[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: phpgwapi/inc class.vfs_sql.inc.php,1.15.2.5,1.15
|
From: |
Jason Wies <address@hidden> |
|
Subject: |
[Phpgroupware-cvs] CVS: phpgwapi/inc class.vfs_sql.inc.php,1.15.2.5,1.15.2.6 |
|
Date: |
Sun, 23 Jun 2002 23:51:46 -0400 |
Update of /cvsroot/phpgroupware/phpgwapi/inc
In directory subversions:/tmp/cvs-serv17242/phpgwapi/inc
Modified Files:
Tag: Version-0_9_14-branch
class.vfs_sql.inc.php
Log Message:
Savannah Patch #370 (modified) - Fix and extend ACL - Thanks gisu
Index: class.vfs_sql.inc.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgwapi/inc/class.vfs_sql.inc.php,v
retrieving revision 1.15.2.5
retrieving revision 1.15.2.6
diff -C2 -r1.15.2.5 -r1.15.2.6
*** class.vfs_sql.inc.php 9 Jun 2002 00:17:45 -0000 1.15.2.5
--- class.vfs_sql.inc.php 24 Jun 2002 03:51:43 -0000 1.15.2.6
***************
*** 1068,1073 ****
--- 1068,1077 ----
@abstract Check ACL access to $file for
$GLOBALS['phpgw_info']["user"]["account_id"];
@param string File to check access of
+ @discussion To check the access for a file or directory, pass
'string'/'relatives'/'must_exist'.
+ To check the access to another user or group,
pass 'owner_id'.
+ If 'owner_id' is present, we bypass checks on
'string'/'relatives'/'must_exist'
@param relatives Standard relativity array
@param operation Operation to check access to. In the form of
a PHPGW_ACL defines bitmask. Default is read
+ @param owner_id Owner id to check access of (see discussion
above)
@param must_exist Boolean. Set to True if 'string' must exist.
Otherwise, we check the parent directory as well
@result Boolean. True if access is ok, False otherwise
***************
*** 1095,1179 ****
}
! $p = $this->path_parts (array(
! 'string' => $data['string'],
! 'relatives' => array
($data['relatives'][0])
! )
! );
!
! /* Temporary, until we get symlink type files set up */
! if ($p->outside)
{
! return True;
! }
! /* If the file doesn't exist, we get ownership from the
parent directory */
! if (!$this->file_exists (array(
! 'string' => $p->fake_full_path,
! 'relatives' => array ($p->mask)
! ))
! )
! {
! if ($data['must_exist'])
{
! return False;
}
! $data['string'] = $p->fake_leading_dirs;
! $p2 = $this->path_parts (array(
! 'string' =>
$data['string'],
! 'relatives' => array
($p->mask)
! )
! );
if (!$this->file_exists (array(
! 'string' =>
$data['string'],
'relatives' => array
($p->mask)
))
)
{
! return False;
}
}
else
{
! $p2 = $p;
}
! /* Read access is always allowed here, but nothing else
is */
! if ($data['string'] == '/' || $data['string'] ==
$this->fakebase)
{
! if ($data['operation'] == PHPGW_ACL_READ)
! {
! return True;
! }
! else
! {
! return False;
! }
}
! /*
! We don't use ls () to get owner_id as we normally
would,
! because ls () calls acl_check (), which would create
an infinite loop
! */
! $query = $GLOBALS['phpgw']->db->query ("SELECT owner_id
FROM phpgw_vfs WHERE directory='".$p2->fake_leading_dirs_clean."' AND
name='".$p2->fake_name_clean."'" . $this->extra_sql (array ('query_type' =>
VFS_SQL_SELECT)), __LINE__, __FILE__);
! $GLOBALS['phpgw']->db->next_record ();
! $group_id = $GLOBALS['phpgw']->db->Record['owner_id'];
/* They always have access to their own files */
! if ($group_id ==
$GLOBALS['phpgw_info']['user']['account_id'])
{
return True;
}
! /* Check if they're in the group. If so, they have
access */
! $memberships = $GLOBALS['phpgw']->accounts->membership
($GLOBALS['phpgw_info']['user']['account_id']);
if (is_array ($memberships))
{
! @reset ($memberships);
! while (list ($num, $group_array) = @each
($memberships))
{
! if ($group_id ==
$GLOBALS['phpgw']->accounts->name2id ($group_array['account_name']))
{
$group_ok = 1;
--- 1099,1199 ----
}
! if (!$data['owner_id'])
{
! $p = $this->path_parts (array(
! 'string' =>
$data['string'],
! 'relatives' => array
($data['relatives'][0])
! )
! );
! /* Temporary, until we get symlink type files
set up */
! if ($p->outside)
{
! return True;
}
! /* Read access is always allowed here, but
nothing else is */
! if ($data['string'] == '/' || $data['string']
== $this->fakebase)
! {
! if ($data['operation'] ==
PHPGW_ACL_READ)
! {
! return True;
! }
! else
! {
! return False;
! }
! }
+ /* If the file doesn't exist, we get ownership
from the parent directory */
if (!$this->file_exists (array(
! 'string' =>
$p->fake_full_path,
'relatives' => array
($p->mask)
))
)
{
! if ($data['must_exist'])
! {
! return False;
! }
!
! $data['string'] = $p->fake_leading_dirs;
! $p2 = $this->path_parts (array(
! 'string' =>
$data['string'],
! 'relatives' =>
array ($p->mask)
! )
! );
!
! if (!$this->file_exists (array(
! 'string' =>
$data['string'],
! 'relatives' =>
array ($p->mask)
! ))
! )
! {
! return False;
! }
! }
! else
! {
! $p2 = $p;
}
+
+ /*
+ We don't use ls () to get owner_id as we
normally would,
+ because ls () calls acl_check (), which
would create an infinite loop
+ */
+ $query = $GLOBALS['phpgw']->db->query ("SELECT
owner_id FROM phpgw_vfs WHERE directory='".$p2->fake_leading_dirs_clean."' AND
name='".$p2->fake_name_clean."'" . $this->extra_sql (array ('query_type' =>
VFS_SQL_SELECT)), __LINE__, __FILE__);
+ $GLOBALS['phpgw']->db->next_record ();
+
+ $owner_id =
$GLOBALS['phpgw']->db->Record['owner_id'];
}
else
{
! $owner_id = $data['owner_id'];
}
! /* This is correct. The ACL currently doesn't handle
undefined values correctly */
! if (!$owner_id)
{
! $owner_id = 0;
}
! $user_id = $GLOBALS['phpgw_info']['user']['account_id'];
/* They always have access to their own files */
! if ($owner_id == $user_id)
{
return True;
}
! /* Check if they're in the group */
! $memberships = $GLOBALS['phpgw']->accounts->membership
($user_id);
if (is_array ($memberships))
{
! reset ($memberships);
! while (list ($num, $group_array) = each
($memberships))
{
! if ($owner_id ==
$group_array['account_id'])
{
$group_ok = 1;
***************
*** 1183,1199 ****
}
! if (!$group_id)
{
! if (!$group_id = $this->account_id)
{
! $group_id = 0;
}
}
- $acl = CreateObject ('phpgwapi.acl', $group_id);
- $acl->account_id = $group_id;
- $acl->read_repository ();
-
- $rights = $acl->get_rights ($account_id);
if ($rights & $data['operation'])
{
--- 1203,1222 ----
}
! $acl = CreateObject ('phpgwapi.acl', $owner_id);
! $acl->account_id = $owner_id;
! $acl->read_repository ();
!
! $rights = $acl->get_rights ($user_id);
!
! /* Add privileges from the groups this user belongs to
*/
! if (is_array ($memberships))
{
! reset ($memberships);
! while (list ($num, $group_array) = each
($memberships))
{
! $rights |= $acl->get_rights
($group_array['account_id']);
}
}
if ($rights & $data['operation'])
{
***************
*** 1202,1206 ****
elseif (!$rights && $group_ok)
{
! return True;
}
else
--- 1225,1238 ----
elseif (!$rights && $group_ok)
{
! $conf = CreateObject('phpgwapi.config',
'phpgwapi');
! $conf->read_repository();
! if ($conf->config_data['acl_default'] ==
'grant')
! {
! return True;
! }
! else
! {
! return False;
! }
}
else
***************
*** 3343,3347 ****
}
! /* This fetchs all available file system information for
$string (not using the database) */
function get_real_info ($data)
{
--- 3375,3379 ----
}
! /* This fetchs all available file system information for string
(not using the database) */
function get_real_info ($data)
{
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: phpgwapi/inc class.vfs_sql.inc.php,1.15.2.5,1.15.2.6,
Jason Wies <address@hidden> <=