public static void SetSecurity(string id, bool enabled, params Guid[] subjects)
{
if (TenantAccessSettings.Load().Anyone)
{
throw new SecurityException("Security settings are disabled for an open portal");
}
var securityObj = WebItemSecurityObject.Create(id);
// remove old aces
CoreContext.AuthorizationManager.RemoveAllAces(securityObj);
var allowToAll = new AzRecord(ASC.Core.Users.Constants.GroupEveryone.ID, Read.ID, AceType.Allow, securityObj);
CoreContext.AuthorizationManager.RemoveAce(allowToAll);
// set new aces
if (subjects == null || subjects.Length == 0 || subjects.Contains(ASC.Core.Users.Constants.GroupEveryone.ID))
{
if (!enabled && subjects != null && subjects.Length == 0)
{
// users from list with no users equals allow to all users
enabled = true;
}
subjects = new[] { ASC.Core.Users.Constants.GroupEveryone.ID };
}
foreach (var s in subjects)
{
var a = new AzRecord(s, Read.ID, enabled ? AceType.Allow : AceType.Deny, securityObj);
CoreContext.AuthorizationManager.AddAce(a);
}
cacheNotify.Publish(new WebItemSecurityNotifier(), CacheNotifyAction.Any);
}
protected static bool DisplayModule(ManagementType module)
{
if (!SetupInfo.IsVisibleSettings(module.ToString()))
{
return(false);
}
switch (module)
{
case ManagementType.Migration:
return(TransferPortal.TransferRegions.Count > 1);
case ManagementType.Backup:
return(!TenantAccessSettings.Load().Anyone);
case ManagementType.DeletionPortal:
//only SaaS or Server+ControlPanel
return(!CoreContext.Configuration.Standalone || TenantExtra.Enterprise && CoreContext.TenantManager.GetTenants().Count() > 1);
case ManagementType.MailService:
//only if MailServer available
return(SetupInfo.IsVisibleSettings("AdministrationPage"));
case ManagementType.PrivacyRoom:
return(PrivacyRoomSettings.Available);
}
return(true);
}
private void InitProperties()
{
Products = new List <Item>();
Modules = new List <Item>();
var managementPage = Page as Studio.Management;
TenantAccessAnyone = managementPage != null ?
managementPage.TenantAccess.Anyone :
TenantAccessSettings.Load().Anyone;
var webItems = WebItemManager.Instance.GetItems(WebZoneType.All, ItemAvailableState.All)
.Where(item => !item.IsSubItem() && !item.CanNotBeDisabled() && item.Visible)
.ToList();
foreach (var webItem in webItems)
{
var item = new Item
{
ID = webItem.ID,
Name = webItem.Name,
IconUrl = webItem.GetIconAbsoluteURL(),
DisabledIconUrl = webItem.GetDisabledIconAbsoluteURL(),
SubItems = new List <Item>(),
ItemName = webItem.GetSysName(),
Disabled = !WebItemSecurity.GetSecurityInfo(webItem.ID.ToString()).Enabled
};
foreach (var m in WebItemManager.Instance.GetSubItems(webItem.ID, ItemAvailableState.All))
{
if ((m as Module) == null)
{
continue;
}
var subItem = new Item
{
ID = m.ID,
Name = m.Name,
DisplayedAlways = (m as Module).DisplayedAlways,
ItemName = m.GetSysName(),
Disabled = !WebItemSecurity.GetSecurityInfo(m.ID.ToString()).Enabled
};
item.SubItems.Add(subItem);
}
if (webItem is IProduct)
{
Products.Add(item);
}
else
{
Modules.Add(item);
}
}
}
public ProjectSecurityCommon()
{
CurrentUserId = SecurityContext.CurrentAccount.ID;
CurrentUserAdministrator = CoreContext.UserManager.IsUserInGroup(CurrentUserId, Constants.GroupAdmin.ID) ||
WebItemSecurity.IsProductAdministrator(WebItemManager.ProjectsProductID, CurrentUserId);
CurrentUserIsVisitor = CoreContext.UserManager.GetUsers(CurrentUserId).IsVisitor();
CurrentUserIsOutsider = IsOutsider(CurrentUserId);
IsPrivateDisabled = TenantAccessSettings.Load().Anyone;
CurrentUserIsProjectsEnabled = IsModuleEnabled(WebItemManager.ProjectsProductID, CurrentUserId);
CurrentUserIsCRMEnabled = IsModuleEnabled(WebItemManager.CRMProductID, CurrentUserId);
}
protected void Page_Load(object sender, EventArgs e)
{
AjaxPro.Utility.RegisterTypeForAjax(GetType());
Page.RegisterBodyScripts("~/usercontrols/Management/AdminMessageSettings/js/admmess.js")
.RegisterStyle("~/usercontrols/management/AdminMessageSettings/css/admmess.less");
_studioAdmMessNotifSettings = StudioAdminMessageSettings.Load();
Enabled = !TenantAccessSettings.Load().Anyone;
HelpLink = CommonLinkUtility.GetHelpLink();
}
protected override void OnPreInit(EventArgs e)
{
base.OnPreInit(e);
if (CoreContext.Configuration.Personal)
{
Context.Response.Redirect(FilesLinkUtility.FilesBaseAbsolutePath);
}
if (!SecurityContext.CheckPermissions(SecutiryConstants.EditPortalSettings))
{
Response.Redirect(CommonLinkUtility.GetDefault());
}
TenantAccess = TenantAccessSettings.Load();
}
protected void Page_Load(object sender, EventArgs e)
{
if (!Enabled)
{
return;
}
Page.RegisterBodyScripts("~/usercontrols/management/ipsecurity/js/ipsecurity.js")
.RegisterStyle("~/usercontrols/management/ipsecurity/css/ipsecurity.less");
var managementPage = Page as Studio.Management;
TenantAccessAnyone = managementPage != null ?
managementPage.TenantAccess.Anyone :
TenantAccessSettings.Load().Anyone;
}
public static bool Authenticate()
{
if (SecurityContext.IsAuthenticated)
{
return(true);
}
var authenticated = false;
var tenant = CoreContext.TenantManager.GetCurrentTenant(false);
if (tenant != null)
{
if (HttpContext.Current != null)
{
string cookie;
if (AuthorizationHelper.ProcessBasicAuthorization(HttpContext.Current, out cookie))
{
CookiesManager.SetCookies(CookiesType.AuthKey, cookie);
authenticated = true;
}
}
if (!authenticated)
{
var cookie = CookiesManager.GetCookies(CookiesType.AuthKey);
if (!string.IsNullOrEmpty(cookie))
{
authenticated = SecurityContext.AuthenticateMe(cookie);
if (!authenticated)
{
Auth.ProcessLogout();
return(false);
}
}
}
var accessSettings = TenantAccessSettings.Load();
if (authenticated && SecurityContext.CurrentAccount.ID == ASC.Core.Users.Constants.OutsideUser.ID && !accessSettings.Anyone)
{
Auth.ProcessLogout();
authenticated = false;
}
}
return(authenticated);
}
protected void Page_Load(object sender, EventArgs e)
{
AjaxPro.Utility.RegisterTypeForAjax(GetType());
Page.RegisterBodyScripts("~/UserControls/Management/PortalAccessSettings/js/portalaccess.js")
.RegisterStyle("~/UserControls/Management/PortalAccessSettings/css/portalaccess.less");
var managementPage = Page as Studio.Management;
Settings = managementPage != null ? managementPage.TenantAccess : TenantAccessSettings.Load();
var currentTenantQuota = CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID);
Enabled = SetupInfo.IsVisibleSettings("PublicPortal") &&
(currentTenantQuota.Free || currentTenantQuota.NonProfit || currentTenantQuota.Trial) && !currentTenantQuota.Open;
HelpLink = CommonLinkUtility.GetHelpLink();
}
protected static bool DisplayModule(ManagementType module)
{
if (!SetupInfo.IsVisibleSettings(module.ToString()))
{
return(false);
}
switch (module)
{
case ManagementType.Migration:
return(TransferPortal.TransferRegions.Count > 1);
case ManagementType.Backup:
//only SaaS features
return(!CoreContext.Configuration.Standalone &&
!TenantAccessSettings.Load().Anyone);
case ManagementType.AuditTrail:
case ManagementType.LoginHistory:
case ManagementType.LdapSettings:
case ManagementType.WhiteLabel:
case ManagementType.SingleSignOnSettings:
//only SaaS features
return(!CoreContext.Configuration.Standalone);
case ManagementType.DeletionPortal:
//only SaaS or Server+ControlPanel
return(!CoreContext.Configuration.Standalone || TenantExtra.Enterprise && CoreContext.TenantManager.GetTenants().Count() > 1);
case ManagementType.MailService:
//only if MailServer available
return(SetupInfo.IsVisibleSettings("AdministrationPage"));
case ManagementType.Storage:
//only standalone feature
return(CoreContext.Configuration.Standalone);
}
return(true);
}
protected void Page_Load(object sender, EventArgs e)
{
AjaxPro.Utility.RegisterTypeForAjax(GetType());
Page.RegisterBodyScripts("~/UserControls/Management/MailDomainSettings/js/maildomainsettings.js")
.RegisterStyle("~/UserControls/Management/MailDomainSettings/css/maildomainsettings.less");
_currentTenant = CoreContext.TenantManager.GetCurrentTenant();
_studioTrustedDomainSettings = StudioTrustedDomainSettings.Load();
_enableInviteUsers = TenantStatisticsProvider.GetUsersCount() < TenantExtra.GetTenantQuota().ActiveUsers;
if (!_enableInviteUsers)
{
_studioTrustedDomainSettings.InviteUsersAsVisitors = true;
}
var managementPage = Page as Studio.Management;
_tenantAccessAnyone = managementPage != null ?
managementPage.TenantAccess.Anyone :
TenantAccessSettings.Load().Anyone;
HelpLink = CommonLinkUtility.GetHelpLink();
}
private void RegisterClientScript()
{
var isRetina = TenantLogoManager.IsRetina(HttpContext.Current.Request);
Page.RegisterBodyScripts("~/usercontrols/management/accessrights/js/accessrights.js")
.RegisterStyle("~/usercontrols/management/accessrights/css/accessrights.less");
var curTenant = CoreContext.TenantManager.GetCurrentTenant();
var currentOwner = CoreContext.UserManager.GetUsers(curTenant.OwnerId);
var admins = WebItemSecurity.GetProductAdministrators(Guid.Empty).ToList();
admins = admins
.GroupBy(admin => admin.ID)
.Select(group => group.First())
.Where(admin => admin.ID != currentOwner.ID)
.SortByUserName();
InitLdapRights();
var sb = new StringBuilder();
sb.AppendFormat("ownerId = \"{0}\";", curTenant.OwnerId);
sb.AppendFormat("adminList = {0};", JsonConvert.SerializeObject(admins.ConvertAll(u => new
{
id = u.ID,
smallFotoUrl = u.GetSmallPhotoURL(),
bigFotoUrl = isRetina ? u.GetBigPhotoURL() : "",
displayName = u.DisplayUserName(),
title = u.Title.HtmlEncode(),
userUrl = CommonLinkUtility.GetUserProfile(u.ID),
accessList = GetAccessList(u.ID, WebItemSecurity.IsProductAdministrator(Guid.Empty, u.ID)),
ldap = LdapRights.Contains(u.ID.ToString())
})));
sb.AppendFormat("imageHelper = {0};", JsonConvert.SerializeObject(new
{
PeopleImgSrc = WebImageSupplier.GetAbsoluteWebPath("user_12.png"),
GroupImgSrc = WebImageSupplier.GetAbsoluteWebPath("group_12.png"),
TrashImgSrc = WebImageSupplier.GetAbsoluteWebPath("trash_12.png"),
TrashImgTitle = Resource.DeleteButton
}));
var managementPage = Page as Studio.Management;
var tenantAccess = managementPage != null ? managementPage.TenantAccess : TenantAccessSettings.Load();
if (!tenantAccess.Anyone)
{
var productItemList = GetProductItemListForSerialization();
foreach (var productItem in productItemList.Where(productItem => !productItem.CanNotBeDisabled))
{
sb.AppendFormat("ASC.Settings.AccessRights.initProduct('{0}');", Convert.ToBase64String(
Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(productItem))));
}
}
sb.AppendFormat("ASC.Settings.AccessRights.init({0});",
JsonConvert.SerializeObject(Products.Select(p => p.GetSysName()).ToArray()));
Page.RegisterInlineScript(sb.ToString());
}
protected void Page_PreInit(object sender, EventArgs e)
{
if (CheckWizardCompleted)
{
var s = WizardSettings.Load();
if (!s.Completed)
{
Response.Redirect("~/Wizard.aspx");
}
}
//check auth
if (!SecurityContext.IsAuthenticated &&
!AuthByCookies() &&
!MayNotAuth)
{
if (TenantAccessSettings.Load().Anyone)
{
OutsideAuth();
}
else
{
var refererURL = GetRefererUrl();
Session["refererURL"] = refererURL;
var authUrl = "~/Auth.aspx";
if (Request.DesktopApp())
{
authUrl += "?desktop=" + Request["desktop"];
}
Response.Redirect(authUrl, true);
}
}
var user = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID);
if (!MayNotPaid &&
TenantExtra.EnableTarrifSettings &&
(TenantStatisticsProvider.IsNotPaid() || TenantExtra.UpdatedWithoutLicense) &&
WarmUp.Instance.CheckCompleted() && Request.QueryString["warmup"] != "true")
{
if (TariffSettings.HidePricingPage && !user.IsAdmin())
{
Response.StatusCode = (int)HttpStatusCode.PaymentRequired;
Response.End();
}
else
{
Response.Redirect(TenantExtra.GetTariffPageLink() + (Request.DesktopApp() ? "?desktop=true" : ""), true);
}
}
if (!MayPhoneNotActivate &&
SecurityContext.IsAuthenticated)
{
if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable &&
(string.IsNullOrEmpty(user.MobilePhone) || user.MobilePhoneActivationStatus == MobilePhoneActivationStatus.NotActivated))
{
Response.Redirect(CommonLinkUtility.GetConfirmationUrl(user.Email, ConfirmType.PhoneActivation), true);
}
if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable &&
!TfaAppUserSettings.EnableForUser(user.ID))
{
Response.Redirect(CommonLinkUtility.GetConfirmationUrl(user.Email, ConfirmType.TfaActivation), true);
}
}
//check disable and public
var webitem = CommonLinkUtility.GetWebItemByUrl(Request.Url.ToString());
var parentIsDisabled = false;
if (webitem != null && webitem.IsSubItem())
{
var parentItemID = WebItemManager.Instance.GetParentItemID(webitem.ID);
parentIsDisabled = WebItemManager.Instance[parentItemID].IsDisabled();
}
if (webitem != null && (webitem.IsDisabled() || parentIsDisabled) && !MayNotAuth)
{
if (webitem.ID == WebItemManager.PeopleProductID &&
string.Equals(GetType().BaseType.FullName, "ASC.Web.People.Profile"))
{
Response.Redirect("~/My.aspx", true);
}
Response.Redirect("~/", true);
}
if (SecurityContext.IsAuthenticated && !CoreContext.Configuration.Personal)
{
try
{
StatisticManager.SaveUserVisit(TenantProvider.CurrentTenantID, SecurityContext.CurrentAccount.ID, CommonLinkUtility.GetProductID());
}
catch (Exception exc)
{
Log.Error("failed save user visit", exc);
}
}
}
public object SaveSettings(bool anyone, bool registerUsers)
{
try
{
SecurityContext.DemandPermissions(SecutiryConstants.EditPortalSettings);
var currentTenantQuota = CoreContext.TenantManager.GetTenantQuota(TenantProvider.CurrentTenantID);
var enabled = SetupInfo.IsVisibleSettings("PublicPortal") &&
(currentTenantQuota.Free || currentTenantQuota.NonProfit || currentTenantQuota.Trial) && !currentTenantQuota.Open;
if (!enabled)
{
throw new SecurityException(Resource.PortalAccessSettingsTariffException);
}
var tenant = CoreContext.TenantManager.GetCurrentTenant();
var currentSettings = TenantAccessSettings.Load();
//do nothing if no changes detected
if (currentSettings.Anyone != anyone)
{
var items = WebItemManager.Instance.GetItemsAll();
if (anyone)
{
var openQuota = CoreContext.TenantManager.GetTenantQuotas(true).FirstOrDefault(q => q.Open);
SetQuota(openQuota);
foreach (var item in items)
{
WebItemSecurity.SetSecurity(item.ID.ToString(), item.ID != WebItemManager.CRMProductID, null); //disable crm product
}
new TenantAccessSettings {
Anyone = true, RegisterUsersImmediately = registerUsers
}.Save();
new StudioTrustedDomainSettings {
InviteUsersAsVisitors = false
}.Save();
new StudioAdminMessageSettings {
Enable = true
}.Save();
IPRestrictionsService.Save(new List <string>(), TenantProvider.CurrentTenantID);
tenant.TrustedDomainsType = registerUsers ? TenantTrustedDomainsType.All : TenantTrustedDomainsType.None;
CoreContext.TenantManager.SaveTenant(tenant);
}
else
{
var freeQuota = CoreContext.TenantManager.GetTenantQuotas(true).FirstOrDefault(q => q.Id == Tariff.CreateDefault().QuotaId);
SetQuota(freeQuota);
new TenantAccessSettings {
Anyone = false, RegisterUsersImmediately = false
}.Save();
new StudioTrustedDomainSettings {
InviteUsersAsVisitors = false
}.Save();
new StudioAdminMessageSettings {
Enable = false
}.Save();
foreach (var item in items)
{
WebItemSecurity.SetSecurity(item.ID.ToString(), true, null);
}
tenant.TrustedDomainsType = TenantTrustedDomainsType.None;
CoreContext.TenantManager.SaveTenant(tenant);
}
MessageService.Send(HttpContext.Current.Request, MessageAction.PortalAccessSettingsUpdated);
}
else if (anyone && currentSettings.RegisterUsersImmediately != registerUsers)
{
new TenantAccessSettings {
Anyone = true, RegisterUsersImmediately = registerUsers
}.Save();
tenant.TrustedDomainsType = registerUsers ? TenantTrustedDomainsType.All : TenantTrustedDomainsType.None;
CoreContext.TenantManager.SaveTenant(tenant);
}
return(new
{
Status = 1,
Message = Resource.SuccessfullySaveSettingsMessage
});
}
catch (Exception e)
{
return(new
{
Status = 0,
Message = e.Message.HtmlEncode()
});
}
}
private void RegisterClientScript()
{
Page.RegisterBodyScripts("~/usercontrols/management/accessrights/js/accessrights.js")
.RegisterStyle("~/usercontrols/management/accessrights/css/accessrights.less");
var curTenant = CoreContext.TenantManager.GetCurrentTenant();
var currentOwner = CoreContext.UserManager.GetUsers(curTenant.OwnerId);
var admins = WebItemSecurity.GetProductAdministrators(Guid.Empty).Where(admin => admin.ID != currentOwner.ID).SortByUserName();
var sb = new StringBuilder();
sb.AppendFormat("ownerId = {0};", JavaScriptSerializer.Serialize(curTenant.OwnerId));
sb.AppendFormat("adminList = {0};",
JavaScriptSerializer.Serialize(admins.ConvertAll(u => new
{
id = u.ID,
smallFotoUrl = u.GetSmallPhotoURL(),
displayName = u.DisplayUserName(),
title = u.Title.HtmlEncode(),
userUrl = CommonLinkUtility.GetUserProfile(u.ID),
accessList = GetAccessList(u.ID, WebItemSecurity.IsProductAdministrator(Guid.Empty, u.ID))
}))
);
var managementPage = Page as Studio.Management;
var tenantAccess = managementPage != null ? managementPage.TenantAccess : TenantAccessSettings.Load();
if (!tenantAccess.Anyone)
{
var productItemList = GetProductItemListForSerialization();
foreach (var productItem in productItemList)
{
var ids = productItem.SelectedUsers.Select(i => i.ID).ToArray();
var names = productItem.SelectedUsers.Select(i => i.DisplayUserName()).ToArray();
sb.AppendFormat("SelectedUsers_{0} = {1};",
productItem.ItemName,
JavaScriptSerializer.Serialize(
new
{
IDs = ids,
Names = names,
PeopleImgSrc = PeopleImgSrc,
TrashImgSrc = TrashImgSrc,
TrashImgTitle = Resource.DeleteButton,
CurrentUserID = SecurityContext.CurrentAccount.ID
})
);
ids = productItem.SelectedGroups.Select(i => i.ID).ToArray();
names = productItem.SelectedGroups.Select(i => i.Name.HtmlEncode()).ToArray();
sb.AppendFormat("SelectedGroups_{0} = {1};",
productItem.ItemName,
JavaScriptSerializer.Serialize(
new
{
IDs = ids,
Names = names,
GroupImgSrc = GroupImgSrc,
TrashImgSrc = TrashImgSrc,
TrashImgTitle = Resource.DeleteButton
})
);
if (!productItem.CanNotBeDisabled)
{
sb.AppendFormat("ASC.Settings.AccessRights.initProduct('{0}');",
Convert.ToBase64String(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(productItem))));
}
}
}
sb.AppendFormat("ASC.Settings.AccessRights.init({0});",
JavaScriptSerializer.Serialize(Products.Select(p => p.GetSysName()).ToArray())
);
Page.RegisterInlineScript(sb.ToString());
}