public void SetAccessTo(ISecurityObjectId entity, List <Guid> subjectID)
{
if (subjectID.Count == 0)
{
_authorizationManager.RemoveAllAces(entity);
return;
}
var aces = _authorizationManager.GetAcesWithInherits(Guid.Empty, _actionRead.ID, entity, GetCRMSecurityProvider());
foreach (var r in aces)
{
if (!subjectID.Contains(r.SubjectId) && (r.SubjectId != Constants.GroupEveryone.ID || r.Reaction != AceType.Allow))
{
_authorizationManager.RemoveAce(r);
}
}
var oldSubjects = aces.Select(r => r.SubjectId).ToList();
foreach (var s in subjectID)
{
if (!oldSubjects.Contains(s))
{
_authorizationManager.AddAce(new AzRecord(s, _actionRead.ID, AceType.Allow, entity));
}
}
_authorizationManager.AddAce(new AzRecord(Constants.GroupEveryone.ID, _actionRead.ID, AceType.Deny, entity));
}
public void SetSecurity(string id, bool enabled, params Guid[] subjects)
{
if (SettingsManager.Load <TenantAccessSettings>().Anyone)
{
throw new SecurityException("Security settings are disabled for an open portal");
}
var securityObj = WebItemSecurityObject.Create(id, WebItemManager);
// remove old aces
AuthorizationManager.RemoveAllAces(securityObj);
var allowToAll = new AzRecord(ASC.Core.Users.Constants.GroupEveryone.ID, Read.ID, AceType.Allow, securityObj);
AuthorizationManager.RemoveAce(allowToAll);
// set new aces
if (subjects == null || subjects.Length == 0 || subjects.Contains(ASC.Core.Users.Constants.GroupEveryone.ID))
{
if (!enabled && subjects != null && subjects.Length == 0)
{
// users from list with no users equals allow to all users
enabled = true;
}
subjects = new[] { ASC.Core.Users.Constants.GroupEveryone.ID };
}
foreach (var s in subjects)
{
var a = new AzRecord(s, Read.ID, enabled ? AceType.Allow : AceType.Deny, securityObj);
AuthorizationManager.AddAce(a);
}
WebItemSecurityCache.Publish(TenantManager.GetCurrentTenant().TenantId);
}
public void SetProductAdministrator(Guid productid, Guid userid, bool administrator)
{
if (productid == Guid.Empty)
{
productid = ASC.Core.Users.Constants.GroupAdmin.ID;
}
if (administrator)
{
if (UserManager.IsUserInGroup(userid, ASC.Core.Users.Constants.GroupVisitor.ID))
{
throw new SecurityException("Collaborator can not be an administrator");
}
if (productid == WebItemManager.PeopleProductID)
{
foreach (var ace in GetPeopleModuleActions(userid))
{
AuthorizationManager.AddAce(ace);
}
}
UserManager.AddUserIntoGroup(userid, productid);
}
else
{
if (productid == ASC.Core.Users.Constants.GroupAdmin.ID)
{
var groups = new List <Guid> {
WebItemManager.MailProductID
};
groups.AddRange(WebItemManager.GetItemsAll().OfType <IProduct>().Select(p => p.ID));
foreach (var id in groups)
{
UserManager.RemoveUserFromGroup(userid, id);
}
}
if (productid == ASC.Core.Users.Constants.GroupAdmin.ID || productid == WebItemManager.PeopleProductID)
{
foreach (var ace in GetPeopleModuleActions(userid))
{
AuthorizationManager.RemoveAce(ace);
}
}
UserManager.RemoveUserFromGroup(userid, productid);
}
WebItemSecurityCache.Publish(TenantManager.GetCurrentTenant().TenantId);
}
