New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
exclude directories from beeing processed #16534
Conversation
I must say that I like this. 👍 |
*/ | ||
'excluded_directories' => | ||
array ( | ||
0 => '.snapshot', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no index please
4f38b76
to
e4dc75c
Compare
changes according @nickvergessen suggestions |
So I guess this would not have worked with the "blacklisted_files" option ? Did you check if encryption still works ? I believe the checks for excluded dirs might need to be added there too. I also wonder if this should be more than just dirs, and also files. But then it sounds again like "blacklisted_files". |
Just from the naming side, there is a difference between
The point is, that the hook does not cover all cases we need and is always in a "late" stage From the introduction:
If you take a look into the code you will see, that even you have the hook, the function |
Regarding encryption: From: https://github.com/owncloud/documentation/blob/master/user_manual/files/encrypting_files.rst As isExcludedDir is dealing with the structure but not the contents, nothing to do special. |
I extended the code to cover one possibility I missed, old: /dir/sub/sub/.snapshot In the old version, the check was only returning true when the excluded directory name was at the last position. In the new version, the check will return true when the excluded directory name is at any position. So if someone knows the substructure of .snapshot, he will now not be able to get into. Directories and files named eg myname.snapshot.me are allowed to be created. |
} else { | ||
// search at any position of $dir, eg webdav - when path is entered manually | ||
foreach($excluded as $keyword) { | ||
if (stripos($dir, $keyword) !== false) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This check wrongly denies hello.snapshot
You need to pre- and append slashes to $keyword before checking for it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done and squashed
Please also add test for it? |
132a02d
to
07f3234
Compare
Thanks for the explanation @mmattel. So if I understand well, excluded dirs can still be accessed when requested directly, but would not be synced because a PROPFIND on the parent folder would not list them ? |
assumtion: excluded directory name is allowed: excluded: @nickvergessen gave me a goot hint for a case I did not cover before, the PR is already updated with the implementation. If you take a look into the coding you see, that I explode the path handed over into components seperated by '/' and do a array match against the excluded directories array. (Note: if there is no '/' present, explode returns the name to be matched against). Only if it exactly matches, I return true. This covers all possible cases as shown above. I will of course do a proper explanation with a documentation PR |
@owncloud-bot retest this please |
Thanks. As we are past feature freeze, I'm setting the milestone to 8.2. CC @MTRichards for this nice addition |
@@ -588,6 +588,26 @@ static public function isIgnoredDir($dir) { | |||
} | |||
|
|||
/** | |||
* check if the directory should be excluded |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a more detailed explanation here what "excluded" means ?
Developers reading this should be able to understand the different of isExcludedDir from isBlacklisted, as you explained in your github comment.
@PVince81 |
This is great! |
Based on a comment from @PVince81, I did some rethinking if it would be possible or a good idea to combine Why I did that rethinking: Here is what I did very briefly: (on my testsystem)
Benefits: code harmonisation, better readability, better functionality and all the good things from both sides are kept My request: I please you for your comments about this idea and if I should revise this PR or open another PR so you can do a comparison (I think it is better to ask upfront to make the base idea proof and secure) |
07f3234
to
d7f3c95
Compare
just rebased (and it worked, I think I got it now hwo to do it... 😄 ) |
@mmattel please add an issue in the documentation repository and schedule it for 8.2 as well, so we don't forget to document it ;) |
Will do, may take some days as I am off for one week. |
@@ -277,7 +277,9 @@ protected function getNewChildren($folder) { | |||
if (is_resource($dh)) { | |||
while (($file = readdir($dh)) !== false) { | |||
if (!Filesystem::isIgnoredDir($file)) { | |||
$children[] = $file; | |||
if (!Filesystem::isExcludedDir($file)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (!Filesystem::isIgnoredDir($file) && !Filesystem::isExcludedDir($file)) {
to avoid nesting too deep 🐙
@PVince81 |
cc @Xenopathic |
I need your support. Before searching endless, here is the problem: Question: where is the coding made for local files and folders where I can hook in to prevent the access to excluded directories? |
Hmm, perhaps this is something to do with the filesystem check parameter? It is set to 0 for the local storage, meaning any external updates will not be detected, but is set to 1 on external storages, meaning it gets checked once per access. Try setting that parameter to 1 in config.php (sorry, I've forgotten its complete name) and see if the behaviour becomes consistent. |
That is config.php parameter Need to identify the coding place... |
d2e6ddb
to
1316cfb
Compare
@owncloud-bot retest this please |
@PVince81 |
0f85872
to
7bdcc8f
Compare
@owncloud-bot retest this please |
@mmattel |
extended case: search at any place of the path given adding case insensitiveness added suggestions and improvements removed unnecessary function parameter new approach according the rethinking fixed code and unit tests update comments improved code, added calls for trashbin copyFromStorage
7bdcc8f
to
14e3a8d
Compare
@nickvergessen I just rebased and force pushed, but checking did not start... |
The checks as of now only work on branches within the core repo. We need to push this ..... |
Anything I have to / can do? |
@mmattel become a core contributor by signing the agreement and then push your branches to owncloud/core instead of mmattel/core |
@nickvergessen I can confirm that we have a contributor agreement from @mmattel He is in the right group as the tag "contributor" shows. |
so @mmattel please clone owncloud/core, create a branch with these changes within the clone and push that branche - CI will start with the checks right away - THX |
Summary:
.snapshot
and~snapshot
, EMC eg.ckpt
, HDS eg.latest
and~latest
and so onThere are for sure more resons, but I tried to keep it short.
With this PR, you can define a array of directory names in config.php which are further excluded from beeing processed.
These excluded directory names are not scanned, not viewed, can not be created or renamed (or deleted) or accessed via direct path input from a file explorer.
Access methods covered: webdav, webgui and client.
Following test have been made creating either a file or directory having once a allowed and once a excluded name. The results were the same independent of the storage type (tested on user home and SMB).
The functions shown in the table are except one all triggered and covered by the access methods used in lib/private/files/view.php
For WebDav, CyberDuck and native WebDav access was used on a W7 client.
The IOS client ran the latest available version (3.4.1)
All access tests made passed well.
The table shows the covered methods for all storage types using it:
n.a. ... function not available
(*) put ... this function is not handled in lib/private/files/view.php but in lib/private/connector/sabre/directory.php which points to ../sabre/file.php
The case manually defining the path in a file explorer to access a excluded directory via a webdav connected client is also covered. (lib/private/connector/sabre/objecttree.php and ../sabre/custompropertiesbackend.php)
Adding a new external storage and let it scan also worked well, excluded directories are not further processed.
@DeepDiver1975 @karlitschek @nickvergessen @Aesculapius @icewind1991 @LukasReschke
(sorry to create another PR, but a rebase messed everything up badly...)