
||||
var newUser = await _userManager.SaveUserInfo(user, type == EmployeeType.User);
|
||||
|
||||
var groupId = type switch
|
||||
{
|
||||
@ -226,11 +223,11 @@ public sealed class UserManagerWrapper
|
||||
|
||||
if (isUser)
|
||||
{
|
||||
await _userManager.AddUserIntoGroup(newUserInfo.Id, Constants.GroupUser.ID);
|
||||
await _userManager.AddUserIntoGroup(newUserInfo.Id, Constants.GroupUser.ID, true);
|
||||
}
|
||||
else if (isAdmin)
|
||||
{
|
||||
await _userManager.AddUserIntoGroup(newUserInfo.Id, Constants.GroupAdmin.ID);
|
||||
await _userManager.AddUserIntoGroup(newUserInfo.Id, Constants.GroupAdmin.ID, true);
|
||||
}
|
||||
|
||||
return newUserInfo;
|
||||
|
Loading…
Reference in New Issue
Block a user