public string TfaAppNewApp(TfaModel model)
{
var isMe = model.Id.Equals(Guid.Empty);
var user = CoreContext.UserManager.GetUsers(isMe ? SecurityContext.CurrentAccount.ID : model.Id);
if (!isMe && !SecurityContext.CheckPermissions(Tenant, new UserSecurityProvider(user.ID), Constants.Action_EditUser))
{
throw new SecurityAccessDeniedException(Resource.ErrorAccessDenied);
}
if (!TfaAppAuthSettings.IsVisibleSettings || !TfaAppUserSettings.EnableForUser(user.ID))
{
throw new Exception(Resource.TfaAppNotAvailable);
}
if (user.IsVisitor(Tenant) || user.IsOutsider(Tenant))
{
throw new NotSupportedException("Not available.");
}
TfaAppUserSettings.DisableForUser(user.ID);
MessageService.Send(MessageAction.UserDisconnectedTfaApp, MessageTarget.Create(user.ID), user.DisplayUserName(false));
if (isMe)
{
return(CommonLinkUtility.GetConfirmationUrl(Tenant.TenantId, user.Email, ConfirmType.TfaActivation));
}
StudioNotifyService.SendMsgTfaReset(Tenant.TenantId, user);
return(string.Empty);
}
public static bool CheckPermissions(ISecurityObjectId objectId, ISecurityObjectProvider securityObjProvider, params IAction[] actions)
{
if (IsAdministrator())
{
return(true);
}
if (IsOutsider())
{
var actionArray = actions ?? new IAction[0];
var containsReadAction = false;
foreach (var action in actionArray)
{
containsReadAction = action.ID.Equals(new Guid("{E0759A42-47F0-4763-A26A-D5AA665BEC35}"));//"Read forum post action"
}
if (!containsReadAction)
{
return(false);
}
}
return(SecurityContext.CheckPermissions(objectId, securityObjProvider, actions));
}
private static void UpdateDepartments(IEnumerable <Guid> department, UserInfo user)
{
if (!SecurityContext.CheckPermissions(Core.Users.Constants.Action_EditGroups))
{
return;
}
if (department == null)
{
return;
}
var groups = CoreContext.UserManager.GetUserGroups(user.ID);
var managerGroups = new List <Guid>();
foreach (var groupInfo in groups)
{
CoreContext.UserManager.RemoveUserFromGroup(user.ID, groupInfo.ID);
var managerId = CoreContext.UserManager.GetDepartmentManager(groupInfo.ID);
if (managerId == user.ID)
{
managerGroups.Add(groupInfo.ID);
CoreContext.UserManager.SetDepartmentManager(groupInfo.ID, Guid.Empty);
}
}
foreach (var guid in department)
{
var userDepartment = CoreContext.UserManager.GetGroupInfo(guid);
if (userDepartment != Core.Users.Constants.LostGroupInfo)
{
CoreContext.UserManager.AddUserIntoGroup(user.ID, guid);
if (managerGroups.Contains(guid))
{
CoreContext.UserManager.SetDepartmentManager(guid, user.ID);
}
}
}
}
private static bool CanAccessTo(ISecurityObjectId entity)
{
return(IsAdmin || SecurityContext.CheckPermissions(entity, GetCRMSecurityProvider(), _actionRead));
}
public static bool CanAccessTo(ISecurityObjectId entity, Guid userId)
{
return(IsAdministrator(userId) || SecurityContext.CheckPermissions(entity, GetCRMSecurityProvider(), _actionRead));
}
