public static void SetSecurity(string id, bool enabled, params Guid[] subjects) { if (TenantAccessSettings.Load().Anyone) { throw new SecurityException("Security settings are disabled for an open portal"); } var securityObj = WebItemSecurityObject.Create(id); // remove old aces CoreContext.AuthorizationManager.RemoveAllAces(securityObj); var allowToAll = new AzRecord(ASC.Core.Users.Constants.GroupEveryone.ID, Read.ID, AceType.Allow, securityObj); CoreContext.AuthorizationManager.RemoveAce(allowToAll); // set new aces if (subjects == null || subjects.Length == 0 || subjects.Contains(ASC.Core.Users.Constants.GroupEveryone.ID)) { if (!enabled && subjects != null && subjects.Length == 0) { // users from list with no users equals allow to all users enabled = true; } subjects = new[] { ASC.Core.Users.Constants.GroupEveryone.ID }; } foreach (var s in subjects) { var a = new AzRecord(s, Read.ID, enabled ? AceType.Allow : AceType.Deny, securityObj); CoreContext.AuthorizationManager.AddAce(a); } cacheNotify.Publish(new WebItemSecurityNotifier(), CacheNotifyAction.Any); }
protected static bool DisplayModule(ManagementType module) { if (!SetupInfo.IsVisibleSettings(module.ToString())) { return(false); } switch (module) { case ManagementType.Migration: return(TransferPortal.TransferRegions.Count > 1); case ManagementType.Backup: return(!TenantAccessSettings.Load().Anyone); case ManagementType.DeletionPortal: //only SaaS or Server+ControlPanel return(!CoreContext.Configuration.Standalone || TenantExtra.Enterprise && CoreContext.TenantManager.GetTenants().Count() > 1); case ManagementType.MailService: //only if MailServer available return(SetupInfo.IsVisibleSettings("AdministrationPage")); case ManagementType.PrivacyRoom: return(PrivacyRoomSettings.Available); } return(true); }
private void InitProperties() { Products = new List <Item>(); Modules = new List <Item>(); var managementPage = Page as Studio.Management; TenantAccessAnyone = managementPage != null ? managementPage.TenantAccess.Anyone : TenantAccessSettings.Load().Anyone; var webItems = WebItemManager.Instance.GetItems(WebZoneType.All, ItemAvailableState.All) .Where(item => !item.IsSubItem() && !item.CanNotBeDisabled() && item.Visible) .ToList(); foreach (var webItem in webItems) { var item = new Item { ID = webItem.ID, Name = webItem.Name, IconUrl = webItem.GetIconAbsoluteURL(), DisabledIconUrl = webItem.GetDisabledIconAbsoluteURL(), SubItems = new List <Item>(), ItemName = webItem.GetSysName(), Disabled = !WebItemSecurity.GetSecurityInfo(webItem.ID.ToString()).Enabled }; foreach (var m in WebItemManager.Instance.GetSubItems(webItem.ID, ItemAvailableState.All)) { if ((m as Module) == null) { continue; } var subItem = new Item { ID = m.ID, Name = m.Name, DisplayedAlways = (m as Module).DisplayedAlways, ItemName = m.GetSysName(), Disabled = !WebItemSecurity.GetSecurityInfo(m.ID.ToString()).Enabled }; item.SubItems.Add(subItem); } if (webItem is IProduct) { Products.Add(item); } else { Modules.Add(item); } } }
public ProjectSecurityCommon() { CurrentUserId = SecurityContext.CurrentAccount.ID; CurrentUserAdministrator = CoreContext.UserManager.IsUserInGroup(CurrentUserId, Constants.GroupAdmin.ID) || WebItemSecurity.IsProductAdministrator(WebItemManager.ProjectsProductID, CurrentUserId); CurrentUserIsVisitor = CoreContext.UserManager.GetUsers(CurrentUserId).IsVisitor(); CurrentUserIsOutsider = IsOutsider(CurrentUserId); IsPrivateDisabled = TenantAccessSettings.Load().Anyone; CurrentUserIsProjectsEnabled = IsModuleEnabled(WebItemManager.ProjectsProductID, CurrentUserId); CurrentUserIsCRMEnabled = IsModuleEnabled(WebItemManager.CRMProductID, CurrentUserId); }
protected void Page_Load(object sender, EventArgs e) { AjaxPro.Utility.RegisterTypeForAjax(GetType()); Page.RegisterBodyScripts("~/usercontrols/Management/AdminMessageSettings/js/admmess.js") .RegisterStyle("~/usercontrols/management/AdminMessageSettings/css/admmess.less"); _studioAdmMessNotifSettings = StudioAdminMessageSettings.Load(); Enabled = !TenantAccessSettings.Load().Anyone; HelpLink = CommonLinkUtility.GetHelpLink(); }
protected override void OnPreInit(EventArgs e) { base.OnPreInit(e); if (CoreContext.Configuration.Personal) { Context.Response.Redirect(FilesLinkUtility.FilesBaseAbsolutePath); } if (!SecurityContext.CheckPermissions(SecutiryConstants.EditPortalSettings)) { Response.Redirect(CommonLinkUtility.GetDefault()); } TenantAccess = TenantAccessSettings.Load(); }
protected void Page_Load(object sender, EventArgs e) { if (!Enabled) { return; } Page.RegisterBodyScripts("~/usercontrols/management/ipsecurity/js/ipsecurity.js") .RegisterStyle("~/usercontrols/management/ipsecurity/css/ipsecurity.less"); var managementPage = Page as Studio.Management; TenantAccessAnyone = managementPage != null ? managementPage.TenantAccess.Anyone : TenantAccessSettings.Load().Anyone; }
public static bool Authenticate() { if (SecurityContext.IsAuthenticated) { return(true); } var authenticated = false; var tenant = CoreContext.TenantManager.GetCurrentTenant(false); if (tenant != null) { if (HttpContext.Current != null) { string cookie; if (AuthorizationHelper.ProcessBasicAuthorization(HttpContext.Current, out cookie)) { CookiesManager.SetCookies(CookiesType.AuthKey, cookie); authenticated = true; } } if (!authenticated) { var cookie = CookiesManager.GetCookies(CookiesType.AuthKey); if (!string.IsNullOrEmpty(cookie)) { authenticated = SecurityContext.AuthenticateMe(cookie); if (!authenticated) { Auth.ProcessLogout(); return(false); } } } var accessSettings = TenantAccessSettings.Load(); if (authenticated && SecurityContext.CurrentAccount.ID == ASC.Core.Users.Constants.OutsideUser.ID && !accessSettings.Anyone) { Auth.ProcessLogout(); authenticated = false; } } return(authenticated); }
protected void Page_Load(object sender, EventArgs e) { AjaxPro.Utility.RegisterTypeForAjax(GetType()); Page.RegisterBodyScripts("~/UserControls/Management/PortalAccessSettings/js/portalaccess.js") .RegisterStyle("~/UserControls/Management/PortalAccessSettings/css/portalaccess.less"); var managementPage = Page as Studio.Management; Settings = managementPage != null ? managementPage.TenantAccess : TenantAccessSettings.Load(); var currentTenantQuota = CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID); Enabled = SetupInfo.IsVisibleSettings("PublicPortal") && (currentTenantQuota.Free || currentTenantQuota.NonProfit || currentTenantQuota.Trial) && !currentTenantQuota.Open; HelpLink = CommonLinkUtility.GetHelpLink(); }
protected static bool DisplayModule(ManagementType module) { if (!SetupInfo.IsVisibleSettings(module.ToString())) { return(false); } switch (module) { case ManagementType.Migration: return(TransferPortal.TransferRegions.Count > 1); case ManagementType.Backup: //only SaaS features return(!CoreContext.Configuration.Standalone && !TenantAccessSettings.Load().Anyone); case ManagementType.AuditTrail: case ManagementType.LoginHistory: case ManagementType.LdapSettings: case ManagementType.WhiteLabel: case ManagementType.SingleSignOnSettings: //only SaaS features return(!CoreContext.Configuration.Standalone); case ManagementType.DeletionPortal: //only SaaS or Server+ControlPanel return(!CoreContext.Configuration.Standalone || TenantExtra.Enterprise && CoreContext.TenantManager.GetTenants().Count() > 1); case ManagementType.MailService: //only if MailServer available return(SetupInfo.IsVisibleSettings("AdministrationPage")); case ManagementType.Storage: //only standalone feature return(CoreContext.Configuration.Standalone); } return(true); }
protected void Page_Load(object sender, EventArgs e) { AjaxPro.Utility.RegisterTypeForAjax(GetType()); Page.RegisterBodyScripts("~/UserControls/Management/MailDomainSettings/js/maildomainsettings.js") .RegisterStyle("~/UserControls/Management/MailDomainSettings/css/maildomainsettings.less"); _currentTenant = CoreContext.TenantManager.GetCurrentTenant(); _studioTrustedDomainSettings = StudioTrustedDomainSettings.Load(); _enableInviteUsers = TenantStatisticsProvider.GetUsersCount() < TenantExtra.GetTenantQuota().ActiveUsers; if (!_enableInviteUsers) { _studioTrustedDomainSettings.InviteUsersAsVisitors = true; } var managementPage = Page as Studio.Management; _tenantAccessAnyone = managementPage != null ? managementPage.TenantAccess.Anyone : TenantAccessSettings.Load().Anyone; HelpLink = CommonLinkUtility.GetHelpLink(); }
private void RegisterClientScript() { var isRetina = TenantLogoManager.IsRetina(HttpContext.Current.Request); Page.RegisterBodyScripts("~/usercontrols/management/accessrights/js/accessrights.js") .RegisterStyle("~/usercontrols/management/accessrights/css/accessrights.less"); var curTenant = CoreContext.TenantManager.GetCurrentTenant(); var currentOwner = CoreContext.UserManager.GetUsers(curTenant.OwnerId); var admins = WebItemSecurity.GetProductAdministrators(Guid.Empty).ToList(); admins = admins .GroupBy(admin => admin.ID) .Select(group => group.First()) .Where(admin => admin.ID != currentOwner.ID) .SortByUserName(); InitLdapRights(); var sb = new StringBuilder(); sb.AppendFormat("ownerId = \"{0}\";", curTenant.OwnerId); sb.AppendFormat("adminList = {0};", JsonConvert.SerializeObject(admins.ConvertAll(u => new { id = u.ID, smallFotoUrl = u.GetSmallPhotoURL(), bigFotoUrl = isRetina ? u.GetBigPhotoURL() : "", displayName = u.DisplayUserName(), title = u.Title.HtmlEncode(), userUrl = CommonLinkUtility.GetUserProfile(u.ID), accessList = GetAccessList(u.ID, WebItemSecurity.IsProductAdministrator(Guid.Empty, u.ID)), ldap = LdapRights.Contains(u.ID.ToString()) }))); sb.AppendFormat("imageHelper = {0};", JsonConvert.SerializeObject(new { PeopleImgSrc = WebImageSupplier.GetAbsoluteWebPath("user_12.png"), GroupImgSrc = WebImageSupplier.GetAbsoluteWebPath("group_12.png"), TrashImgSrc = WebImageSupplier.GetAbsoluteWebPath("trash_12.png"), TrashImgTitle = Resource.DeleteButton })); var managementPage = Page as Studio.Management; var tenantAccess = managementPage != null ? managementPage.TenantAccess : TenantAccessSettings.Load(); if (!tenantAccess.Anyone) { var productItemList = GetProductItemListForSerialization(); foreach (var productItem in productItemList.Where(productItem => !productItem.CanNotBeDisabled)) { sb.AppendFormat("ASC.Settings.AccessRights.initProduct('{0}');", Convert.ToBase64String( Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(productItem)))); } } sb.AppendFormat("ASC.Settings.AccessRights.init({0});", JsonConvert.SerializeObject(Products.Select(p => p.GetSysName()).ToArray())); Page.RegisterInlineScript(sb.ToString()); }
protected void Page_PreInit(object sender, EventArgs e) { if (CheckWizardCompleted) { var s = WizardSettings.Load(); if (!s.Completed) { Response.Redirect("~/Wizard.aspx"); } } //check auth if (!SecurityContext.IsAuthenticated && !AuthByCookies() && !MayNotAuth) { if (TenantAccessSettings.Load().Anyone) { OutsideAuth(); } else { var refererURL = GetRefererUrl(); Session["refererURL"] = refererURL; var authUrl = "~/Auth.aspx"; if (Request.DesktopApp()) { authUrl += "?desktop=" + Request["desktop"]; } Response.Redirect(authUrl, true); } } var user = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID); if (!MayNotPaid && TenantExtra.EnableTarrifSettings && (TenantStatisticsProvider.IsNotPaid() || TenantExtra.UpdatedWithoutLicense) && WarmUp.Instance.CheckCompleted() && Request.QueryString["warmup"] != "true") { if (TariffSettings.HidePricingPage && !user.IsAdmin()) { Response.StatusCode = (int)HttpStatusCode.PaymentRequired; Response.End(); } else { Response.Redirect(TenantExtra.GetTariffPageLink() + (Request.DesktopApp() ? "?desktop=true" : ""), true); } } if (!MayPhoneNotActivate && SecurityContext.IsAuthenticated) { if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable && (string.IsNullOrEmpty(user.MobilePhone) || user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated)) { Response.Redirect(CommonLinkUtility.GetConfirmationUrl(user.Email, ConfirmType.PhoneActivation), true); } if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable && !TfaAppUserSettings.EnableForUser(user.ID)) { Response.Redirect(CommonLinkUtility.GetConfirmationUrl(user.Email, ConfirmType.TfaActivation), true); } } //check disable and public var webitem = CommonLinkUtility.GetWebItemByUrl(Request.Url.ToString()); var parentIsDisabled = false; if (webitem != null && webitem.IsSubItem()) { var parentItemID = WebItemManager.Instance.GetParentItemID(webitem.ID); parentIsDisabled = WebItemManager.Instance[parentItemID].IsDisabled(); } if (webitem != null && (webitem.IsDisabled() || parentIsDisabled) && !MayNotAuth) { if (webitem.ID == WebItemManager.PeopleProductID && string.Equals(GetType().BaseType.FullName, "ASC.Web.People.Profile")) { Response.Redirect("~/My.aspx", true); } Response.Redirect("~/", true); } if (SecurityContext.IsAuthenticated && !CoreContext.Configuration.Personal) { try { StatisticManager.SaveUserVisit(TenantProvider.CurrentTenantID, SecurityContext.CurrentAccount.ID, CommonLinkUtility.GetProductID()); } catch (Exception exc) { Log.Error("failed save user visit", exc); } } }
public object SaveSettings(bool anyone, bool registerUsers) { try { SecurityContext.DemandPermissions(SecutiryConstants.EditPortalSettings); var currentTenantQuota = CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID); var enabled = SetupInfo.IsVisibleSettings("PublicPortal") && (currentTenantQuota.Free || currentTenantQuota.NonProfit || currentTenantQuota.Trial) && !currentTenantQuota.Open; if (!enabled) { throw new SecurityException(Resource.PortalAccessSettingsTariffException); } var tenant = CoreContext.TenantManager.GetCurrentTenant(); var currentSettings = TenantAccessSettings.Load(); //do nothing if no changes detected if (currentSettings.Anyone != anyone) { var items = WebItemManager.Instance.GetItemsAll(); if (anyone) { var openQuota = CoreContext.TenantManager.GetTenantQuotas(true).FirstOrDefault(q => q.Open); SetQuota(openQuota); foreach (var item in items) { WebItemSecurity.SetSecurity(item.ID.ToString(), item.ID != WebItemManager.CRMProductID, null); //disable crm product } new TenantAccessSettings { Anyone = true, RegisterUsersImmediately = registerUsers }.Save(); new StudioTrustedDomainSettings { InviteUsersAsVisitors = false }.Save(); new StudioAdminMessageSettings { Enable = true }.Save(); IPRestrictionsService.Save(new List <string>(), TenantProvider.CurrentTenantID); tenant.TrustedDomainsType = registerUsers ? TenantTrustedDomainsType.All : TenantTrustedDomainsType.None; CoreContext.TenantManager.SaveTenant(tenant); } else { var freeQuota = CoreContext.TenantManager.GetTenantQuotas(true).FirstOrDefault(q => q.Id == Tariff.CreateDefault().QuotaId); SetQuota(freeQuota); new TenantAccessSettings { Anyone = false, RegisterUsersImmediately = false }.Save(); new StudioTrustedDomainSettings { InviteUsersAsVisitors = false }.Save(); new StudioAdminMessageSettings { Enable = false }.Save(); foreach (var item in items) { WebItemSecurity.SetSecurity(item.ID.ToString(), true, null); } tenant.TrustedDomainsType = TenantTrustedDomainsType.None; CoreContext.TenantManager.SaveTenant(tenant); } MessageService.Send(HttpContext.Current.Request, MessageAction.PortalAccessSettingsUpdated); } else if (anyone && currentSettings.RegisterUsersImmediately != registerUsers) { new TenantAccessSettings { Anyone = true, RegisterUsersImmediately = registerUsers }.Save(); tenant.TrustedDomainsType = registerUsers ? TenantTrustedDomainsType.All : TenantTrustedDomainsType.None; CoreContext.TenantManager.SaveTenant(tenant); } return(new { Status = 1, Message = Resource.SuccessfullySaveSettingsMessage }); } catch (Exception e) { return(new { Status = 0, Message = e.Message.HtmlEncode() }); } }
private void RegisterClientScript() { Page.RegisterBodyScripts("~/usercontrols/management/accessrights/js/accessrights.js") .RegisterStyle("~/usercontrols/management/accessrights/css/accessrights.less"); var curTenant = CoreContext.TenantManager.GetCurrentTenant(); var currentOwner = CoreContext.UserManager.GetUsers(curTenant.OwnerId); var admins = WebItemSecurity.GetProductAdministrators(Guid.Empty).Where(admin => admin.ID != currentOwner.ID).SortByUserName(); var sb = new StringBuilder(); sb.AppendFormat("ownerId = {0};", JavaScriptSerializer.Serialize(curTenant.OwnerId)); sb.AppendFormat("adminList = {0};", JavaScriptSerializer.Serialize(admins.ConvertAll(u => new { id = u.ID, smallFotoUrl = u.GetSmallPhotoURL(), displayName = u.DisplayUserName(), title = u.Title.HtmlEncode(), userUrl = CommonLinkUtility.GetUserProfile(u.ID), accessList = GetAccessList(u.ID, WebItemSecurity.IsProductAdministrator(Guid.Empty, u.ID)) })) ); var managementPage = Page as Studio.Management; var tenantAccess = managementPage != null ? managementPage.TenantAccess : TenantAccessSettings.Load(); if (!tenantAccess.Anyone) { var productItemList = GetProductItemListForSerialization(); foreach (var productItem in productItemList) { var ids = productItem.SelectedUsers.Select(i => i.ID).ToArray(); var names = productItem.SelectedUsers.Select(i => i.DisplayUserName()).ToArray(); sb.AppendFormat("SelectedUsers_{0} = {1};", productItem.ItemName, JavaScriptSerializer.Serialize( new { IDs = ids, Names = names, PeopleImgSrc = PeopleImgSrc, TrashImgSrc = TrashImgSrc, TrashImgTitle = Resource.DeleteButton, CurrentUserID = SecurityContext.CurrentAccount.ID }) ); ids = productItem.SelectedGroups.Select(i => i.ID).ToArray(); names = productItem.SelectedGroups.Select(i => i.Name.HtmlEncode()).ToArray(); sb.AppendFormat("SelectedGroups_{0} = {1};", productItem.ItemName, JavaScriptSerializer.Serialize( new { IDs = ids, Names = names, GroupImgSrc = GroupImgSrc, TrashImgSrc = TrashImgSrc, TrashImgTitle = Resource.DeleteButton }) ); if (!productItem.CanNotBeDisabled) { sb.AppendFormat("ASC.Settings.AccessRights.initProduct('{0}');", Convert.ToBase64String(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(productItem)))); } } } sb.AppendFormat("ASC.Settings.AccessRights.init({0});", JavaScriptSerializer.Serialize(Products.Select(p => p.GetSysName()).ToArray()) ); Page.RegisterInlineScript(sb.ToString()); }