/** * @param array $httpVars * @param bool $update * @return Repository * @throws Exception */ protected function createOrLoadSharedRepository($httpVars, &$update) { if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") { $mess = ConfService::getMessages(); throw new Exception($mess["349"]); } if (isset($httpVars["repository_id"])) { $editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]); $update = true; } // CHECK REPO DOES NOT ALREADY EXISTS WITH SAME LABEL $label = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_label"]), AJXP_SANITIZE_HTML); $description = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_description"]), AJXP_SANITIZE_HTML); $exists = $this->checkRepoWithSameLabel($label, isset($editingRepo) ? $editingRepo : null); if ($exists) { $mess = ConfService::getMessages(); throw new Exception($mess["share_center.352"]); } $loggedUser = AuthService::getLoggedUser(); if (isset($editingRepo)) { $this->getShareStore()->testUserCanEditShare($editingRepo->getOwner(), $editingRepo->options); $newRepo = $editingRepo; $replace = false; if ($editingRepo->getDisplay() != $label) { $newRepo->setDisplay($label); $replace = true; } if ($editingRepo->getDescription() != $description) { $newRepo->setDescription($description); $replace = true; } $newScope = isset($httpVars["share_scope"]) && $httpVars["share_scope"] == "public" ? "public" : "private"; $oldScope = $editingRepo->getOption("SHARE_ACCESS"); $currentOwner = $editingRepo->getOwner(); if ($newScope != $oldScope && $currentOwner != AuthService::getLoggedUser()->getId()) { $mess = ConfService::getMessages(); throw new Exception($mess["share_center.224"]); } if ($newScope !== $oldScope) { $editingRepo->addOption("SHARE_ACCESS", $newScope); $replace = true; } if (isset($httpVars["transfer_owner"])) { $newOwner = $httpVars["transfer_owner"]; if ($newOwner != $currentOwner && $currentOwner != AuthService::getLoggedUser()->getId()) { $mess = ConfService::getMessages(); throw new Exception($mess["share_center.224"]); } $editingRepo->setOwnerData($editingRepo->getParentId(), $newOwner, $editingRepo->getUniqueUser()); $replace = true; } if ($replace) { ConfService::replaceRepository($newRepo->getId(), $newRepo); } } else { $options = $this->accessDriver->makeSharedRepositoryOptions($httpVars, $this->repository); // TMP TESTS $options["SHARE_ACCESS"] = $httpVars["share_scope"]; $newRepo = $this->repository->createSharedChild($label, $options, $this->repository->getId(), $loggedUser->getId(), null); $gPath = $loggedUser->getGroupPath(); if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) { $newRepo->setGroupPath($gPath); } $newRepo->setDescription($description); // Smells like dirty hack! $newRepo->options["PATH"] = SystemTextEncoding::fromStorageEncoding($newRepo->options["PATH"]); if (isset($httpVars["filter_nodes"])) { $newRepo->setContentFilter(new ContentFilter($httpVars["filter_nodes"])); } ConfService::addRepository($newRepo); } return $newRepo; }
/** * @param ShareCenter $shareCenter * @param ShareStore $shareStore * @param ShareRightsManager $shareRightManager */ public static function migrateLegacyMeta($shareCenter, $shareStore, $shareRightManager, $dryRun = true) { $metaStoreDir = AJXP_DATA_PATH . "/plugins/metastore.serial"; $publicFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER"); $metastores = glob($metaStoreDir . "/ajxp_meta_0"); if ($dryRun) { print "RUNNING A DRY RUN FOR META MIGRATION"; } foreach ($metastores as $store) { if (strpos($store, ".bak") !== false) { continue; } // Backup store if (!$dryRun) { copy($store, $store . ".bak"); } $data = unserialize(file_get_contents($store)); foreach ($data as $filePath => &$metadata) { foreach ($metadata as $userName => &$meta) { if (!AuthService::userExists($userName)) { continue; } $userObject = ConfService::getConfStorageImpl()->createUserObject($userName); if (isset($meta["ajxp_shared"]) && isset($meta["ajxp_shared"]["element"])) { print "\n\nItem {$filePath} requires upgrade :"; $share = $meta["ajxp_shared"]; $element = $meta["ajxp_shared"]["element"]; if (is_array($element)) { $element = array_shift(array_keys($element)); } // Take the first one only $legacyLinkFile = $publicFolder . "/" . $element . ".php"; if (file_exists($legacyLinkFile)) { // Load file, move it to DB and move the meta $publiclet = $shareStore->loadShare($element); rename($legacyLinkFile, $legacyLinkFile . ".migrated"); if (isset($share["minisite"])) { print "\n--Migrate legacy minisite to new minisite?"; try { $sharedRepoId = $publiclet["REPOSITORY"]; $sharedRepo = ConfService::getRepositoryById($sharedRepoId); if ($sharedRepo == null) { print "\n--ERROR: Cannot find repository with id " . $sharedRepoId; continue; } $shareLink = new ShareLink($shareStore, $publiclet); $user = $shareLink->getUniqueUser(); if (AuthService::userExists($user)) { $userObject = ConfService::getConfStorageImpl()->createUserObject($user); $userObject->setHidden(true); print "\n--Should set existing user {$user} as hidden"; if (!$dryRun) { $userObject->save(); } } $shareLink->parseHttpVars(["custom_handle" => $element]); $shareLink->setParentRepositoryId($sharedRepo->getParentId()); print "\n--Creating the following share object"; print_r($shareLink->getJsonData($shareCenter->getPublicAccessManager(), ConfService::getMessages())); if (!$dryRun) { $shareLink->save(); } $meta["ajxp_shared"] = ["shares" => [$element => ["type" => "minisite"], $sharedRepoId => ["type" => "repository"]]]; } catch (Exception $e) { print "\n-- Error " . $e->getMessage(); } } else { print "\n--Should migrate legacy link to new minisite with ContentFilter"; try { $link = new ShareLink($shareStore); $link->setOwnerId($userName); $parameters = array("custom_handle" => $element, "simple_right_download" => true); if (isset($publiclet["EXPIRE_TIME"])) { $parameters["expiration"] = $publiclet["EXPIRE_TIME"]; } if (isset($publiclet["DOWNLOAD_LIMIT"])) { $parameters["downloadlimit"] = $publiclet["DOWNLOAD_LIMIT"]; } $link->parseHttpVars($parameters); $parentRepositoryObject = $publiclet["REPOSITORY"]; $driverInstance = AJXP_PluginsService::findPlugin("access", $parentRepositoryObject->getAccessType()); if (empty($driverInstance)) { print "\n-- ERROR: Cannot find driver instance!"; continue; } $options = $driverInstance->makeSharedRepositoryOptions(["file" => "/"], $parentRepositoryObject); $options["SHARE_ACCESS"] = "private"; $newRepo = $parentRepositoryObject->createSharedChild(basename($filePath), $options, $parentRepositoryObject->getId(), $userObject->getId(), null); $gPath = $userObject->getGroupPath(); if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) { $newRepo->setGroupPath($gPath); } $newRepo->setDescription(""); // Smells like dirty hack! $newRepo->options["PATH"] = SystemTextEncoding::fromStorageEncoding($newRepo->options["PATH"]); $newRepo->setContentFilter(new ContentFilter([new AJXP_Node("pydio://" . $parentRepositoryObject->getId() . $filePath)])); if (!$dryRun) { ConfService::addRepository($newRepo); } $hiddenUserEntry = $shareRightManager->prepareSharedUserEntry(["simple_right_read" => true, "simple_right_download" => true], $link, false, null); $selection = new UserSelection($parentRepositoryObject, []); $selection->addFile($filePath); if (!$dryRun) { $shareRightManager->assignSharedRepositoryPermissions($parentRepositoryObject, $newRepo, false, [$hiddenUserEntry["ID"] => $hiddenUserEntry], [], $selection); } $link->setParentRepositoryId($parentRepositoryObject->getId()); $link->attachToRepository($newRepo->getId()); print "\n-- Should save following LINK: "; print_r($link->getJsonData($shareCenter->getPublicAccessManager(), ConfService::getMessages())); if (!$dryRun) { $hash = $link->save(); } // UPDATE METADATA $meta["ajxp_shared"] = ["shares" => [$element => array("type" => "minisite")]]; } catch (Exception $e) { print "\n-- ERROR: " . $e->getMessage(); } } if ($dryRun) { rename($legacyLinkFile . ".migrated", $legacyLinkFile); } continue; } else { // // File does not exists, remove meta // unset($meta["ajxp_shared"]); } $repo = ConfService::getRepositoryById($element); if ($repo !== null) { print "\n--Shared repository: just metadata"; // Shared repo, migrating the meta should be enough $meta["ajxp_shared"] = array("shares" => [$element => array("type" => "repository")]); } } } } print "\n\n SHOULD NOW UPDATE METADATA WITH FOLLOWING :"; print_r($data); if (!$dryRun) { file_put_contents($store, serialize($data)); } } }
/** * @param Array $httpVars * @param Repository $repository * @param AbstractAccessDriver $accessDriver * @param null $uniqueUser * @throws Exception * @return int|Repository */ public function createSharedRepository($httpVars, $repository, $accessDriver, $uniqueUser = null) { // ERRORS // 100 : missing args // 101 : repository label already exists // 102 : user already exists // 103 : current user is not allowed to share // SUCCESS // 200 if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") { return 100; } /* // FILE IS ALWAYS THE PARENT FOLDER SO WE NOW CHECK FOLDER_SHARING AT A HIGHER LEVEL $file = AJXP_Utils::decodeSecureMagic($httpVars["file"]); $foldersharing = $this->getFilteredOption("ENABLE_FOLDER_SHARING", $this->repository->getId()); $foldersharingDisabled = isset($foldersharing) && ($foldersharing === false || (is_string($foldersharing) && $foldersharing == "disable")); if (is_dir($this->urlBase.$file) && $foldersharingDisabled) { return 103; } */ $loggedUser = AuthService::getLoggedUser(); $actRights = $loggedUser->mergedRole->listActionsStatesFor($repository); if (isset($actRights["share"]) && $actRights["share"] === false) { return 103; } $users = array(); $uRights = array(); $uPasses = array(); $groups = array(); $uWatches = array(); $index = 0; $prefix = $this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository->getId()); while (isset($httpVars["user_" . $index])) { $eType = $httpVars["entry_type_" . $index]; $uWatch = false; $rightString = ($httpVars["right_read_" . $index] == "true" ? "r" : "") . ($httpVars["right_write_" . $index] == "true" ? "w" : ""); if ($this->watcher !== false) { $uWatch = $httpVars["right_watch_" . $index] == "true" ? true : false; } if (empty($rightString)) { $index++; continue; } if ($eType == "user") { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index], AJXP_SANITIZE_EMAILCHARS); if (!AuthService::userExists($u) && !isset($httpVars["user_pass_" . $index])) { $index++; continue; } else { if (AuthService::userExists($u, "w") && isset($httpVars["user_pass_" . $index])) { throw new Exception("User {$u} already exists, please choose another name."); } } if (!AuthService::userExists($u, "r") && !empty($prefix) && strpos($u, $prefix) !== 0) { $u = $prefix . $u; } $users[] = $u; } else { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index]); if (strpos($u, "/AJXP_TEAM/") === 0) { $confDriver = ConfService::getConfStorageImpl(); if (method_exists($confDriver, "teamIdToUsers")) { $teamUsers = $confDriver->teamIdToUsers(str_replace("/AJXP_TEAM/", "", $u)); foreach ($teamUsers as $userId) { $users[] = $userId; $uRights[$userId] = $rightString; if ($this->watcher !== false) { $uWatches[$userId] = $uWatch; } } } $index++; continue; } else { $groups[] = $u; } } $uRights[$u] = $rightString; $uPasses[$u] = isset($httpVars["user_pass_" . $index]) ? $httpVars["user_pass_" . $index] : ""; if ($this->watcher !== false) { $uWatches[$u] = $uWatch; } $index++; } $label = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_label"]), AJXP_SANITIZE_HTML); $description = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_description"]), AJXP_SANITIZE_HTML); if (isset($httpVars["repository_id"])) { $editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]); } // CHECK USER & REPO DOES NOT ALREADY EXISTS if ($this->getFilteredOption("AVOID_SHARED_FOLDER_SAME_LABEL", $this->repository->getId()) == true) { $count = 0; $similarLabelRepos = ConfService::listRepositoriesWithCriteria(array("display" => $label), $count); if ($count && !isset($editingRepo)) { return 101; } if ($count && isset($editingRepo)) { foreach ($similarLabelRepos as $slr) { if ($slr->getUniqueId() != $editingRepo->getUniqueId()) { return 101; } } } /* $repos = ConfService::getRepositoriesList(); foreach ($repos as $obj) { if ($obj->getDisplay() == $label && (!isSet($editingRepo) || $editingRepo != $obj)) { } } */ } $confDriver = ConfService::getConfStorageImpl(); foreach ($users as $userName) { if (AuthService::userExists($userName)) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); if (ConfService::getCoreConf("ALLOW_CROSSUSERS_SHARING", "conf") != true && (!$userObject->hasParent() || $userObject->getParent() != $loggedUser->id)) { return 102; } } else { if ($httpVars["create_guest_user"] != "true" && !ConfService::getCoreConf("USER_CREATE_USERS", "conf") || AuthService::isReservedUserId($userName)) { return 102; } if (!isset($httpVars["shared_pass"]) || $httpVars["shared_pass"] == "") { return 100; } } } // CREATE SHARED OPTIONS $options = $accessDriver->makeSharedRepositoryOptions($httpVars, $repository); $customData = array(); foreach ($httpVars as $key => $value) { if (substr($key, 0, strlen("PLUGINS_DATA_")) == "PLUGINS_DATA_") { $customData[substr($key, strlen("PLUGINS_DATA_"))] = $value; } } if (count($customData)) { $options["PLUGINS_DATA"] = $customData; } if (isset($editingRepo)) { $newRepo = $editingRepo; $replace = false; if ($editingRepo->getDisplay() != $label) { $newRepo->setDisplay($label); $replace = true; } if ($editingRepo->getDescription() != $description) { $newRepo->setDescription($description); $replace = true; } if ($replace) { ConfService::replaceRepository($httpVars["repository_id"], $newRepo); } } else { if ($repository->getOption("META_SOURCES")) { $options["META_SOURCES"] = $repository->getOption("META_SOURCES"); foreach ($options["META_SOURCES"] as $index => &$data) { if (isset($data["USE_SESSION_CREDENTIALS"]) && $data["USE_SESSION_CREDENTIALS"] === true) { $options["META_SOURCES"][$index]["ENCODED_CREDENTIALS"] = AJXP_Safe::getEncodedCredentialString(); } if ($index == "meta.syncable" && (!isset($data["REPO_SYNCABLE"]) || $data["REPO_SYNCABLE"] === true)) { $data["REQUIRES_INDEXATION"] = true; } } } $newRepo = $repository->createSharedChild($label, $options, $repository->id, $loggedUser->id, null); $gPath = $loggedUser->getGroupPath(); if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) { $newRepo->setGroupPath($gPath); } $newRepo->setDescription($description); $newRepo->options["PATH"] = SystemTextEncoding::fromStorageEncoding($newRepo->options["PATH"]); if (isset($httpVars["filter_nodes"])) { $newRepo->setContentFilter(new ContentFilter($httpVars["filter_nodes"])); } ConfService::addRepository($newRepo); if (!isset($httpVars["minisite"])) { $this->getShareStore()->storeShare($repository->getId(), array("REPOSITORY" => $newRepo->getUniqueId(), "OWNER_ID" => $loggedUser->getId()), "repository"); } } $file = AJXP_Utils::decodeSecureMagic($httpVars["file"]); if (isset($editingRepo)) { $currentRights = $this->computeSharedRepositoryAccessRights($httpVars["repository_id"], false, $this->urlBase . $file); $originalUsers = array_keys($currentRights["USERS"]); $removeUsers = array_diff($originalUsers, $users); if (count($removeUsers)) { foreach ($removeUsers as $user) { if (AuthService::userExists($user)) { $userObject = $confDriver->createUserObject($user); $userObject->personalRole->setAcl($newRepo->getUniqueId(), ""); $userObject->save("superuser"); } $this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $user, true); } } $originalGroups = array_keys($currentRights["GROUPS"]); $removeGroups = array_diff($originalGroups, $groups); if (count($removeGroups)) { foreach ($removeGroups as $groupId) { $role = AuthService::getRole($groupId); if ($role !== false) { $role->setAcl($newRepo->getUniqueId(), ""); AuthService::updateRole($role); } } } } foreach ($users as $userName) { if (AuthService::userExists($userName, "r")) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); } else { if (ConfService::getAuthDriverImpl()->getOptionAsBool("TRANSMIT_CLEAR_PASS")) { $pass = $uPasses[$userName]; } else { $pass = md5($uPasses[$userName]); } if (!isset($httpVars["minisite"])) { // This is an explicit user creation - check possible limits AJXP_Controller::applyHook("user.before_create", array($userName)); $limit = $loggedUser->personalRole->filterParameterValue("core.conf", "USER_SHARED_USERS_LIMIT", AJXP_REPO_SCOPE_ALL, ""); if (!empty($limit) && intval($limit) > 0) { $count = count(ConfService::getConfStorageImpl()->getUserChildren($loggedUser->getId())); if ($count >= $limit) { $mess = ConfService::getMessages(); throw new Exception($mess['483']); } } } AuthService::createUser($userName, $pass); $userObject = $confDriver->createUserObject($userName); $userObject->personalRole->clearAcls(); $userObject->setParent($loggedUser->id); $userObject->setGroupPath($loggedUser->getGroupPath()); $userObject->setProfile("shared"); if (isset($httpVars["minisite"])) { $mess = ConfService::getMessages(); $userObject->setHidden(true); $userObject->personalRole->setParameterValue("core.conf", "USER_DISPLAY_NAME", "[" . $mess["share_center.109"] . "] " . AJXP_Utils::sanitize($newRepo->getDisplay(), AJXP_SANITIZE_EMAILCHARS)); } AJXP_Controller::applyHook("user.after_create", array($userObject)); } // CREATE USER WITH NEW REPO RIGHTS $userObject->personalRole->setAcl($newRepo->getUniqueId(), $uRights[$userName]); if (isset($httpVars["minisite"])) { if (isset($editingRepo)) { try { AuthService::deleteRole("AJXP_SHARED-" . $newRepo->getUniqueId()); } catch (Exception $e) { } } $newRole = new AJXP_Role("AJXP_SHARED-" . $newRepo->getUniqueId()); $r = AuthService::getRole("MINISITE"); if (is_a($r, "AJXP_Role")) { if ($httpVars["disable_download"]) { $f = AuthService::getRole("MINISITE_NODOWNLOAD"); if (is_a($f, "AJXP_Role")) { $r = $f->override($r); } } $allData = $r->getDataArray(); $newData = $newRole->getDataArray(); if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) { $newData["ACTIONS"][$newRepo->getUniqueId()] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED]; } if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) { $newData["PARAMETERS"][$newRepo->getUniqueId()] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED]; } $newRole->bunchUpdate($newData); AuthService::updateRole($newRole); $userObject->addRole($newRole); } } $userObject->save("superuser"); if ($this->watcher !== false) { // Register a watch on the current folder for shared user if ($uWatches[$userName] == "true") { $this->watcher->setWatchOnFolder(new AJXP_Node($this->urlBase . $file), $userName, MetaWatchRegister::$META_WATCH_USERS_CHANGE, array(AuthService::getLoggedUser()->getId())); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $userName, true); } } } if ($this->watcher !== false) { // Register a watch on the new repository root for current user if ($httpVars["self_watch_folder"] == "true") { $this->watcher->setWatchOnFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_BOTH); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId()); } } foreach ($groups as $group) { $r = $uRights[$group]; if ($group == "AJXP_GRP_/") { $group = "ROOT_ROLE"; } $grRole = AuthService::getRole($group, true); $grRole->setAcl($newRepo->getUniqueId(), $r); AuthService::updateRole($grRole); } if (array_key_exists("minisite", $httpVars) && $httpVars["minisite"] != true) { AJXP_Controller::applyHook(isset($editingRepo) ? "node.share.update" : "node.share.create", array('type' => 'repository', 'repository' => &$repository, 'accessDriver' => &$accessDriver, 'new_repository' => &$newRepo)); } return $newRepo; }