예제 #1
0
        public void SetSecurity(string id, bool enabled, params Guid[] subjects)
        {
            if (SettingsManager.Load <TenantAccessSettings>().Anyone)
            {
                throw new SecurityException("Security settings are disabled for an open portal");
            }

            var securityObj = WebItemSecurityObject.Create(id, WebItemManager);

            // remove old aces
            AuthorizationManager.RemoveAllAces(securityObj);
            var allowToAll = new AzRecord(ASC.Core.Users.Constants.GroupEveryone.ID, Read.ID, AceType.Allow, securityObj);

            AuthorizationManager.RemoveAce(allowToAll);

            // set new aces
            if (subjects == null || subjects.Length == 0 || subjects.Contains(ASC.Core.Users.Constants.GroupEveryone.ID))
            {
                if (!enabled && subjects != null && subjects.Length == 0)
                {
                    // users from list with no users equals allow to all users
                    enabled = true;
                }
                subjects = new[] { ASC.Core.Users.Constants.GroupEveryone.ID };
            }
            foreach (var s in subjects)
            {
                var a = new AzRecord(s, Read.ID, enabled ? AceType.Allow : AceType.Deny, securityObj);
                AuthorizationManager.AddAce(a);
            }

            WebItemSecurityCache.Publish(TenantManager.GetCurrentTenant().TenantId);
        }
예제 #2
0
        public void SetProductAdministrator(Guid productid, Guid userid, bool administrator)
        {
            if (productid == Guid.Empty)
            {
                productid = ASC.Core.Users.Constants.GroupAdmin.ID;
            }
            if (administrator)
            {
                if (UserManager.IsUserInGroup(userid, ASC.Core.Users.Constants.GroupVisitor.ID))
                {
                    throw new SecurityException("Collaborator can not be an administrator");
                }

                if (productid == WebItemManager.PeopleProductID)
                {
                    foreach (var ace in GetPeopleModuleActions(userid))
                    {
                        AuthorizationManager.AddAce(ace);
                    }
                }

                UserManager.AddUserIntoGroup(userid, productid);
            }
            else
            {
                if (productid == ASC.Core.Users.Constants.GroupAdmin.ID)
                {
                    var groups = new List <Guid> {
                        WebItemManager.MailProductID
                    };
                    groups.AddRange(WebItemManager.GetItemsAll().OfType <IProduct>().Select(p => p.ID));

                    foreach (var id in groups)
                    {
                        UserManager.RemoveUserFromGroup(userid, id);
                    }
                }

                if (productid == ASC.Core.Users.Constants.GroupAdmin.ID || productid == WebItemManager.PeopleProductID)
                {
                    foreach (var ace in GetPeopleModuleActions(userid))
                    {
                        AuthorizationManager.RemoveAce(ace);
                    }
                }

                UserManager.RemoveUserFromGroup(userid, productid);
            }

            WebItemSecurityCache.Publish(TenantManager.GetCurrentTenant().TenantId);
        }