ZohoEditor : remove "write" attribute and send mode="view" for openin…

…g editor in readonly mode.

core/src/plugins/editor.zoho/class.ZohoEditor.php

@@ -96,7 +96,11 @@ public function switchAction($action, $httpVars, $filesVars)
         if (!$repository->detectStreamWrapper(true)) {
             return false;
         }
-
+        if(AuthService::getLoggedUser() != null){
+            $repoWriteable = AuthService::getLoggedUser()->canWrite($repository->getId());
+        }else{
+            $repoWriteable = false;
+        }
         $selection = new UserSelection($repository, $httpVars);
         $destStreamURL = $selection->currentBaseUrl();
 
@@ -114,15 +118,16 @@ public function switchAction($action, $httpVars, $filesVars)
             }else{
                 $file = $selection->getUniqueFile();
             }
-            if(!is_readable($destStreamURL.$file)){
+            $nodeUrl = $destStreamURL.$file;
+            if(!is_readable($nodeUrl)){
                 throw new Exception("Cannot find file!");
             }
 
             $target = base64_decode($httpVars["parent_url"]);
-            $tmp = AJXP_MetaStreamWrapper::getRealFSReference($destStreamURL.$file);
+            $tmp = AJXP_MetaStreamWrapper::getRealFSReference($nodeUrl);
             $tmp = SystemTextEncoding::fromUTF8($tmp);
 
-            $node = new AJXP_Node($destStreamURL.$file);
+            $node = new AJXP_Node($nodeUrl);
             AJXP_Controller::applyHook("node.read", array($node));
             $this->logInfo('Preview', 'Posting content of '.$file.' to Zoho server', array("files" => $file));
 
@@ -131,7 +136,7 @@ public function switchAction($action, $httpVars, $filesVars)
             $httpClient->request_method = "POST";
 
             $secureToken = $httpVars["secure_token"];
-            $_SESSION["ZOHO_CURRENT_EDITED"] = $destStreamURL.$file;
+            $_SESSION["ZOHO_CURRENT_EDITED"] = $nodeUrl;
             $_SESSION["ZOHO_CURRENT_UUID"]   = md5(rand()."-".microtime());
 
             if ($this->getFilteredOption("USE_ZOHO_AGENT", $repository)) {
@@ -150,7 +155,7 @@ public function switchAction($action, $httpVars, $filesVars)
                 'filename' => urlencode(basename($file)),
                 'persistence' => 'false',
                 'format' => $extension,
-                'mode' => 'normaledit',
+                'mode' => $repoWriteable && is_writeable($nodeUrl) ? 'normaledit' : 'view',
                 'saveurl'   => $saveUrl."?signature=".$b64Sig
             );
 
@@ -202,6 +207,12 @@ public function switchAction($action, $httpVars, $filesVars)
             $ext = pathinfo($targetFile, PATHINFO_EXTENSION);
             $node = new AJXP_Node($targetFile);
             $node->loadNodeInfo();
+
+            if(!$repoWriteable || !is_writeable($node->getUrl())){
+                $this->logError("Zoho Editor", "Trying to edit an unauthorized file ".$node->getUrl());
+                echo "NOT_ALLOWED";
+                return false;
+            }
             AJXP_Controller::applyHook("node.before_change", array(&$node));
 
             $b64Sig = $this->signID($id);

core/src/plugins/editor.zoho/manifest.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<editor id="editor.zoho" order="3" enabled="false" openable="true" text="zoho_editor.1" iconClass="icon-edit" title="zoho_editor.2" description="CONF_MESSAGE[Zoho editor]" icon="zoho_img/zoho.png" label="CONF_MESSAGE[Office Docs]" className="ZohoEditor" mimes="xls,xlsx,ods,sxc,csv,tsv,ppt,pps,odp,sxi,doc,docx,rtf,odt,sxw" formId="zoho_box" write="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="file:../core.ajaxplorer/ajxp_registry.xsd">
+<editor id="editor.zoho" order="3" enabled="false" openable="true" text="zoho_editor.1" iconClass="icon-edit" title="zoho_editor.2" description="CONF_MESSAGE[Zoho editor]" icon="zoho_img/zoho.png" label="CONF_MESSAGE[Office Docs]" className="ZohoEditor" mimes="xls,xlsx,ods,sxc,csv,tsv,ppt,pps,odp,sxi,doc,docx,rtf,odt,sxw" formId="zoho_box" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="file:../core.ajaxplorer/ajxp_registry.xsd">
 	<class_definition filename="plugins/editor.zoho/class.ZohoEditor.php" classname="ZohoEditor"/>
     <server_settings>
         <global_param name="ZOHO_API_KEY" type="string" description="CONF_MESSAGE[Zoho API Key, you must have registered to api.zoho.com]" label="CONF_MESSAGE[API Key]" mandatory="true"/>