/[smecontribs]/rpms/smeserver-shared-folders/contribs7/smeserver-shared-folders-0.1-users_acl.patch
ViewVC logotype

Annotation of /rpms/smeserver-shared-folders/contribs7/smeserver-shared-folders-0.1-users_acl.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.5 - (hide annotations) (download)
Thu Feb 16 22:44:47 2012 UTC (12 years, 9 months ago) by vip-ire
Branch: MAIN
Changes since 1.4: +39 -37 lines
* Mon Feb 13 2012 Daniel Berteaud <daniel@firewall-services.com> 0.1-62.sme
- Code cleanup
- Move ACL configuration in a separated page
- User level ACL support

1 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/createlinks smeserver-shared-folders-0.1_mod/createlinks
2 vip-ire 1.5 --- smeserver-shared-folders-0.1/createlinks 2012-02-16 23:24:05.000000000 +0100
3     +++ smeserver-shared-folders-0.1_mod/createlinks 2012-02-16 23:29:54.000000000 +0100
4 vip-ire 1.1 @@ -11,12 +11,12 @@
5     panel_link("userpanel-encfs", $panel);
6    
7     #--------------------------------------------------
8     -# actions for group-delete event
9     +# actions for group-delete and user-delete events
10     #--------------------------------------------------
11    
12     -$event = "group-delete";
13     -
14     -event_link("group-share-modify", $event, "10");
15     +foreach my $event (qw/group-delete user-delete/) {
16     + event_link("group-share-modify", $event, "10");
17     +}
18    
19     #--------------------------------------------------
20     # actions for share-delete event
21 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/group-share-modify smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/group-share-modify
22 vip-ire 1.5 --- smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/group-share-modify 2012-02-16 23:24:05.000000000 +0100
23     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/group-share-modify 2012-02-16 23:29:54.000000000 +0100
24 vip-ire 1.1 @@ -7,40 +7,47 @@
25     my $accounts = esmith::AccountsDB->open() or
26     die "Unable to open accounts db: $!";
27    
28     -my ($self, $groupName) = @ARGV;
29     +my ($event, $name) = @ARGV;
30     +
31     +my $type = 'Groups';
32     +
33     +if ($event eq 'user-delete'){
34     + $type = 'Users';
35     +}
36    
37     # Find all "shared folder" entries in the e-smith accounts database and
38     -# if the group matches one listed in ACL, remove it.
39     +# if the group or a user matches one listed in ACL, remove it.
40    
41     my @modified_shares;
42     foreach my $share ( $accounts->get_all_by_prop(type => 'share' ) ) {
43     my $modified = 0;
44     - my @OldReadGroups = split (/[,;]/,$share->prop('ReadGroups'));
45     - my @NewReadGroups = ();
46     - foreach (@OldReadGroups){
47     - if ( $_ eq $groupName ) {
48     + my @OldRead = split (/[,;]/,$share->prop('Read'.$type));
49     + my @NewRead = ();
50     + foreach (@OldRead){
51     + if ( $_ eq $name ) {
52     $modified = 1;
53     }
54     else{
55     - push @NewReadGroups, $_;
56     + push @NewRead, $_;
57     }
58     }
59     - $share->set_prop( 'ReadGroups', join( "," , @NewReadGroups ) );
60     + $share->set_prop('Read'.$type, join("," , @NewRead));
61    
62     - my @OldWriteGroups = split (/[,;]/,$share->prop('WriteGroups'));
63     - my @NewWriteGroups = ();
64     - foreach (@OldWriteGroups){
65     - if ( $_ eq $groupName ) {
66     + my @OldWrite = split (/[,;]/,$share->prop('Write'.$type));
67     + my @NewWrite = ();
68     + foreach (@OldWrite){
69     + if ( $_ eq $name ) {
70     $modified = 1;
71     }
72     else{
73     - push @NewWriteGroups, $_;
74     + push @NewWrite, $_;
75     }
76     }
77     - $share->set_prop( 'WriteGroups', join( "," , @NewWriteGroups ) );
78     + $share->set_prop('Write'.$type, join("," , @NewWrite));
79    
80     - # If a group has been removed, either from Read or Write, re-apply the ACLs
81     + # If a group or a user has been removed, either from Read or Write, re-apply the ACLs
82     if ($modified){
83     + push @modified_shares, $share->key;
84     event_signal("share-modify-files", $share->key) or
85     die ("Error occurred while updating shared folder.\n");
86     }
87 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/share-modify smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/share-modify
88 vip-ire 1.5 --- smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/share-modify 2012-02-16 23:24:05.000000000 +0100
89     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/share-modify 2012-02-16 23:29:54.000000000 +0100
90 vip-ire 1.1 @@ -90,8 +90,10 @@
91     #--------------------------------------------------
92    
93     my %properties = $share->props;
94     -my @write = split(/[;,]/,($properties {'WriteGroups'} || 'admin'));
95     -my @read = split(/[;,]/,($properties {'ReadGroups'} || 'admin'));
96     +my @writegroups = split(/[;,]/,($properties {'WriteGroups'} || 'admin'));
97     +my @readgroups = split(/[;,]/,($properties {'ReadGroups'} || 'admin'));
98     +my @writeusers = split(/[;,]/,($properties {'WriteUsers'} || ''));
99     +my @readusers = split(/[;,]/,($properties {'ReadUsers'} || ''));
100    
101     # Don't reset permissions if ManualPermissions is set to 'yes'
102    
103     @@ -111,12 +113,18 @@
104     '.');
105    
106     my $acl = 'u::rwX,g::rwX,o:---,';
107     - foreach my $group (@write){
108     + foreach my $group (@writegroups){
109     $acl .= 'g:'.$group.':rwX,';
110     }
111     - foreach my $group (@read){
112     + foreach my $group (@readgroups){
113     $acl .= 'g:'.$group.':rX,';
114     }
115     + foreach my $user (@writeusers){
116     + $acl .= 'u:'.$user.':rwX,';
117     + }
118     + foreach my $user (@readusers){
119     + $acl .= 'u:'.$user.':rX,';
120     + }
121    
122     # Set the effective ACLs
123     system($setfacl,
124     @@ -144,9 +152,12 @@
125     '--remove-default',
126     '.');
127    
128     - foreach my $group (@write,@read){
129     + foreach my $group (@writegroups,@readgroups){
130     $acl .= 'g:'.$group.':rX,';
131     }
132     + foreach my $user (@writeusers,@readusers){
133     + $acl .= 'g:'.$user.':rX,';
134     + }
135    
136     system($setfacl,
137     '-m',
138 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares smeserver-shared-folders-0.1_mod/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares
139 vip-ire 1.5 --- smeserver-shared-folders-0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares 2012-02-16 23:24:05.000000000 +0100
140     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares 2012-02-16 23:29:54.000000000 +0100
141 vip-ire 1.1 @@ -155,7 +155,7 @@
142     <entry>
143     <base>DESC_PERMISSIONS</base>
144     <trans>
145     - You can use this matrix to define groups access permissions.
146     + You can use this matrix to define groups and users access permissions.
147     </trans>
148     </entry>
149    
150     @@ -510,4 +510,16 @@
151     </trans>
152     </entry>
153    
154     + <entry>
155     + <base>TITLE_PERMISSIONS</base>
156     + <trans>
157     + Access right management
158     + </trans>
159     + </entry>
160     +
161     + <entry>
162     + <base>USERS</base>
163     + <trans>Utilisateurs</trans>
164     + </entry>
165     +
166     </lexicon>
167 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares smeserver-shared-folders-0.1_mod/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares
168 vip-ire 1.5 --- smeserver-shared-folders-0.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares 2012-02-16 23:24:05.000000000 +0100
169     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares 2012-02-16 23:29:54.000000000 +0100
170 vip-ire 1.1 @@ -16,7 +16,7 @@
171     my $satisfy;
172     my $webdav = (($properties{'WebDav'} || 'disabled') =~ m/^(enabled|on|yes)$/i) ? 1 : 0;
173    
174     - # Find which users has at least read access
175     + # Find which users have read or write access
176     my @writers = ('admin');
177     my @readers = ();
178     if ($properties{'WriteGroups'}) {
179     @@ -26,10 +26,14 @@
180     my $members = $adb->get_prop($group, 'Members') || "";
181     if (length($members) > 0) {
182     push @writers, split (/[;,]/, $members);
183     - }
184     + }
185     }
186    
187     }
188     + if ($properties{'WriteUsers'}) {
189     + my @users = split (/[;,]/, $properties{'WriteUsers'});
190     + push @writers, @users;
191     + }
192     if ($properties{'ReadGroups'}) {
193     my @groups = split (/[;,]/, $properties{'ReadGroups'});
194    
195     @@ -37,10 +41,14 @@
196     my $members = $adb->get_prop($group, 'Members') || "";
197     if (length($members) > 0) {
198     push @readers, split (/[;,]/, $members);
199     - }
200     + }
201     }
202    
203     }
204     + if ($properties{'ReadUsers'}) {
205     + my @users = split (/[;,]/, $properties{'ReadUsers'});
206     + push @readers, @users;
207     + }
208    
209     my %seen = ();
210     @readers = sort (grep { ! $seen{ $_ }++ } (@readers,@writers));
211 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/web/functions/shares smeserver-shared-folders-0.1_mod/root/etc/e-smith/web/functions/shares
212 vip-ire 1.5 --- smeserver-shared-folders-0.1/root/etc/e-smith/web/functions/shares 2012-02-16 23:24:05.000000000 +0100
213     +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/web/functions/shares 2012-02-16 23:29:54.000000000 +0100
214 vip-ire 1.1 @@ -51,16 +51,6 @@
215    
216     <field
217     type="literal"
218     - id="perms_desc"
219     - value="">
220     - <description>DESC_PERMISSIONS</description>
221     - </field>
222     - <subroutine src="genGroupAccess()"/>
223     -
224     - <subroutine src="print_section_bar()" />
225     -
226     - <field
227     - type="literal"
228     id="smbdesc"
229     value="">
230     <description>DESC_SMB_SETTINGS</description>
231     @@ -128,5 +118,13 @@
232     <description>REMOVE_DESC</description>
233     <subroutine src="print_share_to_remove()" />
234     </page>
235     + <page name="Permissions" pre-event="turn_off_buttons()" post-event="handle_shares()">
236     + <title>TITLE_PERMISSIONS</title>
237     + <field type="literal" id="descriptiongroup">
238     + <description>DESC_PERMISSIONS</description>
239     + </field>
240     + <subroutine src="acl_list()" />
241     + <subroutine src="print_button('SAVE')" />
242     + </page>
243     </form>
244    
245 vip-ire 1.2 diff -Nur smeserver-shared-folders-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm smeserver-shared-folders-0.1_mod/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm
246 vip-ire 1.5 --- smeserver-shared-folders-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm 2012-02-16 23:25:38.000000000 +0100
247     +++ smeserver-shared-folders-0.1_mod/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm 2012-02-16 23:29:54.000000000 +0100
248 vip-ire 1.1 @@ -26,7 +26,7 @@
249     print_share_name_field
250     print_encryption_fields
251     print_ajaxplorer_fields
252     - genGroupAccess
253     + acl_list
254     smbAccess_list
255     httpAccess_list
256     max_share_name_length
257 vip-ire 1.5 @@ -38,10 +38,9 @@
258     print_section_bar
259     );
260 vip-ire 1.4
261 vip-ire 1.5 -our $VERSION = sprintf '%d.%03d', q$Revision: 1.8 $ =~ /: (\d+).(\d+)/;
262 vip-ire 1.1
263     -our $accountdb = esmith::AccountsDB->open();
264     -our $configdb = esmith::ConfigDB->open();
265     +our $a = esmith::AccountsDB->open();
266     +our $c = esmith::ConfigDB->open();
267    
268     *wherenext = \&CGI::FormMagick::wherenext;
269    
270 vip-ire 1.5 @@ -62,12 +61,12 @@
271 vip-ire 1.1 my $name = $self->localise('NAME');
272     my $description = $self->localise('DESCRIPTION');
273     my $modify = $self->localise('MODIFY');
274     + my $perm = $self->localise('PERMISSIONS');
275     my $remove = $self->localise('REMOVE');
276     my $action_h = $self->localise('ACTION');
277     - my @shares = $accountdb->get_all_by_prop(type => 'share');
278     + my @shares = $a->get_all_by_prop(type => 'share');
279    
280     - unless ( scalar @shares )
281     - {
282     + unless ( scalar @shares ) {
283     print $q->Tr($q->td($self->localise('NO_SHARES')));
284     return "";
285     }
286 vip-ire 1.5 @@ -81,22 +80,25 @@
287 vip-ire 1.1
288     my $scriptname = basename($0);
289    
290     - foreach my $i (@shares)
291     - {
292     - my $sharename = $i->key();
293     - my $sharedesc = $i->prop('Name');
294     + foreach my $share (@shares) {
295     + my $sharename = $share->key();
296     + my $sharedesc = $share->prop('Name');
297    
298     my $href = "shares?page=;page_stack=;wherenext=";
299    
300     my $actionModify = $q->a({href => "${href}CreateModify&action=modify&name=$sharename"},$modify)
301     . '&nbsp;';
302    
303     + my $actionPerm = $q->a({href => "${href}Permissions&action=permissions&name=$sharename"},$perm)
304     + . '&nbsp;';
305     +
306     my $actionRemove .= $q->a({href => "${href}Remove&name=$sharename&description=$sharedesc"}, $remove)
307     . '&nbsp';
308    
309     print $q->Tr (
310     esmith::cgi::genSmallCell($q, $sharename,"normal"),
311     esmith::cgi::genSmallCell($q, $sharedesc,"normal"),
312     + esmith::cgi::genSmallCell($q, $actionPerm,"normal"),
313     esmith::cgi::genSmallCell($q, $actionModify,"normal"),
314     esmith::cgi::genSmallCell($q, $actionRemove,"normal")
315     );
316 vip-ire 1.5 @@ -109,58 +111,55 @@
317 vip-ire 1.1
318    
319     sub print_custom_button{
320     - my ($fm,$desc,$url) = @_;
321     - my $q = $fm->{cgi};
322     - $url="shares?page=0&page_stack=&Next=Next&wherenext=".$url;
323     + my ($self,$desc,$url) = @_;
324     + my $q = $self->{cgi};
325     + $url = "shares?page=0&page_stack=&Next=Next&wherenext=" . $url;
326    
327     print " <tr>\n <td colspan='2'>\n";
328     print $q->p($q->a({href => $url, -class => "button-like"},
329     - $fm->localise($desc)));
330     + $self->localise($desc)));
331     print qq(</tr>\n);
332     return undef;
333     }
334    
335     sub print_share_to_remove{
336     - my ($fm) = @_;
337     - my $q = $fm->{cgi};
338     + my $self = shift;
339     + my $q = $self->{cgi};
340     my $sharename = $q->param('name');
341     my $desc = $q->param('description');
342    
343     print $q->Tr(
344     $q->td(
345     { -class => 'sme-noborders-label' },
346     - $fm->localise('NAME')
347     + $self->localise('NAME')
348     ),
349     $q->td( { -class => 'sme-noborders-content' }, $sharename )
350     - ),
351     - "\n";
352     + ), "\n";
353     print $q->Tr(
354     $q->td(
355     { -class => 'sme-noborders-label' },
356     - $fm->localise('DESCRIPTION')
357     + $self->localise('DESCRIPTION')
358     ),
359     $q->td( { -class => 'sme-noborders-content' }, $desc )
360     - ),
361     - "\n";
362     + ), "\n";
363    
364     - print $q->table(
365     + print $q->table(
366     { -width => '100%' },
367     $q->Tr(
368     $q->th(
369     { -class => 'sme-layout' },
370     $q->submit(
371     -name => 'cancel',
372     - -value => $fm->localise('CANCEL')
373     + -value => $self->localise('CANCEL')
374     ),
375     ' ',
376     $q->submit(
377     -name => 'remove',
378     - -value => $fm->localise('REMOVE')
379     + -value => $self->localise('REMOVE')
380     )
381     )
382     )
383     - ),
384     - "\n";
385     + ), "\n";
386    
387     # Clear these values to prevent collisions when the page reloads.
388     $q->delete("cancel");
389 vip-ire 1.5 @@ -172,12 +171,13 @@
390 vip-ire 1.1
391     sub print_share_name_field {
392     my $self = shift;
393     - my $in = $self->{cgi}->param('name') || '';
394     - my $action = $self->{cgi}->param('action') || '';
395     - my $maxLength = $configdb->get('maxShareNameLength')->value || '12';
396     + my $q = $self->{cgi};
397     + my $in = $q->param('name') || '';
398     + my $action = $q->param('action') || '';
399     + my $maxLength = $c->get('maxShareNameLength')->value || '12';
400    
401     # Set default value
402     - my $q = $self->{cgi};
403     +
404     $q->param(-name=>'encryption',-value=>'disabled');
405     $q->param(-name=>'inactivity',-value=>'30');
406     $q->param(-name=>'smbaccess',-value=>'browseable');
407 vip-ire 1.5 @@ -204,7 +204,7 @@
408 vip-ire 1.1 # Read the values for each field from the accounts db and store
409     # them in the cgi object so our form will have the correct
410     # info displayed.
411     - my $rec = $accountdb->get($in);
412     + my $rec = $a->get($in);
413     if ($rec)
414     {
415     $q->param(-name=>'description',-value=>
416 vip-ire 1.5 @@ -213,10 +213,6 @@
417 vip-ire 1.1 ($rec->prop('Encryption') || 'disabled'));
418     $q->param(-name=>'inactivity',-value=>
419     ($rec->prop('InactivityTimeOut') || '30'));
420     - $q->param(-name=>'ReadGroups',-value=>
421     - $rec->prop('ReadGroups'));
422     - $q->param(-name=>'WriteGroups',-value=>
423     - $rec->prop('WriteGroups'));
424     $q->param(-name=>'smbaccess',-value=>
425     ($rec->prop('smbAccess') || 'enabled'));
426     $q->param(-name=>'recyclebin',-value=>
427 vip-ire 1.5 @@ -233,8 +229,6 @@
428 vip-ire 1.1 ($rec->prop('Indexes') || 'enabled'));
429     $q->param(-name=>'dynamic',-value=>
430     ($rec->prop('DynamicContent') || 'disabled'));
431     - $q->param(-name=>'manualPerm',-value=>
432     - ($rec->prop('ManualPermissions') || 'no'));
433     }
434     }
435     else {
436 vip-ire 1.5 @@ -253,18 +247,19 @@
437 vip-ire 1.1 # If EncFS is available, print encryptions options
438     sub print_encryption_fields {
439     my $self = shift;
440     + my $q = $self->{cgi};
441    
442     return undef unless(system('rpm -q fuse-encfs 2>&1 > /dev/null') == 0);
443    
444     - my $encryption = $self->{cgi}->param('encryption') || 'disabled';
445     - my $action = $self->{cgi}->param('action') || '';
446     + my $encryption = $q->param('encryption') || 'disabled';
447     + my $action = $q->param('action') || '';
448    
449     - my $sharename = $self->{cgi}->param('name') || '';
450     + my $sharename = $q->param('name') || '';
451    
452     return undef if ($action eq 'modify' && $encryption ne 'enabled');
453    
454     - my $inactivity = (($sharename ne '') && ($accountdb->get($sharename))) ?
455     - ($accountdb->get($sharename)->prop('InactivityTimeOut') || '30'):'30';
456     + my $inactivity = (($sharename ne '') && ($a->get($sharename))) ?
457     + ($a->get($sharename)->prop('InactivityTimeOut') || '30'):'30';
458    
459     print_section_bar();
460    
461 vip-ire 1.5 @@ -316,13 +311,13 @@
462 vip-ire 1.1
463     # If ajaxplorer is enabled:
464     sub print_ajaxplorer_fields {
465     - my ($self) = @_;
466     - my $ajaxplorer = $configdb->get('ajaxplorer') || return undef;
467     + my $self = shift;
468     + my $ajaxplorer = $c->get('ajaxplorer') || return undef;
469     if (($ajaxplorer->prop('status') || 'disabled') eq 'enabled'){
470     print_section_bar();
471     my ($enabled,$disabled) = ('','');
472     my $sharename = $self->{cgi}->param('name') || '';
473     - my $share = $accountdb->get($sharename);
474     + my $share = $a->get($sharename);
475     # If share exists and Ajxplorer is enabled
476     if ($share){
477     if (($share->prop('Ajaxplorer') || 'disabled') eq 'enabled'){
478 vip-ire 1.5 @@ -345,24 +340,31 @@
479 vip-ire 1.1 return undef;
480     }
481    
482     -# Takes a comma delimited list of groups and returns a string of
483     -# html checkboxes for all system groups with the groups having write and read access.
484     -
485     -sub genGroupAccess () {
486     - my $fm = shift;
487     - my $q = $fm->{cgi};
488     - my $WriteGroups = $q->param('WriteGroups') || '';
489     - my $ReadGroups = $q->param('ReadGroups') || '';
490     - my $share = $q->param('share');
491     - my $manualPerm = $q->param('manualPerm') || '';
492     +# Print a table of users and groups
493     +# having read only or read/write access
494     +sub acl_list () {
495     + my $self = shift;
496     + my $q = $self->{cgi};
497     + my $sharename = $q->param('name');
498     my $out = '';
499    
500     + my $share = $a->get($sharename);
501     + return $self->error('SHARE_NOT_FOUND') unless ($share);
502     +
503     + my $WriteGroups = $share->prop('WriteGroups') || '';
504     + my $ReadGroups = $share->prop('ReadGroups') || '';
505     + my $WriteUsers = $share->prop('WriteUsers') || '';
506     + my $ReadUsers = $share->prop('ReadUsers') || '';
507     + my $manualPerm = $share->prop('ManualPermissions') || 'no';
508     +
509     if (($manualPerm eq 'yes') || ($manualPerm eq 'enabled')){
510     - $out .= $fm->localise('MANUAL_PERMS');
511     + $out .= $self->localise('MANUAL_PERMS');
512     }
513    
514     my %WriteGroups;
515     my %ReadGroups;
516     + my %WriteUsers;
517     + my %ReadUsers;
518    
519     foreach my $group ( split ( /[,;]/, $WriteGroups ) ) {
520     $WriteGroups{$group} = 1;
521 vip-ire 1.5 @@ -370,22 +372,31 @@
522 vip-ire 1.1 foreach my $group ( split ( /[,;]/, $ReadGroups ) ) {
523     $ReadGroups{$group} = 1;
524     }
525     - my @groups = sort { $a->key() cmp $b->key() } $accountdb->groups();
526     + foreach my $user ( split ( /[,;]/, $WriteUsers ) ) {
527     + $WriteUsers{$user} = 1;
528     + }
529     + foreach my $user ( split ( /[,;]/, $ReadUsers ) ) {
530     + $ReadUsers{$user} = 1;
531     + }
532     + my @groups = sort { $a->key() cmp $b->key() } $a->groups();
533     + my @users = sort { $a->key() cmp $b->key() } $a->users();
534    
535     $out .= "<tr><td class=\"sme-noborders-label\">" .
536     - $fm->localise('PERMISSIONS') .
537     + $self->localise('PERMISSIONS') .
538     "</td><td>\n".
539     $q->start_table({-class => "sme-border"})."\n".
540     $q->Tr(
541     - esmith::cgi::genSmallCell($q, $fm->localise('GROUPS'),"header"),
542     - esmith::cgi::genSmallCell($q, $fm->localise('WRITE_PERM'),"header"),
543     - esmith::cgi::genSmallCell($q, $fm->localise('READ_PERM'),"header")
544     + esmith::cgi::genSmallCell($q, $self->localise('GROUPS'),"header"),
545     + esmith::cgi::genSmallCell($q, $self->localise('DESCRIPTION'),"header"),
546     + esmith::cgi::genSmallCell($q, $self->localise('WRITE_PERM'),"header"),
547     + esmith::cgi::genSmallCell($q, $self->localise('READ_PERM'),"header")
548     );
549    
550     foreach my $group (@groups) {
551     my $write = "";
552     my $read = "";
553     my $name = $group->key();
554     + my $desc = $group->prop('Description');
555     if ( $WriteGroups{$name} ) {
556     $write = "checked";
557     }
558 vip-ire 1.5 @@ -395,23 +406,56 @@
559 vip-ire 1.1
560     $out .= $q->Tr(
561     esmith::cgi::genSmallCell($q, $name, "normal"),
562     + esmith::cgi::genSmallCell($q, $desc, "normal"),
563    
564     esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
565     - . " name=\"write\""
566     + . " name=\"writegroup\""
567     . " $write value=\"$name\">", "normal"),
568     esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
569     - . " name=\"read\""
570     + . " name=\"readgroup\""
571     . " $read value=\"$name\">", "normal")
572     );
573     }
574    
575     + $out .= $q->Tr(
576     + esmith::cgi::genSmallCell($q, $self->localise('USERS'),"header"),
577     + esmith::cgi::genSmallCell($q, $self->localise('DESCRIPTION'),"header"),
578     + esmith::cgi::genSmallCell($q, $self->localise('WRITE_PERM'),"header"),
579     + esmith::cgi::genSmallCell($q, $self->localise('READ_PERM'),"header")
580     + );
581     +
582     + foreach my $user (@users) {
583     + my $write = "";
584     + my $read = "";
585     + my $name = $user->key();
586     + my $desc = $user->prop('FirstName') . ' ' . $user->prop('LastName');
587     + if ( $WriteUsers{$name} ) {
588     + $write = "checked";
589     + }
590     + if ( $ReadUsers{$name} ) {
591     + $read = "checked";
592     + }
593     +
594     + $out .= $q->Tr(
595     + esmith::cgi::genSmallCell($q, $name, "normal"),
596     + esmith::cgi::genSmallCell($q, $desc, "normal"),
597     +
598     + esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
599     + . " name=\"writeuser\""
600     + . " $write value=\"$name\">", "normal"),
601     + esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
602     + . " name=\"readuser\""
603     + . " $read value=\"$name\">", "normal")
604     + );
605     + }
606     +
607     $out .= "</table></td></tr>\n";
608     return $out;
609     }
610    
611     # Print a section bar
612     sub print_section_bar{
613     - my ($fm) = @_;
614     + my $self = shift;
615     print " <tr>\n <td colspan='2'>\n";
616     print "<hr class=\"sectionbar\"/>\n";
617     return undef;
618 vip-ire 1.5 @@ -423,8 +467,8 @@
619 vip-ire 1.1
620     sub smbAccess_list {
621     return {
622     - 'none' => 'NONE',
623     - 'browseable' => 'ENABLED_BROWSEABLE',
624     + 'none' => 'NONE',
625     + 'browseable' => 'ENABLED_BROWSEABLE',
626     'non-browseable' => 'ENABLED_NON_BROWSEABLE',
627     };
628     }
629 vip-ire 1.5 @@ -453,12 +497,13 @@
630 vip-ire 1.1
631     sub max_share_name_length {
632     my ($self, $data) = @_;
633     - $configdb->reload();
634     - my $max = $configdb->get('maxShareNameLength')->value || '12';
635     + $c->reload();
636     + my $max = $c->get('maxShareNameLength')->value || '12';
637    
638     if (length($data) <= $max) {
639     return "OK";
640     - } else {
641     + }
642     + else {
643     return $self->localise("MAX_SHARE_NAME_LENGTH_ERROR",
644     {acctName => $data,
645     maxShareNameLength => $max,
646 vip-ire 1.5 @@ -466,46 +511,20 @@
647 vip-ire 1.1 }
648     }
649    
650     -
651     -# Check the proposed name for clashes with existing pseudonyms or other
652     -# accounts of any type.
653     -
654     -sub conflict_check
655     -{
656     - my ($self, $name) = @_;
657     - my $rec = $accountdb->get($name);
658     -
659     - my $type;
660     - if (defined $rec){
661     - my $type = $rec->prop('type');
662     - if ($type eq "pseudonym"){
663     - my $acct = $rec->prop("Account");
664     - my $acct_type = $accountdb->get($acct)->prop('type');
665     -
666     - return $self->localise('ACCT_CLASHES_WITH_PSEUDONYM',
667     - {acctName => $name, acctType => $acct_type, acct => $acct});
668     - }
669     - }
670     - elsif (defined getpwnam($name) || defined getgrnam($name)){
671     - $type = 'system';
672     - }
673     - else{
674     - # No account record and no account
675     - return 'OK';
676     - }
677     - return $self->localise('ACCOUNT_EXISTS',
678     - {acctName => $name, acctType => $type});
679     -}
680     -
681     # Call the create or modify routine
682    
683     sub handle_shares {
684     - my ($self) = @_;
685     -
686     + my $self = shift;
687     + my $q = $self->{cgi};
688     + my $action = $q->param("action") || '';
689    
690     - if ($self->cgi->param("action") eq "create") {
691     + if ($action eq "create") {
692     $self->create_share();
693     - } else {
694     + }
695     + elsif ($action eq 'permissions'){
696     + $self->modify_perm();
697     + }
698     + else {
699     $self->modify_share();
700     }
701     }
702 vip-ire 1.5 @@ -513,12 +532,13 @@
703 vip-ire 1.1 # Print save or add button
704    
705     sub print_save_or_add_button {
706     - my ($self) = @_;
707     + my $self = shift;
708    
709     my $action = $self->cgi->param("action") || '';
710     if ($action eq "modify") {
711     $self->print_button("SAVE");
712     - } else {
713     + }
714     + else {
715     $self->print_button("ADD");
716     }
717    
718 vip-ire 1.5 @@ -527,79 +547,54 @@
719 vip-ire 1.1 # Create a new shared folder
720    
721     sub create_share {
722     - my ($self) = @_;
723     - my $name = $self->cgi->param('name');
724     - my $encryption = $self->cgi->param('encryption') || 'disabled';
725     - my $password = $self->cgi->param('password');
726     - my $password2 = $self->cgi->param('password2');
727     + my $self = shift;
728     + my $q = $self->{cgi};
729     + my $name = $q->param('name');
730     + my $encryption = $q->param('encryption') || 'disabled';
731     + my $password = $q->param('password');
732     + my $password2 = $q->param('password2');
733    
734     my $msg = $self->validate_name($name);
735     - unless ($msg eq "OK")
736     - {
737     +
738     + unless ($msg eq "OK") {
739     return $self->error($msg);
740     }
741    
742     $msg = $self->max_share_name_length($name);
743     - unless ($msg eq "OK")
744     - {
745     +
746     + unless ($msg eq "OK") {
747     return $self->error($msg);
748     }
749    
750     $msg = $self->conflict_check($name);
751     - unless ($msg eq "OK")
752     - {
753     + unless ($msg eq "OK") {
754     return $self->error($msg);
755     }
756    
757     $msg = ($encryption eq 'enabled') ? $self->confirm_password($password,$password2) : 'OK';
758     - unless ($msg eq "OK")
759     - {
760     + unless ($msg eq "OK") {
761     return $self->error($msg);
762     }
763    
764     - my @WriteGroups = $self->cgi->param('write');
765     - my $WriteGroups = join(",",@WriteGroups);
766     - my @ReadGroups = $self->cgi->param('read');
767     - my @CleanReadGroups = ();
768     -
769     - # EncFS doesn't expose underlying ACLs
770     - # So, just remove any read only groups
771     - # Read Only is not supported with encryption
772     - if ($encryption ne 'enabled'){
773     - # Remove from ReadGroups the groups in WriteGroups
774     - # So ACL are consistent
775     - foreach my $read (@ReadGroups){
776     - my $isInWrite = 0;
777     - foreach (@WriteGroups){
778     - $isInWrite = 1 if ($_ eq $read);
779     - }
780     - push (@CleanReadGroups, $read) unless ($isInWrite);
781     - }
782     - }
783     - my $ReadGroups = join(",",@CleanReadGroups);
784     -
785     - if (my $acct = $accountdb->new_record($name, {
786     - Name => $self->cgi->param('description'),
787     + if (my $acct = $a->new_record($name, {
788     + Name => $q->param('description'),
789     Encryption => $encryption,
790     - InactivityTimeOut => ($self->cgi->param('inactivity') || ''),
791     - WriteGroups => $WriteGroups,
792     - ReadGroups => $ReadGroups,
793     - RecycleBin => $self->cgi->param('recyclebin'),
794     - RecycleBinRetention => $self->cgi->param('retention'),
795     - smbAccess => $self->cgi->param('smbaccess'),
796     - httpAccess => $self->cgi->param('httpaccess'),
797     - WebDav => $self->cgi->param('webdav'),
798     - Ajaxplorer => ($self->cgi->param('ajaxplorer') || 'disabled'),
799     - RequireSSL => $self->cgi->param('requireSSL'),
800     - Indexes => $self->cgi->param('indexes'),
801     - DynamicContent => $self->cgi->param('dynamic'),
802     + InactivityTimeOut => ($q->param('inactivity') || ''),
803     + RecycleBin => $q->param('recyclebin'),
804     + RecycleBinRetention => $q->param('retention'),
805     + smbAccess => $q->param('smbaccess'),
806     + httpAccess => $q->param('httpaccess'),
807     + WebDav => $q->param('webdav'),
808     + Ajaxplorer => ($q->param('ajaxplorer') || 'disabled'),
809     + RequireSSL => $q->param('requireSSL'),
810     + Indexes => $q->param('indexes'),
811     + DynamicContent => $q->param('dynamic'),
812     type => 'share',
813     - }) )
814     - {
815     + }) ) {
816     # Untaint $name before use in system()
817     $name =~ /(.+)/; $name = $1;
818    
819     - if ($encryption eq 'enabled'){
820     + if ($encryption eq 'enabled') {
821     my $source = '/home/e-smith/files/shares/' . $name . '/.store';
822     my $dest = '/home/e-smith/files/shares/' . $name . '/files';
823     File::Path::mkpath ($source);
824 vip-ire 1.5 @@ -614,10 +609,12 @@
825 vip-ire 1.1
826     if (system ("/sbin/e-smith/signal-event", "share-create", $name) == 0) {
827     $self->success("SUCCESSFULLY_CREATED_SHARE");
828     - } else {
829     + }
830     + else {
831     $self->error("ERROR_WHILE_CREATING_SHARE");
832     }
833     - } else {
834     + }
835     + else {
836     $self->error('CANT_CREATE_SHARE');
837     }
838     }
839 vip-ire 1.5 @@ -625,118 +622,155 @@
840 vip-ire 1.1 # Modify a share.
841     # This sub shares a lot of code with create share
842     # It should be merged
843     -
844     sub modify_share {
845     - my ($self) = @_;
846     - my $name = $self->cgi->param('name');
847     - if (my $acct = $accountdb->get($name)) {
848     - if ($acct->prop('type') eq 'share') {
849     - my $encryption = $self->cgi->param('encryption');
850     - my @WriteGroups = $self->cgi->param('write');
851     - my $WriteGroups = join(",",@WriteGroups);
852     - my @ReadGroups = $self->cgi->param('read');
853     - my @CleanReadGroups = ();
854     -
855     - # EncFS doesn't expose underlying ACLs
856     - # So, just remove any read only groups
857     - # Read Only is not supported with encryption
858     - if ($encryption ne 'enabled'){
859     - foreach my $read (@ReadGroups){
860     - my $isInWrite = 0;
861     - foreach (@WriteGroups){
862     - $isInWrite = 1 if ($_ eq $read);
863     - }
864     - push (@CleanReadGroups, $read) unless ($isInWrite);
865     - }
866     - }
867     - my $ReadGroups = join(",",@CleanReadGroups);
868     + my $self = shift;
869     + my $q = $self->{cgi};
870     + my $name = $q->param('name');
871     + my $acct = $a->get($name);
872    
873     - $acct->merge_props(
874     - Name => $self->cgi->param('description'),
875     - InactivityTimeOut => ($self->cgi->param('inactivity') || ''),
876     - WriteGroups => $WriteGroups,
877     - ReadGroups => $ReadGroups,
878     - RecycleBin => $self->cgi->param('recyclebin'),
879     - RecycleBinRetention => $self->cgi->param('retention'),
880     - smbAccess => $self->cgi->param('smbaccess'),
881     - httpAccess => $self->cgi->param('httpaccess'),
882     - WebDav => $self->cgi->param('webdav'),
883     - Ajaxplorer => ($self->cgi->param('ajaxplorer') || 'disabled'),
884     - RequireSSL => $self->cgi->param('requireSSL'),
885     - Indexes => $self->cgi->param('indexes'),
886     - DynamicContent => $self->cgi->param('dynamic'),
887     - );
888     + return $self->error('CANT_FIND_SHARE') unless($acct && $acct->prop('type') eq 'share');
889    
890     - # Untaint $name before use in system()
891     - $name =~ /(.+)/; $name = $1;
892     - if (system ("/sbin/e-smith/signal-event", "share-modify",
893     - $name) == 0)
894     - {
895     - $self->success("SUCCESSFULLY_MODIFIED_SHARE");
896     - } else {
897     - $self->error("ERROR_WHILE_MODIFYING_SHARE");
898     - }
899     - } else {
900     - $self->error('CANT_FIND_SHARE');
901     - }
902     - } else {
903     - $self->error('CANT_FIND_SHARE');
904     + $acct->merge_props(
905     + Name => $q->param('description'),
906     + InactivityTimeOut => ($q->param('inactivity') || ''),
907     + RecycleBin => $q->param('recyclebin'),
908     + RecycleBinRetention => $q->param('retention'),
909     + smbAccess => $q->param('smbaccess'),
910     + httpAccess => $q->param('httpaccess'),
911     + WebDav => $q->param('webdav'),
912     + Ajaxplorer => ($q->param('ajaxplorer') || 'disabled'),
913     + RequireSSL => $q->param('requireSSL'),
914     + Indexes => $q->param('indexes'),
915     + DynamicContent => $q->param('dynamic'),
916     + );
917     +
918     + # Untaint $name before use in system()
919     + $name =~ /(.+)/; $name = $1;
920     + if (system ("/sbin/e-smith/signal-event", "share-modify", $name) == 0) {
921     + $self->success("SUCCESSFULLY_MODIFIED_SHARE");
922     }
923     + else {
924     + $self->error("ERROR_WHILE_MODIFYING_SHARE");
925     + }
926     + return undef;
927     }
928    
929     -# Remove a share
930     +sub modify_perm {
931     + my $self = shift;
932     + my $q = $self->{cgi};
933     + my $name = $q->param('name');
934     + my $acct = $a->get($name);
935    
936     -sub remove_share {
937     - my ($self) = @_;
938     - my $name = $self->cgi->param('name');
939     - unless ($self->cgi->param('cancel')){
940     - if (my $acct = $accountdb->get($name)) {
941     - if ($acct->prop('type') eq 'share') {
942     - # Untaint $name before use in system()
943     - $name =~ /(.+)/; $name = $1;
944     - my $encryption = $acct->prop('Encryption') || 'disabled';
945     - my $mountstatus = `/bin/mount | grep /home/e-smith/files/shares/$name/ | grep -c fuse`;
946     - chomp($mountstatus);
947     - if (($encryption eq 'enabled') && ($mountstatus eq '1')){
948     - $self->error("ERROR_ENCRYPTED_ENABLED");
949     - return undef;
950     - }
951     -
952     - $acct->set_prop('type', 'share-deleted');
953     -
954     - if (system ("/sbin/e-smith/signal-event", "share-delete", $name) == 0) {
955     - $self->success("SUCCESSFULLY_DELETED_SHARE");
956     - $acct->delete();
957     - }
958     - else {
959     - $self->error("ERROR_WHILE_DELETING_SHARE");
960     - }
961     - }
962     - else {
963     - $self->error('CANT_FIND_SHARE');
964     - }
965     + return $self->error('CANT_FIND_SHARE') unless($acct && $acct->prop('type') eq 'share');
966     +
967     + my $encryption = $acct->prop('Encryption') || 'disabled';
968     +
969     + my $WriteGroups = join(",", $q->param('writegroup'));
970     + my $WriteUsers = join(",", $q->param('writeuser'));
971    
972     + my @CleanReadGroups = ();
973     + my @CleanReadUsers = ();
974     +
975     + # EncFS doesn't expose underlying ACLs
976     + # So, just remove any read only groups
977     + # Read Only is not supported with encryption
978     + if ($encryption ne 'enabled'){
979     + # No need to have read access if write is already granted
980     + foreach my $group ($q->param('readgroup')){
981     + push (@CleanReadGroups, $group) unless (grep { $_ eq $group } $q->param('writegroup'));
982     }
983     - else {
984     - $self->error('CANT_FIND_SHARE');
985     + foreach my $user ($q->param('readuser')){
986     + push (@CleanReadUsers, $user) unless (grep { $_ eq $user } $q->param('writeuser'));
987     }
988     }
989     - else{
990     - $self->error('CANCELED','First');
991     + my $ReadGroups = join(",",@CleanReadGroups);
992     + my $ReadUsers = join(",",@CleanReadUsers);
993     +
994     + $acct->merge_props(
995     + WriteGroups => $WriteGroups,
996     + ReadGroups => $ReadGroups,
997     + WriteUsers => $WriteUsers,
998     + ReadUsers => $ReadUsers,
999     + );
1000     +
1001     + # Untaint $name before use in system()
1002     + $name =~ /(.+)/; $name = $1;
1003     + if (system ("/sbin/e-smith/signal-event", "share-modify", $name) == 0) {
1004     + $self->success("SUCCESSFULLY_MODIFIED_SHARE");
1005     + }
1006     + else {
1007     + $self->error("ERROR_WHILE_MODIFYING_SHARE");
1008     }
1009     return undef;
1010     }
1011    
1012     +# Remove a share
1013     +sub remove_share {
1014     + my $self = shift;
1015     + my $q = $self->{cgi};
1016     + my $name = $q->param('name');
1017     + my $acct = $a->get($name);
1018     + return $self->error('CANCELED','First') if ($q->param('cancel'));
1019     + return $self->error('CANT_FIND_SHARE') unless ($acct && $acct->prop('type') eq 'share');
1020     +
1021     + # Untaint $name before use in system()
1022     + $name =~ /(.+)/; $name = $1;
1023     + my $encryption = $acct->prop('Encryption') || 'disabled';
1024     + my $mountstatus = `/bin/mount | grep /home/e-smith/files/shares/$name/ | grep -c fuse`;
1025     + chomp($mountstatus);
1026     +
1027     + if (($encryption eq 'enabled') && ($mountstatus eq '1')){
1028     + $self->error("ERROR_ENCRYPTED_ENABLED");
1029     + return undef;
1030     + }
1031     +
1032     + $acct->set_prop('type', 'share-deleted');
1033     +
1034     + if (system ("/sbin/e-smith/signal-event", "share-delete", $name) == 0) {
1035     + $self->success("SUCCESSFULLY_DELETED_SHARE");
1036     + $acct->delete();
1037     + }
1038     + else {
1039     + $self->error("ERROR_WHILE_DELETING_SHARE");
1040     + }
1041     + return undef;
1042     +}
1043     +
1044     +# Check the proposed name for clashes with existing pseudonyms or other
1045     +# accounts of any type.
1046     +
1047     +sub conflict_check {
1048     + my ($self, $name) = @_;
1049     + my $rec = $a->get($name);
1050     +
1051     + my $type;
1052     + if (defined $rec){
1053     + my $type = $rec->prop('type');
1054     + if ($type eq "pseudonym"){
1055     + my $acct = $rec->prop("Account");
1056     + my $acct_type = $a->get($acct)->prop('type');
1057     +
1058     + return $self->localise('ACCT_CLASHES_WITH_PSEUDONYM',
1059     + {acctName => $name, acctType => $acct_type, acct => $acct});
1060     + }
1061     + }
1062     + elsif (defined getpwnam($name) || defined getgrnam($name)){
1063     + $type = 'system';
1064     + }
1065     + else{
1066     + # No account record and no account
1067     + return 'OK';
1068     + }
1069     + return $self->localise('ACCOUNT_EXISTS',
1070     + {acctName => $name, acctType => $type});
1071     +}
1072    
1073     # Checks that the name supplied does not contain any unacceptable chars.
1074     # Returns OK on success or a localised error message otherwise.
1075     -
1076     -sub validate_name
1077     -{
1078     +sub validate_name {
1079     my ($self, $acctName) = @_;
1080    
1081     - unless ($acctName =~ /^([a-z][\_\.\-a-z0-9]*)$/)
1082     - {
1083     + unless ($acctName =~ /^([a-z][\_\.\-a-z0-9]*)$/){
1084     return $self->localise('ACCT_NAME_HAS_INVALID_CHARS',
1085     {acctName => $acctName});
1086     }
1087 vip-ire 1.5 @@ -744,13 +778,10 @@
1088 vip-ire 1.1 }
1089    
1090     # Check if inactivity is a number
1091     -
1092     -sub validate_inactivity
1093     -{
1094     +sub validate_inactivity {
1095     my ($self, $inac) = @_;
1096    
1097     - unless ($inac =~ /^\d+$/)
1098     - {
1099     + unless ($inac =~ /^\d+$/){
1100     return $self->localise('INVALID_INACTIVITY',
1101     {inactivity => $inac});
1102     }
1103 vip-ire 1.5 @@ -759,9 +790,7 @@
1104 vip-ire 1.1
1105     # Check if both passwords match
1106     # and are more than 8 chars
1107     -
1108     -sub confirm_password
1109     -{
1110     +sub confirm_password {
1111    
1112     my ($self, $pass1, $pass2) = @_;
1113    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed