Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Fix download right management on public link.
Browse files Browse the repository at this point in the history
  • Loading branch information
@cdujeu
cdujeu committed Feb 26, 2016
1 parent a8f78c8 commit 64b1871
Show file tree
Hide file tree
Showing 4 changed files with 129 additions and 114 deletions.
151 changes: 49 additions & 102 deletions core/src/plugins/action.share/class.ShareCenter.php
View file
Expand Up @@ -242,7 +242,14 @@ public function isShared($ajxpNode)
protected function getRightsManager(){
if(!isSet($this->rightsManager)){
require_once("class.ShareRightsManager.php");
$this->rightsManager = new ShareRightsManager($this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository), $this->watcher);
$options = array(
"SHARED_USERS_TMP_PREFIX" => $this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository),
"SHARE_FORCE_PASSWORD" => $this->getFilteredOption("SHARE_FORCE_PASSWORD", $this->repository)
);
$this->rightsManager = new ShareRightsManager(
$options,
$this->getShareStore(),
$this->watcher);
}
return $this->rightsManager;
}
Expand Down Expand Up @@ -1281,65 +1288,6 @@ protected function createOrLoadSharedRepository($httpVars, &$update){

}

/**
* @param array $httpVars
* @param ShareLink $shareObject
* @param bool $update
* @param null $guestUserPass
* @return array
* @throws Exception
*/
protected function prepareSharedUserEntry($httpVars, &$shareObject, $update, $guestUserPass = null){
$userPass = null;

$forcePassword = $this->getFilteredOption("SHARE_FORCE_PASSWORD", $this->repository);
if($forcePassword && (
(isSet($httpVars["create_guest_user"]) && $httpVars["create_guest_user"] == "true" && empty($guestUserPass))
|| (isSet($httpVars["guest_user_id"]) && isSet($guestUserPass) && strlen($guestUserPass) == 0)
)){
$mess = ConfService::getMessages();
throw new Exception($mess["share_center.175"]);
}

if($update){

// THIS IS AN EXISTING SHARE
// FIND SHARE AND EXISTING HIDDEN USER ID
if($shareObject->isAttachedToRepository()){
$existingRepo = $shareObject->getRepository();
$this->getShareStore()->testUserCanEditShare($existingRepo->getOwner(), $existingRepo->options);
}
$uniqueUser = $shareObject->getUniqueUser();

if($guestUserPass !== null && strlen($guestUserPass)) {
$userPass = $guestUserPass;
$shareObject->setUniqueUser($uniqueUser, true);
}else if(!$shareObject->shouldRequirePassword() || ($guestUserPass !== null && $guestUserPass == "")){
$shareObject->setUniqueUser($uniqueUser, false);
}

} else {

$update = false;
$shareObject->createHiddenUserId(
$this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository),
!empty($guestUserPass)
);
if(!empty($guestUserPass)){
$userPass = $guestUserPass;
}else{
$userPass = $shareObject->createHiddenUserPassword();
}
$uniqueUser = $shareObject->getUniqueUser();
}

$hiddenUserEntry = $this->getRightsManager()->createHiddenUserEntry($httpVars, $uniqueUser, $userPass, $update);
if(empty($hiddenUserEntry["RIGHT"])){
throw new Exception("share_center.58");
}
return $hiddenUserEntry;
}

/**
* @param array $httpVars
* @param bool $update
Expand All @@ -1354,20 +1302,20 @@ public function createSharedMinisite($httpVars, &$update)
}else{
$shareObject = $this->getShareStore()->createEmptyShareObject();
}
$hiddenUserEntry = $this->prepareSharedUserEntry(
$shareObject->parseHttpVars($httpVars);
$hiddenUserEntry = $this->getRightsManager()->prepareSharedUserEntry(
$httpVars,
$shareObject,
isSet($httpVars["hash"]),
(isSet($httpVars["guest_user_pass"])?$httpVars["guest_user_pass"]:null)
);
$shareObject->parseHttpVars($httpVars);
$userSelection = new UserSelection($this->repository, $httpVars);
$this->filterHttpVarsForLeafPath($httpVars, $userSelection);

$users = array(); $groups = array();
$users[$hiddenUserEntry["ID"]] = $hiddenUserEntry;

$newRepo = $this->createSharedRepository($httpVars, $repoUpdate, $users, $groups, $shareObject->disableDownload());
$newRepo = $this->createSharedRepository($httpVars, $repoUpdate, $users, $groups);

$shareObject->setParentRepositoryId($this->repository->getId());
$shareObject->attachToRepository($newRepo->getId());
Expand Down Expand Up @@ -1402,12 +1350,12 @@ public function createSharedMinisite($httpVars, &$update)
/**
* @param array $httpVars
* @param bool $update
* @param array|null $hiddenUserEntry
* @param bool $disableDownload
* @param array $users
* @param array $groups
* @return Repository
* @throws Exception
*/
public function createSharedRepository($httpVars, &$update, $users=array(), $groups=array(), $disableDownload = false)
public function createSharedRepository($httpVars, &$update, $users=array(), $groups=array())
{
// ERRORS
// 100 : missing args
Expand All @@ -1425,7 +1373,7 @@ public function createSharedRepository($httpVars, &$update, $users=array(), $gro
$newRepo = $this->createOrLoadSharedRepository($httpVars, $update);

$selection = new UserSelection($this->repository, $httpVars);
$this->getRightsManager()->assignSharedRepositoryPermissions($this->repository, $newRepo, $update, $users, $groups, $selection, $disableDownload);
$this->getRightsManager()->assignSharedRepositoryPermissions($this->repository, $newRepo, $update, $users, $groups, $selection);

// HANDLE WATCHES ON CHILDREN AND PARENT
foreach($users as $userName => $userEntry){
Expand All @@ -1446,6 +1394,37 @@ public function createSharedRepository($httpVars, &$update, $users=array(), $gro
return $newRepo;
}

/**
* @param array $linkData
* @param array $hiddenUserEntries
* @param array $shareObjects
* @param string $type
* @param string $invitationLabel
* @return ShareLink
* @throws Exception
*/
protected function shareObjectFromParameters($linkData, &$hiddenUserEntries, &$shareObjects, $type = "public", $invitationLabel = ""){
if(isSet($linkData["hash"])){
$link = $this->getShareStore()->loadShareObject($linkData["hash"]);
}else{
if($type == "public"){
$link = $this->getShareStore()->createEmptyShareObject();
}else{
$link = new Pydio\OCS\Model\TargettedLink($this->getShareStore());
if(AuthService::usersEnabled()) $link->setOwnerId(AuthService::getLoggedUser()->getId());
$link->prepareInvitation($linkData["HOST"], $linkData["USER"], $invitationLabel);
}
}
$link->parseHttpVars($linkData);
$hiddenUserEntries[] = $this->getRightsManager()->prepareSharedUserEntry(
$linkData,
$link,
isSet($linkData["hash"]),
(isSet($linkData["guest_user_pass"])?$linkData["guest_user_pass"]:null)
);
$shareObjects[] = $link;
}

/**
* @param array $httpVars
* @param bool $update
Expand All @@ -1468,27 +1447,9 @@ public function shareNode($httpVars, &$update){

// PUBLIC LINK
if(isSet($httpVars["enable_public_link"])){

// PREPARE HIDDEN USER DATA
if(isSet($httpVars["hash"])){
$shareObject = $this->getShareStore()->loadShareObject($httpVars["hash"]);
}else{
$shareObject = $this->getShareStore()->createEmptyShareObject();
}
$hiddenUserEntries[] = $this->prepareSharedUserEntry(
$httpVars,
$shareObject,
isSet($httpVars["hash"]),
(isSet($httpVars["guest_user_pass"])?$httpVars["guest_user_pass"]:null)
);
$shareObject->parseHttpVars($httpVars);
$downloadDisabled = $shareObject->disableDownload();
$shareObjects[] = $shareObject;

$this->shareObjectFromParameters($httpVars, $hiddenUserEntries, $shareObjects, "public");
}else if(isSet($httpVars["disable_public_link"])){

$this->getShareStore()->deleteShare("minisite", $httpVars["disable_public_link"], true);

}

if(isSet($httpVars["ocs_data"])){
Expand All @@ -1505,21 +1466,7 @@ public function shareNode($httpVars, &$update){
}
$newLinks = $ocsData["LINKS"];
foreach($newLinks as $linkData){
if(isSet($linkData["hash"])){
$link = $this->getShareStore()->loadShareObject($httpVars["hash"]);
}else{
$link = new Pydio\OCS\Model\TargettedLink($this->getShareStore());
if(AuthService::usersEnabled()) $link->setOwnerId(AuthService::getLoggedUser()->getId());
$link->prepareInvitation($linkData["HOST"], $linkData["USER"], $userSelection->getUniqueNode()->getLabel());
}
$hiddenUserEntries[] = $this->prepareSharedUserEntry(
$linkData,
$link,
isSet($linkData["hash"]),
(isSet($linkData["guest_user_pass"])?$linkData["guest_user_pass"]:null)
);
$link->parseHttpVars($linkData);
$shareObjects[] = $link;
$this->shareObjectFromParameters($linkData, $hiddenUserEntries, $shareObjects, "targetted", $userSelection->getUniqueNode()->getLabel());
}
}

Expand All @@ -1537,7 +1484,7 @@ public function shareNode($httpVars, &$update){
return null;
}

$newRepo = $this->createSharedRepository($httpVars, $repoUpdate, $users, $groups, $downloadDisabled);
$newRepo = $this->createSharedRepository($httpVars, $repoUpdate, $users, $groups);

foreach($shareObjects as $shareObject){

Expand Down
2 changes: 1 addition & 1 deletion core/src/plugins/action.share/class.ShareLink.php
View file
Expand Up @@ -297,7 +297,7 @@ public function shouldRequirePassword(){
* @return bool
*/
public function disableDownload(){
return $this->internal["DISABLE_DOWNLOAD"];
return $this->internal["DOWNLOAD_DISABLED"];
}

/**
Expand Down
88 changes: 78 additions & 10 deletions core/src/plugins/action.share/class.ShareRightsManager.php
View file
Expand Up @@ -30,26 +30,94 @@

class ShareRightsManager
{
/**
* @var string
*/
var $tmpUsersPrefix;
/**
* @var MetaWatchRegister|bool
*/
var $watcher;
/**
* @var ShareStore $store
*/
var $store;

/**
* @var array $options
*/
var $options;

/**
* ShareRightsManager constructor.
* @param string $tmpUsersPrefix
* @param array $options
* @param ShareStore $store
* @param MetaWatchRegister|bool $watcher
*/
public function __construct($tmpUsersPrefix = "", $watcher = false)
public function __construct($options, $store, $watcher = false)
{
$this->tmpUsersPrefix = $tmpUsersPrefix;
$this->options = $options;
$this->watcher = $watcher;
$this->store = $store;
}

/**
* @param array $httpVars
* @param ShareLink $shareObject
* @param bool $update
* @param null $guestUserPass
* @return array
* @throws Exception
*/
public function prepareSharedUserEntry($httpVars, &$shareObject, $update, $guestUserPass = null){
$userPass = null;

$forcePassword = $this->options["SHARE_FORCE_PASSWORD"];
if($forcePassword && (
(isSet($httpVars["create_guest_user"]) && $httpVars["create_guest_user"] == "true" && empty($guestUserPass))
|| (isSet($httpVars["guest_user_id"]) && isSet($guestUserPass) && strlen($guestUserPass) == 0)
)){
$mess = ConfService::getMessages();
throw new Exception($mess["share_center.175"]);
}

if($update){

// THIS IS AN EXISTING SHARE
// FIND SHARE AND EXISTING HIDDEN USER ID
if($shareObject->isAttachedToRepository()){
$existingRepo = $shareObject->getRepository();
$this->store->testUserCanEditShare($existingRepo->getOwner(), $existingRepo->options);
}
$uniqueUser = $shareObject->getUniqueUser();

if($guestUserPass !== null && strlen($guestUserPass)) {
$userPass = $guestUserPass;
$shareObject->setUniqueUser($uniqueUser, true);
}else if(!$shareObject->shouldRequirePassword() || ($guestUserPass !== null && $guestUserPass == "")){
$shareObject->setUniqueUser($uniqueUser, false);
}

} else {

$update = false;
$shareObject->createHiddenUserId(
$this->options["SHARED_USERS_TMP_PREFIX"],
!empty($guestUserPass)
);
if(!empty($guestUserPass)){
$userPass = $guestUserPass;
}else{
$userPass = $shareObject->createHiddenUserPassword();
}
$uniqueUser = $shareObject->getUniqueUser();
}

$hiddenUserEntry = $this->createHiddenUserEntry($httpVars, $uniqueUser, $userPass, $update);
if(empty($hiddenUserEntry["RIGHT"])){
throw new Exception("share_center.58");
}
$hiddenUserEntry["DISABLE_DOWNLOAD"] = $shareObject->disableDownload();
return $hiddenUserEntry;
}


/**
* @param array $httpVars
* @param string $userId
Expand Down Expand Up @@ -125,7 +193,7 @@ public function createUsersFromParameters($httpVars, &$users = array(), &$groups
if(!$allowSharedUsersCreation || AuthService::isReservedUserId($u)){
throw new Exception("You are not allowed to create users.");
}
if(!empty($this->tmpUsersPrefix) && strpos($u, $this->tmpUsersPrefix)!==0 ){
if(!empty($this->options["SHARED_USERS_TMP_PREFIX"]) && strpos($u, $this->options["SHARED_USERS_TMP_PREFIX"])!==0 ){
$u = $this->tmpUsersPrefix . $u;
}
}
Expand Down Expand Up @@ -307,7 +375,7 @@ public function computeSharedRepositoryAccessRights($repoId, $mixUsersAndGroups,
* @param bool|false $disableDownload
* @throws Exception
*/
public function assignSharedRepositoryPermissions($parentRepository, $childRepository, $isUpdate, $users, $groups, $selection, $disableDownload = false){
public function assignSharedRepositoryPermissions($parentRepository, $childRepository, $isUpdate, $users, $groups, $selection){

$childRepoId = $childRepository->getId();
if($isUpdate){
Expand Down Expand Up @@ -339,7 +407,7 @@ public function assignSharedRepositoryPermissions($parentRepository, $childRepos

// CREATE A MINISITE-LIKE ROLE FOR THIS REPOSITORY
if (isSet($userEntry["HIDDEN"])) {
$minisiteRole = $this->createRoleForMinisite($childRepoId, $disableDownload, $isUpdate);
$minisiteRole = $this->createRoleForMinisite($childRepoId, $userEntry["DISABLE_DOWNLOAD"], $isUpdate);
if($minisiteRole != null){
$userObject->addRole($minisiteRole);
}
Expand Down
2 changes: 1 addition & 1 deletion core/src/plugins/gui.ajax/res/js/ui/prototype/class.AjxpBootstrap.js
View file
Expand Up @@ -389,7 +389,7 @@ Class.create("AjxpBootstrap", {
if(document.viewport.getWidth() < 500){
elem.update('Pydio Community &copy; C. du Jeu 2008-2013');
}else{
elem.update('Pydio, open source file sharing - Free / Non supported edition - <a target="_blank" style="color: #7a7a7a;" href="https://pyd.io/">https://pyd.io/</a>');
elem.update('Pydio, open source file sharing - Free / Non supported edition - <a target="_blank" style="color: #7a7a7a;" href="https://pydio.com/">https://pydio.com/</a>');
}
$(desktopNode).insert({after:elem});
//disableTextSelection(elem);
Expand Down

0 comments on commit 64b1871

Please sign in to comment.