/[smecontribs]/rpms/smeserver-shared-folders/contribs7/smeserver-shared-folders-0.1-users_acl.patch
ViewVC logotype

Contents of /rpms/smeserver-shared-folders/contribs7/smeserver-shared-folders-0.1-users_acl.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.4 - (show annotations) (download)
Tue Feb 14 20:38:49 2012 UTC (12 years, 9 months ago) by vip-ire
Branch: MAIN
Changes since 1.3: +38 -40 lines
* Mon Feb 13 2012 Daniel Berteaud <daniel@firewall-services.com> 0.1-62.sme
- Code cleanup
- Move ACL configuration in a separated page
- User level ACL support

1 diff -Nur smeserver-shared-folders-0.1/createlinks smeserver-shared-folders-0.1_mod/createlinks
2 --- smeserver-shared-folders-0.1/createlinks 2012-02-14 21:36:57.000000000 +0100
3 +++ smeserver-shared-folders-0.1_mod/createlinks 2012-02-14 21:35:33.000000000 +0100
4 @@ -11,12 +11,12 @@
5 panel_link("userpanel-encfs", $panel);
6
7 #--------------------------------------------------
8 -# actions for group-delete event
9 +# actions for group-delete and user-delete events
10 #--------------------------------------------------
11
12 -$event = "group-delete";
13 -
14 -event_link("group-share-modify", $event, "10");
15 +foreach my $event (qw/group-delete user-delete/) {
16 + event_link("group-share-modify", $event, "10");
17 +}
18
19 #--------------------------------------------------
20 # actions for share-delete event
21 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/group-share-modify smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/group-share-modify
22 --- smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/group-share-modify 2012-02-14 21:36:57.000000000 +0100
23 +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/group-share-modify 2012-02-14 21:35:33.000000000 +0100
24 @@ -7,40 +7,47 @@
25 my $accounts = esmith::AccountsDB->open() or
26 die "Unable to open accounts db: $!";
27
28 -my ($self, $groupName) = @ARGV;
29 +my ($event, $name) = @ARGV;
30 +
31 +my $type = 'Groups';
32 +
33 +if ($event eq 'user-delete'){
34 + $type = 'Users';
35 +}
36
37 # Find all "shared folder" entries in the e-smith accounts database and
38 -# if the group matches one listed in ACL, remove it.
39 +# if the group or a user matches one listed in ACL, remove it.
40
41 my @modified_shares;
42 foreach my $share ( $accounts->get_all_by_prop(type => 'share' ) ) {
43 my $modified = 0;
44 - my @OldReadGroups = split (/[,;]/,$share->prop('ReadGroups'));
45 - my @NewReadGroups = ();
46 - foreach (@OldReadGroups){
47 - if ( $_ eq $groupName ) {
48 + my @OldRead = split (/[,;]/,$share->prop('Read'.$type));
49 + my @NewRead = ();
50 + foreach (@OldRead){
51 + if ( $_ eq $name ) {
52 $modified = 1;
53 }
54 else{
55 - push @NewReadGroups, $_;
56 + push @NewRead, $_;
57 }
58 }
59 - $share->set_prop( 'ReadGroups', join( "," , @NewReadGroups ) );
60 + $share->set_prop('Read'.$type, join("," , @NewRead));
61
62 - my @OldWriteGroups = split (/[,;]/,$share->prop('WriteGroups'));
63 - my @NewWriteGroups = ();
64 - foreach (@OldWriteGroups){
65 - if ( $_ eq $groupName ) {
66 + my @OldWrite = split (/[,;]/,$share->prop('Write'.$type));
67 + my @NewWrite = ();
68 + foreach (@OldWrite){
69 + if ( $_ eq $name ) {
70 $modified = 1;
71 }
72 else{
73 - push @NewWriteGroups, $_;
74 + push @NewWrite, $_;
75 }
76 }
77 - $share->set_prop( 'WriteGroups', join( "," , @NewWriteGroups ) );
78 + $share->set_prop('Write'.$type, join("," , @NewWrite));
79
80 - # If a group has been removed, either from Read or Write, re-apply the ACLs
81 + # If a group or a user has been removed, either from Read or Write, re-apply the ACLs
82 if ($modified){
83 + push @modified_shares, $share->key;
84 event_signal("share-modify-files", $share->key) or
85 die ("Error occurred while updating shared folder.\n");
86 }
87 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/share-modify smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/share-modify
88 --- smeserver-shared-folders-0.1/root/etc/e-smith/events/actions/share-modify 2012-02-14 21:36:58.000000000 +0100
89 +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/events/actions/share-modify 2012-02-14 21:35:33.000000000 +0100
90 @@ -90,8 +90,10 @@
91 #--------------------------------------------------
92
93 my %properties = $share->props;
94 -my @write = split(/[;,]/,($properties {'WriteGroups'} || 'admin'));
95 -my @read = split(/[;,]/,($properties {'ReadGroups'} || 'admin'));
96 +my @writegroups = split(/[;,]/,($properties {'WriteGroups'} || 'admin'));
97 +my @readgroups = split(/[;,]/,($properties {'ReadGroups'} || 'admin'));
98 +my @writeusers = split(/[;,]/,($properties {'WriteUsers'} || ''));
99 +my @readusers = split(/[;,]/,($properties {'ReadUsers'} || ''));
100
101 # Don't reset permissions if ManualPermissions is set to 'yes'
102
103 @@ -111,12 +113,18 @@
104 '.');
105
106 my $acl = 'u::rwX,g::rwX,o:---,';
107 - foreach my $group (@write){
108 + foreach my $group (@writegroups){
109 $acl .= 'g:'.$group.':rwX,';
110 }
111 - foreach my $group (@read){
112 + foreach my $group (@readgroups){
113 $acl .= 'g:'.$group.':rX,';
114 }
115 + foreach my $user (@writeusers){
116 + $acl .= 'u:'.$user.':rwX,';
117 + }
118 + foreach my $user (@readusers){
119 + $acl .= 'u:'.$user.':rX,';
120 + }
121
122 # Set the effective ACLs
123 system($setfacl,
124 @@ -144,9 +152,12 @@
125 '--remove-default',
126 '.');
127
128 - foreach my $group (@write,@read){
129 + foreach my $group (@writegroups,@readgroups){
130 $acl .= 'g:'.$group.':rX,';
131 }
132 + foreach my $user (@writeusers,@readusers){
133 + $acl .= 'g:'.$user.':rX,';
134 + }
135
136 system($setfacl,
137 '-m',
138 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares smeserver-shared-folders-0.1_mod/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares
139 --- smeserver-shared-folders-0.1/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares 2012-02-14 21:36:57.000000000 +0100
140 +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/shares 2012-02-14 21:35:33.000000000 +0100
141 @@ -155,7 +155,7 @@
142 <entry>
143 <base>DESC_PERMISSIONS</base>
144 <trans>
145 - You can use this matrix to define groups access permissions.
146 + You can use this matrix to define groups and users access permissions.
147 </trans>
148 </entry>
149
150 @@ -510,4 +510,16 @@
151 </trans>
152 </entry>
153
154 + <entry>
155 + <base>TITLE_PERMISSIONS</base>
156 + <trans>
157 + Access right management
158 + </trans>
159 + </entry>
160 +
161 + <entry>
162 + <base>USERS</base>
163 + <trans>Utilisateurs</trans>
164 + </entry>
165 +
166 </lexicon>
167 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares smeserver-shared-folders-0.1_mod/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares
168 --- smeserver-shared-folders-0.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares 2012-02-14 21:36:58.000000000 +0100
169 +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares 2012-02-14 21:35:33.000000000 +0100
170 @@ -16,7 +16,7 @@
171 my $satisfy;
172 my $webdav = (($properties{'WebDav'} || 'disabled') =~ m/^(enabled|on|yes)$/i) ? 1 : 0;
173
174 - # Find which users has at least read access
175 + # Find which users have read or write access
176 my @writers = ('admin');
177 my @readers = ();
178 if ($properties{'WriteGroups'}) {
179 @@ -26,10 +26,14 @@
180 my $members = $adb->get_prop($group, 'Members') || "";
181 if (length($members) > 0) {
182 push @writers, split (/[;,]/, $members);
183 - }
184 + }
185 }
186
187 }
188 + if ($properties{'WriteUsers'}) {
189 + my @users = split (/[;,]/, $properties{'WriteUsers'});
190 + push @writers, @users;
191 + }
192 if ($properties{'ReadGroups'}) {
193 my @groups = split (/[;,]/, $properties{'ReadGroups'});
194
195 @@ -37,10 +41,14 @@
196 my $members = $adb->get_prop($group, 'Members') || "";
197 if (length($members) > 0) {
198 push @readers, split (/[;,]/, $members);
199 - }
200 + }
201 }
202
203 }
204 + if ($properties{'ReadUsers'}) {
205 + my @users = split (/[;,]/, $properties{'ReadUsers'});
206 + push @readers, @users;
207 + }
208
209 my %seen = ();
210 @readers = sort (grep { ! $seen{ $_ }++ } (@readers,@writers));
211 diff -Nur smeserver-shared-folders-0.1/root/etc/e-smith/web/functions/shares smeserver-shared-folders-0.1_mod/root/etc/e-smith/web/functions/shares
212 --- smeserver-shared-folders-0.1/root/etc/e-smith/web/functions/shares 2012-02-14 21:36:57.000000000 +0100
213 +++ smeserver-shared-folders-0.1_mod/root/etc/e-smith/web/functions/shares 2012-02-14 21:35:33.000000000 +0100
214 @@ -51,16 +51,6 @@
215
216 <field
217 type="literal"
218 - id="perms_desc"
219 - value="">
220 - <description>DESC_PERMISSIONS</description>
221 - </field>
222 - <subroutine src="genGroupAccess()"/>
223 -
224 - <subroutine src="print_section_bar()" />
225 -
226 - <field
227 - type="literal"
228 id="smbdesc"
229 value="">
230 <description>DESC_SMB_SETTINGS</description>
231 @@ -128,5 +118,13 @@
232 <description>REMOVE_DESC</description>
233 <subroutine src="print_share_to_remove()" />
234 </page>
235 + <page name="Permissions" pre-event="turn_off_buttons()" post-event="handle_shares()">
236 + <title>TITLE_PERMISSIONS</title>
237 + <field type="literal" id="descriptiongroup">
238 + <description>DESC_PERMISSIONS</description>
239 + </field>
240 + <subroutine src="acl_list()" />
241 + <subroutine src="print_button('SAVE')" />
242 + </page>
243 </form>
244
245 diff -Nur smeserver-shared-folders-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm smeserver-shared-folders-0.1_mod/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm
246 --- smeserver-shared-folders-0.1/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm 2012-02-14 21:36:58.000000000 +0100
247 +++ smeserver-shared-folders-0.1_mod/root/usr/lib/perl5/site_perl/esmith/FormMagick/Panel/shares.pm 2012-02-14 21:37:39.000000000 +0100
248 @@ -26,7 +26,7 @@
249 print_share_name_field
250 print_encryption_fields
251 print_ajaxplorer_fields
252 - genGroupAccess
253 + acl_list
254 smbAccess_list
255 httpAccess_list
256 max_share_name_length
257 @@ -40,8 +40,8 @@
258
259 our $VERSION = sprintf '%d.%03d', q$Revision: 1.8 $ =~ /: (\d+).(\d+)/;
260
261 -our $accountdb = esmith::AccountsDB->open();
262 -our $configdb = esmith::ConfigDB->open();
263 +our $a = esmith::AccountsDB->open();
264 +our $c = esmith::ConfigDB->open();
265
266 *wherenext = \&CGI::FormMagick::wherenext;
267
268 @@ -62,12 +62,12 @@
269 my $name = $self->localise('NAME');
270 my $description = $self->localise('DESCRIPTION');
271 my $modify = $self->localise('MODIFY');
272 + my $perm = $self->localise('PERMISSIONS');
273 my $remove = $self->localise('REMOVE');
274 my $action_h = $self->localise('ACTION');
275 - my @shares = $accountdb->get_all_by_prop(type => 'share');
276 + my @shares = $a->get_all_by_prop(type => 'share');
277
278 - unless ( scalar @shares )
279 - {
280 + unless ( scalar @shares ) {
281 print $q->Tr($q->td($self->localise('NO_SHARES')));
282 return "";
283 }
284 @@ -81,22 +81,25 @@
285
286 my $scriptname = basename($0);
287
288 - foreach my $i (@shares)
289 - {
290 - my $sharename = $i->key();
291 - my $sharedesc = $i->prop('Name');
292 + foreach my $share (@shares) {
293 + my $sharename = $share->key();
294 + my $sharedesc = $share->prop('Name');
295
296 my $href = "shares?page=;page_stack=;wherenext=";
297
298 my $actionModify = $q->a({href => "${href}CreateModify&action=modify&name=$sharename"},$modify)
299 . '&nbsp;';
300
301 + my $actionPerm = $q->a({href => "${href}Permissions&action=permissions&name=$sharename"},$perm)
302 + . '&nbsp;';
303 +
304 my $actionRemove .= $q->a({href => "${href}Remove&name=$sharename&description=$sharedesc"}, $remove)
305 . '&nbsp';
306
307 print $q->Tr (
308 esmith::cgi::genSmallCell($q, $sharename,"normal"),
309 esmith::cgi::genSmallCell($q, $sharedesc,"normal"),
310 + esmith::cgi::genSmallCell($q, $actionPerm,"normal"),
311 esmith::cgi::genSmallCell($q, $actionModify,"normal"),
312 esmith::cgi::genSmallCell($q, $actionRemove,"normal")
313 );
314 @@ -109,58 +112,55 @@
315
316
317 sub print_custom_button{
318 - my ($fm,$desc,$url) = @_;
319 - my $q = $fm->{cgi};
320 - $url="shares?page=0&page_stack=&Next=Next&wherenext=".$url;
321 + my ($self,$desc,$url) = @_;
322 + my $q = $self->{cgi};
323 + $url = "shares?page=0&page_stack=&Next=Next&wherenext=" . $url;
324
325 print " <tr>\n <td colspan='2'>\n";
326 print $q->p($q->a({href => $url, -class => "button-like"},
327 - $fm->localise($desc)));
328 + $self->localise($desc)));
329 print qq(</tr>\n);
330 return undef;
331 }
332
333 sub print_share_to_remove{
334 - my ($fm) = @_;
335 - my $q = $fm->{cgi};
336 + my $self = shift;
337 + my $q = $self->{cgi};
338 my $sharename = $q->param('name');
339 my $desc = $q->param('description');
340
341 print $q->Tr(
342 $q->td(
343 { -class => 'sme-noborders-label' },
344 - $fm->localise('NAME')
345 + $self->localise('NAME')
346 ),
347 $q->td( { -class => 'sme-noborders-content' }, $sharename )
348 - ),
349 - "\n";
350 + ), "\n";
351 print $q->Tr(
352 $q->td(
353 { -class => 'sme-noborders-label' },
354 - $fm->localise('DESCRIPTION')
355 + $self->localise('DESCRIPTION')
356 ),
357 $q->td( { -class => 'sme-noborders-content' }, $desc )
358 - ),
359 - "\n";
360 + ), "\n";
361
362 - print $q->table(
363 + print $q->table(
364 { -width => '100%' },
365 $q->Tr(
366 $q->th(
367 { -class => 'sme-layout' },
368 $q->submit(
369 -name => 'cancel',
370 - -value => $fm->localise('CANCEL')
371 + -value => $self->localise('CANCEL')
372 ),
373 ' ',
374 $q->submit(
375 -name => 'remove',
376 - -value => $fm->localise('REMOVE')
377 + -value => $self->localise('REMOVE')
378 )
379 )
380 )
381 - ),
382 - "\n";
383 + ), "\n";
384
385 # Clear these values to prevent collisions when the page reloads.
386 $q->delete("cancel");
387 @@ -172,12 +172,13 @@
388
389 sub print_share_name_field {
390 my $self = shift;
391 - my $in = $self->{cgi}->param('name') || '';
392 - my $action = $self->{cgi}->param('action') || '';
393 - my $maxLength = $configdb->get('maxShareNameLength')->value || '12';
394 + my $q = $self->{cgi};
395 + my $in = $q->param('name') || '';
396 + my $action = $q->param('action') || '';
397 + my $maxLength = $c->get('maxShareNameLength')->value || '12';
398
399 # Set default value
400 - my $q = $self->{cgi};
401 +
402 $q->param(-name=>'encryption',-value=>'disabled');
403 $q->param(-name=>'inactivity',-value=>'30');
404 $q->param(-name=>'smbaccess',-value=>'browseable');
405 @@ -204,7 +205,7 @@
406 # Read the values for each field from the accounts db and store
407 # them in the cgi object so our form will have the correct
408 # info displayed.
409 - my $rec = $accountdb->get($in);
410 + my $rec = $a->get($in);
411 if ($rec)
412 {
413 $q->param(-name=>'description',-value=>
414 @@ -213,10 +214,6 @@
415 ($rec->prop('Encryption') || 'disabled'));
416 $q->param(-name=>'inactivity',-value=>
417 ($rec->prop('InactivityTimeOut') || '30'));
418 - $q->param(-name=>'ReadGroups',-value=>
419 - $rec->prop('ReadGroups'));
420 - $q->param(-name=>'WriteGroups',-value=>
421 - $rec->prop('WriteGroups'));
422 $q->param(-name=>'smbaccess',-value=>
423 ($rec->prop('smbAccess') || 'enabled'));
424 $q->param(-name=>'recyclebin',-value=>
425 @@ -233,8 +230,6 @@
426 ($rec->prop('Indexes') || 'enabled'));
427 $q->param(-name=>'dynamic',-value=>
428 ($rec->prop('DynamicContent') || 'disabled'));
429 - $q->param(-name=>'manualPerm',-value=>
430 - ($rec->prop('ManualPermissions') || 'no'));
431 }
432 }
433 else {
434 @@ -253,18 +248,19 @@
435 # If EncFS is available, print encryptions options
436 sub print_encryption_fields {
437 my $self = shift;
438 + my $q = $self->{cgi};
439
440 return undef unless(system('rpm -q fuse-encfs 2>&1 > /dev/null') == 0);
441
442 - my $encryption = $self->{cgi}->param('encryption') || 'disabled';
443 - my $action = $self->{cgi}->param('action') || '';
444 + my $encryption = $q->param('encryption') || 'disabled';
445 + my $action = $q->param('action') || '';
446
447 - my $sharename = $self->{cgi}->param('name') || '';
448 + my $sharename = $q->param('name') || '';
449
450 return undef if ($action eq 'modify' && $encryption ne 'enabled');
451
452 - my $inactivity = (($sharename ne '') && ($accountdb->get($sharename))) ?
453 - ($accountdb->get($sharename)->prop('InactivityTimeOut') || '30'):'30';
454 + my $inactivity = (($sharename ne '') && ($a->get($sharename))) ?
455 + ($a->get($sharename)->prop('InactivityTimeOut') || '30'):'30';
456
457 print_section_bar();
458
459 @@ -316,13 +312,13 @@
460
461 # If ajaxplorer is enabled:
462 sub print_ajaxplorer_fields {
463 - my ($self) = @_;
464 - my $ajaxplorer = $configdb->get('ajaxplorer') || return undef;
465 + my $self = shift;
466 + my $ajaxplorer = $c->get('ajaxplorer') || return undef;
467 if (($ajaxplorer->prop('status') || 'disabled') eq 'enabled'){
468 print_section_bar();
469 my ($enabled,$disabled) = ('','');
470 my $sharename = $self->{cgi}->param('name') || '';
471 - my $share = $accountdb->get($sharename);
472 + my $share = $a->get($sharename);
473 # If share exists and Ajxplorer is enabled
474 if ($share){
475 if (($share->prop('Ajaxplorer') || 'disabled') eq 'enabled'){
476 @@ -345,24 +341,31 @@
477 return undef;
478 }
479
480 -# Takes a comma delimited list of groups and returns a string of
481 -# html checkboxes for all system groups with the groups having write and read access.
482 -
483 -sub genGroupAccess () {
484 - my $fm = shift;
485 - my $q = $fm->{cgi};
486 - my $WriteGroups = $q->param('WriteGroups') || '';
487 - my $ReadGroups = $q->param('ReadGroups') || '';
488 - my $share = $q->param('share');
489 - my $manualPerm = $q->param('manualPerm') || '';
490 +# Print a table of users and groups
491 +# having read only or read/write access
492 +sub acl_list () {
493 + my $self = shift;
494 + my $q = $self->{cgi};
495 + my $sharename = $q->param('name');
496 my $out = '';
497
498 + my $share = $a->get($sharename);
499 + return $self->error('SHARE_NOT_FOUND') unless ($share);
500 +
501 + my $WriteGroups = $share->prop('WriteGroups') || '';
502 + my $ReadGroups = $share->prop('ReadGroups') || '';
503 + my $WriteUsers = $share->prop('WriteUsers') || '';
504 + my $ReadUsers = $share->prop('ReadUsers') || '';
505 + my $manualPerm = $share->prop('ManualPermissions') || 'no';
506 +
507 if (($manualPerm eq 'yes') || ($manualPerm eq 'enabled')){
508 - $out .= $fm->localise('MANUAL_PERMS');
509 + $out .= $self->localise('MANUAL_PERMS');
510 }
511
512 my %WriteGroups;
513 my %ReadGroups;
514 + my %WriteUsers;
515 + my %ReadUsers;
516
517 foreach my $group ( split ( /[,;]/, $WriteGroups ) ) {
518 $WriteGroups{$group} = 1;
519 @@ -370,22 +373,31 @@
520 foreach my $group ( split ( /[,;]/, $ReadGroups ) ) {
521 $ReadGroups{$group} = 1;
522 }
523 - my @groups = sort { $a->key() cmp $b->key() } $accountdb->groups();
524 + foreach my $user ( split ( /[,;]/, $WriteUsers ) ) {
525 + $WriteUsers{$user} = 1;
526 + }
527 + foreach my $user ( split ( /[,;]/, $ReadUsers ) ) {
528 + $ReadUsers{$user} = 1;
529 + }
530 + my @groups = sort { $a->key() cmp $b->key() } $a->groups();
531 + my @users = sort { $a->key() cmp $b->key() } $a->users();
532
533 $out .= "<tr><td class=\"sme-noborders-label\">" .
534 - $fm->localise('PERMISSIONS') .
535 + $self->localise('PERMISSIONS') .
536 "</td><td>\n".
537 $q->start_table({-class => "sme-border"})."\n".
538 $q->Tr(
539 - esmith::cgi::genSmallCell($q, $fm->localise('GROUPS'),"header"),
540 - esmith::cgi::genSmallCell($q, $fm->localise('WRITE_PERM'),"header"),
541 - esmith::cgi::genSmallCell($q, $fm->localise('READ_PERM'),"header")
542 + esmith::cgi::genSmallCell($q, $self->localise('GROUPS'),"header"),
543 + esmith::cgi::genSmallCell($q, $self->localise('DESCRIPTION'),"header"),
544 + esmith::cgi::genSmallCell($q, $self->localise('WRITE_PERM'),"header"),
545 + esmith::cgi::genSmallCell($q, $self->localise('READ_PERM'),"header")
546 );
547
548 foreach my $group (@groups) {
549 my $write = "";
550 my $read = "";
551 my $name = $group->key();
552 + my $desc = $group->prop('Description');
553 if ( $WriteGroups{$name} ) {
554 $write = "checked";
555 }
556 @@ -395,23 +407,56 @@
557
558 $out .= $q->Tr(
559 esmith::cgi::genSmallCell($q, $name, "normal"),
560 + esmith::cgi::genSmallCell($q, $desc, "normal"),
561
562 esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
563 - . " name=\"write\""
564 + . " name=\"writegroup\""
565 . " $write value=\"$name\">", "normal"),
566 esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
567 - . " name=\"read\""
568 + . " name=\"readgroup\""
569 . " $read value=\"$name\">", "normal")
570 );
571 }
572
573 + $out .= $q->Tr(
574 + esmith::cgi::genSmallCell($q, $self->localise('USERS'),"header"),
575 + esmith::cgi::genSmallCell($q, $self->localise('DESCRIPTION'),"header"),
576 + esmith::cgi::genSmallCell($q, $self->localise('WRITE_PERM'),"header"),
577 + esmith::cgi::genSmallCell($q, $self->localise('READ_PERM'),"header")
578 + );
579 +
580 + foreach my $user (@users) {
581 + my $write = "";
582 + my $read = "";
583 + my $name = $user->key();
584 + my $desc = $user->prop('FirstName') . ' ' . $user->prop('LastName');
585 + if ( $WriteUsers{$name} ) {
586 + $write = "checked";
587 + }
588 + if ( $ReadUsers{$name} ) {
589 + $read = "checked";
590 + }
591 +
592 + $out .= $q->Tr(
593 + esmith::cgi::genSmallCell($q, $name, "normal"),
594 + esmith::cgi::genSmallCell($q, $desc, "normal"),
595 +
596 + esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
597 + . " name=\"writeuser\""
598 + . " $write value=\"$name\">", "normal"),
599 + esmith::cgi::genSmallCell($q,"<input type=\"checkbox\""
600 + . " name=\"readuser\""
601 + . " $read value=\"$name\">", "normal")
602 + );
603 + }
604 +
605 $out .= "</table></td></tr>\n";
606 return $out;
607 }
608
609 # Print a section bar
610 sub print_section_bar{
611 - my ($fm) = @_;
612 + my $self = shift;
613 print " <tr>\n <td colspan='2'>\n";
614 print "<hr class=\"sectionbar\"/>\n";
615 return undef;
616 @@ -423,8 +468,8 @@
617
618 sub smbAccess_list {
619 return {
620 - 'none' => 'NONE',
621 - 'browseable' => 'ENABLED_BROWSEABLE',
622 + 'none' => 'NONE',
623 + 'browseable' => 'ENABLED_BROWSEABLE',
624 'non-browseable' => 'ENABLED_NON_BROWSEABLE',
625 };
626 }
627 @@ -453,12 +498,13 @@
628
629 sub max_share_name_length {
630 my ($self, $data) = @_;
631 - $configdb->reload();
632 - my $max = $configdb->get('maxShareNameLength')->value || '12';
633 + $c->reload();
634 + my $max = $c->get('maxShareNameLength')->value || '12';
635
636 if (length($data) <= $max) {
637 return "OK";
638 - } else {
639 + }
640 + else {
641 return $self->localise("MAX_SHARE_NAME_LENGTH_ERROR",
642 {acctName => $data,
643 maxShareNameLength => $max,
644 @@ -466,46 +512,20 @@
645 }
646 }
647
648 -
649 -# Check the proposed name for clashes with existing pseudonyms or other
650 -# accounts of any type.
651 -
652 -sub conflict_check
653 -{
654 - my ($self, $name) = @_;
655 - my $rec = $accountdb->get($name);
656 -
657 - my $type;
658 - if (defined $rec){
659 - my $type = $rec->prop('type');
660 - if ($type eq "pseudonym"){
661 - my $acct = $rec->prop("Account");
662 - my $acct_type = $accountdb->get($acct)->prop('type');
663 -
664 - return $self->localise('ACCT_CLASHES_WITH_PSEUDONYM',
665 - {acctName => $name, acctType => $acct_type, acct => $acct});
666 - }
667 - }
668 - elsif (defined getpwnam($name) || defined getgrnam($name)){
669 - $type = 'system';
670 - }
671 - else{
672 - # No account record and no account
673 - return 'OK';
674 - }
675 - return $self->localise('ACCOUNT_EXISTS',
676 - {acctName => $name, acctType => $type});
677 -}
678 -
679 # Call the create or modify routine
680
681 sub handle_shares {
682 - my ($self) = @_;
683 -
684 + my $self = shift;
685 + my $q = $self->{cgi};
686 + my $action = $q->param("action") || '';
687
688 - if ($self->cgi->param("action") eq "create") {
689 + if ($action eq "create") {
690 $self->create_share();
691 - } else {
692 + }
693 + elsif ($action eq 'permissions'){
694 + $self->modify_perm();
695 + }
696 + else {
697 $self->modify_share();
698 }
699 }
700 @@ -513,12 +533,13 @@
701 # Print save or add button
702
703 sub print_save_or_add_button {
704 - my ($self) = @_;
705 + my $self = shift;
706
707 my $action = $self->cgi->param("action") || '';
708 if ($action eq "modify") {
709 $self->print_button("SAVE");
710 - } else {
711 + }
712 + else {
713 $self->print_button("ADD");
714 }
715
716 @@ -527,79 +548,54 @@
717 # Create a new shared folder
718
719 sub create_share {
720 - my ($self) = @_;
721 - my $name = $self->cgi->param('name');
722 - my $encryption = $self->cgi->param('encryption') || 'disabled';
723 - my $password = $self->cgi->param('password');
724 - my $password2 = $self->cgi->param('password2');
725 + my $self = shift;
726 + my $q = $self->{cgi};
727 + my $name = $q->param('name');
728 + my $encryption = $q->param('encryption') || 'disabled';
729 + my $password = $q->param('password');
730 + my $password2 = $q->param('password2');
731
732 my $msg = $self->validate_name($name);
733 - unless ($msg eq "OK")
734 - {
735 +
736 + unless ($msg eq "OK") {
737 return $self->error($msg);
738 }
739
740 $msg = $self->max_share_name_length($name);
741 - unless ($msg eq "OK")
742 - {
743 +
744 + unless ($msg eq "OK") {
745 return $self->error($msg);
746 }
747
748 $msg = $self->conflict_check($name);
749 - unless ($msg eq "OK")
750 - {
751 + unless ($msg eq "OK") {
752 return $self->error($msg);
753 }
754
755 $msg = ($encryption eq 'enabled') ? $self->confirm_password($password,$password2) : 'OK';
756 - unless ($msg eq "OK")
757 - {
758 + unless ($msg eq "OK") {
759 return $self->error($msg);
760 }
761
762 - my @WriteGroups = $self->cgi->param('write');
763 - my $WriteGroups = join(",",@WriteGroups);
764 - my @ReadGroups = $self->cgi->param('read');
765 - my @CleanReadGroups = ();
766 -
767 - # EncFS doesn't expose underlying ACLs
768 - # So, just remove any read only groups
769 - # Read Only is not supported with encryption
770 - if ($encryption ne 'enabled'){
771 - # Remove from ReadGroups the groups in WriteGroups
772 - # So ACL are consistent
773 - foreach my $read (@ReadGroups){
774 - my $isInWrite = 0;
775 - foreach (@WriteGroups){
776 - $isInWrite = 1 if ($_ eq $read);
777 - }
778 - push (@CleanReadGroups, $read) unless ($isInWrite);
779 - }
780 - }
781 - my $ReadGroups = join(",",@CleanReadGroups);
782 -
783 - if (my $acct = $accountdb->new_record($name, {
784 - Name => $self->cgi->param('description'),
785 + if (my $acct = $a->new_record($name, {
786 + Name => $q->param('description'),
787 Encryption => $encryption,
788 - InactivityTimeOut => ($self->cgi->param('inactivity') || ''),
789 - WriteGroups => $WriteGroups,
790 - ReadGroups => $ReadGroups,
791 - RecycleBin => $self->cgi->param('recyclebin'),
792 - RecycleBinRetention => $self->cgi->param('retention'),
793 - smbAccess => $self->cgi->param('smbaccess'),
794 - httpAccess => $self->cgi->param('httpaccess'),
795 - WebDav => $self->cgi->param('webdav'),
796 - Ajaxplorer => ($self->cgi->param('ajaxplorer') || 'disabled'),
797 - RequireSSL => $self->cgi->param('requireSSL'),
798 - Indexes => $self->cgi->param('indexes'),
799 - DynamicContent => $self->cgi->param('dynamic'),
800 + InactivityTimeOut => ($q->param('inactivity') || ''),
801 + RecycleBin => $q->param('recyclebin'),
802 + RecycleBinRetention => $q->param('retention'),
803 + smbAccess => $q->param('smbaccess'),
804 + httpAccess => $q->param('httpaccess'),
805 + WebDav => $q->param('webdav'),
806 + Ajaxplorer => ($q->param('ajaxplorer') || 'disabled'),
807 + RequireSSL => $q->param('requireSSL'),
808 + Indexes => $q->param('indexes'),
809 + DynamicContent => $q->param('dynamic'),
810 type => 'share',
811 - }) )
812 - {
813 + }) ) {
814 # Untaint $name before use in system()
815 $name =~ /(.+)/; $name = $1;
816
817 - if ($encryption eq 'enabled'){
818 + if ($encryption eq 'enabled') {
819 my $source = '/home/e-smith/files/shares/' . $name . '/.store';
820 my $dest = '/home/e-smith/files/shares/' . $name . '/files';
821 File::Path::mkpath ($source);
822 @@ -614,10 +610,12 @@
823
824 if (system ("/sbin/e-smith/signal-event", "share-create", $name) == 0) {
825 $self->success("SUCCESSFULLY_CREATED_SHARE");
826 - } else {
827 + }
828 + else {
829 $self->error("ERROR_WHILE_CREATING_SHARE");
830 }
831 - } else {
832 + }
833 + else {
834 $self->error('CANT_CREATE_SHARE');
835 }
836 }
837 @@ -625,118 +623,155 @@
838 # Modify a share.
839 # This sub shares a lot of code with create share
840 # It should be merged
841 -
842 sub modify_share {
843 - my ($self) = @_;
844 - my $name = $self->cgi->param('name');
845 - if (my $acct = $accountdb->get($name)) {
846 - if ($acct->prop('type') eq 'share') {
847 - my $encryption = $self->cgi->param('encryption');
848 - my @WriteGroups = $self->cgi->param('write');
849 - my $WriteGroups = join(",",@WriteGroups);
850 - my @ReadGroups = $self->cgi->param('read');
851 - my @CleanReadGroups = ();
852 -
853 - # EncFS doesn't expose underlying ACLs
854 - # So, just remove any read only groups
855 - # Read Only is not supported with encryption
856 - if ($encryption ne 'enabled'){
857 - foreach my $read (@ReadGroups){
858 - my $isInWrite = 0;
859 - foreach (@WriteGroups){
860 - $isInWrite = 1 if ($_ eq $read);
861 - }
862 - push (@CleanReadGroups, $read) unless ($isInWrite);
863 - }
864 - }
865 - my $ReadGroups = join(",",@CleanReadGroups);
866 + my $self = shift;
867 + my $q = $self->{cgi};
868 + my $name = $q->param('name');
869 + my $acct = $a->get($name);
870
871 - $acct->merge_props(
872 - Name => $self->cgi->param('description'),
873 - InactivityTimeOut => ($self->cgi->param('inactivity') || ''),
874 - WriteGroups => $WriteGroups,
875 - ReadGroups => $ReadGroups,
876 - RecycleBin => $self->cgi->param('recyclebin'),
877 - RecycleBinRetention => $self->cgi->param('retention'),
878 - smbAccess => $self->cgi->param('smbaccess'),
879 - httpAccess => $self->cgi->param('httpaccess'),
880 - WebDav => $self->cgi->param('webdav'),
881 - Ajaxplorer => ($self->cgi->param('ajaxplorer') || 'disabled'),
882 - RequireSSL => $self->cgi->param('requireSSL'),
883 - Indexes => $self->cgi->param('indexes'),
884 - DynamicContent => $self->cgi->param('dynamic'),
885 - );
886 + return $self->error('CANT_FIND_SHARE') unless($acct && $acct->prop('type') eq 'share');
887
888 - # Untaint $name before use in system()
889 - $name =~ /(.+)/; $name = $1;
890 - if (system ("/sbin/e-smith/signal-event", "share-modify",
891 - $name) == 0)
892 - {
893 - $self->success("SUCCESSFULLY_MODIFIED_SHARE");
894 - } else {
895 - $self->error("ERROR_WHILE_MODIFYING_SHARE");
896 - }
897 - } else {
898 - $self->error('CANT_FIND_SHARE');
899 - }
900 - } else {
901 - $self->error('CANT_FIND_SHARE');
902 + $acct->merge_props(
903 + Name => $q->param('description'),
904 + InactivityTimeOut => ($q->param('inactivity') || ''),
905 + RecycleBin => $q->param('recyclebin'),
906 + RecycleBinRetention => $q->param('retention'),
907 + smbAccess => $q->param('smbaccess'),
908 + httpAccess => $q->param('httpaccess'),
909 + WebDav => $q->param('webdav'),
910 + Ajaxplorer => ($q->param('ajaxplorer') || 'disabled'),
911 + RequireSSL => $q->param('requireSSL'),
912 + Indexes => $q->param('indexes'),
913 + DynamicContent => $q->param('dynamic'),
914 + );
915 +
916 + # Untaint $name before use in system()
917 + $name =~ /(.+)/; $name = $1;
918 + if (system ("/sbin/e-smith/signal-event", "share-modify", $name) == 0) {
919 + $self->success("SUCCESSFULLY_MODIFIED_SHARE");
920 }
921 + else {
922 + $self->error("ERROR_WHILE_MODIFYING_SHARE");
923 + }
924 + return undef;
925 }
926
927 -# Remove a share
928 +sub modify_perm {
929 + my $self = shift;
930 + my $q = $self->{cgi};
931 + my $name = $q->param('name');
932 + my $acct = $a->get($name);
933
934 -sub remove_share {
935 - my ($self) = @_;
936 - my $name = $self->cgi->param('name');
937 - unless ($self->cgi->param('cancel')){
938 - if (my $acct = $accountdb->get($name)) {
939 - if ($acct->prop('type') eq 'share') {
940 - # Untaint $name before use in system()
941 - $name =~ /(.+)/; $name = $1;
942 - my $encryption = $acct->prop('Encryption') || 'disabled';
943 - my $mountstatus = `/bin/mount | grep /home/e-smith/files/shares/$name/ | grep -c fuse`;
944 - chomp($mountstatus);
945 - if (($encryption eq 'enabled') && ($mountstatus eq '1')){
946 - $self->error("ERROR_ENCRYPTED_ENABLED");
947 - return undef;
948 - }
949 -
950 - $acct->set_prop('type', 'share-deleted');
951 -
952 - if (system ("/sbin/e-smith/signal-event", "share-delete", $name) == 0) {
953 - $self->success("SUCCESSFULLY_DELETED_SHARE");
954 - $acct->delete();
955 - }
956 - else {
957 - $self->error("ERROR_WHILE_DELETING_SHARE");
958 - }
959 - }
960 - else {
961 - $self->error('CANT_FIND_SHARE');
962 - }
963 + return $self->error('CANT_FIND_SHARE') unless($acct && $acct->prop('type') eq 'share');
964 +
965 + my $encryption = $acct->prop('Encryption') || 'disabled';
966 +
967 + my $WriteGroups = join(",", $q->param('writegroup'));
968 + my $WriteUsers = join(",", $q->param('writeuser'));
969
970 + my @CleanReadGroups = ();
971 + my @CleanReadUsers = ();
972 +
973 + # EncFS doesn't expose underlying ACLs
974 + # So, just remove any read only groups
975 + # Read Only is not supported with encryption
976 + if ($encryption ne 'enabled'){
977 + # No need to have read access if write is already granted
978 + foreach my $group ($q->param('readgroup')){
979 + push (@CleanReadGroups, $group) unless (grep { $_ eq $group } $q->param('writegroup'));
980 }
981 - else {
982 - $self->error('CANT_FIND_SHARE');
983 + foreach my $user ($q->param('readuser')){
984 + push (@CleanReadUsers, $user) unless (grep { $_ eq $user } $q->param('writeuser'));
985 }
986 }
987 - else{
988 - $self->error('CANCELED','First');
989 + my $ReadGroups = join(",",@CleanReadGroups);
990 + my $ReadUsers = join(",",@CleanReadUsers);
991 +
992 + $acct->merge_props(
993 + WriteGroups => $WriteGroups,
994 + ReadGroups => $ReadGroups,
995 + WriteUsers => $WriteUsers,
996 + ReadUsers => $ReadUsers,
997 + );
998 +
999 + # Untaint $name before use in system()
1000 + $name =~ /(.+)/; $name = $1;
1001 + if (system ("/sbin/e-smith/signal-event", "share-modify", $name) == 0) {
1002 + $self->success("SUCCESSFULLY_MODIFIED_SHARE");
1003 + }
1004 + else {
1005 + $self->error("ERROR_WHILE_MODIFYING_SHARE");
1006 }
1007 return undef;
1008 }
1009
1010 +# Remove a share
1011 +sub remove_share {
1012 + my $self = shift;
1013 + my $q = $self->{cgi};
1014 + my $name = $q->param('name');
1015 + my $acct = $a->get($name);
1016 + return $self->error('CANCELED','First') if ($q->param('cancel'));
1017 + return $self->error('CANT_FIND_SHARE') unless ($acct && $acct->prop('type') eq 'share');
1018 +
1019 + # Untaint $name before use in system()
1020 + $name =~ /(.+)/; $name = $1;
1021 + my $encryption = $acct->prop('Encryption') || 'disabled';
1022 + my $mountstatus = `/bin/mount | grep /home/e-smith/files/shares/$name/ | grep -c fuse`;
1023 + chomp($mountstatus);
1024 +
1025 + if (($encryption eq 'enabled') && ($mountstatus eq '1')){
1026 + $self->error("ERROR_ENCRYPTED_ENABLED");
1027 + return undef;
1028 + }
1029 +
1030 + $acct->set_prop('type', 'share-deleted');
1031 +
1032 + if (system ("/sbin/e-smith/signal-event", "share-delete", $name) == 0) {
1033 + $self->success("SUCCESSFULLY_DELETED_SHARE");
1034 + $acct->delete();
1035 + }
1036 + else {
1037 + $self->error("ERROR_WHILE_DELETING_SHARE");
1038 + }
1039 + return undef;
1040 +}
1041 +
1042 +# Check the proposed name for clashes with existing pseudonyms or other
1043 +# accounts of any type.
1044 +
1045 +sub conflict_check {
1046 + my ($self, $name) = @_;
1047 + my $rec = $a->get($name);
1048 +
1049 + my $type;
1050 + if (defined $rec){
1051 + my $type = $rec->prop('type');
1052 + if ($type eq "pseudonym"){
1053 + my $acct = $rec->prop("Account");
1054 + my $acct_type = $a->get($acct)->prop('type');
1055 +
1056 + return $self->localise('ACCT_CLASHES_WITH_PSEUDONYM',
1057 + {acctName => $name, acctType => $acct_type, acct => $acct});
1058 + }
1059 + }
1060 + elsif (defined getpwnam($name) || defined getgrnam($name)){
1061 + $type = 'system';
1062 + }
1063 + else{
1064 + # No account record and no account
1065 + return 'OK';
1066 + }
1067 + return $self->localise('ACCOUNT_EXISTS',
1068 + {acctName => $name, acctType => $type});
1069 +}
1070
1071 # Checks that the name supplied does not contain any unacceptable chars.
1072 # Returns OK on success or a localised error message otherwise.
1073 -
1074 -sub validate_name
1075 -{
1076 +sub validate_name {
1077 my ($self, $acctName) = @_;
1078
1079 - unless ($acctName =~ /^([a-z][\_\.\-a-z0-9]*)$/)
1080 - {
1081 + unless ($acctName =~ /^([a-z][\_\.\-a-z0-9]*)$/){
1082 return $self->localise('ACCT_NAME_HAS_INVALID_CHARS',
1083 {acctName => $acctName});
1084 }
1085 @@ -744,13 +779,10 @@
1086 }
1087
1088 # Check if inactivity is a number
1089 -
1090 -sub validate_inactivity
1091 -{
1092 +sub validate_inactivity {
1093 my ($self, $inac) = @_;
1094
1095 - unless ($inac =~ /^\d+$/)
1096 - {
1097 + unless ($inac =~ /^\d+$/){
1098 return $self->localise('INVALID_INACTIVITY',
1099 {inactivity => $inac});
1100 }
1101 @@ -759,9 +791,7 @@
1102
1103 # Check if both passwords match
1104 # and are more than 8 chars
1105 -
1106 -sub confirm_password
1107 -{
1108 +sub confirm_password {
1109
1110 my ($self, $pass1, $pass2) = @_;
1111

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed