[gollem] Restricring access to gollem

J. W. Andersen jwa at fasytek.dk
Wed Jul 22 12:13:03 UTC 2009 

Hi Ruben -

Thanks for your tip, which I am sure will come in handy in many situations.

However, I meanwhile managed to achieve grossly the same functionality 
using the permissions setup,
as kindly suggested by Jan Schneider. In my case the "permissions" gives 
me the advantage of
enabling a special user to gollem without granting admin rights in 
general to the mentioned user.

Anyway, thanks for your reply and effort .

Regards, Joern.-

#########################################################################3

Ruben Squartini skrev:
> Hi Joern!
>
> I use a code hack on top of gollem-h3-1.1 to achieve that.
>
> Strings are not tied to the .po files, just fixed for our application, 
> Admins have full access anyway, authorized users can't go outside 
> their homes.
>
> Perhaps is worth to include this in the standard code?
> Just let me know and I'll prepare whatever is necessary.
>
> Patches follow:
>
> ====> Begin <====
>
> gollem/manager.php
> 206a207,214
>> /* Limit users to their homes.
>> *     Ruben Squartini <ruben at neodata.com.ar> (10-Mar-2009)
>> */
>> if (!Gollem::verifyDir($currdir) && !Auth::isAdmin()) {
>>     $currdir = Gollem::getHome();
>>     $notification->push(sprintf("You don't have access outside %s", 
>> $currdir), 'horde.error');
>> }
>>
>
> gollem/redirect.php
> 54a55,76
>> /* Check that user is allowed to use Gollem.
>>  *     Ruben Squartini <ruben at neodata.com.ar> (10-Mar-2009)
>>  */
>> if ($user) {
>>     $notification->push(sprintf("User logged: %s", $user), 
>> 'horde.success');
>>     if (Auth::isAdmin()) {
>>         $notification->push(sprintf("User is Administrator"), 
>> 'horde.success');
>>     }
>>     if ($user && ((@is_array($conf['user']['allowedlist']) && 
>> in_array($user, $conf['user']['allowedlist'])) || Auth::isAdmin())) {
>>         if (!Auth::isAdmin()) {
>>             $notification->push(sprintf("You are allowed to use this 
>> module. Please be careful and follow IT policies."), 'horde.warning');
>>     }
>>     } else {
>>         $notification->push(sprintf("You are not allowed to use this 
>> module!"), 'horde.error');
>>         if (isset($_SESSION['gollem']) && 
>> is_array($_SESSION['gollem']) && ($_SESSION['gollem']['backend_key'] 
>> == $backend_key)) {
>>             unset($_SESSION['gollem']);
>>         }
>>         header('Location: ' . 
>> Auth::addLogoutParameters(Gollem::logoutUrl(), AUTH_REASON_FAILED));
>>         exit;
>>     }
>> }
>>
>
> gollem/config/conf.xml
> 58a59,61
>>    <configlist name="allowedlist" desc="Which users have access to 
>> this module
>>    apart from administrators (See 
>> Horde->Authentication->$conf[auth][admins])?"
>>    required="false"/>
>
> =====> End <=====
>
> I think that's all...
>
> Regards,
> Ruben.
>
>
> gollem-request at lists.horde.org ecribió:
>
>> Date: Thu, 09 Jul 2009 12:04:57 +0200
>> From: "J. W. Andersen" <jwa at fasytek.dk>
>> Subject: [gollem] Restricring access to gollem
>> To: gollem at lists.horde.org
>> Message-ID: <4A55C0C9.7060604 at fasytek.dk>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> I have a dozen  user, which should be able to handle their e-mail via
>> IMP, but only
>> a few of these should have acces to gollem on the same system.
>>
>> How can I restrict access to gollem, once the users are autheticated via
>> horde or imp ?
>> Regards, Joern.-
>
>
> ====================
>
> El contenido del presente mensaje y sus adjuntos, es confidencial, 
> privado y de uso exclusivo de los destinatarios a los cuales esta 
> dirigido, pudiendo contener información privilegiada y legalmente 
> protegida. Queda prohibida la revisión, divulgación, publicación, 
> modificación, copia, distribución o acción en relación con esta 
> información, por personas o entidades distintas al destinatario. Si 
> usted, por alguna razón, lo ha recibido por error, por favor tenga la 
> amabilidad de re-enviarlo al remitente y eliminarlo de su sistema. Las 
> opiniones contenidas son exclusivas de su autor y no representan 
> necesariamente, la opinión del Observatorio o sus Instituciones 
> asociadas. Muchas gracias!
> http://www.auger.org.ar
>
> This e-mail transmission and it's attachments are confidential, 
> private and of exclusive use of their legal recipients, can content 
> legally privileged information. If you are not the intended recipient, 
> you are hereby notified that any disclosure, copying, distribution, or 
> reliance upon the contents of this e-mail is strictly prohibited. If 
> you have received this e-mail transmission in error, please reply to 
> the sender, so that the Observatory can arrange for proper delivery, 
> and then please delete the message from your system. Opinions 
> expressed are exclusive from the author and are not necessarily shared 
> or supported by the Observatory or partner Institutions. Thank you!
> http://www.auger.org.ar

More information about the gollem mailing list