[gollem] Restricring access to gollem

Ruben Squartini ruben at auger.org.ar
Tue Jul 21 19:52:18 UTC 2009


Hi Joern!

I use a code hack on top of gollem-h3-1.1 to achieve that.

Strings are not tied to the .po files, just fixed for our application,  
Admins have full access anyway, authorized users can't go outside  
their homes.

Perhaps is worth to include this in the standard code?
Just let me know and I'll prepare whatever is necessary.

Patches follow:

====> Begin <====

gollem/manager.php
206a207,214
> /* Limit users to their homes.
> *     Ruben Squartini <ruben at neodata.com.ar> (10-Mar-2009)
> */
> if (!Gollem::verifyDir($currdir) && !Auth::isAdmin()) {
>     $currdir = Gollem::getHome();
>     $notification->push(sprintf("You don't have access outside %s",  
> $currdir), 'horde.error');
> }
>

gollem/redirect.php
54a55,76
> /* Check that user is allowed to use Gollem.
>  *     Ruben Squartini <ruben at neodata.com.ar> (10-Mar-2009)
>  */
> if ($user) {
>     $notification->push(sprintf("User logged: %s", $user), 'horde.success');
>     if (Auth::isAdmin()) {
>         $notification->push(sprintf("User is Administrator"),  
> 'horde.success');
>     }
>     if ($user && ((@is_array($conf['user']['allowedlist']) &&  
> in_array($user, $conf['user']['allowedlist'])) || Auth::isAdmin())) {
>         if (!Auth::isAdmin()) {
>             $notification->push(sprintf("You are allowed to use this  
> module. Please be careful and follow IT policies."), 'horde.warning');
> 	}
>     } else {
>         $notification->push(sprintf("You are not allowed to use this  
> module!"), 'horde.error');
>         if (isset($_SESSION['gollem']) &&  
> is_array($_SESSION['gollem']) && ($_SESSION['gollem']['backend_key']  
> == $backend_key)) {
>             unset($_SESSION['gollem']);
>         }
>         header('Location: ' .  
> Auth::addLogoutParameters(Gollem::logoutUrl(), AUTH_REASON_FAILED));
>         exit;
>     }
> }
>

gollem/config/conf.xml
58a59,61
>    <configlist name="allowedlist" desc="Which users have access to  
> this module
>    apart from administrators (See  
> Horde->Authentication->$conf[auth][admins])?"
>    required="false"/>

=====> End <=====

I think that's all...

Regards,
Ruben.


gollem-request at lists.horde.org ecribió:

> Date: Thu, 09 Jul 2009 12:04:57 +0200
> From: "J. W. Andersen" <jwa at fasytek.dk>
> Subject: [gollem] Restricring access to gollem
> To: gollem at lists.horde.org
> Message-ID: <4A55C0C9.7060604 at fasytek.dk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> I have a dozen  user, which should be able to handle their e-mail via
> IMP, but only
> a few of these should have acces to gollem on the same system.
>
> How can I restrict access to gollem, once the users are autheticated via
> horde or imp ?
> Regards, Joern.-


====================

El contenido del presente mensaje y sus adjuntos, es confidencial,  
privado y de uso exclusivo de los destinatarios a los cuales esta  
dirigido, pudiendo contener información privilegiada y legalmente  
protegida. Queda prohibida la revisión, divulgación, publicación,  
modificación, copia, distribución o acción en relación con esta  
información, por personas o entidades distintas al destinatario. Si  
usted, por alguna razón, lo ha recibido por error, por favor tenga la  
amabilidad de re-enviarlo al remitente y eliminarlo de su sistema. Las  
opiniones contenidas son exclusivas de su autor y no representan  
necesariamente, la opinión del Observatorio o sus Instituciones  
asociadas. Muchas gracias!
http://www.auger.org.ar

This e-mail transmission and it's attachments are confidential,  
private and of exclusive use of their legal recipients, can content  
legally privileged information. If you are not the intended recipient,  
you are hereby notified that any disclosure, copying, distribution, or  
reliance upon the contents of this e-mail is strictly prohibited. If  
you have received this e-mail transmission in error, please reply to  
the sender, so that the Observatory can arrange for proper delivery,  
and then please delete the message from your system. Opinions  
expressed are exclusive from the author and are not necessarily shared  
or supported by the Observatory or partner Institutions. Thank you!
http://www.auger.org.ar


More information about the gollem mailing list