From bc7ecf020ca064892cfc27d416558b844f6b54f9 Mon Sep 17 00:00:00 2001 From: Sukhorukov Anton Date: Thu, 7 Dec 2023 11:40:52 +0300 Subject: [PATCH] fix Bug 65277 --- web/ASC.Web.Api/Api/Settings/TfaappController.cs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/web/ASC.Web.Api/Api/Settings/TfaappController.cs b/web/ASC.Web.Api/Api/Settings/TfaappController.cs index 5bf785aae56..2182eae176a 100644 --- a/web/ASC.Web.Api/Api/Settings/TfaappController.cs +++ b/web/ASC.Web.Api/Api/Settings/TfaappController.cs @@ -47,6 +47,7 @@ public class TfaappController : BaseSettingsController private readonly InstanceCrypto _instanceCrypto; private readonly Signature _signature; private readonly SecurityContext _securityContext; + private readonly TenantManager _tenantManager; public TfaappController( MessageService messageService, @@ -69,7 +70,8 @@ public TfaappController( InstanceCrypto instanceCrypto, Signature signature, SecurityContext securityContext, - IHttpContextAccessor httpContextAccessor) : base(apiContext, memoryCache, webItemManager, httpContextAccessor) + IHttpContextAccessor httpContextAccessor, + TenantManager tenantManager) : base(apiContext, memoryCache, webItemManager, httpContextAccessor) { _smsProviderManager = smsProviderManager; _messageService = messageService; @@ -88,6 +90,7 @@ public TfaappController( _instanceCrypto = instanceCrypto; _signature = signature; _securityContext = securityContext; + _tenantManager = tenantManager; } /// @@ -435,6 +438,11 @@ public async Task TfaAppNewAppAsync(TfaRequestsDto inDto) throw new SecurityAccessDeniedException(Resource.ErrorAccessDenied); } + if (!isMe && _tenantManager.GetCurrentTenant().OwnerId != _authContext.CurrentAccount.ID) + { + throw new SecurityAccessDeniedException(Resource.ErrorAccessDenied); + } + if (!_tfaAppAuthSettingsHelper.IsVisibleSettings || !await TfaAppUserSettings.EnableForUserAsync(_settingsManager, user.Id)) { throw new Exception(Resource.TfaAppNotAvailable);