diff --git a/web/ASC.Web.Api/Api/Settings/SettingsController.cs b/web/ASC.Web.Api/Api/Settings/SettingsController.cs index 4dda9824fcf..68d04787639 100644 --- a/web/ASC.Web.Api/Api/Settings/SettingsController.cs +++ b/web/ASC.Web.Api/Api/Settings/SettingsController.cs @@ -228,7 +228,15 @@ public async Task GetSettingsAsync(bool? withpassword) settings.Plugins.Enabled = pluginsEnabled; } - settings.Plugins.Allow = _configuration.GetSection("plugins:allow").Get>() ?? new List(); + if (bool.TryParse(_configuration["plugins:upload"], out var pluginsUpload)) + { + settings.Plugins.Upload = pluginsUpload; + } + + if (bool.TryParse(_configuration["plugins:delete"], out var pluginsDelete)) + { + settings.Plugins.Delete = pluginsDelete; + } var formGallerySettings = _configurationExtension.GetSetting("files:oform"); settings.FormGallery = _mapper.Map(formGallerySettings); diff --git a/web/ASC.Web.Api/ApiModels/ResponseDto/PluginsDto.cs b/web/ASC.Web.Api/ApiModels/ResponseDto/PluginsDto.cs index 7d41287f853..f8d66f26461 100644 --- a/web/ASC.Web.Api/ApiModels/ResponseDto/PluginsDto.cs +++ b/web/ASC.Web.Api/ApiModels/ResponseDto/PluginsDto.cs @@ -34,8 +34,11 @@ public class PluginsDto /// System.Boolean, System public bool Enabled { get; set; } - /// The allowed actions with the plugins ("upload", "delete", etc.) - /// System.Collections.Generic.IEnumerable{System.String}, System.Collections.Generic - public IEnumerable Allow { get; set; } + /// Specifies if the plugins can be uploaded or not + /// System.Boolean, System + public bool Upload { get; set; } + /// Specifies if the plugins can be deleted or not + /// System.Boolean, System + public bool Delete { get; set; } } \ No newline at end of file diff --git a/web/ASC.Web.Core/WebPluginManager.cs b/web/ASC.Web.Core/WebPluginManager.cs index 6ab1fa1d0a8..6451e4c44ce 100644 --- a/web/ASC.Web.Core/WebPluginManager.cs +++ b/web/ASC.Web.Core/WebPluginManager.cs @@ -124,14 +124,14 @@ public WebPluginManager( _log = log; } - private void DemandWebPlugins(string action = null) + private void DemandWebPlugins(bool upload = false, bool delete = false) { if (!_webPluginConfigSettings.Enabled) { throw new SecurityException("Plugins disabled"); } - if (!string.IsNullOrWhiteSpace(action) && _webPluginConfigSettings.Allow.Any() && !_webPluginConfigSettings.Allow.Contains(action)) + if ((upload && !_webPluginConfigSettings.Upload) || (delete && !_webPluginConfigSettings.Delete)) { throw new SecurityException("Forbidden action"); } @@ -160,7 +160,7 @@ private static async Task GetPluginUrlTemplateAsync(IDataStore storage) public async Task AddWebPluginFromFileAsync(int tenantId, IFormFile file, bool system) { - DemandWebPlugins("upload"); + DemandWebPlugins(upload: true); if (system && !_coreBaseSettings.Standalone) { @@ -461,7 +461,7 @@ private async Task UpdateWebPluginAsync(int tenantId, WebPlugin webPl public async Task DeleteWebPluginAsync(int tenantId, string name) { - DemandWebPlugins("delete"); + DemandWebPlugins(delete: true); var webPlugin = await GetWebPluginByNameAsync(tenantId, name); diff --git a/web/ASC.Web.Core/WebPluginSettings.cs b/web/ASC.Web.Core/WebPluginSettings.cs index 81d7cb21e5b..b163db830a5 100644 --- a/web/ASC.Web.Core/WebPluginSettings.cs +++ b/web/ASC.Web.Core/WebPluginSettings.cs @@ -36,10 +36,11 @@ public WebPluginConfigSettings(ConfigurationExtension configuration) private long _maxSize; private string _extension; - private string[] _allow; private string[] _assetExtensions; public bool Enabled { get; set; } + public bool Upload { get; set; } + public bool Delete { get; set; } public long MaxSize { @@ -53,12 +54,6 @@ public string Extension set => _extension = value; } - public string[] Allow - { - get => _allow ?? Array.Empty(); - set => _allow = value; - } - public string[] AssetExtensions { get => _assetExtensions ?? Array.Empty();