Skip to content

Commit

Permalink
Merge branch 'hotfix/v3.0.1' into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlexeySafronov
AlexeySafronov committed Nov 29, 2024
2 parents 2277a67 + 8a87ddb commit cce547f
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 39 deletions.
82 changes: 47 additions & 35 deletions products/ASC.Files/Core/Core/Security/FileSecurity.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1237,42 +1237,8 @@ FilesSecurityActions.SubmitToFormGallery or
}
else
{
var subjects = new List<Guid>();
if (shares == null)
{
var includeAvailableLinks = e is { RootFolderType: FolderType.USER or FolderType.VirtualRooms } and not IFolder { FolderType: FolderType.USER } &&
e.RootCreateBy != userId;

subjects = await GetUserSubjectsAsync(userId, includeAvailableLinks);
shares = await GetSharesAsync(e, subjects);
}
ace = await GetCurrentShareAsync(e, userId, isDocSpaceAdmin, shares);

if (e.FileEntryType == FileEntryType.File)
{
ace = shares
.OrderBy(r => r, new SubjectComparer<T>(subjects))
.ThenByDescending(r => r.Share, new FileShareRecord<T>.ShareComparer(e.RootFolderType))
.FirstOrDefault(r => Equals(r.EntryId, e.Id) && r.EntryType == FileEntryType.File);

if (ace == null)
{
// share on parent folders
ace = shares.Where(r => Equals(r.EntryId, file.ParentId) && r.EntryType == FileEntryType.Folder)
.OrderBy(r => r, new SubjectComparer<T>(subjects))
.ThenBy(r => r.Level)
.ThenBy(r => r.Share, new FileShareRecord<T>.ShareComparer(e.RootFolderType))
.FirstOrDefault();
}
}
else
{
ace = shares.Where(r => Equals(r.EntryId, e.Id) && r.EntryType == FileEntryType.Folder)
.OrderBy(r => r, new SubjectComparer<T>(subjects))
.ThenBy(r => r.Level)
.ThenBy(r => r.Share, new FileShareRecord<T>.ShareComparer(e.RootFolderType))
.FirstOrDefault();
}

if (e.RootFolderType is FolderType.VirtualRooms or FolderType.Archive &&
ace is { SubjectType: SubjectType.User or SubjectType.ExternalLink or SubjectType.PrimaryExternalLink })
{
Expand Down Expand Up @@ -1758,6 +1724,52 @@ bool MustConvert(FileEntry entry)
}
}

public async Task<FileShareRecord<T>> GetCurrentShareAsync<T>(FileEntry<T> entry, Guid userId, bool isDocSpaceAdmin, IEnumerable<FileShareRecord<T>> shares = null)
{
FileShareRecord<T> ace;
var subjects = new List<Guid>();
if (shares == null)
{
var includeAvailableLinks = entry switch
{
{ RootFolderType: FolderType.USER } when entry.CreateBy != userId => true,
{ RootFolderType: FolderType.VirtualRooms } when !isDocSpaceAdmin => true,
_ => false
};

subjects = await GetUserSubjectsAsync(userId, includeAvailableLinks);
shares = await GetSharesAsync(entry, subjects);
}

if (entry.FileEntryType == FileEntryType.File)
{
ace = shares
.OrderBy(r => r, new SubjectComparer<T>(subjects))
.ThenByDescending(r => r.Share, new FileShareRecord<T>.ShareComparer(entry.RootFolderType))
.FirstOrDefault(r => Equals(r.EntryId, entry.Id) && r.EntryType == FileEntryType.File);

if (ace == null)
{
// share on parent folders
ace = shares.Where(r => Equals(r.EntryId, entry.ParentId) && r.EntryType == FileEntryType.Folder)
.OrderBy(r => r, new SubjectComparer<T>(subjects))
.ThenBy(r => r.Level)
.ThenBy(r => r.Share, new FileShareRecord<T>.ShareComparer(entry.RootFolderType))
.FirstOrDefault();
}
}
else
{
ace = shares.Where(r => Equals(r.EntryId, entry.Id) && r.EntryType == FileEntryType.Folder)
.OrderBy(r => r, new SubjectComparer<T>(subjects))
.ThenBy(r => r.Level)
.ThenBy(r => r.Share, new FileShareRecord<T>.ShareComparer(entry.RootFolderType))
.FirstOrDefault();
}

return ace;
}

public async Task ShareAsync<T>(T entryId, FileEntryType entryType, Guid @for, FileShare share, SubjectType subjectType = default, FileShareOptions options = null, Guid? owner = null)
{
var securityDao = daoFactory.GetSecurityDao<T>();
Expand Down
15 changes: 11 additions & 4 deletions products/ASC.Files/Core/Helpers/ExternalLinkHelper.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,22 +102,23 @@ public async Task<ValidationInfo> ValidateAsync(string key, string password = nu
if (isAuth)
{
var userId = securityContext.CurrentAccount.ID;
var isDocSpaceAdmin = await userManager.IsDocSpaceAdminAsync(userId);

if (entry.CreateBy.Equals(userId) || await userManager.IsDocSpaceAdminAsync(userId))
if (entry.CreateBy.Equals(userId))
{
result.Shared = true;
}
else
{
result.Shared = (entry switch
{
FileEntry<int> entryInt => await fileSecurity.CanReadAsync(entryInt) && !entryInt.ShareRecord.IsLink,
FileEntry<string> entryString => await fileSecurity.CanReadAsync(entryString) && !entryString.ShareRecord.IsLink,
FileEntry<int> entryInt => await IsSharedAsync(entryInt, userId, isDocSpaceAdmin),
FileEntry<string> entryString => await IsSharedAsync(entryString, userId, isDocSpaceAdmin),
_ => false
});
}

if (!result.Shared && result.Status == Status.Ok)
if (!result.Shared && result.Status == Status.Ok && !isDocSpaceAdmin)
{
result.Shared = entry switch
{
Expand Down Expand Up @@ -214,4 +215,10 @@ private async Task<bool> MarkAsync<T>(Folder<T> room, Guid linkId, Guid userId)
throw new ArgumentOutOfRangeException();
}
}

private async Task<bool> IsSharedAsync<T>(FileEntry<T> entry, Guid userId, bool isDocSpaceAdmin)
{
var record = await fileSecurity.GetCurrentShareAsync(entry, userId, isDocSpaceAdmin);
return record != null && record.Share != FileShare.Restrict && !record.IsLink;
}
}

0 comments on commit cce547f

Please sign in to comment.