diff --git a/root/etc/e-smith/events/actions/ajaxplorer-user-rights b/root/etc/e-smith/events/actions/ajaxplorer-user-rights index 1e1df71..14643ea 100644 --- a/root/etc/e-smith/events/actions/ajaxplorer-user-rights +++ b/root/etc/e-smith/events/actions/ajaxplorer-user-rights @@ -21,9 +21,11 @@ use strict; use esmith::templates; +use esmith::ConfigDB; use esmith::AccountsDB; use File::Path qw(mkpath rmtree); +my $c = esmith::ConfigDB->open_ro; my $a = esmith::AccountsDB->open_ro; # Remove all the permissions @@ -48,3 +50,55 @@ foreach my $user (($a->users),$a->get('admin')){ }); } +my $ajxp = $c->get('ajaxplorer') || die "Couldn't find ajaxplorer entry in ConfigDB\n"; +my $homedir = $ajxp->prop('HomeDir') || 'none'; + +if ($homedir eq 'enabled'){ + foreach ($a->users){ + my $name = $_->key; + set_user_acl($name); + } +} +elsif ($homedir eq 'users'){ + foreach ($a->users){ + my $name = $_->key; + if (($_->prop('AjxpHomeDir') || 'disabled') eq 'enabled'){ + set_user_acl($name); + } + else{ + remove_user_acl($name); + } + } +} +else{ + foreach ($a->users){ + my $name = $_->key; + remove_user_acl($name); + } +} + +sub set_user_acl{ + my $user = shift; + system('/usr/bin/setfacl', + '-m', + 'u:www:x', + "/home/e-smith/files/users/$user"); + system('/usr/bin/setfacl', + '-R', + '-m', + 'u:www:rX,d:u:www:rX', + "/home/e-smith/files/users/$user/home"); +} + +sub remove_user_acl{ + my $user = shift; + system('/usr/bin/setfacl', + '-R', + '-x', + 'u:www,d:u:www', + "/home/e-smith/files/users/$user/home"); + system('/usr/bin/setfacl', + '-x', + 'u:www', + "/home/e-smith/files/users/$user"); +} diff --git a/root/etc/e-smith/templates/etc/ajaxplorer/bootstrap_repositories.php/050repo b/root/etc/e-smith/templates/etc/ajaxplorer/bootstrap_repositories.php/050repo index f955058..be2a88f 100644 --- a/root/etc/e-smith/templates/etc/ajaxplorer/bootstrap_repositories.php/050repo +++ b/root/etc/e-smith/templates/etc/ajaxplorer/bootstrap_repositories.php/050repo @@ -9,6 +9,33 @@ use esmith::AccountsDB; my $a = esmith::AccountsDB->open_ro(); +my $homedir = $ajaxplorer{'HomeDir'} || 'none'; + +if (($homedir eq 'enabled') || ($homedir eq 'users')){ + $OUT .=<<"EOF"; + +\$REPOSITORIES["home"] = array( + "DISPLAY" => "Perso", + "AJXP_SLUG" => "home", + "DRIVER" => "fs", + "DRIVER_OPTIONS" => array( + "PATH" => "/home/e-smith/files/users/AJXP_USER/home", + "CREATE" => false, + "RECYCLE_BIN" => '', + "CHMOD_VALUE" => '0660', + "DEFAULT_RIGHTS" => "", + "PAGINATION_THRESHOLD" => 500, + "PAGINATION_NUMBER" => 200, + "META_SOURCES" => array( + ) + ), +); + +EOF + +} + + foreach my $share ($a->get_all_by_prop(type=>'share')){ my $name = $share->key; my $access = $share->prop('Ajaxplorer') || 'disabled'; diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Ajaxplorer b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Ajaxplorer index 9a63fcc..eb7fa48 100644 --- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Ajaxplorer +++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/98Ajaxplorer @@ -10,6 +10,8 @@ if (($ajaxplorer{'status'} || 'disabled') eq 'enabled'){ " AuthExternal pwauth\n" . " Require valid-user\n" : ''; my $maxsize = $ajaxplorer{'MaxUploadSize'} || '200M'; + my $homedir = $ajaxplorer{'HomeDir'} || 'none'; + $homedir = (($homedir eq 'enabled') || ($homedir eq 'users')) ? ":/home/e-smith/files/users":""; my $shares = ''; @@ -20,7 +22,7 @@ Alias /ajxppub /var/lib/ajaxplorer/public Options None AddType application/x-httpd-php .php - php_admin_value open_basedir /usr/share/ajaxplorer:/var/lib/ajaxplorer:/var/log/ajaxplorer:/etc/ajaxplorer:/var/cache/ajaxplorer:/usr/share/pear/:/home/e-smith/files/shares + php_admin_value open_basedir /usr/share/ajaxplorer:/var/lib/ajaxplorer:/var/log/ajaxplorer:/etc/ajaxplorer:/var/cache/ajaxplorer:/usr/share/pear/:/home/e-smith/files/shares$homedir Order deny,allow Allow from all @@ -36,7 +38,7 @@ $alias AddType application/x-httpd-php .php - php_admin_value open_basedir /usr/share/ajaxplorer:/var/lib/ajaxplorer:/var/log/ajaxplorer:/etc/ajaxplorer:/var/cache/ajaxplorer:/usr/share/pear/:/home/e-smith/files/shares + php_admin_value open_basedir /usr/share/ajaxplorer:/var/lib/ajaxplorer:/var/log/ajaxplorer:/etc/ajaxplorer:/var/cache/ajaxplorer:/usr/share/pear/:/home/e-smith/files/shares$homedir php_admin_value memory_limit 100M php_admin_value upload_max_filesize $maxsize php_admin_value post_max_size $maxsize diff --git a/root/etc/e-smith/templates/var/lib/ajaxplorer/plugins/auth.serial/__user__/rights.ser/10All b/root/etc/e-smith/templates/var/lib/ajaxplorer/plugins/auth.serial/__user__/rights.ser/10All index a2c5e0b..5d2843d 100644 --- a/root/etc/e-smith/templates/var/lib/ajaxplorer/plugins/auth.serial/__user__/rights.ser/10All +++ b/root/etc/e-smith/templates/var/lib/ajaxplorer/plugins/auth.serial/__user__/rights.ser/10All @@ -36,6 +36,17 @@ foreach my $share (@s){ $data->{'ajxp_shared'} = 'rw' if (($ajaxplorer{'PublicShares'} || 'disabled') eq 'enabled'); +my $homedir = $ajaxplorer{'HomeDir'} || 'none'; + +if ($homedir eq 'enabled'){ + $data->{'home'} = 'r'; +} +elsif ($homedir eq 'users'){ + my $acc = $a->get($id); + my $ajxphomedir = $acc->prop('AjxpHomeDir') || 'disabled'; + $data->{'home'} = 'r' if ($ajxphomedir eq 'enabled'); +} + # Hugly hack to convert int -> bool my $string = serialize($data); $string =~ s/i:/b:/; diff --git a/smeserver-ajaxplorer.spec b/smeserver-ajaxplorer.spec index 7e962dc..7e2fee2 100644 --- a/smeserver-ajaxplorer.spec +++ b/smeserver-ajaxplorer.spec @@ -2,7 +2,7 @@ # Name: Daniel Berteaud %define name smeserver-ajaxplorer -%define version 0.1.1 +%define version 0.1.2 %define release 1 Summary: sme server integration of ajaxplorer Name: %{name} @@ -29,6 +29,10 @@ Ajaxplorer is a rich-client browser for managing files on a web server This contrib works with the smeserver-shared-folders addon %changelog +* Tue Apr 17 2012 Daniel Berteaud 0.1.2-1 +- Posibility to access home dir (Read Only) +- Fix ACL for rw users + * Fri Apr 06 2012 Daniel Berteaud 0.1.1-1 - Migrate to GIT - make all shares accessible with open_basedir