/[smecontribs]/rpms/smeserver-shared-folders/contribs7/smeserver-shared-folders-0.1-users_acl.patch
ViewVC logotype

Annotation of /rpms/smeserver-shared-folders/contribs7/smeserver-shared-folders-0.1-users_acl.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.4 - (hide annotations) (download)
Tue Feb 14 20:38:49 2012 UTC (12 years, 8 months ago) by vip-ire
Branch: MAIN
Changes since 1.3: +38 -40 lines
* Mon Feb 13 2012 Daniel Berteaud <daniel@firewall-services.com> 0.1-62.sme
- Code cleanup
- Move ACL configuration in a separated page
- User level ACL support

1 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/createlinks smeserver-shared-folders-0.1_mod/createlinks
2 vip-ire 1.4 --- smeserver-shared-folders-0.1/createlinks 2012-02-14 21:36:57.000000000 +0100
3     +++ smeserver-shared-folders-0.1_mod/createlinks 2012-02-14 21:35:33.000000000 +0100
4 vip-ire 1.1 @@ -11,12 +11,12 @@
5     panel_link("userpanel-encfs", $panel);
6    
7     #--------------------------------------------------
8     -# actions for group-delete event
9     +# actions for group-delete and user-delete events
10     #--------------------------------------------------
11    
12     -$event = "group-delete";
13     -
14     -event_link("group-share-modify", $event, "10");
15     +foreach my $event (qw/group-delete user-delete/) {
16     + event_link("group-share-modify", $event, "10");
17     +}
18    
19     #--------------------------------------------------
20     # actions for share-delete event
21 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/group-share-modify smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/group-share-modify
22 vip-ire 1.4 --- smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/group-share-modify 2012-02-14 21:36:57.000000000 +0100
23     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/group-share-modify 2012-02-14 21:35:33.000000000 +0100
24 vip-ire 1.1 @@ -7,40 +7,47 @@
25     my $accounts = esmith::AccountsDB->open() or
26     die "Unable to open accounts db: $!";
27    
28     -my ($self, $groupName) = @ARGV;
29     +my ($event, $name) = @ARGV;
30     +
31     +my $type = 'Groups';
32     +
33     +if ($event eq 'user-delete'){
34     + $type = 'Users';
35     +}
36    
37     # Find all "shared folder" entries in the e-smith accounts database and
38     -# if the group matches one listed in ACL, remove it.
39     +# if the group or a user matches one listed in ACL, remove it.
40    
41     my @modified_shares;
42     foreach my $share ( $accounts->get_all_by_prop(type => 'share' ) ) {
43     my $modified = 0;
44     - my @OldReadGroups = split (/[,;]/,$share->prop('ReadGroups'));
45     - my @NewReadGroups = ();
46     - foreach (@OldReadGroups){
47     - if ( $_ eq $groupName ) {
48     + my @OldRead = split (/[,;]/,$share->prop('Read'.$type));
49     + my @NewRead = ();
50     + foreach (@OldRead){
51     + if ( $_ eq $name ) {
52     $modified = 1;
53     }
54     else{
55     - push @NewReadGroups, $_;
56     + push @NewRead, $_;
57     }
58     }
59     - $share->set_prop( 'ReadGroups', join( "," , @NewReadGroups ) );
60     + $share->set_prop('Read'.$type, join("," , @NewRead));
61    
62     - my @OldWriteGroups = split (/[,;]/,$share->prop('WriteGroups'));
63     - my @NewWriteGroups = ();
64     - foreach (@OldWriteGroups){
65     - if ( $_ eq $groupName ) {
66     + my @OldWrite = split (/[,;]/,$share->prop('Write'.$type));
67     + my @NewWrite = ();
68     + foreach (@OldWrite){
69     + if ( $_ eq $name ) {
70     $modified = 1;
71     }
72     else{
73     - push @NewWriteGroups, $_;
74     + push @NewWrite, $_;
75     }
76     }
77     - $share->set_prop( 'WriteGroups', join( "," , @NewWriteGroups ) );
78     + $share->set_prop('Write'.$type, join("," , @NewWrite));
79    
80     - # If a group has been removed, either from Read or Write, re-apply the ACLs
81     + # If a group or a user has been removed, either from Read or Write, re-apply the ACLs
82     if ($modified){
83     + push @modified_shares, $share->key;
84     event_signal("share-modify-files", $share->key) or
85     die ("Error occurred while updating shared folder.\n");
86     }
87 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/share-modify smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/share-modify
88 vip-ire 1.4 --- smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/share-modify 2012-02-14 21:36:58.000000000 +0100
89     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/share-modify 2012-02-14 21:35:33.000000000 +0100
90 vip-ire 1.1 @@ -90,8 +90,10 @@
91     #--------------------------------------------------
92    
93     my %properties = $share->props;
94     -my @write = split(/[;,]/,($properties {'WriteGroups'} || 'admin'));
95     -my @read = split(/[;,]/,($properties {'ReadGroups'} || 'admin'));
96     +my @writegroups = split(/[;,]/,($properties {'WriteGroups'} || 'admin'));
97     +my @readgroups = split(/[;,]/,($properties {'ReadGroups'} || 'admin'));
98     +my @writeusers = split(/[;,]/,($properties {'WriteUsers'} || ''));
99     +my @readusers = split(/[;,]/,($properties {'ReadUsers'} || ''));
100    
101     # Don't reset permissions if ManualPermissions is set to 'yes'
102    
103     @@ -111,12 +113,18 @@
104     '.');
105    
106     my $acl = 'u::rwX,g::rwX,o:---,';
107     - foreach my $group (@write){
108     + foreach my $group (@writegroups){
109     $acl .= 'g:'.$group.':rwX,';
110     }
111     - foreach my $group (@read){
112     + foreach my $group (@readgroups){
113     $acl .= 'g:'.$group.':rX,';
114     }
115     + foreach my $user (@writeusers){
116     + $acl .= 'u:'.$user.':rwX,';
117     + }
118     + foreach my $user (@readusers){
119     + $acl .= 'u:'.$user.':rX,';
120     + }
121    
122     # Set the effective ACLs
123     system($setfacl,
124     @@ -144,9 +152,12 @@
125     '--remove-default',
126     '.');
127    
128     - foreach my $group (@write,@read){
129     + foreach my $group (@writegroups,@readgroups){
130     $acl .= 'g:'.$group.':rX,';
131     }
132     + foreach my $user (@writeusers,@readusers){
133     + $acl .= 'g:'.$user.':rX,';
134     + }
135    
136     system($setfacl,
137     '-m',
138 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares smeserver-shared-folders-0.1_mod/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares
139 vip-ire 1.4 --- smeserver-shared-folders-0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares 2012-02-14 21:36:57.000000000 +0100
140     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares 2012-02-14 21:35:33.000000000 +0100
141 vip-ire 1.1 @@ -155,7 +155,7 @@
142     <entry>
143     <base>DESC_PERMISSIONS</base>
144     <trans>
145     - You can use this matrix to define groups access permissions.
146     + You can use this matrix to define groups and users access permissions.
147     </trans>
148     </entry>
149    
150     @@ -510,4 +510,16 @@
151     </trans>
152     </entry>
153    
154     + <entry>
155     + <base>TITLE_PERMISSIONS</base>
156     + <trans>
157     + Access right management
158     + </trans>
159     + </entry>
160     +
161     + <entry>
162     + <base>USERS</base>
163     + <trans>Utilisateurs</trans>
164     + </entry>
165     +
166     </lexicon>
167 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares smeserver-shared-folders-0.1_mod/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares
168 vip-ire 1.4 --- smeserver-shared-folders-0.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares 2012-02-14 21:36:58.000000000 +0100
169     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares 2012-02-14 21:35:33.000000000 +0100
170 vip-ire 1.1 @@ -16,7 +16,7 @@
171     my $satisfy;
172     my $webdav = (($properties{'WebDav'} || 'disabled') =~ m/^(enabled|on|yes)$/i) ? 1 : 0;
173    
174     - # Find which users has at least read access
175     + # Find which users have read or write access
176     my @writers = ('admin');
177     my @readers = ();
178     if ($properties{'WriteGroups'}) {
179     @@ -26,10 +26,14 @@
180     my $members = $adb->get_prop($group, 'Members') || "";
181     if (length($members) > 0) {
182     push @writers, split (/[;,]/, $members);
183     - }
184     + }
185     }
186    
187     }
188     + if ($properties{'WriteUsers'}) {
189     + my @users = split (/[;,]/, $properties{'WriteUsers'});
190     + push @writers, @users;
191     + }
192     if ($properties{'ReadGroups'}) {
193     my @groups = split (/[;,]/, $properties{'ReadGroups'});
194    
195     @@ -37,10 +41,14 @@
196     my $members = $adb->get_prop($group, 'Members') || "";
197     if (length($members) > 0) {
198     push @readers, split (/[;,]/, $members);
199     - }
200     + }
201     }
202    
203     }
204     + if ($properties{'ReadUsers'}) {
205     + my @users = split (/[;,]/, $properties{'ReadUsers'});
206     + push @readers, @users;
207     + }
208    
209     my %seen = ();
210     @readers = sort (grep { ! $seen{ $_ }++ } (@readers,@writers));
211 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/web/functions/shares smeserver-shared-folders-0.1_mod/root/etc/e-smith/web/functions/shares
212 vip-ire 1.4 --- smeserver-shared-folders-0.1/root/etc/e-smith/web/functions/shares 2012-02-14 21:36:57.000000000 +0100
213     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/web/functions/shares 2012-02-14 21:35:33.000000000 +0100
214 vip-ire 1.1 @@ -51,16 +51,6 @@
215    
216     <field
217     type="literal"
218     - id="perms_desc"
219     - value="">
220     - <description>DESC_PERMISSIONS</description>
221     - </field>
222     - <subroutine src="genGroupAccess()"/>
223     -
224     - <subroutine src="print_section_bar()" />
225     -
226     - <field
227     - type="literal"
228     id="smbdesc"
229     value="">
230     <description>DESC_SMB_SETTINGS</description>
231     @@ -128,5 +118,13 @@
232     <description>REMOVE_DESC</description>
233     <subroutine src="print_share_to_remove()" />
234     </page>
235     + <page name="Permissions" pre-event="turn_off_buttons()" post-event="handle_shares()">
236     + <title>TITLE_PERMISSIONS</title>
237     + <field type="literal" id="descriptiongroup">
238     + <description>DESC_PERMISSIONS</description>
239     + </field>
240     + <subroutine src="acl_list()" />
241     + <subroutine src="print_button('SAVE')" />
242     + </page>
243     </form>
244    
245 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm smeserver-shared-folders-0.1_mod/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm
246 vip-ire 1.4 --- smeserver-shared-folders-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm 2012-02-14 21:36:58.000000000 +0100
247     +++ smeserver-shared-folders-0.1_mod/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm 2012-02-14 21:37:39.000000000 +0100
248 vip-ire 1.1 @@ -26,7 +26,7 @@
249     print_share_name_field
250     print_encryption_fields
251     print_ajaxplorer_fields
252     - genGroupAccess
253     + acl_list
254     smbAccess_list
255     httpAccess_list
256     max_share_name_length
257 vip-ire 1.4 @@ -40,8 +40,8 @@
258    
259     our $VERSION = sprintf '%d.%03d', q$Revision: 1.8 $ =~ /: (\d+).(\d+)/;
260 vip-ire 1.1
261     -our $accountdb = esmith::AccountsDB->open();
262     -our $configdb = esmith::ConfigDB->open();
263     +our $a = esmith::AccountsDB->open();
264     +our $c = esmith::ConfigDB->open();
265    
266     *wherenext = \&CGI::FormMagick::wherenext;
267    
268 vip-ire 1.4 @@ -62,12 +62,12 @@
269 vip-ire 1.1 my $name = $self->localise('NAME');
270     my $description = $self->localise('DESCRIPTION');
271     my $modify = $self->localise('MODIFY');
272     + my $perm = $self->localise('PERMISSIONS');
273     my $remove = $self->localise('REMOVE');
274     my $action_h = $self->localise('ACTION');
275     - my @shares = $accountdb->get_all_by_prop(type => 'share');
276     + my @shares = $a->get_all_by_prop(type => 'share');
277    
278     - unless ( scalar @shares )
279     - {
280     + unless ( scalar @shares ) {
281     print $q->Tr($q->td($self->localise('NO_SHARES')));
282     return "";
283     }
284 vip-ire 1.4 @@ -81,22 +81,25 @@
285 vip-ire 1.1
286     my $scriptname = basename($0);
287    
288     - foreach my $i (@shares)
289     - {
290     - my $sharename = $i->key();
291     - my $sharedesc = $i->prop('Name');
292     + foreach my $share (@shares) {
293     + my $sharename = $share->key();
294     + my $sharedesc = $share->prop('Name');
295    
296     my $href = "shares?page=;page_stack=;wherenext=";
297    
298     my $actionModify = $q->a({href => "${href}CreateModify&action=modify&name=$sharename"},$modify)
299     . '&nbsp;';
300    
301     + my $actionPerm = $q->a({href => "${href}Permissions&action=permissions&name=$sharename"},$perm)
302     + . '&nbsp;';
303     +
304     my $actionRemove .= $q->a({href => "${href}Remove&name=$sharename&description=$sharedesc"}, $remove)
305     . '&nbsp';
306    
307     print $q->Tr (
308     esmith::cgi::genSmallCell($q, $sharename,"normal"),
309     esmith::cgi::genSmallCell($q, $sharedesc,"normal"),
310     + esmith::cgi::genSmallCell($q, $actionPerm,"normal"),
311     esmith::cgi::genSmallCell($q, $actionModify,"normal"),
312     esmith::cgi::genSmallCell($q, $actionRemove,"normal")
313     );
314 vip-ire 1.4 @@ -109,58 +112,55 @@
315 vip-ire 1.1
316    
317     sub print_custom_button{
318     - my ($fm,$desc,$url) = @_;
319     - my $q = $fm->{cgi};
320     - $url="shares?page=0&page_stack=&Next=Next&wherenext=".$url;
321     + my ($self,$desc,$url) = @_;
322     + my $q = $self->{cgi};
323     + $url = "shares?page=0&page_stack=&Next=Next&wherenext=" . $url;
324    
325     print " <tr>\n <td colspan='2'>\n";
326     print $q->p($q->a({href => $url, -class => "button-like"},
327     - $fm->localise($desc)));
328     + $self->localise($desc)));
329     print qq(</tr>\n);
330     return undef;
331     }
332    
333     sub print_share_to_remove{
334     - my ($fm) = @_;
335     - my $q = $fm->{cgi};
336     + my $self = shift;
337     + my $q = $self->{cgi};
338     my $sharename = $q->param('name');
339     my $desc = $q->param('description');
340    
341     print $q->Tr(
342     $q->td(
343     { -class => 'sme-noborders-label' },
344     - $fm->localise('NAME')
345     + $self->localise('NAME')
346     ),
347     $q->td( { -class => 'sme-noborders-content' }, $sharename )
348     - ),
349     - "\n";
350     + ), "\n";
351     print $q->Tr(
352     $q->td(
353     { -class => 'sme-noborders-label' },
354     - $fm->localise('DESCRIPTION')
355     + $self->localise('DESCRIPTION')
356     ),
357     $q->td( { -class => 'sme-noborders-content' }, $desc )
358     - ),
359     - "\n";
360     + ), "\n";
361    
362     - print $q->table(
363     + print $q->table(
364     { -width => '100%' },
365     $q->Tr(
366     $q->th(
367     { -class => 'sme-layout' },
368     $q->submit(
369     -name => 'cancel',
370     - -value => $fm->localise('CANCEL')
371     + -value => $self->localise('CANCEL')
372     ),
373     ' ',
374     $q->submit(
375     -name => 'remove',
376     - -value => $fm->localise('REMOVE')
377     + -value => $self->localise('REMOVE')
378     )
379     )
380     )
381     - ),
382     - "\n";
383     + ), "\n";
384    
385     # Clear these values to prevent collisions when the page reloads.
386     $q->delete("cancel");
387 vip-ire 1.4 @@ -172,12 +172,13 @@
388 vip-ire 1.1
389     sub print_share_name_field {
390     my $self = shift;
391     - my $in = $self->{cgi}->param('name') || '';
392     - my $action = $self->{cgi}->param('action') || '';
393     - my $maxLength = $configdb->get('maxShareNameLength')->value || '12';
394     + my $q = $self->{cgi};
395     + my $in = $q->param('name') || '';
396     + my $action = $q->param('action') || '';
397     + my $maxLength = $c->get('maxShareNameLength')->value || '12';
398    
399     # Set default value
400     - my $q = $self->{cgi};
401     +
402     $q->param(-name=>'encryption',-value=>'disabled');
403     $q->param(-name=>'inactivity',-value=>'30');
404     $q->param(-name=>'smbaccess',-value=>'browseable');
405 vip-ire 1.4 @@ -204,7 +205,7 @@
406 vip-ire 1.1 # Read the values for each field from the accounts db and store
407     # them in the cgi object so our form will have the correct
408     # info displayed.
409     - my $rec = $accountdb->get($in);
410     + my $rec = $a->get($in);
411     if ($rec)
412     {
413     $q->param(-name=>'description',-value=>
414 vip-ire 1.4 @@ -213,10 +214,6 @@
415 vip-ire 1.1 ($rec->prop('Encryption') || 'disabled'));
416     $q->param(-name=>'inactivity',-value=>
417     ($rec->prop('InactivityTimeOut') || '30'));
418     - $q->param(-name=>'ReadGroups',-value=>
419     - $rec->prop('ReadGroups'));
420     - $q->param(-name=>'WriteGroups',-value=>
421     - $rec->prop('WriteGroups'));
422     $q->param(-name=>'smbaccess',-value=>
423     ($rec->prop('smbAccess') || 'enabled'));
424     $q->param(-name=>'recyclebin',-value=>
425 vip-ire 1.4 @@ -233,8 +230,6 @@
426 vip-ire 1.1 ($rec->prop('Indexes') || 'enabled'));
427     $q->param(-name=>'dynamic',-value=>
428     ($rec->prop('DynamicContent') || 'disabled'));
429     - $q->param(-name=>'manualPerm',-value=>
430     - ($rec->prop('ManualPermissions') || 'no'));
431     }
432     }
433     else {
434 vip-ire 1.4 @@ -253,18 +248,19 @@
435 vip-ire 1.1 # If EncFS is available, print encryptions options
436     sub print_encryption_fields {
437     my $self = shift;
438     + my $q = $self->{cgi};
439    
440     return undef unless(system('rpm -q fuse-encfs 2>&1 > /dev/null') == 0);
441    
442     - my $encryption = $self->{cgi}->param('encryption') || 'disabled';
443     - my $action = $self->{cgi}->param('action') || '';
444     + my $encryption = $q->param('encryption') || 'disabled';
445     + my $action = $q->param('action') || '';
446    
447     - my $sharename = $self->{cgi}->param('name') || '';
448     + my $sharename = $q->param('name') || '';
449    
450     return undef if ($action eq 'modify' && $encryption ne 'enabled');
451    
452     - my $inactivity = (($sharename ne '') && ($accountdb->get($sharename))) ?
453     - ($accountdb->get($sharename)->prop('InactivityTimeOut') || '30'):'30';
454     + my $inactivity = (($sharename ne '') && ($a->get($sharename))) ?
455     + ($a->get($sharename)->prop('InactivityTimeOut') || '30'):'30';
456    
457     print_section_bar();
458    
459 vip-ire 1.4 @@ -316,13 +312,13 @@
460 vip-ire 1.1
461     # If ajaxplorer is enabled:
462     sub print_ajaxplorer_fields {
463     - my ($self) = @_;
464     - my $ajaxplorer = $configdb->get('ajaxplorer') || return undef;
465     + my $self = shift;
466     + my $ajaxplorer = $c->get('ajaxplorer') || return undef;
467     if (($ajaxplorer->prop('status') || 'disabled') eq 'enabled'){
468     print_section_bar();
469     my ($enabled,$disabled) = ('','');
470     my $sharename = $self->{cgi}->param('name') || '';
471     - my $share = $accountdb->get($sharename);
472     + my $share = $a->get($sharename);
473     # If share exists and Ajxplorer is enabled
474     if ($share){
475     if (($share->prop('Ajaxplorer') || 'disabled') eq 'enabled'){
476 vip-ire 1.4 @@ -345,24 +341,31 @@
477 vip-ire 1.1 return undef;
478     }
479    
480     -# Takes a comma delimited list of groups and returns a string of
481     -# html checkboxes for all system groups with the groups having write and read access.
482     -
483     -sub genGroupAccess () {
484     - my $fm = shift;
485     - my $q = $fm->{cgi};
486     - my $WriteGroups = $q->param('WriteGroups') || '';
487     - my $ReadGroups = $q->param('ReadGroups') || '';
488     - my $share = $q->param('share');
489     - my $manualPerm = $q->param('manualPerm') || '';
490     +# Print a table of users and groups
491     +# having read only or read/write access
492     +sub acl_list () {
493     + my $self = shift;
494     + my $q = $self->{cgi};
495     + my $sharename = $q->param('name');
496     my $out = '';
497    
498     + my $share = $a->get($sharename);
499     + return $self->error('SHARE_NOT_FOUND') unless ($share);
500     +
501     + my $WriteGroups = $share->prop('WriteGroups') || '';
502     + my $ReadGroups = $share->prop('ReadGroups') || '';
503     + my $WriteUsers = $share->prop('WriteUsers') || '';
504     + my $ReadUsers = $share->prop('ReadUsers') || '';
505     + my $manualPerm = $share->prop('ManualPermissions') || 'no';
506     +
507     if (($manualPerm eq 'yes') || ($manualPerm eq 'enabled')){
508     - $out .= $fm->localise('MANUAL_PERMS');
509     + $out .= $self->localise('MANUAL_PERMS');
510     }
511    
512     my %WriteGroups;
513     my %ReadGroups;
514     + my %WriteUsers;
515     + my %ReadUsers;
516    
517     foreach my $group ( split ( /[,;]/, $WriteGroups ) ) {
518     $WriteGroups{$group} = 1;
519 vip-ire 1.4 @@ -370,22 +373,31 @@
520 vip-ire 1.1 foreach my $group ( split ( /[,;]/, $ReadGroups ) ) {
521     $ReadGroups{$group} = 1;
522     }
523     - my @groups = sort { $a->key() cmp $b->key() } $accountdb->groups();
524     + foreach my $user ( split ( /[,;]/, $WriteUsers ) ) {
525     + $WriteUsers{$user} = 1;
526     + }
527     + foreach my $user ( split ( /[,;]/, $ReadUsers ) ) {
528     + $ReadUsers{$user} = 1;
529     + }
530     + my @groups = sort { $a->key() cmp $b->key() } $a->groups();
531     + my @users = sort { $a->key() cmp $b->key() } $a->users();
532    
533     $out .= "<tr><td class=\"sme-noborders-label\">" .
534     - $fm->localise('PERMISSIONS') .
535     + $self->localise('PERMISSIONS') .
536     "</td><td>\n".
537     $q->start_table({-class => "sme-border"})."\n".
538     $q->Tr(
539     - esmith::cgi::genSmallCell($q, $fm->localise('GROUPS'),"header"),
540     - esmith::cgi::genSmallCell($q, $fm->localise('WRITE_PERM'),"header"),
541     - esmith::cgi::genSmallCell($q, $fm->localise('READ_PERM'),"header")
542     + esmith::cgi::genSmallCell($q, $self->localise('GROUPS'),"header"),
543     + esmith::cgi::genSmallCell($q, $self->localise('DESCRIPTION'),"header"),
544     + esmith::cgi::genSmallCell($q, $self->localise('WRITE_PERM'),"header"),
545     + esmith::cgi::genSmallCell($q, $self->localise('READ_PERM'),"header")
546     );
547    
548     foreach my $group (@groups) {
549     my $write = "";
550     my $read = "";
551     my $name = $group->key();
552     + my $desc = $group->prop('Description');
553     if ( $WriteGroups{$name} ) {
554     $write = "checked";
555     }
556 vip-ire 1.4 @@ -395,23 +407,56 @@
557 vip-ire 1.1
558     $out .= $q->Tr(
559     esmith::cgi::genSmallCell($q, $name, "normal"),
560     + esmith::cgi::genSmallCell($q, $desc, "normal"),
561    
562     esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
563     - . " name=\"write\""
564     + . " name=\"writegroup\""
565     . " $write value=\"$name\">", "normal"),
566     esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
567     - . " name=\"read\""
568     + . " name=\"readgroup\""
569     . " $read value=\"$name\">", "normal")
570     );
571     }
572    
573     + $out .= $q->Tr(
574     + esmith::cgi::genSmallCell($q, $self->localise('USERS'),"header"),
575     + esmith::cgi::genSmallCell($q, $self->localise('DESCRIPTION'),"header"),
576     + esmith::cgi::genSmallCell($q, $self->localise('WRITE_PERM'),"header"),
577     + esmith::cgi::genSmallCell($q, $self->localise('READ_PERM'),"header")
578     + );
579     +
580     + foreach my $user (@users) {
581     + my $write = "";
582     + my $read = "";
583     + my $name = $user->key();
584     + my $desc = $user->prop('FirstName') . ' ' . $user->prop('LastName');
585     + if ( $WriteUsers{$name} ) {
586     + $write = "checked";
587     + }
588     + if ( $ReadUsers{$name} ) {
589     + $read = "checked";
590     + }
591     +
592     + $out .= $q->Tr(
593     + esmith::cgi::genSmallCell($q, $name, "normal"),
594     + esmith::cgi::genSmallCell($q, $desc, "normal"),
595     +
596     + esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
597     + . " name=\"writeuser\""
598     + . " $write value=\"$name\">", "normal"),
599     + esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
600     + . " name=\"readuser\""
601     + . " $read value=\"$name\">", "normal")
602     + );
603     + }
604     +
605     $out .= "</table></td></tr>\n";
606     return $out;
607     }
608    
609     # Print a section bar
610     sub print_section_bar{
611     - my ($fm) = @_;
612     + my $self = shift;
613     print " <tr>\n <td colspan='2'>\n";
614     print "<hr class=\"sectionbar\"/>\n";
615     return undef;
616 vip-ire 1.4 @@ -423,8 +468,8 @@
617 vip-ire 1.1
618     sub smbAccess_list {
619     return {
620     - 'none' => 'NONE',
621     - 'browseable' => 'ENABLED_BROWSEABLE',
622     + 'none' => 'NONE',
623     + 'browseable' => 'ENABLED_BROWSEABLE',
624     'non-browseable' => 'ENABLED_NON_BROWSEABLE',
625     };
626     }
627 vip-ire 1.4 @@ -453,12 +498,13 @@
628 vip-ire 1.1
629     sub max_share_name_length {
630     my ($self, $data) = @_;
631     - $configdb->reload();
632     - my $max = $configdb->get('maxShareNameLength')->value || '12';
633     + $c->reload();
634     + my $max = $c->get('maxShareNameLength')->value || '12';
635    
636     if (length($data) <= $max) {
637     return "OK";
638     - } else {
639     + }
640     + else {
641     return $self->localise("MAX_SHARE_NAME_LENGTH_ERROR",
642     {acctName => $data,
643     maxShareNameLength => $max,
644 vip-ire 1.4 @@ -466,46 +512,20 @@
645 vip-ire 1.1 }
646     }
647    
648     -
649     -# Check the proposed name for clashes with existing pseudonyms or other
650     -# accounts of any type.
651     -
652     -sub conflict_check
653     -{
654     - my ($self, $name) = @_;
655     - my $rec = $accountdb->get($name);
656     -
657     - my $type;
658     - if (defined $rec){
659     - my $type = $rec->prop('type');
660     - if ($type eq "pseudonym"){
661     - my $acct = $rec->prop("Account");
662     - my $acct_type = $accountdb->get($acct)->prop('type');
663     -
664     - return $self->localise('ACCT_CLASHES_WITH_PSEUDONYM',
665     - {acctName => $name, acctType => $acct_type, acct => $acct});
666     - }
667     - }
668     - elsif (defined getpwnam($name) || defined getgrnam($name)){
669     - $type = 'system';
670     - }
671     - else{
672     - # No account record and no account
673     - return 'OK';
674     - }
675     - return $self->localise('ACCOUNT_EXISTS',
676     - {acctName => $name, acctType => $type});
677     -}
678     -
679     # Call the create or modify routine
680    
681     sub handle_shares {
682     - my ($self) = @_;
683     -
684     + my $self = shift;
685     + my $q = $self->{cgi};
686     + my $action = $q->param("action") || '';
687    
688     - if ($self->cgi->param("action") eq "create") {
689     + if ($action eq "create") {
690     $self->create_share();
691     - } else {
692     + }
693     + elsif ($action eq 'permissions'){
694     + $self->modify_perm();
695     + }
696     + else {
697     $self->modify_share();
698     }
699     }
700 vip-ire 1.4 @@ -513,12 +533,13 @@
701 vip-ire 1.1 # Print save or add button
702    
703     sub print_save_or_add_button {
704     - my ($self) = @_;
705     + my $self = shift;
706    
707     my $action = $self->cgi->param("action") || '';
708     if ($action eq "modify") {
709     $self->print_button("SAVE");
710     - } else {
711     + }
712     + else {
713     $self->print_button("ADD");
714     }
715    
716 vip-ire 1.4 @@ -527,79 +548,54 @@
717 vip-ire 1.1 # Create a new shared folder
718    
719     sub create_share {
720     - my ($self) = @_;
721     - my $name = $self->cgi->param('name');
722     - my $encryption = $self->cgi->param('encryption') || 'disabled';
723     - my $password = $self->cgi->param('password');
724     - my $password2 = $self->cgi->param('password2');
725     + my $self = shift;
726     + my $q = $self->{cgi};
727     + my $name = $q->param('name');
728     + my $encryption = $q->param('encryption') || 'disabled';
729     + my $password = $q->param('password');
730     + my $password2 = $q->param('password2');
731    
732     my $msg = $self->validate_name($name);
733     - unless ($msg eq "OK")
734     - {
735     +
736     + unless ($msg eq "OK") {
737     return $self->error($msg);
738     }
739    
740     $msg = $self->max_share_name_length($name);
741     - unless ($msg eq "OK")
742     - {
743     +
744     + unless ($msg eq "OK") {
745     return $self->error($msg);
746     }
747    
748     $msg = $self->conflict_check($name);
749     - unless ($msg eq "OK")
750     - {
751     + unless ($msg eq "OK") {
752     return $self->error($msg);
753     }
754    
755     $msg = ($encryption eq 'enabled') ? $self->confirm_password($password,$password2) : 'OK';
756     - unless ($msg eq "OK")
757     - {
758     + unless ($msg eq "OK") {
759     return $self->error($msg);
760     }
761    
762     - my @WriteGroups = $self->cgi->param('write');
763     - my $WriteGroups = join(",",@WriteGroups);
764     - my @ReadGroups = $self->cgi->param('read');
765     - my @CleanReadGroups = ();
766     -
767     - # EncFS doesn't expose underlying ACLs
768     - # So, just remove any read only groups
769     - # Read Only is not supported with encryption
770     - if ($encryption ne 'enabled'){
771     - # Remove from ReadGroups the groups in WriteGroups
772     - # So ACL are consistent
773     - foreach my $read (@ReadGroups){
774     - my $isInWrite = 0;
775     - foreach (@WriteGroups){
776     - $isInWrite = 1 if ($_ eq $read);
777     - }
778     - push (@CleanReadGroups, $read) unless ($isInWrite);
779     - }
780     - }
781     - my $ReadGroups = join(",",@CleanReadGroups);
782     -
783     - if (my $acct = $accountdb->new_record($name, {
784     - Name => $self->cgi->param('description'),
785     + if (my $acct = $a->new_record($name, {
786     + Name => $q->param('description'),
787     Encryption => $encryption,
788     - InactivityTimeOut => ($self->cgi->param('inactivity') || ''),
789     - WriteGroups => $WriteGroups,
790     - ReadGroups => $ReadGroups,
791     - RecycleBin => $self->cgi->param('recyclebin'),
792     - RecycleBinRetention => $self->cgi->param('retention'),
793     - smbAccess => $self->cgi->param('smbaccess'),
794     - httpAccess => $self->cgi->param('httpaccess'),
795     - WebDav => $self->cgi->param('webdav'),
796     - Ajaxplorer => ($self->cgi->param('ajaxplorer') || 'disabled'),
797     - RequireSSL => $self->cgi->param('requireSSL'),
798     - Indexes => $self->cgi->param('indexes'),
799     - DynamicContent => $self->cgi->param('dynamic'),
800     + InactivityTimeOut => ($q->param('inactivity') || ''),
801     + RecycleBin => $q->param('recyclebin'),
802     + RecycleBinRetention => $q->param('retention'),
803     + smbAccess => $q->param('smbaccess'),
804     + httpAccess => $q->param('httpaccess'),
805     + WebDav => $q->param('webdav'),
806     + Ajaxplorer => ($q->param('ajaxplorer') || 'disabled'),
807     + RequireSSL => $q->param('requireSSL'),
808     + Indexes => $q->param('indexes'),
809     + DynamicContent => $q->param('dynamic'),
810     type => 'share',
811     - }) )
812     - {
813     + }) ) {
814     # Untaint $name before use in system()
815     $name =~ /(.+)/; $name = $1;
816    
817     - if ($encryption eq 'enabled'){
818     + if ($encryption eq 'enabled') {
819     my $source = '/home/e-smith/files/shares/' . $name . '/.store';
820     my $dest = '/home/e-smith/files/shares/' . $name . '/files';
821     File::Path::mkpath ($source);
822 vip-ire 1.4 @@ -614,10 +610,12 @@
823 vip-ire 1.1
824     if (system ("/sbin/e-smith/signal-event", "share-create", $name) == 0) {
825     $self->success("SUCCESSFULLY_CREATED_SHARE");
826     - } else {
827     + }
828     + else {
829     $self->error("ERROR_WHILE_CREATING_SHARE");
830     }
831     - } else {
832     + }
833     + else {
834     $self->error('CANT_CREATE_SHARE');
835     }
836     }
837 vip-ire 1.4 @@ -625,118 +623,155 @@
838 vip-ire 1.1 # Modify a share.
839     # This sub shares a lot of code with create share
840     # It should be merged
841     -
842     sub modify_share {
843     - my ($self) = @_;
844     - my $name = $self->cgi->param('name');
845     - if (my $acct = $accountdb->get($name)) {
846     - if ($acct->prop('type') eq 'share') {
847     - my $encryption = $self->cgi->param('encryption');
848     - my @WriteGroups = $self->cgi->param('write');
849     - my $WriteGroups = join(",",@WriteGroups);
850     - my @ReadGroups = $self->cgi->param('read');
851     - my @CleanReadGroups = ();
852     -
853     - # EncFS doesn't expose underlying ACLs
854     - # So, just remove any read only groups
855     - # Read Only is not supported with encryption
856     - if ($encryption ne 'enabled'){
857     - foreach my $read (@ReadGroups){
858     - my $isInWrite = 0;
859     - foreach (@WriteGroups){
860     - $isInWrite = 1 if ($_ eq $read);
861     - }
862     - push (@CleanReadGroups, $read) unless ($isInWrite);
863     - }
864     - }
865     - my $ReadGroups = join(",",@CleanReadGroups);
866     + my $self = shift;
867     + my $q = $self->{cgi};
868     + my $name = $q->param('name');
869     + my $acct = $a->get($name);
870    
871     - $acct->merge_props(
872     - Name => $self->cgi->param('description'),
873     - InactivityTimeOut => ($self->cgi->param('inactivity') || ''),
874     - WriteGroups => $WriteGroups,
875     - ReadGroups => $ReadGroups,
876     - RecycleBin => $self->cgi->param('recyclebin'),
877     - RecycleBinRetention => $self->cgi->param('retention'),
878     - smbAccess => $self->cgi->param('smbaccess'),
879     - httpAccess => $self->cgi->param('httpaccess'),
880     - WebDav => $self->cgi->param('webdav'),
881     - Ajaxplorer => ($self->cgi->param('ajaxplorer') || 'disabled'),
882     - RequireSSL => $self->cgi->param('requireSSL'),
883     - Indexes => $self->cgi->param('indexes'),
884     - DynamicContent => $self->cgi->param('dynamic'),
885     - );
886     + return $self->error('CANT_FIND_SHARE') unless($acct && $acct->prop('type') eq 'share');
887    
888     - # Untaint $name before use in system()
889     - $name =~ /(.+)/; $name = $1;
890     - if (system ("/sbin/e-smith/signal-event", "share-modify",
891     - $name) == 0)
892     - {
893     - $self->success("SUCCESSFULLY_MODIFIED_SHARE");
894     - } else {
895     - $self->error("ERROR_WHILE_MODIFYING_SHARE");
896     - }
897     - } else {
898     - $self->error('CANT_FIND_SHARE');
899     - }
900     - } else {
901     - $self->error('CANT_FIND_SHARE');
902     + $acct->merge_props(
903     + Name => $q->param('description'),
904     + InactivityTimeOut => ($q->param('inactivity') || ''),
905     + RecycleBin => $q->param('recyclebin'),
906     + RecycleBinRetention => $q->param('retention'),
907     + smbAccess => $q->param('smbaccess'),
908     + httpAccess => $q->param('httpaccess'),
909     + WebDav => $q->param('webdav'),
910     + Ajaxplorer => ($q->param('ajaxplorer') || 'disabled'),
911     + RequireSSL => $q->param('requireSSL'),
912     + Indexes => $q->param('indexes'),
913     + DynamicContent => $q->param('dynamic'),
914     + );
915     +
916     + # Untaint $name before use in system()
917     + $name =~ /(.+)/; $name = $1;
918     + if (system ("/sbin/e-smith/signal-event", "share-modify", $name) == 0) {
919     + $self->success("SUCCESSFULLY_MODIFIED_SHARE");
920     }
921     + else {
922     + $self->error("ERROR_WHILE_MODIFYING_SHARE");
923     + }
924     + return undef;
925     }
926    
927     -# Remove a share
928     +sub modify_perm {
929     + my $self = shift;
930     + my $q = $self->{cgi};
931     + my $name = $q->param('name');
932     + my $acct = $a->get($name);
933    
934     -sub remove_share {
935     - my ($self) = @_;
936     - my $name = $self->cgi->param('name');
937     - unless ($self->cgi->param('cancel')){
938     - if (my $acct = $accountdb->get($name)) {
939     - if ($acct->prop('type') eq 'share') {
940     - # Untaint $name before use in system()
941     - $name =~ /(.+)/; $name = $1;
942     - my $encryption = $acct->prop('Encryption') || 'disabled';
943     - my $mountstatus = `/bin/mount | grep /home/e-smith/files/shares/$name/ | grep -c fuse`;
944     - chomp($mountstatus);
945     - if (($encryption eq 'enabled') && ($mountstatus eq '1')){
946     - $self->error("ERROR_ENCRYPTED_ENABLED");
947     - return undef;
948     - }
949     -
950     - $acct->set_prop('type', 'share-deleted');
951     -
952     - if (system ("/sbin/e-smith/signal-event", "share-delete", $name) == 0) {
953     - $self->success("SUCCESSFULLY_DELETED_SHARE");
954     - $acct->delete();
955     - }
956     - else {
957     - $self->error("ERROR_WHILE_DELETING_SHARE");
958     - }
959     - }
960     - else {
961     - $self->error('CANT_FIND_SHARE');
962     - }
963     + return $self->error('CANT_FIND_SHARE') unless($acct && $acct->prop('type') eq 'share');
964     +
965     + my $encryption = $acct->prop('Encryption') || 'disabled';
966     +
967     + my $WriteGroups = join(",", $q->param('writegroup'));
968     + my $WriteUsers = join(",", $q->param('writeuser'));
969    
970     + my @CleanReadGroups = ();
971     + my @CleanReadUsers = ();
972     +
973     + # EncFS doesn't expose underlying ACLs
974     + # So, just remove any read only groups
975     + # Read Only is not supported with encryption
976     + if ($encryption ne 'enabled'){
977     + # No need to have read access if write is already granted
978     + foreach my $group ($q->param('readgroup')){
979     + push (@CleanReadGroups, $group) unless (grep { $_ eq $group } $q->param('writegroup'));
980     }
981     - else {
982     - $self->error('CANT_FIND_SHARE');
983     + foreach my $user ($q->param('readuser')){
984     + push (@CleanReadUsers, $user) unless (grep { $_ eq $user } $q->param('writeuser'));
985     }
986     }
987     - else{
988     - $self->error('CANCELED','First');
989     + my $ReadGroups = join(",",@CleanReadGroups);
990     + my $ReadUsers = join(",",@CleanReadUsers);
991     +
992     + $acct->merge_props(
993     + WriteGroups => $WriteGroups,
994     + ReadGroups => $ReadGroups,
995     + WriteUsers => $WriteUsers,
996     + ReadUsers => $ReadUsers,
997     + );
998     +
999     + # Untaint $name before use in system()
1000     + $name =~ /(.+)/; $name = $1;
1001     + if (system ("/sbin/e-smith/signal-event", "share-modify", $name) == 0) {
1002     + $self->success("SUCCESSFULLY_MODIFIED_SHARE");
1003     + }
1004     + else {
1005     + $self->error("ERROR_WHILE_MODIFYING_SHARE");
1006     }
1007     return undef;
1008     }
1009    
1010     +# Remove a share
1011     +sub remove_share {
1012     + my $self = shift;
1013     + my $q = $self->{cgi};
1014     + my $name = $q->param('name');
1015     + my $acct = $a->get($name);
1016     + return $self->error('CANCELED','First') if ($q->param('cancel'));
1017     + return $self->error('CANT_FIND_SHARE') unless ($acct && $acct->prop('type') eq 'share');
1018     +
1019     + # Untaint $name before use in system()
1020     + $name =~ /(.+)/; $name = $1;
1021     + my $encryption = $acct->prop('Encryption') || 'disabled';
1022     + my $mountstatus = `/bin/mount | grep /home/e-smith/files/shares/$name/ | grep -c fuse`;
1023     + chomp($mountstatus);
1024     +
1025     + if (($encryption eq 'enabled') && ($mountstatus eq '1')){
1026     + $self->error("ERROR_ENCRYPTED_ENABLED");
1027     + return undef;
1028     + }
1029     +
1030     + $acct->set_prop('type', 'share-deleted');
1031     +
1032     + if (system ("/sbin/e-smith/signal-event", "share-delete", $name) == 0) {
1033     + $self->success("SUCCESSFULLY_DELETED_SHARE");
1034     + $acct->delete();
1035     + }
1036     + else {
1037     + $self->error("ERROR_WHILE_DELETING_SHARE");
1038     + }
1039     + return undef;
1040     +}
1041     +
1042     +# Check the proposed name for clashes with existing pseudonyms or other
1043     +# accounts of any type.
1044     +
1045     +sub conflict_check {
1046     + my ($self, $name) = @_;
1047     + my $rec = $a->get($name);
1048     +
1049     + my $type;
1050     + if (defined $rec){
1051     + my $type = $rec->prop('type');
1052     + if ($type eq "pseudonym"){
1053     + my $acct = $rec->prop("Account");
1054     + my $acct_type = $a->get($acct)->prop('type');
1055     +
1056     + return $self->localise('ACCT_CLASHES_WITH_PSEUDONYM',
1057     + {acctName => $name, acctType => $acct_type, acct => $acct});
1058     + }
1059     + }
1060     + elsif (defined getpwnam($name) || defined getgrnam($name)){
1061     + $type = 'system';
1062     + }
1063     + else{
1064     + # No account record and no account
1065     + return 'OK';
1066     + }
1067     + return $self->localise('ACCOUNT_EXISTS',
1068     + {acctName => $name, acctType => $type});
1069     +}
1070    
1071     # Checks that the name supplied does not contain any unacceptable chars.
1072     # Returns OK on success or a localised error message otherwise.
1073     -
1074     -sub validate_name
1075     -{
1076     +sub validate_name {
1077     my ($self, $acctName) = @_;
1078    
1079     - unless ($acctName =~ /^([a-z][\_\.\-a-z0-9]*)$/)
1080     - {
1081     + unless ($acctName =~ /^([a-z][\_\.\-a-z0-9]*)$/){
1082     return $self->localise('ACCT_NAME_HAS_INVALID_CHARS',
1083     {acctName => $acctName});
1084     }
1085 vip-ire 1.4 @@ -744,13 +779,10 @@
1086 vip-ire 1.1 }
1087    
1088     # Check if inactivity is a number
1089     -
1090     -sub validate_inactivity
1091     -{
1092     +sub validate_inactivity {
1093     my ($self, $inac) = @_;
1094    
1095     - unless ($inac =~ /^\d+$/)
1096     - {
1097     + unless ($inac =~ /^\d+$/){
1098     return $self->localise('INVALID_INACTIVITY',
1099     {inactivity => $inac});
1100     }
1101 vip-ire 1.4 @@ -759,9 +791,7 @@
1102 vip-ire 1.1
1103     # Check if both passwords match
1104     # and are more than 8 chars
1105     -
1106     -sub confirm_password
1107     -{
1108     +sub confirm_password {
1109    
1110     my ($self, $pass1, $pass2) = @_;
1111    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed