Item9322: Improve Config.spec documentation,

Map user to cUID if configured. Add additional access checks git-svn-id: http://svn.foswiki.org/trunk/UpdateAttachmentsPlugin@10290 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Dec 13, 2010 · b01aa57 · b01aa57
1 parent b434f6e
commit b01aa57
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 13 deletions.
diff --git a/lib/Foswiki/Plugins/UpdateAttachmentsPlugin.pm b/lib/Foswiki/Plugins/UpdateAttachmentsPlugin.pm
@@ -17,7 +17,7 @@ package Foswiki::Plugins::UpdateAttachmentsPlugin;
 use strict;
 
 our $VERSION = '$Rev$';
-our $RELEASE = 'Foswiki-1.0';
+our $RELEASE = '2.0';
 our $SHORTDESCRIPTION =
   'A batched alternative to AutoAttachments (adds and removes attachements)';
 our $NO_PREFS_IN_TOPIC = 1;
@@ -41,11 +41,8 @@ sub initPlugin {
 
 sub restUpdate {
     my $session = shift;
-    my $store   = $session->{store};
     my $web     = $session->{webName};
 
-    print STDERR "update the attachments of $web\n" if $debug;
-
     #force autoattach off, as we need to know the real META
     my $cfgAutoAttach = $Foswiki::cfg{AutoAttachPubFiles};
     $Foswiki::cfg{AutoAttachPubFiles} = 0;
@@ -62,25 +59,55 @@ sub restUpdate {
     my $attachmentsUpdated = 0;
     my $detailedReport     = '';
 
-    #TODO: test user's access to web (rest already tests for web CHANGE access)
+    my $webObject = Foswiki::Meta->new( $session, $web );
+    unless ($webObject->haveAccess('VIEW') && $webObject->haveAccess('CHANGE') ) {
+        print STDERR "Check for VIEW and CHANGE on $web web failed\n" if $debug;
+        $webObject->finish();
+        return "Access denied on $web web.  UpdateAttachments not possible\n";
+        }
+
+    if ($Foswiki::cfg{Plugins}{UpdateAttachmentsPlugin}{CheckUPDATEATACHPermission}) {
+        unless ( $webObject->haveAccess('UPDATEATTACH') ) {
+            print STDERR "Check for UPDATEATTACH on $web web failed\n" if $debug;
+            $webObject->finish();
+            return "UPDATEATTACH permission denied on $web web.  UpdateAttachments not possible\n";
+        }
+    }
+
     my @topicNames = Foswiki::Func::getTopicList($web);
     foreach my $topic (@topicNames) {
+        print STDERR "===============  Processing $topic in $web ==============\n" if $debug;
         my $changed = 0;
-        my $topicObject = Foswiki::Meta->load( $session, $web, $topic );
 
-        if ( !$topicObject->haveAccess('CHANGE') ) {
+        my $topicObject = Foswiki::Meta->new( $session, $web, $topic );
+
+        # Change topic context so topic can override attributes of attachments in their settings
+        Foswiki::Func::pushTopicContext($web, $topic);
+
+        if (!$topicObject->haveAccess('VIEW')) {
+            $detailedReport .=
+              "bypassed $web.$topic - no permission to VIEW <br/>\n";
+            $topicObject->finish();
+            next;
+        }
+
+        if (!$topicObject->haveAccess('CHANGE')) {
             $detailedReport .=
-              "bypassed $web.$topic - no permission to change <br/>\n";
+              "bypassed $web.$topic - no permission to CHANGE <br/>\n";
             $topicObject->finish();
             next;
         }
 
+        $topicObject->loadVersion();
+
         my @knownAttachments = $topicObject->find('FILEATTACHMENT');
         my (
             $attachmentsFoundInPub,  $attachmentsRemovedFromMeta,
             $attachmentsAddedToMeta, $attachmentsUpdatedInMeta
         ) = synchroniseAttachmentsList( $topicObject, \@knownAttachments );
 
+        Foswiki::Func::popTopicContext();
+
         # @validAttachmentsFound will contain the replacment attachment Metadata
         my @validAttachmentsFound;
 
@@ -147,6 +174,9 @@ sub restUpdate {
 
     }
 
+    $webObject->finish();
+
+
     print STDERR
 "UpdateAttachments checked $topicsTested, updated $topicsUpdated,   removed $attachmentsRemoved attachments, $attachmentsIgnored ignored"
       if $debug;
@@ -202,7 +232,7 @@ sub synchroniseAttachmentsList {
             {
                 $filesListedInPub{$file}{autoattached} = "1";
                 push @filesUpdatedInMeta, $file;
-                print STDERR "Updating $file \n";
+                print STDERR "Updating $file \n" if $debug;
             }
 
             # Bring forward any missing yet wanted attribute
@@ -217,7 +247,7 @@ sub synchroniseAttachmentsList {
 
             #default attachment owner to {AttachAsUser}
             push @filesAddedToMeta, $file;
-            print STDERR "Adding $file \n";
+            print STDERR "Adding $file \n" if $debug;
             $filesListedInPub{$file}{autoattached} = "1";
             if (
                 (
@@ -231,9 +261,9 @@ sub synchroniseAttachmentsList {
               )
             {
                 $filesListedInPub{$file}{user} =
-                  $Foswiki::cfg{Plugins}{UpdateAttachmentsPlugin}{AttachAsUser};
-
-   #TODO: needs testing for the generalised usermapping case - shoudl store cUID
+                  Foswiki::Func::getCanonicalUserID(
+                    $Foswiki::cfg{Plugins}{UpdateAttachmentsPlugin}
+                      {AttachAsUser} );
             }
         }
     }

diff --git a/lib/Foswiki/Plugins/UpdateAttachmentsPlugin/Config.spec b/lib/Foswiki/Plugins/UpdateAttachmentsPlugin/Config.spec
@@ -3,6 +3,9 @@
 # **STRING**
 # To attribute attachments to a known user, set this to their WikiName. This user should exist,
 # and be mappable to a login.  If not set, the default UnknownUser will be used.
+# <br/><br/>
+# Note that the rest handler always runs under the current authenticated user.  This attribute is
+# only used to populate the user field in the attachment table, and does not affect access rights.
 $Foswiki::cfg{Plugins}{UpdateAttachmentsPlugin}{AttachAsUser} = '';
 # **BOOLEAN**
 # Remove references to attachments that no longer exist in pub.