Shared users: inherit parent personal parameters if specifically mark…

…ed as inherit (quota params only for the moment)
pydio · Oct 11, 2013 · c8be3cd · c8be3cd
1 parent abd8f4d
commit c8be3cd
Show file tree

Hide file tree

Showing 6 changed files with 70 additions and 6 deletions.
diff --git a/core/src/core/classes/class.AJXP_Plugin.php b/core/src/core/classes/class.AJXP_Plugin.php
@@ -131,12 +131,22 @@ protected function getFilteredOption($optionName, $repositoryScope = AJXP_REPO_S
                 $repo = ConfService::getRepository();
                 if($repo != null) $repositoryScope = $repo->getId();
             }
-            return $loggedUser->mergedRole->filterParameterValue(
+            $test = $loggedUser->mergedRole->filterParameterValue(
                 $this->getId(),
                 $optionName,
                 $repositoryScope,
                 isSet($merged[$optionName]) ? $merged[$optionName] : null
             );
+            if($repo != null && $repo->hasParent()){
+                $retest = $loggedUser->mergedRole->filterParameterValue(
+                    $this->getId(),
+                    $optionName,
+                    $repo->getParentId(),
+                    isSet($merged[$optionName]) ? $merged[$optionName] : null
+                );
+                if($retest != null) $test = $retest;
+            }
+            return $test;
         }else{
             return isSet($merged[$optionName]) ? $merged[$optionName] : null;
         }

diff --git a/core/src/core/classes/class.AuthService.php b/core/src/core/classes/class.AuthService.php
@@ -951,6 +951,54 @@ static function filterPluginParameters($pluginId, $params, $repoId = null){
     }
 
 	/**
+     * @param AJXP_Role $parentRole
+     * @return AJXP_Role
+     */
+    public static function limitedRoleFromParent($parentUser)
+    {
+        $parentRole = self::getRole("AJXP_USR_/".$parentUser);
+        if($parentRole === false) return null;
+
+        // Inherit actions
+        $inheritActions = array();
+        $cacheInherit = AJXP_PluginsService::getInstance()->loadFromPluginQueriesCache("//server_settings/param[@inherit='true']");
+        if ($cacheInherit !== null && is_array($cacheInherit)) {
+            $inheritActions = $cacheInherit;
+        } else {
+            $paramNodes = AJXP_PluginsService::searchAllManifests("//server_settings/param[@inherit='true']", "node", false, false, true);
+            if (is_array($paramNodes) && count($paramNodes)) {
+                foreach ($paramNodes as $node){
+                    $paramName = $node->getAttribute("name");
+                    $pluginId = $node->parentNode->parentNode->getAttribute("id");
+                    if(isSet($inheritActions[$pluginId])) $inheritActions[$pluginId] = array();
+                    $inheritActions[$pluginId][] = $paramName;
+                }
+            }
+            AJXP_PluginsService::getInstance()->storeToPluginQueriesCache("//server_settings/param[@inherit='true']", $inheritActions);
+        }
+
+        // Clear ACL, Keep disabled actions, keep 'inherit' parameters.
+        $childRole =  new AJXP_Role("AJXP_PARENT_USR_/");
+        $childRole->bunchUpdate(array(
+            "ACL"       => array(),
+            "ACTIONS"   => $parentRole->listAllActionsStates(),
+            "APPLIES"   => array(),
+            "PARAMETERS"=> array()));
+        $params = $parentRole->listParameters();
+
+        foreach($params as $scope => $plugData){
+            foreach($plugData as $pId => $paramData){
+                if(!isSet($inheritActions[$pId])) continue;
+                foreach($paramData as $pName => $pValue){
+                    $childRole->setParameterValue($pId, $pName, $pValue, $scope);
+                }
+            }
+        }
+
+        return $childRole;
+    }
+
+    /**
      * Get all defined roles
      * @static
      * @param array $roleIds

diff --git a/core/src/plugins/core.ajaxplorer/ajxp_registry.xsd b/core/src/plugins/core.ajaxplorer/ajxp_registry.xsd
@@ -680,6 +680,7 @@
             <xs:attribute name="scope"/>
             <xs:attribute name="repoScope"/>
             <xs:attribute name="editable" type="xs:boolean" use="optional"/>
+            <xs:attribute name="inherit" type="xs:boolean" use="optional"/>
             <xs:attribute name="uploadAction" use="optional"/>
             <xs:attribute name="loadAction" use="optional"/>
             <xs:attribute name="defaultImage" use="optional"/>

diff --git a/core/src/plugins/core.conf/class.AbstractAjxpUser.php b/core/src/plugins/core.conf/class.AbstractAjxpUser.php
@@ -371,10 +371,15 @@ public function recomputeMergedRole(){
             $index ++;
         }
         if($this->hasParent() && isSet($this->parentRole)){
-            // It's a shared user, we don't want it to inherit the rights
+            // It's a shared user, we don't want it to inherit the rights...
             $this->parentRole->clearAcls();
+            //... but we want the parent user's role, filtered with inheritable properties only.
+            $stretchedParentUserRole = AuthService::limitedRoleFromParent($this->parentUser);
+            if($stretchedParentUserRole !== null){
+                $this->parentRole = $this->parentRole->override($stretchedParentUserRole);
+            }
+
             $this->mergedRole = $this->parentRole->override($this->personalRole);
-            //$this->mergedRole
         }
     }
 

diff --git a/core/src/plugins/meta.quota/class.QuotaComputer.php b/core/src/plugins/meta.quota/class.QuotaComputer.php
@@ -87,9 +87,9 @@ public function precheckQuotaUsage($node, $newSize = 0){
             return null;
         }
         $delta = $newSize;
+        $path = $this->getWorkingPath();
         $quota = $this->getAuthorized();
         $soft = $this->getSoftLimit();
-        $path = $this->getWorkingPath();
         $q = $this->getUsage($path);
         AJXP_Logger::debug("QUOTA : Previous usage was $q");
         if($q === false){

diff --git a/core/src/plugins/meta.quota/manifest.xml b/core/src/plugins/meta.quota/manifest.xml
@@ -3,12 +3,12 @@
              xsi:noNamespaceSchemaLocation="file:../core.ajaxplorer/ajxp_registry.xsd">
     <class_definition filename="plugins/meta.quota/class.QuotaComputer.php" classname="QuotaComputer"/>
     <server_settings>
-        <param description="Authorized quota. Use php.ini like values (20M, 2G), etc." label="Default Quota" name="DEFAULT_QUOTA" type="string"/>
+        <param description="Authorized quota. Use php.ini like values (20M, 2G), etc." label="User Quota" name="DEFAULT_QUOTA" type="string" inherit="true"/>
         <param description="Store computed quota value in the user preferences, to avoid triggering computation each time it is requested. This may introduce some lag if the repository is shared by many users." label="Cache value" name="CACHE_QUOTA" type="boolean" default="false"/>
         <param description="Limit that will trigger an alert when approaching the end of the quota. Use a percent value" label="Soft Limit (%)"
                name="SOFT_QUOTA"
                type="integer"/>
-        <param description="If you want to define quotas for each user, define a custom field in the CUSTOM_DATA parameter of the conf plugin, and declare this field name here." label="Custom Quota Field" name="CUSTOM_DATA_FIELD" type="string"/>
+        <param description="If you want to define quotas for each user, define a custom field in the CUSTOM_DATA parameter of the conf plugin, and declare this field name here." label="Custom Field (Deprecated)" name="CUSTOM_DATA_FIELD" type="string"/>
         <global_param description="Define if usage must be computed for this repository only, or cumulated on all the repositories of the user" label="Usage scope" name="USAGE_SCOPE" type="select" choices="local|Repository,global|Cumulate repositories" default="local"/>
     </server_settings>
     <client_settings>