mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-03 04:29:28 +01:00
Restrict anonymous user, fix noEdit class not set on all rows
This commit is contained in:
parent
6272adfa16
commit
7e7733e4e9
@ -308,6 +308,12 @@ class filemanager_ui
|
|||||||
$actions['paste']['children']["{$action_id}_paste"] = $action;
|
$actions['paste']['children']["{$action_id}_paste"] = $action;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Anonymous users have limited actions
|
||||||
|
if(self::is_anonymous($GLOBALS['egw_info']['user']['account_id']))
|
||||||
|
{
|
||||||
|
self::restrict_anonymous_actions($actions);
|
||||||
|
}
|
||||||
return $actions;
|
return $actions;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -957,13 +963,14 @@ class filemanager_ui
|
|||||||
{
|
{
|
||||||
$dir_is_writable[$path] = Vfs::is_writable($path);
|
$dir_is_writable[$path] = Vfs::is_writable($path);
|
||||||
}
|
}
|
||||||
if(!$dir_is_writable[$path])
|
|
||||||
{
|
|
||||||
$row['class'] .= 'noEdit ';
|
|
||||||
}
|
|
||||||
$row['class'] .= 'isDir ';
|
$row['class'] .= 'isDir ';
|
||||||
$row['is_dir'] = 1;
|
$row['is_dir'] = 1;
|
||||||
}
|
}
|
||||||
|
if(!$dir_is_writable[$path])
|
||||||
|
{
|
||||||
|
$row['class'] .= 'noEdit ';
|
||||||
|
}
|
||||||
$row['download_url'] = Vfs::download_url($path);
|
$row['download_url'] = Vfs::download_url($path);
|
||||||
$row['gid'] = -abs($row['gid']); // gid are positive, but we use negagive account_id for groups internal
|
$row['gid'] = -abs($row['gid']); // gid are positive, but we use negagive account_id for groups internal
|
||||||
|
|
||||||
@ -1412,9 +1419,40 @@ class filemanager_ui
|
|||||||
Framework::window_focus();
|
Framework::window_focus();
|
||||||
$GLOBALS['egw_info']['flags']['app_header'] = lang('Preferences').' '.Vfs::decodePath($path);
|
$GLOBALS['egw_info']['flags']['app_header'] = lang('Preferences').' '.Vfs::decodePath($path);
|
||||||
|
|
||||||
|
// Anonymous users cannot do anything
|
||||||
|
if(self::is_anonymous($GLOBALS['egw_info']['user']['account_id']))
|
||||||
|
{
|
||||||
|
$readonlys['__ALL__'] = true;
|
||||||
|
$readonlys['gid'] = true;
|
||||||
|
}
|
||||||
|
|
||||||
$tpl->exec('filemanager.filemanager_ui.file',$content,$sel_options,$readonlys,$preserve,2);
|
$tpl->exec('filemanager.filemanager_ui.file',$content,$sel_options,$readonlys,$preserve,2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if the user is anonymous user
|
||||||
|
* @param type $user_id
|
||||||
|
*/
|
||||||
|
protected static function is_anonymous($user_id)
|
||||||
|
{
|
||||||
|
return in_array($user_id, $GLOBALS['egw']->accounts->members('NoGroup', true));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Remove some more dangerous actions
|
||||||
|
* @param Array $actions
|
||||||
|
*/
|
||||||
|
protected static function restrict_anonymous_actions(&$actions)
|
||||||
|
{
|
||||||
|
$remove = array(
|
||||||
|
'delete'
|
||||||
|
);
|
||||||
|
foreach($remove as $key)
|
||||||
|
{
|
||||||
|
unset($actions[$key]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Run given action on given path(es) and return array/object with values for keys 'msg', 'errs', 'dirs', 'files'
|
* Run given action on given path(es) and return array/object with values for keys 'msg', 'errs', 'dirs', 'files'
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user