added: now we have a fourth part in permissions (guests)

e.g.: 07555 means:
           7 for owner
           5 for group
           5 for others
           5 for guests (not logged users)
added:     the sticky bit for directories
           e.g. permissions to a directory with a sticky bit set
           can be set to: 017555
rewritten: rm/mv winix functions to correctly understand the sticky bit
added:     Dir::FollowLink() recognizes ".." and "." now
           consequently System::FollowAllLinks recognizes it too
added:     umask -- calculating privileges for new files/directories
           all users have their own umask (in meta)
           and there is one in the config
           (for guests and when a user has not definied its own one)
removed:   mount option: only_root_remove



git-svn-id: svn://ttmath.org/publicrep/winix/trunk@801 e52654a7-88a9-db11-a3e9-0013d4bc506e
This commit is contained in:
Tomasz Sowa 2012-01-24 23:03:36 +00:00
parent 5aaab89cd8
commit 6e2d00bc5b
34 changed files with 1109 additions and 557 deletions

View File

@ -229,6 +229,7 @@ void Config::AssignValues(bool stdout_is_closed)
pattern_cacher_how_many_delete = Size(L"pattern_cacher_how_many_delete", 30);
content_type_header = Int(L"content_type_header", 0);
umask = Int(L"umask", 0222);
}

View File

@ -453,7 +453,10 @@ public:
// if utf8 is true then "; charset=UTF-8" will also be appended
int content_type_header;
// global umask
// it is used when an user doesn't have your own umask or for guests (not logged users)
// default: 0222
int umask;

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -48,7 +48,7 @@ public:
bool DelById(long id);
ParentIterator ParentBegin();
ParentIterator ParentBegin(); // IMPROVE ME: may it should be renamed to ChildBegin() similarly as FindFirstChild() ?
ParentIterator ParentEnd();
ParentSizeType ParentSize();
bool ParentEmpty();

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2011, Tomasz Sowa
* Copyright (c) 2008-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -41,7 +41,7 @@ void Dirs::Clear()
bool Dirs::HasReadExecAccessForRoot(const Item & item)
{
// there must be at least one 'x' (for the root)
return (item.privileges & 01111) != 0; // !! in the future there'll be another 'x'
return (item.privileges & 01111) != 0;
}
@ -53,8 +53,8 @@ void Dirs::CheckRootDir()
{
if( !HasReadExecAccessForRoot(*i) )
{
i->privileges = 0755;
log << log1 << "Dirs: there is no access for root (admin) to the root dir, setting 0755 for root dir" << logend;
i->privileges = 07555;
log << log1 << "Dirs: there is no access for a root (admin) to the root dir, setting 07555 for the root directory" << logend;
db->EditPrivById(*i, i->id);
}
@ -62,7 +62,7 @@ void Dirs::CheckRootDir()
}
log << log1 << "Dirs: there is no a root dir in the database (creating one)" << logend;
log << log1 << "Dirs: there is no a root directory in the database (creating one)" << logend;
Item root;
@ -70,7 +70,7 @@ void Dirs::CheckRootDir()
root.parent_id = -1;
root.user_id = -1;
root.group_id = -1;
root.privileges = 0755;
root.privileges = 07555;
// !! upewnic sie ze baza nie zmieni url (gdyby wczesniej juz byl w bazie pusty url)
// !! zrobic jakis wyjatek do wprowadzania roota?
@ -487,7 +487,7 @@ return 0;
// current_dir_tab can be the same container as out_dir_tab
// current_dir_tab can be the same container as out_dir_tab
void Dirs::CopyDirTab(const std::vector<Item*> & in, std::vector<Item*> & out)
{
if( &in != &out )
@ -502,13 +502,13 @@ void Dirs::CopyDirTab(const std::vector<Item*> & in, std::vector<Item*> & out)
size_t Dirs::AnalyzeDir(std::vector<Item*> & dir_tab, const std::wstring & link_to)
bool Dirs::AnalyzeDir(std::vector<Item*> & dir_tab, const std::wstring & link_to, size_t & i)
{
if( dir_tab.empty() )
return 0;
size_t i = 0;
size_t old_i;
i = 0;
if( dir_tab.empty() )
return false;
while( true )
{
@ -516,7 +516,7 @@ size_t Dirs::AnalyzeDir(std::vector<Item*> & dir_tab, const std::wstring & link_
for( ; i<link_to.size() && link_to[i] == '/' ; ++i);
if( i == link_to.size() )
return i; // end of the path
return true; // end of the path
// creating a name
old_i = i;
@ -525,12 +525,26 @@ size_t Dirs::AnalyzeDir(std::vector<Item*> & dir_tab, const std::wstring & link_
for( ; i<link_to.size() && link_to[i] != '/' ; ++i)
analyze_temp += link_to[i];
Item * pdir = GetDir(analyze_temp, dir_tab.back()->id);
if( !pdir )
return old_i; // analyze_temp is not a directory
if( analyze_temp == L".." )
{
if( dir_tab.size() <= 1 )
return false;
dir_tab.push_back(pdir);
dir_tab.pop_back();
}
else
if( analyze_temp != L"." )
{
Item * pdir = GetDir(analyze_temp, dir_tab.back()->id);
if( !pdir )
{
i = old_i;
return true; // analyze_temp is not a directory
}
dir_tab.push_back(pdir);
}
}
}
@ -541,7 +555,10 @@ size_t Dirs::AnalyzeDir(std::vector<Item*> & dir_tab, const std::wstring & link_
int Dirs::FollowLink(std::vector<Item*> & dir_tab, const std::wstring & link_to, std::wstring & out_item)
{
size_t i = AnalyzeDir(dir_tab, link_to);
size_t i;
if( !AnalyzeDir(dir_tab, link_to, i) )
return 2; // incorrect link_to
if( i < link_to.size() )
{
@ -574,7 +591,7 @@ return 0;
4 - current_dir_tab was empty
current_dir_tab can be the same container as out_dir_tab
link_to can be a relative path (without the first slash)
link_to can be a relative path (without the first slash) and can contain ".." or "."
*/
int Dirs::FollowLink(const std::vector<Item*> & current_dir_tab, const std::wstring & link_to,
std::vector<Item*> & out_dir_tab, std::wstring & out_item)
@ -693,9 +710,9 @@ Item * Dirs::CreateVarDir()
if( root )
{
v.parent_id = root->id;
v.user_id = -1;
v.group_id = -1;
v.privileges = 0755;
v.user_id = root->user_id;
v.group_id = root->group_id;
v.privileges = root->privileges;
v.subject = L"var";
v.url = L"var";
v.type = Item::dir;

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2011, Tomasz Sowa
* Copyright (c) 2008-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -47,6 +47,7 @@ public:
bool DelDir(long dir_id);
// if returns true then out_dir_tab is not empty
bool CreateDirTab(long dir_id, std::vector<Item*> & out_dir_tab);
void LogDir(const std::vector<Item*> & dir_tab);
@ -98,7 +99,7 @@ private:
std::wstring temp_link_to;
size_t AnalyzeDir(Item * pdir, const std::wstring & path, long & dir_id, std::wstring & dir);
size_t AnalyzeDir(std::vector<Item*> & dir_tab, const std::wstring & link_to);
bool AnalyzeDir(std::vector<Item*> & dir_tab, const std::wstring & link_to, size_t & i);
std::wstring analyze_temp;
std::wstring get_dir_temp;

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2009-2011, Tomasz Sowa
* Copyright (c) 2009-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -53,9 +53,6 @@ void Mounts::CreateMountPar()
mount_par_image_size = AddMountPar(L"image_size");
mount_par_image_mode = AddMountPar(L"image_mode");
mount_par_image_quality = AddMountPar(L"image_quality");
//mount_par_thread = AddMountPar(L"thread");
//mount_par_createthread_on = AddMountPar(L"createthread_on");
mount_par_only_root_remove = AddMountPar(L"only_root_remove");
mount_par_emacs_on = AddMountPar(L"emacs_on");
mount_par_mkdir_on = AddMountPar(L"mkdir_on");
mount_par_app = AddMountPar(L"app");

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2009-2011, Tomasz Sowa
* Copyright (c) 2009-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -73,9 +73,6 @@ public:
int MountParImageSize() { return mount_par_image_size; }
int MountParImageMode() { return mount_par_image_mode; }
int MountParImageQuality() { return mount_par_image_quality; }
//int MountParThread() { return mount_par_thread; }
//int MountParCreatethreadOn() { return mount_par_createthread_on; }
int MountParOnlyRootRemove() { return mount_par_only_root_remove; }
int MountParEmacsOn() { return mount_par_emacs_on; }
int MountParMkdirOn() { return mount_par_mkdir_on; }
int MountParApp() { return mount_par_app; }
@ -148,9 +145,6 @@ private:
int mount_par_image_size;
int mount_par_image_mode;
int mount_par_image_quality;
//int mount_par_thread;
//int mount_par_createthread_on;
int mount_par_only_root_remove;
int mount_par_emacs_on;
int mount_par_mkdir_on;
int mount_par_app;

View File

@ -29,121 +29,137 @@
// winix function and parameters have been parsed
// the request.status is OK
// (the winix function was not called yet)
#define WINIX_PREPARE_REQUEST 2000
#define WINIX_PREPARE_REQUEST 20000
// post and get functions have done their jobs
// now you can act
// this is called only if the request.status is OK
#define WINIX_PROCESS_REQUEST 2001
#define WINIX_PROCESS_REQUEST 20010
// prepere your content for displaying
// this is called after WINIX_PROCESS_REQUEST
// and when there is not a redirect
// request.status is not checked here
#define WINIX_CONTENT_MAKE 2002
#define WINIX_CONTENT_MAKE 20020
// here you can attach your own session data (based on PluginDataBase class)
// call cur->session->plugin_data.Assign(pointer)
#define WINIX_SESSION_CREATED 3000
#define WINIX_SESSION_CREATED 30000
// here you should remove your session data
// this message can be sent even if you don't assing your plugin data
#define WINIX_SESSION_REMOVE 3001
#define WINIX_SESSION_REMOVE 30010
// when a session is changed (you can save a pointer to your data here)
#define WINIX_SESSION_CHANGED 3002
#define WINIX_SESSION_CHANGED 30020
// the winix is closing
// the is not any session available (cur->session is null)
#define WINIX_CLOSE 3004
#define WINIX_CLOSE 30040
// preparing to remove a file (rm function)
// in p1 you have a pointer to the Item struct (file)
// valid members are:
// id, parent_id, type, url, file_path, file_fs, file_type, has_thumb, hash, hash_type, file_size
// user_id, group_id, privileges
// (sometimes rest members can be valid as well -- when you call directly fun_rm->RemoveFileOrSymlink() method)
#define WINIX_FILE_PREPARE_TO_REMOVE 30045
// a file or symlink was removed (rm function)
// in p1 you have a pointer to the Item struct (old file)
#define WINIX_FILE_REMOVED 3005
// directory was removed (rm function)
// PluginInfo::l1 is the dir id
#define WINIX_DIR_REMOVED 3006
// valid members are the same as in WINIX_FILE_PREPARE_TO_REMOVE
#define WINIX_FILE_REMOVED 30050
// preparing to remove a directory (rm function)
// in p1 you have a pointer to the Item struct (directory)
#define WINIX_DIR_PREPARE_TO_REMOVE 3007
// this message is sent after checking the directory permissions
// so consequently if there is no any database error then the
// directory will be removed
// and after removed WINIX_DIR_REMOVED message is sent
#define WINIX_DIR_PREPARE_TO_REMOVE 30070
// directory was removed (rm function)
// PluginInfo::l1 is the directory id
#define WINIX_DIR_REMOVED 30060
// winix is initialized,
// now you can initialize your plugin
#define WINIX_PLUGIN_INIT 3008
#define WINIX_PLUGIN_INIT 30080
// here you can add your own mount point, file systems, mount parameters
// for adding a new mount type call: system->mounts.AddMountType("new_mount_name")
#define WINIX_ADD_MOUNTS 3009
#define WINIX_ADD_MOUNTS 30090
// add plugin functions (winix functions) here
// call info.functions->Add() to add a function
#define WINIX_CREATE_FUNCTIONS 3010
#define WINIX_CREATE_FUNCTIONS 30100
// choose a default function
// if you do not select it then it will be choosen by winix
#define WINIX_SELECT_DEFAULT_FUNCTION 3011
#define WINIX_SELECT_DEFAULT_FUNCTION 30110
// /etc/fstab has been changed
// now we have new mount points
#define WINIX_FSTAB_CHANGED 3012
#define WINIX_FSTAB_CHANGED 30120
// here you add your own template to notification system
// call system->notify.AddTemplate() method
// with a template file name
#define WINIX_NOTIFY_ADD_TEMPLATE 3013
#define WINIX_NOTIFY_ADD_TEMPLATE 30130
// the request is being ended
// you can clear some of your objects here
#define WINIX_END_REQUEST 3014
#define WINIX_END_REQUEST 30140
// a new file (page) has been added
// in p1 you have a pointer to the Item struct
#define WINIX_FILE_ADDED 3015
#define WINIX_FILE_ADDED 30150
// a file (page) has been changed (edited)
// in p1 you have a pointer to the Item struct
#define WINIX_FILE_CHANGED 3016
#define WINIX_FILE_CHANGED 30160
// a file (page) has been copied
// in p1 you have a pointer to the Item struct
// not every fields of Item struct are filled
#define WINIX_FILE_COPIED 3017
#define WINIX_FILE_COPIED 30170
// a file will be moved
// in p1 you have a pointer to the Item struct
// not every fields of Item struct are filled
#define WINIX_FILE_PREPARE_TO_MOVE 3018
// valid members are:
// id, parent_id, type, url, file_path, file_fs, file_type, has_thumb, hash, hash_type, file_size
// user_id, group_id, privileges, meta
// (sometimes rest members can be valid as well -- when you call directly fun_rm->RemoveFileOrSymlink() method)
#define WINIX_FILE_PREPARE_TO_MOVE 30180
// a file has been moved
// in p1 you have a pointer to the Item struct (new file)
// not every fields of Item struct are filled
#define WINIX_FILE_MOVED 3019
// valid members are the same as in WINIX_FILE_PREPARE_TO_MOVE
#define WINIX_FILE_MOVED 30190
// a thumbnail was created
// this message is called from another thread
// the thread is called Lock() before sending this message
// in p1 you have a pointer to the Item struct
#define WINIX_CREATED_THUMB 3050
#define WINIX_CREATED_THUMB 30500
// an image has been resized
// this message is called from another thread
// the thread is called Lock() before sending this message
// in p1 you have a pointer to the Item struct
#define WINIX_IMAGE_RESIZED 3052
#define WINIX_IMAGE_RESIZED 30520
// content of a directory was sorted
// (winix 'sort' function was used)
// in p1 you have a pointer to the Item struct (of the directory)
// this is from system->dirs so you should not change the item
#define WINIX_DIR_CONTENT_SORTED 3050
#define WINIX_DIR_CONTENT_SORTED 30500
// a user has been logged
// send from 'login' winix function
// this message is also called when winix starts and reads sessions
// from the session file
#define WINIX_USER_LOGGED 3060
#define WINIX_USER_LOGGED 30600
// here you add your own html templates
@ -154,7 +170,7 @@
// the message will be sent too whenever 'reload/templates' winix function is called
// templates you should add only in this message
// in other cases after 'reload' function the indexes would be wrong
#define WINIX_ADD_TEMPLATE 3100
#define WINIX_ADD_TEMPLATE 31000

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2010-2011, Tomasz Sowa
* Copyright (c) 2010-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -260,12 +260,12 @@ bool System::CanChangeUser(const Item & item, long new_user_id)
// super user is allowed everything
return true;
// !! przeciez to prosciej mozna zapisac
// albo dac od razu return false
if( item.user_id != new_user_id )
if( item.user_id == -1 || new_user_id == -1 || item.user_id != new_user_id )
// only super user can change the owner of an item
return false;
// item.user_id is equal new_user_id -- we return true
return true;
}
@ -285,10 +285,10 @@ bool System::CanChangeGroup(const Item & item, long new_group_id)
// user is allowed to change the group only if he is an owner of the item
// he can change only into a group in which he is a member of, or into a 'no_group'
if( !cur->session->puser )
if( !cur->session->puser || cur->session->puser->id == -1 )
return false;
if( cur->session->puser->id != item.user_id )
if( item.user_id == -1 || cur->session->puser->id != item.user_id )
return false;
if( new_group_id == -1 )
@ -316,12 +316,12 @@ bool System::CanChangePrivileges(const Item & item, int new_priv)
if( item.privileges != new_priv )
{
// the owner of an item is allowed to change the privileges
if( !cur->session->puser )
// the owner of an item is allowed to change the privileges
if( !cur->session->puser || cur->session->puser->id == -1 )
return false;
if( cur->session->puser->id != item.user_id )
if( item.user_id == -1 || cur->session->puser->id != item.user_id )
return false;
}
@ -329,7 +329,7 @@ return true;
}
// private
bool System::HasAccess(const Item & item, int mask)
{
if( !cur->session )
@ -340,20 +340,26 @@ bool System::HasAccess(const Item & item, int mask)
// super user is allowed everything
return true;
if( cur->session->puser && cur->session->puser->id == item.user_id )
if( cur->session->puser && item.user_id != -1 && cur->session->puser->id == item.user_id )
{
// the owner
return ((item.privileges >> 9) & mask) == mask;
}
if( cur->session->puser && item.group_id != -1 && cur->session->puser->IsMemberOf(item.group_id) )
{
// group
return ((item.privileges >> 6) & mask) == mask;
}
if( cur->session->puser && cur->session->puser->IsMemberOf(item.group_id) )
if( cur->session->puser )
{
// group
// others -- others logged people
return ((item.privileges >> 3) & mask) == mask;
}
// others
// guests -- not logged people
return (item.privileges & mask) == mask;
}
@ -381,8 +387,8 @@ bool System::HasReadExecAccess(const Item & item)
if( cur->session && cur->session->puser && cur->session->puser->super_user )
{
// there must be at least one 'x' (for the root)
return (item.privileges & 0111) != 0;
// !! CHECK ME: is it applicable to directories too?
return (item.privileges & 01111) != 0;
}
return HasAccess(item, 5); // r+x
@ -468,6 +474,76 @@ size_t i = 0;
}
int System::NewPrivileges(int creation_mask)
{
if( cur && cur->session && cur->session->puser )
{
int umask = cur->session->puser->env.Int(L"umask", config->umask);
return (~umask) & creation_mask;
}
else
{
return (~config->umask) & creation_mask;
}
}
/*
from man sticky:
A directory whose `sticky bit' is set becomes an append-only directory,
or, more accurately, a directory in which the deletion of files is
restricted. A file in a sticky directory may only be removed or renamed
by a user if the user has write permission for the directory and the user
is the owner of the file, the owner of the directory, or the super-user.
This feature is usefully applied to directories such as /tmp which must
be publicly writable but should deny users the license to arbitrarily
delete or rename each others' files.
*/
bool System::CanRemoveRenameChild(const Item & dir, long child_item_user_id)
{
if( dir.type != Item::dir )
return false;
if( !HasWriteAccess(dir) )
return false;
if( (dir.privileges & 010000) == 0 )
// there is no a sticky bit set to this directory
return true;
if( cur->session->puser )
{
if( cur->session->puser->super_user )
return true;
if( dir.user_id != -1 && cur->session->puser->id != -1 && child_item_user_id != -1 )
{
if( cur->session->puser->id == child_item_user_id ||
cur->session->puser->id == dir.user_id )
return true;
}
}
return false;
}
int System::NewFilePrivileges()
{
return NewPrivileges(06666);
}
int System::NewDirPrivileges()
{
return NewPrivileges(07777);
}
bool System::CanUseHtml(long user_id)
{
return IsMemberOfGroup(user_id, L"allow_html");
@ -1068,9 +1144,9 @@ bool System::AddCommonFileToVar(const wchar_t * file_path, const wchar_t * url,
file_content_item.Clear();
file_content_item.parent_id = var->id;
file_content_item.user_id = -1;
file_content_item.group_id = -1;
file_content_item.privileges = 0755;
file_content_item.user_id = var->user_id;
file_content_item.group_id = var->group_id;
file_content_item.privileges = 07555; // !! IMPROVE ME: may it should be added as a parameter to this function?
file_content_item.subject = url;
file_content_item.url = url;
file_content_item.type = Item::file;

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2010-2011, Tomasz Sowa
* Copyright (c) 2010-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -88,7 +88,8 @@ public:
bool CanChangeUser(const Item & item, long new_user_id);
bool CanChangeGroup(const Item & item, long new_group_id);
bool CanChangePrivileges(const Item & item, int new_priv);
bool HasAccess(const Item & item, int mask);
bool HasReadAccess(const Item & item);
bool HasWriteAccess(const Item & item);
bool HasReadWriteAccess(const Item & item);
@ -99,6 +100,16 @@ public:
void CheckAccessToItems(std::vector<Item> & item_tab);
void CheckWriteAccessToItems(std::vector<Item> & item_tab);
/*
this method checks the sticky bit and write permissions
it returns true if we can remove/rename an item for the given child_item_user_id user id
*/
bool CanRemoveRenameChild(const Item & dir, long child_item_user_id);
int NewFilePrivileges();
int NewDirPrivileges();
bool CanUseHtml(long user_id);
bool CanUseBBCode(long user_id);
bool CanUseRaw(long user_id);
@ -156,6 +167,9 @@ private:
std::vector<Item*> root_follow_dir_tab;
Item temp_follow_item;
bool HasAccess(const Item & item, int mask);
int NewPrivileges(int creation_mask);
bool CreateNewFileSimpleFs(Item & item);
bool CreateNewFileHashFs(Item & item);

View File

@ -29,7 +29,12 @@ adduser.o: ../templates/htmltextstream.h ../core/mounts.h
adduser.o: ../core/mountparser.h ../core/crypt.h ../core/users.h
adduser.o: ../core/groups.h ../core/group.h ../core/loadavg.h ../core/image.h
adduser.o: ../core/basethread.h ../core/threadmanager.h ../core/synchro.h
adduser.o: ../core/slog.h
adduser.o: ../core/slog.h ../core/plugin.h ../core/pluginmsg.h
adduser.o: ../core/system.h ../core/sessionmanager.h
adduser.o: ../core/sessioncontainer.h ../functions/functions.h
adduser.o: ../templates/templates.h ../templates/patterncacher.h
adduser.o: ../templates/indexpatterns.h ../templates/patterns.h
adduser.o: ../templates/changepatterns.h ../core/sessionmanager.h
cat.o: cat.h functionbase.h ../core/item.h ../db/db.h ../db/dbbase.h
cat.o: ../db/dbconn.h ../db/dbtextstream.h ../core/textstream.h
cat.o: ../core/misc.h ../core/item.h ../core/requesttypes.h ../core/error.h

View File

@ -9,6 +9,7 @@
#include "adduser.h"
#include "core/slog.h"
#include "core/plugin.h"
@ -112,10 +113,14 @@ void AddUser::MakePost()
{
if( system->users.AddUser(user) )
{
if( !cur->session->puser )
system->users.LoginUser(user.id, false);
log << log2 << "AddUser: added a new user: " << user.name << logend;
if( !cur->session->puser )
{
system->users.LoginUser(user.id, false);
log << log2 << "AddUser: now logged as: " << user.name << logend;
plugin.Call(WINIX_USER_LOGGED);
}
}
else
{

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -125,9 +125,9 @@ void Emacs::MakePost()
if( adding )
{
cur->request->is_item = true; // !! moze lepiej nie ustawiac is_item? (bo jak wystapi blad np dodania do bazy danych
// to formularz edycji zmieni sie z 'dodaj' na 'edytuj'
cur->request->item.privileges = 0644; // !! tymczasowo, bedzie uzyte umask
cur->request->is_item = true; // !! moze lepiej nie ustawiac is_item? (bo jak wystapi blad np dodania do bazy danych
// to formularz edycji zmieni sie z 'dodaj' na 'edytuj'
cur->request->item.privileges = system->NewFilePrivileges();
cur->request->status = system->AddFile(cur->request->item, NotifyCodeAdd());
}
else

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2010-2011, Tomasz Sowa
* Copyright (c) 2010-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -19,8 +19,8 @@ FunctionBase::FunctionBase()
fun.user_id = -1;
fun.group_id = -1;
fun.privileges = 0755;
fun.parent_id = -1; // !! temporarily doesn't matter
fun.privileges = 07555;
fun.parent_id = -1;
fun.id = -1;
fun.type = Item::file;
}

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2010, Tomasz Sowa
* Copyright (c) 2010-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -37,7 +37,7 @@ void Ln::CreateSymbolicLink(const std::wstring & link_to)
item.url = cur->request->PostVar(L"url");
item.link_to = link_to;
item.link_redirect = cur->request->IsPostVar(L"makeredirect") ? 1 : 0;
item.privileges = 0644; // !! tymczasowo, bedzie uzyte umask
item.privileges = system->NewFilePrivileges();
functions->SetUser(item);
functions->PrepareUrl(item);
@ -64,7 +64,7 @@ void Ln::CreateHardLink(const std::wstring & link_to)
item.type = Item::file;
item.parent_id = cur->request->dir_tab.back()->id;
item.url = cur->request->PostVar(L"url");
item.privileges = 0644; // !! tymczasowo, bedzie uzyte umask
item.privileges = system->NewFilePrivileges();
functions->SetUser(item);
functions->PrepareUrl(item);
cur->request->status = db->AddHardLink(item);

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2010, Tomasz Sowa
* Copyright (c) 2008-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -79,7 +79,7 @@ void Mkdir::PostFunMkdir(bool add_to_dir_tab, int privileges)
void Mkdir::MakePost()
{
PostFunMkdir(false, 0755);
PostFunMkdir(false, system->NewDirPrivileges());
}

View File

@ -2,7 +2,7 @@
* This file is a part of Winix
* and is not publicly distributed
*
* Copyright (c) 2008-2011, Tomasz Sowa
* Copyright (c) 2008-2012, Tomasz Sowa
* All rights reserved.
*
*/
@ -21,73 +21,131 @@ Mv::Mv()
{
fun.url = L"mv";
follow_symlinks = false;
Prepare();
}
// !! CHECK ME
// check if everywhere correct messages are sent (prepare_to, modified item/dir)
bool Mv::HasAccess()
{
return CheckAccessFrom();
}
bool Mv::CheckAccessFromToDir()
{
Item * last;
Item * last_but_one = 0;
size_t dir_tab_size;
last = cur->request->dir_tab.back();
dir_tab_size = cur->request->dir_tab.size();
if( dir_tab_size <= 1 )
return false; // you cannot move the root directory
last_but_one = cur->request->dir_tab[dir_tab_size - 2];
if( cur->request->method != Request::post )
{
// used in GET or HEAD
// we don't now whether we move the last directory or the last but one
// it depends on the 'onlycontent' parameter
if( !system->HasWriteAccess(*last) && !system->HasWriteAccess(*last_but_one) )
return false;
}
else
{
// used in POST when the moving is performed
if( cur->request->IsPostVar(L"onlycontent") )
return system->HasWriteAccess(*last);
else
return system->HasWriteAccess(*last_but_one);
}
return true;
}
bool Mv::CheckAccessFrom()
{
if( cur->request->is_item )
{
// moving a file
if( !system->HasWriteAccess(*cur->request->dir_tab.back()) )
if( !system->CanRemoveRenameChild(*cur->request->dir_tab.back(), cur->request->item.user_id) )
return false;
}
else
{
bool only_content = (cur->request->IsParam(L"c") || cur->request->IsPostVar(L"c"));
if( !CheckAccessFromToDir(*cur->request->dir_tab.back(), only_content) )
return false;
}
return true;
}
bool Mv::CheckAccessFromToDir(const Item & dir, bool only_content)
{
if( dir.parent_id == -1 )
{
if( !only_content )
{
cur->request->status = WINIX_ERR_PERMISSION_DENIED;
// the root directory cannot be moved anywhere
return false;
}
}
else
if( only_content )
{
if( !CheckAccessFromToDir() )
{
cur->request->status = WINIX_ERR_PERMISSION_DENIED;
// sticky bit for a specified child will be checked later
if( !system->HasWriteAccess(dir) )
return false;
}
else
{
Item * last_but_one_dir = system->dirs.GetDir(dir.parent_id);
if( !last_but_one_dir )
// ops, there is no a parent dir
return false;
if( !system->CanRemoveRenameChild(*last_but_one_dir, dir.user_id) )
return false;
}
return true;
}
// !! IMPROVE ME: may a better name?
void Mv::Prepare()
{
content_dir_iq.SetAll(false, false);
content_dir_iq.sel_parent_id = true;
content_dir_iq.sel_type = true;
content_dir_iq.sel_url = true;
content_dir_iq.sel_file = true;
content_dir_iq.sel_user_id = true;
content_dir_iq.sel_group_id = true;
content_dir_iq.sel_privileges = true;
content_dir_iq.sel_meta = true;
files_iq.SetAll(false, false);
files_iq.sel_parent_id = true;
files_iq.sel_type = true;
files_iq.sel_url = true;
files_iq.sel_file = true;
files_iq.sel_user_id = true;
files_iq.sel_group_id = true;
files_iq.sel_privileges = true;
files_iq.sel_meta = true;
files_iq.WhereType(Item::dir, false);
}
void Mv::Clear()
{
out_dir_tab.clear();
out_item.Clear();
out_filename.clear();
files_item_tab.clear();
item_tab.clear();
}
bool Mv::ParseDirCheckLastName()
{
if( out_has_file )
{
log << log1 << "Mv: incorrent path" << logend;
slog << logerror << T("mv_incorrect_path") << logend;
return false;
}
else
{
Item * dir = system->dirs.GetDir(out_filename, out_dir_tab.back()->id);
if( dir )
{
out_dir_tab.push_back(dir);
out_filename.clear();
}
else
{
if( db->GetItem(out_dir_tab.back()->id, out_filename, out_item) == WINIX_ERR_OK )
{
out_has_file = true;
out_filename.clear();
}
}
}
@ -95,13 +153,48 @@ return true;
}
bool Mv::CheckAccessTo()
bool Mv::ParseDir(const std::wstring & dst_path, bool check_access)
{
if( dir_tab.empty() ||
!system->HasReadExecAccessToPath(dir_tab) ||
!system->HasWriteAccess(*dir_tab.back()) )
if( dst_path.empty() )
return false;
// first we should remove the last name from the dst_path
// (it may not exist in current file system and FollowAllLinks will fail)
size_t last_slash = dst_path.find_last_of('/');
out_path = dst_path;
out_filename.clear();
if( last_slash != std::wstring::npos && last_slash + 1 < dst_path.size() )
{
cur->request->status = WINIX_ERR_PERMISSION_DENIED;
out_path.erase(last_slash + 1); // leaving the slash at the end
out_filename = dst_path.c_str() + last_slash + 1;
}
int res = system->FollowAllLinks(cur->request->dir_tab, out_path, out_dir_tab, out_item, false, false, check_access);
if( res != 0 && res != 1 )
{
slog << logerror << T("mv_incorrect_dst_path") << logend;
return false;
}
out_has_file = (res == 1);
if( !out_filename.empty() )
return ParseDirCheckLastName();
return true;
}
bool Mv::CanRemoveRenameChild(const Item & child)
{
Item * parent_dir = system->dirs.GetDir(child.parent_id);
if( !parent_dir || !system->CanRemoveRenameChild(*parent_dir, child.user_id) )
{
log << log1 << "Mv: permission denied to: " << child.url << logend;
slog << logerror << T("mv_permission_denied_to") << ": " << child.url << logend;
return false;
}
@ -109,25 +202,6 @@ return true;
}
bool Mv::ParseDir()
{
const std::wstring & new_dir = cur->request->PostVar(L"to");
int res = system->dirs.FollowLink(cur->request->dir_tab, new_dir, dir_tab, file);
if( res == 3 )
cur->request->status = WINIX_ERR_NO_ROOT_DIR;
else
if( res != 0 && res != 1 )
cur->request->status = WINIX_ERR_INCORRECT_DIR;
return res == 0 || res == 1;
}
bool Mv::MoveStaticFile(const std::wstring & from, const std::wstring & to)
{
if( from == to )
@ -143,8 +217,8 @@ bool Mv::MoveStaticFile(const std::wstring & from, const std::wstring & to)
}
else
{
log << log1 << "Mv: can't move a file from: " << from << ", to: " << to << logend;
cur->request->status = WINIX_ERR_PERMISSION_DENIED;
log << log1 << "Mv: cannot move a static file from: " << from << ", to: " << to << logend;
slog << logerror << T("internal_error") << logend;
return false;
}
}
@ -155,124 +229,44 @@ void Mv::MoveStaticFile(Item & item)
{
bool res1, res2, res3, res4, res5;
res1 = system->MakeFilePath(item, old_path, false);
res2 = !item.has_thumb || system->MakeFilePath(item, old_path_thumb, true);
res1 = system->MakeFilePath(item, old_static_path, false);
res2 = !item.has_thumb || system->MakeFilePath(item, old_static_thumb_path, true);
res3 = system->CreateNewFile(item);
res4 = system->MakeFilePath(item, new_path, false, true, config->upload_dirs_chmod);
res5 = !item.has_thumb || system->MakeFilePath(item, new_path_thumb, true, true, config->upload_dirs_chmod);
res4 = system->MakeFilePath(item, new_static_path, false, true, config->upload_dirs_chmod);
res5 = !item.has_thumb || system->MakeFilePath(item, new_static_thumb_path, true, true, config->upload_dirs_chmod);
if( !res1 || !res2 || !res3 || !res4 || !res5 )
{
cur->request->status = WINIX_ERR_PERMISSION_DENIED;
log << log1 << "Mv: cannot create a static path" << logend;
slog << logerror << T("internal_error") << logend;
return;
}
if( MoveStaticFile(old_path, new_path) )
if( MoveStaticFile(old_static_path, new_static_path) )
{
cur->request->status = db->EditFileById(item, item.id);
if( db->EditFileById(item, item.id) != WINIX_ERR_OK )
{
log << log1 << "Mv: cannot move static file (database problem)" << logend;
slog << logerror << T("internal_error") << logend;
return;
}
if( item.has_thumb )
MoveStaticFile(old_path_thumb, new_path_thumb);
MoveStaticFile(old_static_thumb_path, new_static_thumb_path);
}
}
void Mv::MoveFileOrSymlink(Item & item)
void Mv::MoveFilesPrepareTreeGo(const Item & src_dir)
{
plugin.Call(WINIX_FILE_PREPARE_TO_MOVE, &item);
old_url = item.url;
if( !file.empty() )
{
item.url = file;
functions->PrepareUrl(item);
file.clear();
}
item.parent_id = dir_tab.back()->id;
cur->request->status = db->EditParentUrlById(item, item.id);
if( cur->request->status == WINIX_ERR_OK )
{
if( item.type == Item::file )
log << log3 << "Mv: file: ";
else
log << log3 << "Mv: symlink: ";
log << old_url << " was moved to: ";
system->dirs.LogDir(dir_tab);
log << item.url << logend;
if( item.file_type != WINIX_ITEM_FILETYPE_NONE )
MoveStaticFile(item);
plugin.Call(WINIX_FILE_MOVED, &item);
}
}
void Mv::MoveDirContent(const Item & dir)
{
content_dir_iq.WhereParentId(dir.id);
db->GetItems(item_tab, content_dir_iq);
for(size_t i=0 ; i<item_tab.size() ; ++i)
{
if( item_tab[i].type == Item::dir )
MoveDir(item_tab[i]);
else
MoveFileOrSymlink(item_tab[i]);
}
}
void Mv::Prepare()
{
content_dir_iq.SetAll(false, false);
content_dir_iq.sel_parent_id = true;
content_dir_iq.sel_type = true;
content_dir_iq.sel_url = true;
content_dir_iq.sel_file = true;
files_iq.SetAll(false, false);
files_iq.sel_parent_id = true;
files_iq.sel_type = true;
files_iq.sel_url = true;
files_iq.sel_file = true;
files_iq.WhereType(Item::dir, false);
}
void Mv::Clear()
{
dir_tab.clear();
files_item_tab.clear();
item_tab.clear();
}
void Mv::MoveFilesPrepareTree(const Item & dir)
{
// we only calling plugins here
// so if there is no WINIX_FILE_PREPARE_TO_MOVE message
// we can immediately return and the database will not be bothered
if( !plugin.HasMessage(WINIX_FILE_PREPARE_TO_MOVE) )
return;
DirContainer::ParentIterator i = system->dirs.FindFirstChild(dir.id);
DirContainer::ParentIterator i = system->dirs.FindFirstChild(src_dir.id);
// go through all directories
for( ; i != system->dirs.ParentEnd() ; i = system->dirs.NextChild(i) )
MoveFilesPrepareTree(*(i->second));
files_iq.WhereParentId(dir.id);
files_iq.WhereParentId(src_dir.id);
db->GetItems(files_item_tab, files_iq);
for(size_t i=0 ; i<files_item_tab.size() ; ++i)
@ -280,6 +274,20 @@ void Mv::MoveFilesPrepareTree(const Item & dir)
}
void Mv::MoveFilesPrepareTree(const Item & src_dir)
{
// we only calling plugins here
// so if there is no WINIX_FILE_PREPARE_TO_MOVE message
// we can immediately return and the database will not be bothered
if( plugin.HasMessage(WINIX_FILE_PREPARE_TO_MOVE) )
{
MoveFilesPrepareTree(src_dir);
}
}
void Mv::MoveFilesTree(const Item & dir)
{
DirContainer::ParentIterator i = system->dirs.FindFirstChild(dir.id);
@ -294,69 +302,193 @@ void Mv::MoveFilesTree(const Item & dir)
for(size_t i=0 ; i<files_item_tab.size() ; ++i)
{
if( files_item_tab[i].file_type != WINIX_ITEM_FILETYPE_NONE )
{
plugin.Call(WINIX_FILE_PREPARE_TO_MOVE, &files_item_tab[i]);
MoveStaticFile(files_item_tab[i]);
plugin.Call(WINIX_FILE_MOVED, &files_item_tab[i]);
plugin.Call(WINIX_FILE_MOVED, &files_item_tab[i]);
}
}
}
void Mv::MoveDir(Item & dir)
{
long dst_dir_id = dir_tab.back()->id;
old_url = dir.url;
if( dst_dir_id == dir.id || system->dirs.HasParent(dst_dir_id, dir.id) )
// private
// uses: out_dir_tab, out_filename
bool Mv::MoveDir(Item & src_dir, std::vector<Item*> & dst_dir_tab, const std::wstring & dst_name)
{
long dst_dir_id = dst_dir_tab.back()->id;
old_url = src_dir.url;
if( dst_dir_id == src_dir.id || system->dirs.HasParent(dst_dir_id, src_dir.id) )
{
log << log1 << "Mv: cannot move directory to inside it" << logend;
cur->request->status = WINIX_ERR_INCORRECT_DIR;
return;
slog << logerror << T("mv_cannot_move_to_inside");
return false;