public void SetSecurity(string id, bool enabled, params Guid[] subjects) { if (SettingsManager.Load <TenantAccessSettings>().Anyone) { throw new SecurityException("Security settings are disabled for an open portal"); } var securityObj = WebItemSecurityObject.Create(id, WebItemManager); // remove old aces AuthorizationManager.RemoveAllAces(securityObj); var allowToAll = new AzRecord(ASC.Core.Users.Constants.GroupEveryone.ID, Read.ID, AceType.Allow, securityObj); AuthorizationManager.RemoveAce(allowToAll); // set new aces if (subjects == null || subjects.Length == 0 || subjects.Contains(ASC.Core.Users.Constants.GroupEveryone.ID)) { if (!enabled && subjects != null && subjects.Length == 0) { // users from list with no users equals allow to all users enabled = true; } subjects = new[] { ASC.Core.Users.Constants.GroupEveryone.ID }; } foreach (var s in subjects) { var a = new AzRecord(s, Read.ID, enabled ? AceType.Allow : AceType.Deny, securityObj); AuthorizationManager.AddAce(a); } WebItemSecurityCache.Publish(TenantManager.GetCurrentTenant().TenantId); }
public void SetProductAdministrator(Guid productid, Guid userid, bool administrator) { if (productid == Guid.Empty) { productid = ASC.Core.Users.Constants.GroupAdmin.ID; } if (administrator) { if (UserManager.IsUserInGroup(userid, ASC.Core.Users.Constants.GroupVisitor.ID)) { throw new SecurityException("Collaborator can not be an administrator"); } if (productid == WebItemManager.PeopleProductID) { foreach (var ace in GetPeopleModuleActions(userid)) { AuthorizationManager.AddAce(ace); } } UserManager.AddUserIntoGroup(userid, productid); } else { if (productid == ASC.Core.Users.Constants.GroupAdmin.ID) { var groups = new List <Guid> { WebItemManager.MailProductID }; groups.AddRange(WebItemManager.GetItemsAll().OfType <IProduct>().Select(p => p.ID)); foreach (var id in groups) { UserManager.RemoveUserFromGroup(userid, id); } } if (productid == ASC.Core.Users.Constants.GroupAdmin.ID || productid == WebItemManager.PeopleProductID) { foreach (var ace in GetPeopleModuleActions(userid)) { AuthorizationManager.RemoveAce(ace); } } UserManager.RemoveUserFromGroup(userid, productid); } WebItemSecurityCache.Publish(TenantManager.GetCurrentTenant().TenantId); }