/**
* @param array $httpVars
* @param bool $update
* @return Repository
* @throws Exception
*/
protected function createOrLoadSharedRepository($httpVars, &$update)
{
if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") {
$mess = ConfService::getMessages();
throw new Exception($mess["349"]);
}
if (isset($httpVars["repository_id"])) {
$editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]);
$update = true;
}
// CHECK REPO DOES NOT ALREADY EXISTS WITH SAME LABEL
$label = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_label"]), AJXP_SANITIZE_HTML);
$description = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_description"]), AJXP_SANITIZE_HTML);
$exists = $this->checkRepoWithSameLabel($label, isset($editingRepo) ? $editingRepo : null);
if ($exists) {
$mess = ConfService::getMessages();
throw new Exception($mess["share_center.352"]);
}
$loggedUser = AuthService::getLoggedUser();
if (isset($editingRepo)) {
$this->getShareStore()->testUserCanEditShare($editingRepo->getOwner(), $editingRepo->options);
$newRepo = $editingRepo;
$replace = false;
if ($editingRepo->getDisplay() != $label) {
$newRepo->setDisplay($label);
$replace = true;
}
if ($editingRepo->getDescription() != $description) {
$newRepo->setDescription($description);
$replace = true;
}
$newScope = isset($httpVars["share_scope"]) && $httpVars["share_scope"] == "public" ? "public" : "private";
$oldScope = $editingRepo->getOption("SHARE_ACCESS");
$currentOwner = $editingRepo->getOwner();
if ($newScope != $oldScope && $currentOwner != AuthService::getLoggedUser()->getId()) {
$mess = ConfService::getMessages();
throw new Exception($mess["share_center.224"]);
}
if ($newScope !== $oldScope) {
$editingRepo->addOption("SHARE_ACCESS", $newScope);
$replace = true;
}
if (isset($httpVars["transfer_owner"])) {
$newOwner = $httpVars["transfer_owner"];
if ($newOwner != $currentOwner && $currentOwner != AuthService::getLoggedUser()->getId()) {
$mess = ConfService::getMessages();
throw new Exception($mess["share_center.224"]);
}
$editingRepo->setOwnerData($editingRepo->getParentId(), $newOwner, $editingRepo->getUniqueUser());
$replace = true;
}
if ($replace) {
ConfService::replaceRepository($newRepo->getId(), $newRepo);
}
} else {
$options = $this->accessDriver->makeSharedRepositoryOptions($httpVars, $this->repository);
// TMP TESTS
$options["SHARE_ACCESS"] = $httpVars["share_scope"];
$newRepo = $this->repository->createSharedChild($label, $options, $this->repository->getId(), $loggedUser->getId(), null);
$gPath = $loggedUser->getGroupPath();
if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) {
$newRepo->setGroupPath($gPath);
}
$newRepo->setDescription($description);
// Smells like dirty hack!
$newRepo->options["PATH"] = SystemTextEncoding::fromStorageEncoding($newRepo->options["PATH"]);
if (isset($httpVars["filter_nodes"])) {
$newRepo->setContentFilter(new ContentFilter($httpVars["filter_nodes"]));
}
ConfService::addRepository($newRepo);
}
return $newRepo;
}
/**
* @param ShareCenter $shareCenter
* @param ShareStore $shareStore
* @param ShareRightsManager $shareRightManager
*/
public static function migrateLegacyMeta($shareCenter, $shareStore, $shareRightManager, $dryRun = true)
{
$metaStoreDir = AJXP_DATA_PATH . "/plugins/metastore.serial";
$publicFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER");
$metastores = glob($metaStoreDir . "/ajxp_meta_0");
if ($dryRun) {
print "RUNNING A DRY RUN FOR META MIGRATION";
}
foreach ($metastores as $store) {
if (strpos($store, ".bak") !== false) {
continue;
}
// Backup store
if (!$dryRun) {
copy($store, $store . ".bak");
}
$data = unserialize(file_get_contents($store));
foreach ($data as $filePath => &$metadata) {
foreach ($metadata as $userName => &$meta) {
if (!AuthService::userExists($userName)) {
continue;
}
$userObject = ConfService::getConfStorageImpl()->createUserObject($userName);
if (isset($meta["ajxp_shared"]) && isset($meta["ajxp_shared"]["element"])) {
print "\n\nItem {$filePath} requires upgrade :";
$share = $meta["ajxp_shared"];
$element = $meta["ajxp_shared"]["element"];
if (is_array($element)) {
$element = array_shift(array_keys($element));
}
// Take the first one only
$legacyLinkFile = $publicFolder . "/" . $element . ".php";
if (file_exists($legacyLinkFile)) {
// Load file, move it to DB and move the meta
$publiclet = $shareStore->loadShare($element);
rename($legacyLinkFile, $legacyLinkFile . ".migrated");
if (isset($share["minisite"])) {
print "\n--Migrate legacy minisite to new minisite?";
try {
$sharedRepoId = $publiclet["REPOSITORY"];
$sharedRepo = ConfService::getRepositoryById($sharedRepoId);
if ($sharedRepo == null) {
print "\n--ERROR: Cannot find repository with id " . $sharedRepoId;
continue;
}
$shareLink = new ShareLink($shareStore, $publiclet);
$user = $shareLink->getUniqueUser();
if (AuthService::userExists($user)) {
$userObject = ConfService::getConfStorageImpl()->createUserObject($user);
$userObject->setHidden(true);
print "\n--Should set existing user {$user} as hidden";
if (!$dryRun) {
$userObject->save();
}
}
$shareLink->parseHttpVars(["custom_handle" => $element]);
$shareLink->setParentRepositoryId($sharedRepo->getParentId());
print "\n--Creating the following share object";
print_r($shareLink->getJsonData($shareCenter->getPublicAccessManager(), ConfService::getMessages()));
if (!$dryRun) {
$shareLink->save();
}
$meta["ajxp_shared"] = ["shares" => [$element => ["type" => "minisite"], $sharedRepoId => ["type" => "repository"]]];
} catch (Exception $e) {
print "\n-- Error " . $e->getMessage();
}
} else {
print "\n--Should migrate legacy link to new minisite with ContentFilter";
try {
$link = new ShareLink($shareStore);
$link->setOwnerId($userName);
$parameters = array("custom_handle" => $element, "simple_right_download" => true);
if (isset($publiclet["EXPIRE_TIME"])) {
$parameters["expiration"] = $publiclet["EXPIRE_TIME"];
}
if (isset($publiclet["DOWNLOAD_LIMIT"])) {
$parameters["downloadlimit"] = $publiclet["DOWNLOAD_LIMIT"];
}
$link->parseHttpVars($parameters);
$parentRepositoryObject = $publiclet["REPOSITORY"];
$driverInstance = AJXP_PluginsService::findPlugin("access", $parentRepositoryObject->getAccessType());
if (empty($driverInstance)) {
print "\n-- ERROR: Cannot find driver instance!";
continue;
}
$options = $driverInstance->makeSharedRepositoryOptions(["file" => "/"], $parentRepositoryObject);
$options["SHARE_ACCESS"] = "private";
$newRepo = $parentRepositoryObject->createSharedChild(basename($filePath), $options, $parentRepositoryObject->getId(), $userObject->getId(), null);
$gPath = $userObject->getGroupPath();
if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) {
$newRepo->setGroupPath($gPath);
}
$newRepo->setDescription("");
// Smells like dirty hack!
$newRepo->options["PATH"] = SystemTextEncoding::fromStorageEncoding($newRepo->options["PATH"]);
$newRepo->setContentFilter(new ContentFilter([new AJXP_Node("pydio://" . $parentRepositoryObject->getId() . $filePath)]));
if (!$dryRun) {
ConfService::addRepository($newRepo);
}
$hiddenUserEntry = $shareRightManager->prepareSharedUserEntry(["simple_right_read" => true, "simple_right_download" => true], $link, false, null);
$selection = new UserSelection($parentRepositoryObject, []);
$selection->addFile($filePath);
if (!$dryRun) {
$shareRightManager->assignSharedRepositoryPermissions($parentRepositoryObject, $newRepo, false, [$hiddenUserEntry["ID"] => $hiddenUserEntry], [], $selection);
}
$link->setParentRepositoryId($parentRepositoryObject->getId());
$link->attachToRepository($newRepo->getId());
print "\n-- Should save following LINK: ";
print_r($link->getJsonData($shareCenter->getPublicAccessManager(), ConfService::getMessages()));
if (!$dryRun) {
$hash = $link->save();
}
// UPDATE METADATA
$meta["ajxp_shared"] = ["shares" => [$element => array("type" => "minisite")]];
} catch (Exception $e) {
print "\n-- ERROR: " . $e->getMessage();
}
}
if ($dryRun) {
rename($legacyLinkFile . ".migrated", $legacyLinkFile);
}
continue;
} else {
//
// File does not exists, remove meta
//
unset($meta["ajxp_shared"]);
}
$repo = ConfService::getRepositoryById($element);
if ($repo !== null) {
print "\n--Shared repository: just metadata";
// Shared repo, migrating the meta should be enough
$meta["ajxp_shared"] = array("shares" => [$element => array("type" => "repository")]);
}
}
}
}
print "\n\n SHOULD NOW UPDATE METADATA WITH FOLLOWING :";
print_r($data);
if (!$dryRun) {
file_put_contents($store, serialize($data));
}
}
}
/**
* @param Array $httpVars
* @param Repository $repository
* @param AbstractAccessDriver $accessDriver
* @param null $uniqueUser
* @throws Exception
* @return int|Repository
*/
public function createSharedRepository($httpVars, $repository, $accessDriver, $uniqueUser = null)
{
// ERRORS
// 100 : missing args
// 101 : repository label already exists
// 102 : user already exists
// 103 : current user is not allowed to share
// SUCCESS
// 200
if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") {
return 100;
}
/*
// FILE IS ALWAYS THE PARENT FOLDER SO WE NOW CHECK FOLDER_SHARING AT A HIGHER LEVEL
$file = AJXP_Utils::decodeSecureMagic($httpVars["file"]);
$foldersharing = $this->getFilteredOption("ENABLE_FOLDER_SHARING", $this->repository->getId());
$foldersharingDisabled = isset($foldersharing) && ($foldersharing === false || (is_string($foldersharing) && $foldersharing == "disable"));
if (is_dir($this->urlBase.$file) && $foldersharingDisabled) {
return 103;
}
*/
$loggedUser = AuthService::getLoggedUser();
$actRights = $loggedUser->mergedRole->listActionsStatesFor($repository);
if (isset($actRights["share"]) && $actRights["share"] === false) {
return 103;
}
$users = array();
$uRights = array();
$uPasses = array();
$groups = array();
$uWatches = array();
$index = 0;
$prefix = $this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository->getId());
while (isset($httpVars["user_" . $index])) {
$eType = $httpVars["entry_type_" . $index];
$uWatch = false;
$rightString = ($httpVars["right_read_" . $index] == "true" ? "r" : "") . ($httpVars["right_write_" . $index] == "true" ? "w" : "");
if ($this->watcher !== false) {
$uWatch = $httpVars["right_watch_" . $index] == "true" ? true : false;
}
if (empty($rightString)) {
$index++;
continue;
}
if ($eType == "user") {
$u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index], AJXP_SANITIZE_EMAILCHARS);
if (!AuthService::userExists($u) && !isset($httpVars["user_pass_" . $index])) {
$index++;
continue;
} else {
if (AuthService::userExists($u, "w") && isset($httpVars["user_pass_" . $index])) {
throw new Exception("User {$u} already exists, please choose another name.");
}
}
if (!AuthService::userExists($u, "r") && !empty($prefix) && strpos($u, $prefix) !== 0) {
$u = $prefix . $u;
}
$users[] = $u;
} else {
$u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index]);
if (strpos($u, "/AJXP_TEAM/") === 0) {
$confDriver = ConfService::getConfStorageImpl();
if (method_exists($confDriver, "teamIdToUsers")) {
$teamUsers = $confDriver->teamIdToUsers(str_replace("/AJXP_TEAM/", "", $u));
foreach ($teamUsers as $userId) {
$users[] = $userId;
$uRights[$userId] = $rightString;
if ($this->watcher !== false) {
$uWatches[$userId] = $uWatch;
}
}
}
$index++;
continue;
} else {
$groups[] = $u;
}
}
$uRights[$u] = $rightString;
$uPasses[$u] = isset($httpVars["user_pass_" . $index]) ? $httpVars["user_pass_" . $index] : "";
if ($this->watcher !== false) {
$uWatches[$u] = $uWatch;
}
$index++;
}
$label = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_label"]), AJXP_SANITIZE_HTML);
$description = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_description"]), AJXP_SANITIZE_HTML);
if (isset($httpVars["repository_id"])) {
$editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]);
}
// CHECK USER & REPO DOES NOT ALREADY EXISTS
if ($this->getFilteredOption("AVOID_SHARED_FOLDER_SAME_LABEL", $this->repository->getId()) == true) {
$count = 0;
$similarLabelRepos = ConfService::listRepositoriesWithCriteria(array("display" => $label), $count);
if ($count && !isset($editingRepo)) {
return 101;
}
if ($count && isset($editingRepo)) {
foreach ($similarLabelRepos as $slr) {
if ($slr->getUniqueId() != $editingRepo->getUniqueId()) {
return 101;
}
}
}
/*
$repos = ConfService::getRepositoriesList();
foreach ($repos as $obj) {
if ($obj->getDisplay() == $label && (!isSet($editingRepo) || $editingRepo != $obj)) {
}
}
*/
}
$confDriver = ConfService::getConfStorageImpl();
foreach ($users as $userName) {
if (AuthService::userExists($userName)) {
// check that it's a child user
$userObject = $confDriver->createUserObject($userName);
if (ConfService::getCoreConf("ALLOW_CROSSUSERS_SHARING", "conf") != true && (!$userObject->hasParent() || $userObject->getParent() != $loggedUser->id)) {
return 102;
}
} else {
if ($httpVars["create_guest_user"] != "true" && !ConfService::getCoreConf("USER_CREATE_USERS", "conf") || AuthService::isReservedUserId($userName)) {
return 102;
}
if (!isset($httpVars["shared_pass"]) || $httpVars["shared_pass"] == "") {
return 100;
}
}
}
// CREATE SHARED OPTIONS
$options = $accessDriver->makeSharedRepositoryOptions($httpVars, $repository);
$customData = array();
foreach ($httpVars as $key => $value) {
if (substr($key, 0, strlen("PLUGINS_DATA_")) == "PLUGINS_DATA_") {
$customData[substr($key, strlen("PLUGINS_DATA_"))] = $value;
}
}
if (count($customData)) {
$options["PLUGINS_DATA"] = $customData;
}
if (isset($editingRepo)) {
$newRepo = $editingRepo;
$replace = false;
if ($editingRepo->getDisplay() != $label) {
$newRepo->setDisplay($label);
$replace = true;
}
if ($editingRepo->getDescription() != $description) {
$newRepo->setDescription($description);
$replace = true;
}
if ($replace) {
ConfService::replaceRepository($httpVars["repository_id"], $newRepo);
}
} else {
if ($repository->getOption("META_SOURCES")) {
$options["META_SOURCES"] = $repository->getOption("META_SOURCES");
foreach ($options["META_SOURCES"] as $index => &$data) {
if (isset($data["USE_SESSION_CREDENTIALS"]) && $data["USE_SESSION_CREDENTIALS"] === true) {
$options["META_SOURCES"][$index]["ENCODED_CREDENTIALS"] = AJXP_Safe::getEncodedCredentialString();
}
if ($index == "meta.syncable" && (!isset($data["REPO_SYNCABLE"]) || $data["REPO_SYNCABLE"] === true)) {
$data["REQUIRES_INDEXATION"] = true;
}
}
}
$newRepo = $repository->createSharedChild($label, $options, $repository->id, $loggedUser->id, null);
$gPath = $loggedUser->getGroupPath();
if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) {
$newRepo->setGroupPath($gPath);
}
$newRepo->setDescription($description);
$newRepo->options["PATH"] = SystemTextEncoding::fromStorageEncoding($newRepo->options["PATH"]);
if (isset($httpVars["filter_nodes"])) {
$newRepo->setContentFilter(new ContentFilter($httpVars["filter_nodes"]));
}
ConfService::addRepository($newRepo);
if (!isset($httpVars["minisite"])) {
$this->getShareStore()->storeShare($repository->getId(), array("REPOSITORY" => $newRepo->getUniqueId(), "OWNER_ID" => $loggedUser->getId()), "repository");
}
}
$file = AJXP_Utils::decodeSecureMagic($httpVars["file"]);
if (isset($editingRepo)) {
$currentRights = $this->computeSharedRepositoryAccessRights($httpVars["repository_id"], false, $this->urlBase . $file);
$originalUsers = array_keys($currentRights["USERS"]);
$removeUsers = array_diff($originalUsers, $users);
if (count($removeUsers)) {
foreach ($removeUsers as $user) {
if (AuthService::userExists($user)) {
$userObject = $confDriver->createUserObject($user);
$userObject->personalRole->setAcl($newRepo->getUniqueId(), "");
$userObject->save("superuser");
}
$this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $user, true);
}
}
$originalGroups = array_keys($currentRights["GROUPS"]);
$removeGroups = array_diff($originalGroups, $groups);
if (count($removeGroups)) {
foreach ($removeGroups as $groupId) {
$role = AuthService::getRole($groupId);
if ($role !== false) {
$role->setAcl($newRepo->getUniqueId(), "");
AuthService::updateRole($role);
}
}
}
}
foreach ($users as $userName) {
if (AuthService::userExists($userName, "r")) {
// check that it's a child user
$userObject = $confDriver->createUserObject($userName);
} else {
if (ConfService::getAuthDriverImpl()->getOptionAsBool("TRANSMIT_CLEAR_PASS")) {
$pass = $uPasses[$userName];
} else {
$pass = md5($uPasses[$userName]);
}
if (!isset($httpVars["minisite"])) {
// This is an explicit user creation - check possible limits
AJXP_Controller::applyHook("user.before_create", array($userName));
$limit = $loggedUser->personalRole->filterParameterValue("core.conf", "USER_SHARED_USERS_LIMIT", AJXP_REPO_SCOPE_ALL, "");
if (!empty($limit) && intval($limit) > 0) {
$count = count(ConfService::getConfStorageImpl()->getUserChildren($loggedUser->getId()));
if ($count >= $limit) {
$mess = ConfService::getMessages();
throw new Exception($mess['483']);
}
}
}
AuthService::createUser($userName, $pass);
$userObject = $confDriver->createUserObject($userName);
$userObject->personalRole->clearAcls();
$userObject->setParent($loggedUser->id);
$userObject->setGroupPath($loggedUser->getGroupPath());
$userObject->setProfile("shared");
if (isset($httpVars["minisite"])) {
$mess = ConfService::getMessages();
$userObject->setHidden(true);
$userObject->personalRole->setParameterValue("core.conf", "USER_DISPLAY_NAME", "[" . $mess["share_center.109"] . "] " . AJXP_Utils::sanitize($newRepo->getDisplay(), AJXP_SANITIZE_EMAILCHARS));
}
AJXP_Controller::applyHook("user.after_create", array($userObject));
}
// CREATE USER WITH NEW REPO RIGHTS
$userObject->personalRole->setAcl($newRepo->getUniqueId(), $uRights[$userName]);
if (isset($httpVars["minisite"])) {
if (isset($editingRepo)) {
try {
AuthService::deleteRole("AJXP_SHARED-" . $newRepo->getUniqueId());
} catch (Exception $e) {
}
}
$newRole = new AJXP_Role("AJXP_SHARED-" . $newRepo->getUniqueId());
$r = AuthService::getRole("MINISITE");
if (is_a($r, "AJXP_Role")) {
if ($httpVars["disable_download"]) {
$f = AuthService::getRole("MINISITE_NODOWNLOAD");
if (is_a($f, "AJXP_Role")) {
$r = $f->override($r);
}
}
$allData = $r->getDataArray();
$newData = $newRole->getDataArray();
if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) {
$newData["ACTIONS"][$newRepo->getUniqueId()] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED];
}
if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) {
$newData["PARAMETERS"][$newRepo->getUniqueId()] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED];
}
$newRole->bunchUpdate($newData);
AuthService::updateRole($newRole);
$userObject->addRole($newRole);
}
}
$userObject->save("superuser");
if ($this->watcher !== false) {
// Register a watch on the current folder for shared user
if ($uWatches[$userName] == "true") {
$this->watcher->setWatchOnFolder(new AJXP_Node($this->urlBase . $file), $userName, MetaWatchRegister::$META_WATCH_USERS_CHANGE, array(AuthService::getLoggedUser()->getId()));
} else {
$this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $userName, true);
}
}
}
if ($this->watcher !== false) {
// Register a watch on the new repository root for current user
if ($httpVars["self_watch_folder"] == "true") {
$this->watcher->setWatchOnFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_BOTH);
} else {
$this->watcher->removeWatchFromFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId());
}
}
foreach ($groups as $group) {
$r = $uRights[$group];
if ($group == "AJXP_GRP_/") {
$group = "ROOT_ROLE";
}
$grRole = AuthService::getRole($group, true);
$grRole->setAcl($newRepo->getUniqueId(), $r);
AuthService::updateRole($grRole);
}
if (array_key_exists("minisite", $httpVars) && $httpVars["minisite"] != true) {
AJXP_Controller::applyHook(isset($editingRepo) ? "node.share.update" : "node.share.create", array('type' => 'repository', 'repository' => &$repository, 'accessDriver' => &$accessDriver, 'new_repository' => &$newRepo));
}
return $newRepo;
}
