public void OnResourceExecuting(ResourceExecutingContext context) { if (!AuthContext.IsAuthenticated) { return; } if (context.ActionDescriptor is ControllerActionDescriptor controllerActionDescriptor) { var pid = FindProduct(controllerActionDescriptor); if (pid != Guid.Empty) { if (CallContext.GetData("asc.web.product_id") == null) { CallContext.SetData("asc.web.product_id", pid); } if (!WebItemSecurity.IsAvailableForMe(pid)) { context.Result = new StatusCodeResult((int)HttpStatusCode.Forbidden); log.WarnFormat("Product {0} denied for user {1}", controllerActionDescriptor.ControllerName, AuthContext.CurrentAccount); } } } }
public async Task Invoke(HttpContext context, WebItemSecurity webItemSecurity, CrmSecurity crmSecurity, Global global, ImportFromCSV importFromCSV) { if (!webItemSecurity.IsAvailableForMe(ProductEntryPoint.ID)) { throw crmSecurity.CreateSecurityException(); } var fileUploadResult = new FileUploadResult(); if (context.Request.Form.Files.Count == 0) { await context.Response.WriteAsync(JsonSerializer.Serialize(fileUploadResult)); } var fileName = context.Request.Form.Files[0].FileName; var contentLength = context.Request.Form.Files[0].Length; String assignedPath; global.GetStore().SaveTemp("temp", out assignedPath, context.Request.Form.Files[0].OpenReadStream()); var jObject = importFromCSV.GetInfo(context.Request.Form.Files[0].OpenReadStream(), context.Request.Form["importSettings"]); var jsonDocumentAsDictionary = JsonSerializer.Deserialize <Dictionary <string, string> >(jObject.ToString()); jsonDocumentAsDictionary.Add("assignedPath", assignedPath); fileUploadResult.Success = true; fileUploadResult.Data = Global.EncodeTo64(JsonSerializer.Serialize(jsonDocumentAsDictionary)); await context.Response.WriteAsync(JsonSerializer.Serialize(fileUploadResult)); }
public FileUploadResult ProcessUpload(HttpContext context) { if (!WebItemSecurity.IsAvailableForMe(ProductEntryPoint.ID)) { throw CRMSecurity.CreateSecurityException(); } var contactId = Convert.ToInt32(context.Request["contactID"]); Contact contact = null; if (contactId != 0) { using (var scope = DIHelper.Resolve()) { contact = scope.Resolve <DaoFactory>().ContactDao.GetByID(contactId); if (!CRMSecurity.CanEdit(contact)) { throw CRMSecurity.CreateSecurityException(); } } } var fileUploadResult = new FileUploadResult(); if (!FileToUpload.HasFilesToUpload(context)) { return(fileUploadResult); } var file = new FileToUpload(context); if (String.IsNullOrEmpty(file.FileName) || file.ContentLength == 0) { throw new InvalidOperationException(CRMErrorsResource.InvalidFile); } if (0 < SetupInfo.MaxImageUploadSize && SetupInfo.MaxImageUploadSize < file.ContentLength) { fileUploadResult.Success = false; fileUploadResult.Message = FileSizeComment.GetFileImageSizeNote(CRMCommonResource.ErrorMessage_UploadFileSize, false).HtmlEncode(); return(fileUploadResult); } if (FileUtility.GetFileTypeByFileName(file.FileName) != FileType.Image) { fileUploadResult.Success = false; fileUploadResult.Message = CRMJSResource.ErrorMessage_NotImageSupportFormat.HtmlEncode(); return(fileUploadResult); } var uploadOnly = Convert.ToBoolean(context.Request["uploadOnly"]); var tmpDirName = Convert.ToString(context.Request["tmpDirName"]); try { ContactPhotoManager.PhotoData photoData; if (contactId != 0) { photoData = ContactPhotoManager.UploadPhoto(file.InputStream, contactId, uploadOnly); } else { if (String.IsNullOrEmpty(tmpDirName) || tmpDirName == "null") { tmpDirName = Guid.NewGuid().ToString(); } photoData = ContactPhotoManager.UploadPhotoToTemp(file.InputStream, tmpDirName); } fileUploadResult.Success = true; fileUploadResult.Data = photoData; } catch (Exception e) { fileUploadResult.Success = false; fileUploadResult.Message = e.Message.HtmlEncode(); return(fileUploadResult); } if (contact != null) { var messageAction = contact is Company ? MessageAction.CompanyUpdatedPhoto : MessageAction.PersonUpdatedPhoto; MessageService.Send(context.Request, messageAction, MessageTarget.Create(contact.ID), contact.GetTitle()); } return(fileUploadResult); }
public static bool IsCalndarAvailable() { return(WebItemSecurity.IsAvailableForMe(WebItemManager.CalendarProductID)); }
public static bool IsPeopleAvailable() { return(WebItemSecurity.IsAvailableForMe(WebItemManager.PeopleProductID)); }
public static bool IsCrmAvailable() { return(WebItemSecurity.IsAvailableForMe(WebItemManager.CRMProductID)); }
public override void PreMethodCall(IApiMethodCall method, ApiContext context, IEnumerable <object> arguments) { if (context.RequestContext.RouteData.DataTokens.ContainsKey(DataTokenConstants.CheckPayment) && !(bool)context.RequestContext.RouteData.DataTokens[DataTokenConstants.CheckPayment]) { log.Debug("Payment is not required"); } else { var header = context.RequestContext.HttpContext.Request.Headers["Payment-Info"]; bool flag; if (string.IsNullOrEmpty(header) || (bool.TryParse(header, out flag) && flag)) { var tenant = CoreContext.TenantManager.GetCurrentTenant(false); if (tenant == null) { var hostname = string.Empty; try { hostname = HttpContext.Current.Request.GetUrlRewriter().Host; } catch { } throw new System.Security.SecurityException(string.Format("Portal {0} not found.", hostname)); } var tenantStatus = tenant.Status; if (tenantStatus == TenantStatus.Transfering) { context.RequestContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.ServiceUnavailable; context.RequestContext.HttpContext.Response.StatusDescription = HttpStatusCode.ServiceUnavailable.ToString(); log.WarnFormat("Portal {0} is transfering to another region", context.RequestContext.HttpContext.Request.Url); } var tariff = CoreContext.PaymentManager.GetTariff(tenant.TenantId); if (tenantStatus != TenantStatus.Active || tariff.State >= TariffState.NotPaid) { context.RequestContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.PaymentRequired; context.RequestContext.HttpContext.Response.StatusDescription = HttpStatusCode.PaymentRequired.ToString(); log.WarnFormat("Payment Required {0}.", context.RequestContext.HttpContext.Request.Url); } } } if (!SecurityContext.IsAuthenticated) { return; } var pid = FindProduct(method); if (pid != Guid.Empty) { if (CallContext.GetData("asc.web.product_id") == null) { CallContext.SetData("asc.web.product_id", pid); } if (!WebItemSecurity.IsAvailableForMe(pid)) { context.RequestContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.RequestContext.HttpContext.Response.StatusDescription = HttpStatusCode.Forbidden.ToString(); log.WarnFormat("Product {0} denied for user {1}", method.Name, SecurityContext.CurrentAccount); } } }
public async System.Threading.Tasks.Task Invoke(HttpContext context, SetupInfo setupInfo, CrmSecurity crmSecurity, FileSizeComment fileSizeComment, WebItemSecurity webItemSecurity, MessageTarget messageTarget, MessageService messageService, DaoFactory daoFactory, ContactPhotoManager contactPhotoManager) { if (!webItemSecurity.IsAvailableForMe(ProductEntryPoint.ID)) { throw crmSecurity.CreateSecurityException(); } context.Request.EnableBuffering(); var contactId = Convert.ToInt32(context.Request.Form["contactID"]); Contact contact = null; if (contactId != 0) { contact = daoFactory.GetContactDao().GetByID(contactId); if (!crmSecurity.CanEdit(contact)) { throw crmSecurity.CreateSecurityException(); } } var fileUploadResult = new FileUploadResult(); if (context.Request.Form.Files.Count == 0) { await context.Response.WriteAsync(JsonSerializer.Serialize(fileUploadResult)); } var fileName = context.Request.Form.Files[0].FileName; var contentLength = context.Request.Form.Files[0].Length; if (String.IsNullOrEmpty(fileName) || contentLength == 0) { throw new InvalidOperationException(CRMErrorsResource.InvalidFile); } if (0 < setupInfo.MaxImageUploadSize && setupInfo.MaxImageUploadSize < contentLength) { fileUploadResult.Success = false; fileUploadResult.Message = fileSizeComment.GetFileImageSizeNote(CRMCommonResource.ErrorMessage_UploadFileSize, false).HtmlEncode(); await context.Response.WriteAsync(JsonSerializer.Serialize(fileUploadResult)); } if (FileUtility.GetFileTypeByFileName(fileName) != FileType.Image) { fileUploadResult.Success = false; fileUploadResult.Message = CRMJSResource.ErrorMessage_NotImageSupportFormat.HtmlEncode(); await context.Response.WriteAsync(JsonSerializer.Serialize(fileUploadResult)); } var uploadOnly = Convert.ToBoolean(context.Request.Form["uploadOnly"]); var tmpDirName = Convert.ToString(context.Request.Form["tmpDirName"]); try { ContactPhotoManager.PhotoData photoData; if (contactId != 0) { photoData = contactPhotoManager.UploadPhoto(context.Request.Form.Files[0].OpenReadStream(), contactId, uploadOnly); } else { if (String.IsNullOrEmpty(tmpDirName) || tmpDirName == "null") { tmpDirName = Guid.NewGuid().ToString(); } photoData = contactPhotoManager.UploadPhotoToTemp(context.Request.Form.Files[0].OpenReadStream(), tmpDirName); } fileUploadResult.Success = true; fileUploadResult.Data = photoData; } catch (Exception e) { fileUploadResult.Success = false; fileUploadResult.Message = e.Message.HtmlEncode(); await context.Response.WriteAsync(JsonSerializer.Serialize(fileUploadResult)); } if (contact != null) { var messageAction = contact is Company ? MessageAction.CompanyUpdatedPhoto : MessageAction.PersonUpdatedPhoto; messageService.Send(messageAction, messageTarget.Create(contact.ID), contact.GetTitle()); } await context.Response.WriteAsync(JsonSerializer.Serialize(fileUploadResult)); }
/// <summary> /// Search emails in Accounts, Mail, CRM, Peaople Contact System /// </summary> /// <param name="tenant">Tenant id</param> /// <param name="userName">User id</param> /// <param name="term">Search word</param> /// <param name="maxCountPerSystem">limit result per Contact System</param> /// <param name="timeout">Timeout in milliseconds</param> /// <param name="httpContextScheme"></param> /// <returns></returns> public List <string> SearchEmails(int tenant, string userName, string term, int maxCountPerSystem, string httpContextScheme, int timeout = -1) { var equality = new ContactEqualityComparer(); var contacts = new List <string>(); var userGuid = new Guid(userName); var watch = new Stopwatch(); watch.Start(); var apiHelper = new ApiHelper(httpContextScheme); var taskList = new List <Task <List <string> > >() { Task.Run(() => { CoreContext.TenantManager.SetCurrentTenant(tenant); SecurityContext.AuthenticateMe(userGuid); var engine = new EngineFactory(tenant, userName); var exp = new FullFilterContactsExp(tenant, userName, term, infoType: ContactInfoType.Email, orderAsc: true, limit: maxCountPerSystem); var contactCards = engine.ContactEngine.GetContactCards(exp); return((from contactCard in contactCards from contactItem in contactCard.ContactItems select string.IsNullOrEmpty(contactCard.ContactInfo.ContactName) ? contactItem.Data : MailUtil.CreateFullEmail(contactCard.ContactInfo.ContactName, contactItem.Data)) .ToList()); }), Task.Run(() => { CoreContext.TenantManager.SetCurrentTenant(tenant); SecurityContext.AuthenticateMe(userGuid); var engine = new EngineFactory(tenant, userGuid.ToString()); return(engine.AccountEngine.SearchAccountEmails(term)); }), Task.Run(() => { CoreContext.TenantManager.SetCurrentTenant(tenant); SecurityContext.AuthenticateMe(userGuid); return(WebItemSecurity.IsAvailableForMe(WebItemManager.CRMProductID) ? apiHelper.SearchCrmEmails(term, maxCountPerSystem) : new List <string>()); }), Task.Run(() => { CoreContext.TenantManager.SetCurrentTenant(tenant); SecurityContext.AuthenticateMe(userGuid); return(WebItemSecurity.IsAvailableForMe(WebItemManager.PeopleProductID) ? apiHelper.SearchPeopleEmails(term, 0, maxCountPerSystem) : new List <string>()); }) }; try { var taskArray = taskList.ToArray <Task>(); Task.WaitAll(taskArray, timeout); watch.Stop(); } catch (AggregateException e) { watch.Stop(); var errorText = new StringBuilder("SearchEmails: \nThe following exceptions have been thrown by WaitAll():"); foreach (var t in e.InnerExceptions) { errorText .AppendFormat("\n-------------------------------------------------\n{0}", t); } Log.Error(errorText.ToString()); } contacts = taskList.Aggregate(contacts, (current, task) => !task.IsFaulted && task.IsCompleted && !task.IsCanceled ? current.Concat(task.Result).ToList() : current) .Distinct(equality) .ToList(); Log.DebugFormat("SearchEmails (term = '{0}'): {1} sec / {2} items", term, watch.Elapsed.TotalSeconds, contacts.Count); return(contacts); }
protected void Page_Load(object sender, EventArgs e) { CurrentUser = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID); Page.RegisterStyle("~/skins/page_default.less"); var defaultPageSettings = StudioDefaultPageSettings.Load(); if (defaultPageSettings != null && defaultPageSettings.DefaultProductID != Guid.Empty) { if (defaultPageSettings.DefaultProductID == defaultPageSettings.FeedModuleID && !CurrentUser.IsOutsider()) { Response.Redirect("Feed.aspx", true); } var webItem = WebItemManager.Instance[defaultPageSettings.DefaultProductID]; if (webItem != null && webItem.Visible) { var securityInfo = WebItemSecurity.GetSecurityInfo(defaultPageSettings.DefaultProductID.ToString()); if (securityInfo.Enabled && WebItemSecurity.IsAvailableForMe(defaultPageSettings.DefaultProductID)) { var url = webItem.StartURL; if (Request.DesktopApp()) { url += "?desktop=true"; if (!string.IsNullOrEmpty(Request["first"])) { url += "&first=true"; } } Response.Redirect(url, true); } } } Master.DisabledSidePanel = true; Title = Resource.MainPageTitle; defaultListProducts = WebItemManager.Instance.GetItems(Web.Core.WebZones.WebZoneType.StartProductList); _showDocs = (Product)defaultListProducts.Find(r => r.ID == WebItemManager.DocumentsProductID); if (_showDocs != null) { defaultListProducts.RemoveAll(r => r.ID == _showDocs.ProductID); } var mailProduct = WebItemManager.Instance[WebItemManager.MailProductID]; if (mailProduct != null && !mailProduct.IsDisabled()) { defaultListProducts.Add(mailProduct); } var calendarProduct = WebItemManager.Instance[WebItemManager.CalendarProductID]; if (calendarProduct != null && !calendarProduct.IsDisabled()) { defaultListProducts.Add(calendarProduct); } var talkProduct = WebItemManager.Instance[WebItemManager.TalkProductID]; if (talkProduct != null && !talkProduct.IsDisabled()) { defaultListProducts.Add(talkProduct); } var priority = GetStartProductsPriority(); defaultListProducts = defaultListProducts .Where(p => priority.Keys.Contains(p.ID)) .OrderBy(p => priority[p.ID]) .ToList(); CustomNavigationItems = CustomNavigationSettings.Load().Items.Where(x => x.ShowOnHomePage); ProductsCount = defaultListProducts.Count() + CustomNavigationItems.Count() + (TenantExtra.EnableControlPanel ? 1 : 0); ResetCacheKey = ConfigurationManagerExtension.AppSettings["web.client.cache.resetkey"] ?? ""; }