[gollem] [PATCH] gollem backend permissions...
Amith Varghese
amith at xalan.com
Fri Feb 13 17:25:05 PST 2004
Attached is a patch that allows an admin to set privileges on the entire backend
using the Perms UI in the Administration section. All Perms are supported now:
PERMS_SHOW : If the user has this privilege they are allowed to connect to the
backend and view files/directories
PERM_READ : Same as above
PERM_EDIT : In addition to the above, this permission allows you to upload
files, cut/copy/paste files, create directories, rename files, chmod files
PERM_DELETE : In addition to all of the above, this permission allows you to
delete files.
I also forgot to attach a new file in my last patch (gollem/lib/api.php) which
allows the Perms UI to select the backend when adding the permissions
-------------- next part --------------
<?php
/**
* Gollem external API interface.
*
*
* This file defines Gollem's external API interface. Other
* applications can interact with Gollem through this API.
*
* @author Amith Varghese (amith at xalan.com)
* @package Gollem
*/
$_services['perms'] = array(
'args' => array(),
'type' => 'array');
function _gollem_perms()
{
static $perms = array();
if (!empty($perms)) {
return $perms;
}
@define('GOLLEM_BASE', dirname(__FILE__) . '/..');
require_once GOLLEM_BASE . '/lib/base.php';
require_once GOLLEM_BASE . '/config/backends.php';
$perms['tree']['gollem']['backends'] = false;
$perms['title']['gollem:backends'] = _("Backends");
// Run through every backend.
foreach ($backends as $backend => $curBackend) {
$perms['tree']['gollem']['backends'][$backend] = false;
$perms['title']['gollem:backends:' . $backend] = $curBackend['name'];
}
return $perms;
}
-------------- next part --------------
Index: manager.php
===================================================================
RCS file: /repository/gollem/manager.php,v
retrieving revision 1.102
diff -u -r1.102 manager.php
--- manager.php 13 Feb 2004 21:14:07 -0000 1.102
+++ manager.php 14 Feb 2004 01:26:36 -0000
@@ -35,118 +35,145 @@
/* Run through the action handlers. */
switch ($actionID) {
case 'create_folder':
- if ($new_folder = Util::getPost('new_folder')) {
- $result = Gollem::createFolder($backend_key, $backend_dir, $new_folder);
- if (is_a($result, 'PEAR_Error')) {
- $notification->push($result->getMessage(), 'horde.error');
- } else {
- $notification->push(_("New directory created: ") . $new_folder, 'horde.success');
+ if (Gollem::checkPermissions('backend', PERMS_EDIT)) {
+ if ($new_folder = Util::getPost('new_folder')) {
+ $result = Gollem::createFolder($backend_key, $backend_dir,
+ $new_folder);
+ if (is_a($result, 'PEAR_Error')) {
+ $notification->push($result->getMessage(), 'horde.error');
+ } else {
+ $notification->push(_("New directory created: ") . $new_folder,
+ 'horde.success');
+ }
}
+ } else {
+ $notification->push(_("You do not have permission to create a folder."), 'horde.warning');
}
break;
case 'rename_items':
- $new = explode('|', Util::getPost('new_names'));
- $old = explode('|', Util::getPost('old_names'));
- if (!empty($new) && !empty($old) && (count($new) == count($old))) {
- $iMax = count($new);
- for ($i = 0; $i < $iMax; $i++) {
- $result = Gollem::renameItem($backend_key, $backend_dir, $old[$i], $backend_dir, $new[$i]);
- if (is_a($result, 'PEAR_Error')) {
- $notification->push($result->getMessage(), 'horde.error');
- } else {
- $notification->push(sprintf(_("'%s' renamed to '%s'"), $old[$i], $new[$i]), 'horde.success');
+ if (Gollem::checkPermissions('backend', PERMS_EDIT)) {
+ $new = explode('|', Util::getPost('new_names'));
+ $old = explode('|', Util::getPost('old_names'));
+ if (!empty($new) && !empty($old) && (count($new) == count($old))) {
+ $iMax = count($new);
+ for ($i = 0; $i < $iMax; $i++) {
+ $result = Gollem::renameItem($backend_key, $backend_dir, $old[$i], $backend_dir, $new[$i]);
+ if (is_a($result, 'PEAR_Error')) {
+ $notification->push($result->getMessage(), 'horde.error');
+ } else {
+ $notification->push(sprintf(_("'%s' renamed to '%s'"), $old[$i], $new[$i]), 'horde.success');
+ }
}
+ } else {
+ $notification->push(_("Incorrect number of items."), 'horde.error');
}
} else {
- $notification->push(_("Incorrect number of items."), 'horde.error');
+ $notification->push(_("You do not have permission to rename items."), 'horde.warning');
}
break;
case 'chmod_modify':
case 'delete_items':
- $items = Util::getPost('items');
- if (is_array($items) && count($items)) {
- foreach ($items as $item) {
- if (($actionID == 'chmod_modify') && Util::getPost('chmod')) {
- if (!is_a(Gollem::changePermissions($backend_key, Gollem::getDir($backend_key), $item, Util::getPost('chmod')), 'PEAR_Error')) {
- $notification->push(_("Chmod done: ") . $item, 'horde.success');
- } else {
- $notification->push(sprintf(_("Cannot chmod %s"), $item), 'horde.error');
- }
- } elseif ($actionID == 'delete_items') {
- if (!is_a($result = Gollem::deleteFile($backend_key, $backend_dir, $item), 'PEAR_Error')) {
- $notification->push(_("File deleted: ") . $item, 'horde.success');
- } elseif (!is_a($result = Gollem::deleteFolder($backend_key, $backend_dir, $item), 'PEAR_Error')) {
- $notification->push(_("Directory removed: ") . $item, 'horde.success');
- } else {
- $notification->push(sprintf(_("Cannot delete '%s': %s"), $item, $result->getMessage()), 'horde.error');
+ if (Gollem::checkPermissions('backend', PERMS_DELETE)) {
+ $items = Util::getPost('items');
+ if (is_array($items) && count($items)) {
+ foreach ($items as $item) {
+ if (($actionID == 'chmod_modify') && Util::getPost('chmod')) {
+ if (!is_a(Gollem::changePermissions($backend_key, Gollem::getDir($backend_key), $item, Util::getPost('chmod')), 'PEAR_Error')) {
+ $notification->push(_("Chmod done: ") . $item, 'horde.success');
+ } else {
+ $notification->push(sprintf(_("Cannot chmod %s"), $item), 'horde.error');
+ }
+ } elseif ($actionID == 'delete_items') {
+ if (!is_a($result = Gollem::deleteFile($backend_key, $backend_dir, $item), 'PEAR_Error')) {
+ $notification->push(_("File deleted: ") . $item, 'horde.success');
+ } elseif (!is_a($result = Gollem::deleteFolder($backend_key, $backend_dir, $item), 'PEAR_Error')) {
+ $notification->push(_("Directory removed: ") . $item, 'horde.success');
+ } else {
+ $notification->push(sprintf(_("Cannot delete '%s': %s"), $item, $result->getMessage()), 'horde.error');
+ }
}
}
}
+ } else {
+ $notification->push(_("You do not have permission to delete or change permissions on items."), 'horde.warning');
}
break;
case 'upload_file':
- foreach (array('file_upload_1', 'file_upload_2', 'file_upload_3') as $val) {
- if (isset($HTTP_POST_FILES[$val]) &&
- ($HTTP_POST_FILES[$val]['error'] != 4)) {
- $result = Horde::wasFileUploaded($val);
- if (is_a($result, 'PEAR_Error')) {
- $notification->push($result, 'horde.error');
- } else {
- $safe_file = $_FILES[$val]['tmp_name'];
- $result = $vfs[$backend_key]->write($backend_dir, $_FILES[$val]['name'], $safe_file);
- $notification->push(sprintf(_("File received: %s"), $_FILES[$val]['name']), 'horde.success');
+ if (Gollem::checkPermissions('backend', PERMS_EDIT)) {
+ foreach (array('file_upload_1', 'file_upload_2', 'file_upload_3') as $val) {
+ if (isset($HTTP_POST_FILES[$val]) &&
+ ($HTTP_POST_FILES[$val]['error'] != 4)) {
+
+ $result = Horde::wasFileUploaded($val);
+ if (is_a($result, 'PEAR_Error')) {
+ $notification->push($result, 'horde.error');
+ } else {
+ $safe_file = $_FILES[$val]['tmp_name'];
+ $result = $vfs[$backend_key]->write($backend_dir, $_FILES[$val]['name'], $safe_file);
+ $notification->push(sprintf(_("File received: %s"), $_FILES[$val]['name']), 'horde.success');
+ }
}
- }
+ }
+ } else {
+ $notification->push(_("You do not have permission to upload items."), 'horde.warning');
}
break;
case 'copy_items':
case 'cut_items':
- $action = ($actionID = 'copy_items') ? 'copy' : 'cut';
- $items = Util::getPost('items');
- if (is_array($items) && count($items)) {
- $_SESSION['gollem'][$action]['selected'] = true;
- foreach ($items as $item) {
- $_SESSION['gollem'][$action]['names'][$item] = $item;
- $_SESSION['gollem'][$action]['path'] = $backend_dir;
+ if (Gollem::checkPermissions('backend', PERMS_EDIT)) {
+ $action = ($actionID = 'copy_items') ? 'copy' : 'cut';
+ $items = Util::getPost('items');
+ if (is_array($items) && count($items)) {
+ $_SESSION['gollem'][$action]['selected'] = true;
+ foreach ($items as $item) {
+ $_SESSION['gollem'][$action]['names'][$item] = $item;
+ $_SESSION['gollem'][$action]['path'] = $backend_dir;
+ if ($action == 'copy') {
+ $notification->push(sprintf(_("Item copied to clipboard: %s"), $item),'horde.success');
+ } else {
+ $notification->push(sprintf(_("Item cut to clipboard: %s"), $item), 'horde.success');
+ }
+ }
+ } else {
if ($action == 'copy') {
- $notification->push(sprintf(_("Item copied to clipboard: %s"), $item),'horde.success');
+ $notification->push(_("Cannot copy items onto clipboard."), 'horde.error');
} else {
- $notification->push(sprintf(_("Item cut to clipboard: %s"), $item), 'horde.success');
+ $notification->push(_("Cannot cut items onto clipboard."), 'horde.error');
}
}
} else {
- if ($action == 'copy') {
- $notification->push(_("Cannot copy items onto clipboard."), 'horde.error');
- } else {
- $notification->push(_("Cannot cut items onto clipboard."), 'horde.error');
- }
+ $notification->push(_("You do not have permission to cut/copy items."), 'horde.warning');
}
break;
case 'paste_items':
- $action = (empty($_SESSION['gollem']['cut']['selected'])) ? 'copy' : 'cut';
- if (is_array($_SESSION['gollem'][$action]['names']) &&
- count($_SESSION['gollem'][$action]['names'])) {
- foreach ($_SESSION['gollem'][$action]['names'] as $item) {
- if ($action == 'cut') {
- $result = $vfs[$backend_key]->move($_SESSION['gollem']['cut']['path'], $item, $backend_dir);
- } else {
- $result = $vfs[$backend_key]->copy($_SESSION['gollem']['copy']['path'], $item, $backend_dir);
- }
- if (is_a($result, 'PEAR_Error')) {
- $notification->push(sprintf(_("Cannot paste '%s' (clipboard cleared): %s"), $item, $result->getMessage()), 'horde.error');
- } else {
- $notification->push(sprintf(_("%s was successfully pasted."), $item, $backend_dir), 'horde.success');
+ if (Gollem::checkPermissions('backend', PERMS_EDIT)) {
+ $action = (empty($_SESSION['gollem']['cut']['selected'])) ? 'copy' : 'cut';
+ if (is_array($_SESSION['gollem'][$action]['names']) &&
+ count($_SESSION['gollem'][$action]['names'])) {
+ foreach ($_SESSION['gollem'][$action]['names'] as $item) {
+ if ($action == 'cut') {
+ $result = $vfs[$backend_key]->move($_SESSION['gollem']['cut']['path'], $item, $backend_dir);
+ } else {
+ $result = $vfs[$backend_key]->copy($_SESSION['gollem']['copy']['path'], $item, $backend_dir);
+ }
+ if (is_a($result, 'PEAR_Error')) {
+ $notification->push(sprintf(_("Cannot paste '%s' (clipboard cleared): %s"), $item, $result->getMessage()), 'horde.error');
+ } else {
+ $notification->push(sprintf(_("%s was successfully pasted."), $item, $backend_dir), 'horde.success');
+ }
}
}
+ $_SESSION['gollem'][$action]['selected'] = false;
+ $_SESSION['gollem'][$action]['names'] = array();
+ $_SESSION['gollem'][$action]['path'] = '';
+ } else {
+ $notification->push(_("You do not have permission to paste items."), 'horde.warning');
}
- $_SESSION['gollem'][$action]['selected'] = false;
- $_SESSION['gollem'][$action]['names'] = array();
- $_SESSION['gollem'][$action]['path'] = '';
break;
}
Index: lib/Gollem.php
===================================================================
RCS file: /repository/gollem/lib/Gollem.php,v
retrieving revision 1.115
diff -u -r1.115 Gollem.php
--- lib/Gollem.php 13 Feb 2004 05:35:22 -0000 1.115
+++ lib/Gollem.php 14 Feb 2004 01:26:38 -0000
@@ -716,6 +716,35 @@
$notification->notify(array('listeners' => 'status'));
}
+ /**
+ * Checks if a user has the specified permissions on the current backend
+ *
+ * @param string $filter What are we checking for.
+ * @param int $permission What permission to check for.
+ *
+ * @return boolean Returns true if the user has permission, false if they do not
+ */
+ function checkPermissions($filter, $permission = PERMS_READ)
+ {
+ global $perms;
+ $userID = Auth::getAuth();
+
+ switch ($filter) {
+ case 'backend':
+ $backendID = Gollem::getCurrentBackend();
+ $backendTag = 'gollem:backends:' . $backendID;
+ if (!$perms->exists($backendTag) ||
+ $perms->hasPermission($backendTag, $userID, $permission)) {
+ return true;
+ }
+ break;
+ default:
+ return false;
+ }
+
+ return false;
+ }
+
function permissionsFilter($in, $filter, $permission = PERMS_READ)
{
global $perms;
Index: templates/manager/actions.inc
===================================================================
RCS file: /repository/gollem/templates/manager/actions.inc,v
retrieving revision 1.24
diff -u -r1.24 actions.inc
--- templates/manager/actions.inc 17 Nov 2003 21:28:33 -0000 1.24
+++ templates/manager/actions.inc 14 Feb 2004 01:26:52 -0000
@@ -2,7 +2,7 @@
<tr class="item"><td>
<table width="100%" border="0" cellspacing="0" cellpadding="1">
<tr>
- <?php if ($j[$backend_key] == 1): ?>
+ <?php if ($j[$backend_key] == 1 && Gollem::checkPermissions('backend', PERMS_EDIT)): ?>
<td width="40%" align="left" nowrap="nowrap">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
@@ -29,18 +29,28 @@
<select name="action<?php echo $j[$backend_key] ?>" onchange="<?php echo $backend_key ?>_chooseAction(<?php echo $j[$backend_key] ?>); document.<?php echo $backend_key?>_manager.action<?php echo $j[$backend_key] ?>.selectedIndex = 0;">
<option selected="selected"><?php echo _("Choose Action:") ?></option>
<option value="change_directory"><?php echo _("Change Directory") ?></option>
- <option value="create_folder"><?php echo _("Create Directory") ?></option>
+ <?php if (Gollem::checkPermissions('backend', PERMS_EDIT)): ?>
+ <option value="create_folder"><?php echo _("Create Directory") ?></option>
+ <?php endif; ?>
<?php if (@count($list)): ?>
- <option value="rename_items"><?php echo _("Rename Items") ?></option>
- <option value="delete_items"><?php echo _("Delete Items") ?></option>
- <option value="chmod_modify"><?php echo _("Chmod Items") ?></option>
- <?php if ((empty($_SESSION['gollem']['cut']['selected'])) && (empty($_SESSION['gollem']['copy']['selected']))): ?>
- <option value="cut_items"><?php echo _("Cut Items") ?></option>
- <option value="copy_items"><?php echo _("Copy Items") ?></option>
+ <?php if (Gollem::checkPermissions('backend', PERMS_EDIT)): ?>
+ <option value="rename_items"><?php echo _("Rename Items") ?></option>
+ <?php endif; ?>
+ <?php if (Gollem::checkPermissions('backend', PERMS_DELETE)): ?>
+ <option value="delete_items"><?php echo _("Delete Items") ?></option>
+ <?php endif; ?>
+ <?php if (Gollem::checkPermissions('backend', PERMS_EDIT)): ?>
+ <option value="chmod_modify"><?php echo _("Chmod Items") ?></option>
+ <?php if ((empty($_SESSION['gollem']['cut']['selected'])) && (empty($_SESSION['gollem']['copy']['selected']))): ?>
+ <option value="cut_items"><?php echo _("Cut Items") ?></option>
+ <option value="copy_items"><?php echo _("Copy Items") ?></option>
+ <?php endif; ?>
<?php endif; ?>
<?php endif; ?>
- <?php if ((!empty($_SESSION['gollem']['cut']['selected'])) || (!empty($_SESSION['gollem']['copy']['selected']))): ?>
+ <?php if (Gollem::checkPermissions('backend', PERMS_EDIT)): ?>
+ <?php if ((!empty($_SESSION['gollem']['cut']['selected'])) || (!empty($_SESSION['gollem']['copy']['selected']))): ?>
<option value="paste_items"><?php echo _("Paste Items") ?></option>
+ <?php endif; ?>
<?php endif; ?>
</select>
</td>
Index: templates/menu/menu.inc
===================================================================
RCS file: /repository/gollem/templates/menu/menu.inc,v
retrieving revision 1.33
diff -u -r1.33 menu.inc
--- templates/menu/menu.inc 9 Feb 2004 21:27:09 -0000 1.33
+++ templates/menu/menu.inc 14 Feb 2004 01:26:53 -0000
@@ -5,8 +5,10 @@
/* Gollem menu items. */
echo Menu::createItem(Util::addParameter(Horde::applicationUrl('manager.php'), 'dir', $_SESSION['gollem'][$backend_key]['home']), _("Home"), 'home.gif');
if (strstr($_SERVER['PHP_SELF'], 'manager.php')) {
- echo Menu::createItem('', _("Create Directory"), 'mkdir.gif', null, '', $backend_key . '_createFolder(); return false;');
- echo Menu::createItem('', _("Change Directory"), 'cd.gif', null, '', $backend_key . '_changeDirectory(); return false;');
+ if (Gollem::checkPermissions('backend', PERMS_EDIT)) {
+ echo Menu::createItem('', _("Create Directory"), 'mkdir.gif', null, '', $backend_key . '_createFolder(); return false;');
+ echo Menu::createItem('', _("Change Directory"), 'cd.gif', null, '', $backend_key . '_changeDirectory(); return false;');
+ }
}
if (($conf['prefs']['driver'] != '') && ($conf['prefs']['driver'] != 'none')) {
More information about the gollem
mailing list