HomeDir access optional support

tags/0.1.3
Daniel Berteaud 13 years ago
parent 97a9fe267b
commit 00374e47af
  1. 54
      root/etc/e-smith/events/actions/ajaxplorer-user-rights
  2. 27
      root/etc/e-smith/templates/etc/ajaxplorer/bootstrap_repositories.php/050repo
  3. 6
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Ajaxplorer
  4. 11
      root/etc/e-smith/templates/var/lib/ajaxplorer/plugins/auth.serial/__user__/rights.ser/10All
  5. 7
      smeserver-ajaxplorer.spec

@ -21,9 +21,11 @@
use strict;
use esmith::templates;
use esmith::ConfigDB;
use esmith::AccountsDB;
use File::Path qw(mkpath rmtree);
my $c = esmith::ConfigDB->open_ro;
my $a = esmith::AccountsDB->open_ro;
# Remove all the permissions
@ -48,3 +50,55 @@ foreach my $user (($a->users),$a->get('admin')){
});
}
my $ajxp = $c->get('ajaxplorer') || die "Couldn't find ajaxplorer entry in ConfigDB\n";
my $homedir = $ajxp->prop('HomeDir') || 'none';
if ($homedir eq 'enabled'){
foreach ($a->users){
my $name = $_->key;
set_user_acl($name);
}
}
elsif ($homedir eq 'users'){
foreach ($a->users){
my $name = $_->key;
if (($_->prop('AjxpHomeDir') || 'disabled') eq 'enabled'){
set_user_acl($name);
}
else{
remove_user_acl($name);
}
}
}
else{
foreach ($a->users){
my $name = $_->key;
remove_user_acl($name);
}
}
sub set_user_acl{
my $user = shift;
system('/usr/bin/setfacl',
'-m',
'u:www:x',
"/home/e-smith/files/users/$user");
system('/usr/bin/setfacl',
'-R',
'-m',
'u:www:rX,d:u:www:rX',
"/home/e-smith/files/users/$user/home");
}
sub remove_user_acl{
my $user = shift;
system('/usr/bin/setfacl',
'-R',
'-x',
'u:www,d:u:www',
"/home/e-smith/files/users/$user/home");
system('/usr/bin/setfacl',
'-x',
'u:www',
"/home/e-smith/files/users/$user");
}

@ -9,6 +9,33 @@ use esmith::AccountsDB;
my $a = esmith::AccountsDB->open_ro();
my $homedir = $ajaxplorer{'HomeDir'} || 'none';
if (($homedir eq 'enabled') || ($homedir eq 'users')){
$OUT .=<<"EOF";
\$REPOSITORIES["home"] = array(
"DISPLAY" => "Perso",
"AJXP_SLUG" => "home",
"DRIVER" => "fs",
"DRIVER_OPTIONS" => array(
"PATH" => "/home/e-smith/files/users/AJXP_USER/home",
"CREATE" => false,
"RECYCLE_BIN" => '',
"CHMOD_VALUE" => '0660',
"DEFAULT_RIGHTS" => "",
"PAGINATION_THRESHOLD" => 500,
"PAGINATION_NUMBER" => 200,
"META_SOURCES" => array(
)
),
);
EOF
}
foreach my $share ($a->get_all_by_prop(type=>'share')){
my $name = $share->key;
my $access = $share->prop('Ajaxplorer') || 'disabled';

@ -10,6 +10,8 @@ if (($ajaxplorer{'status'} || 'disabled') eq 'enabled'){
" AuthExternal pwauth\n" .
" Require valid-user\n" : '';
my $maxsize = $ajaxplorer{'MaxUploadSize'} || '200M';
my $homedir = $ajaxplorer{'HomeDir'} || 'none';
$homedir = (($homedir eq 'enabled') || ($homedir eq 'users')) ? ":/home/e-smith/files/users":"";
my $shares = '';
@ -20,7 +22,7 @@ Alias /ajxppub /var/lib/ajaxplorer/public
<Directory /var/lib/ajaxplorer/public>
Options None
AddType application/x-httpd-php .php
php_admin_value open_basedir /usr/share/ajaxplorer:/var/lib/ajaxplorer:/var/log/ajaxplorer:/etc/ajaxplorer:/var/cache/ajaxplorer:/usr/share/pear/:/home/e-smith/files/shares
php_admin_value open_basedir /usr/share/ajaxplorer:/var/lib/ajaxplorer:/var/log/ajaxplorer:/etc/ajaxplorer:/var/cache/ajaxplorer:/usr/share/pear/:/home/e-smith/files/shares$homedir
Order deny,allow
Allow from all
<Files ".ajxp_*">
@ -36,7 +38,7 @@ $alias
<Directory /usr/share/ajaxplorer>
AddType application/x-httpd-php .php
php_admin_value open_basedir /usr/share/ajaxplorer:/var/lib/ajaxplorer:/var/log/ajaxplorer:/etc/ajaxplorer:/var/cache/ajaxplorer:/usr/share/pear/:/home/e-smith/files/shares
php_admin_value open_basedir /usr/share/ajaxplorer:/var/lib/ajaxplorer:/var/log/ajaxplorer:/etc/ajaxplorer:/var/cache/ajaxplorer:/usr/share/pear/:/home/e-smith/files/shares$homedir
php_admin_value memory_limit 100M
php_admin_value upload_max_filesize $maxsize
php_admin_value post_max_size $maxsize

@ -36,6 +36,17 @@ foreach my $share (@s){
$data->{'ajxp_shared'} = 'rw'
if (($ajaxplorer{'PublicShares'} || 'disabled') eq 'enabled');
my $homedir = $ajaxplorer{'HomeDir'} || 'none';
if ($homedir eq 'enabled'){
$data->{'home'} = 'r';
}
elsif ($homedir eq 'users'){
my $acc = $a->get($id);
my $ajxphomedir = $acc->prop('AjxpHomeDir') || 'disabled';
$data->{'home'} = 'r' if ($ajxphomedir eq 'enabled');
}
# Hugly hack to convert int -> bool
my $string = serialize($data);
$string =~ s/i:/b:/;

@ -2,8 +2,8 @@
# Name: Daniel Berteaud
%define name smeserver-ajaxplorer
%define version 0.1.1
%define release 1
%define version 0.1.2
%define release 0.beta1
Summary: sme server integration of ajaxplorer
Name: %{name}
Version: %{version}
@ -29,6 +29,9 @@ Ajaxplorer is a rich-client browser for managing files on a web server
This contrib works with the smeserver-shared-folders addon
%changelog
* Tue Apr 17 2012 Daniel Berteaud <daniel@firewall-services.com> 0.1.2-1
- Posibility to access home dir (Read Only)
* Fri Apr 06 2012 Daniel Berteaud <daniel@firewall-services.com> 0.1.1-1
- Migrate to GIT
- make all shares accessible with open_basedir

Loading…
Cancel
Save