[Tickets #2603] NEW: Gollem root & home
bugs@bugs.horde.org
bugs at bugs.horde.org
Wed Sep 14 11:27:10 PDT 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=2603
-----------------------------------------------------------------------
Ticket | 2603
Created By | gollem at top-consulting.net
Summary | Gollem root & home
Queue | Gollem
Version | 1.0
State | Unconfirmed
Priority | 2. Medium
Type | Bug
Owners |
-----------------------------------------------------------------------
gollem at top-consulting.net (2005-09-14 11:27) wrote:
Hi Guys,
i'm running into problems with the Gollem add-on.
I am using the SQL VFS backend and my main goal is to not allow users to
view
each other's files.
That is what I use as far as root and home in my backends.php file
'root' => '/home/',
'home' => '/home/' . Auth::getAuth(),
Since I have tons of users and I can't create homes for them all, I also
use:
'createhome' => true,
This works fine with a problem though... everyone can see everyone else's
files!
I tried setting the root to the same value as home and although that DOES
work in limiting access to existing users to their own files, it DOES NOT
allow new users to enable their own homedir ( because of the root value
which is set to home.username, yet which does not exist yet in horde_vfs ).
For new users to start uploading files, root must be one level less than
home. Once they have it created, root can equal home.
That is my problem. I found an inelegant solution and if anyone can give me
any hints I'd greatly appreciate it. Thanks!
My solution consists of "hiding" the [Root] link in Gollem so that users
can't click on it and view other people's files. It's inelegant because if
someone knows a bit about Gollem, they can still access the Root by entering
the root url directly.
To implement it, all I did was comment out the following line in
gollem/lib/Gollem.php
//$label[] = Horde::link(Util::addParameter($url, 'dir', $root_dir),
sprintf(_("Up to %s"), _("Root")), 'header') . '[' . _("Root") . ']</a>';
More information about the bugs
mailing list