/** * @param Array $httpVars * @param Repository $repository * @param AbstractAccessDriver $accessDriver * @param null $uniqueUser * @throws Exception * @return int|Repository */ public function createSharedRepository($httpVars, $repository, $accessDriver, $uniqueUser = null) { // ERRORS // 100 : missing args // 101 : repository label already exists // 102 : user already exists // 103 : current user is not allowed to share // SUCCESS // 200 if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") { return 100; } $foldersharing = $this->getFilteredOption("ENABLE_FOLDER_SHARING", $this->repository->getId()); if (isset($foldersharing) && $foldersharing === false) { return 103; } $loggedUser = AuthService::getLoggedUser(); $actRights = $loggedUser->mergedRole->listActionsStatesFor($repository); if (isset($actRights["share"]) && $actRights["share"] === false) { return 103; } $users = array(); $uRights = array(); $uPasses = array(); $groups = array(); $index = 0; $prefix = $this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository->getId()); while (isset($httpVars["user_" . $index])) { $eType = $httpVars["entry_type_" . $index]; $rightString = ($httpVars["right_read_" . $index] == "true" ? "r" : "") . ($httpVars["right_write_" . $index] == "true" ? "w" : ""); if ($this->watcher !== false) { $uWatch = $httpVars["right_watch_" . $index] == "true" ? true : false; } if (empty($rightString)) { $index++; continue; } if ($eType == "user") { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index], AJXP_SANITIZE_EMAILCHARS); if (!AuthService::userExists($u) && !isset($httpVars["user_pass_" . $index])) { $index++; continue; } else { if (AuthService::userExists($u) && isset($httpVars["user_pass_" . $index])) { throw new Exception("User {$u} already exists, please choose another name."); } } if (!AuthService::userExists($u, "r") && !empty($prefix) && strpos($u, $prefix) !== 0) { $u = $prefix . $u; } $users[] = $u; } else { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index]); if (strpos($u, "/AJXP_TEAM/") === 0) { $confDriver = ConfService::getConfStorageImpl(); if (method_exists($confDriver, "teamIdToUsers")) { $teamUsers = $confDriver->teamIdToUsers(str_replace("/AJXP_TEAM/", "", $u)); foreach ($teamUsers as $userId) { $users[] = $userId; $uRights[$userId] = $rightString; if ($this->watcher !== false) { $uWatches[$userId] = $uWatch; } } } $index++; continue; } else { $groups[] = $u; } } $uRights[$u] = $rightString; $uPasses[$u] = isset($httpVars["user_pass_" . $index]) ? $httpVars["user_pass_" . $index] : ""; if ($this->watcher !== false) { $uWatches[$u] = $uWatch; } $index++; } $label = AJXP_Utils::decodeSecureMagic($httpVars["repo_label"]); $description = AJXP_Utils::decodeSecureMagic($httpVars["repo_description"]); if (isset($httpVars["repository_id"])) { $editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]); } // CHECK USER & REPO DOES NOT ALREADY EXISTS if ($this->getFilteredOption("AVOID_SHARED_FOLDER_SAME_LABEL", $this->repository->getId()) == true) { $repos = ConfService::getRepositoriesList(); foreach ($repos as $obj) { if ($obj->getDisplay() == $label && (!isset($editingRepo) || $editingRepo != $obj)) { return 101; } } } $confDriver = ConfService::getConfStorageImpl(); foreach ($users as $userName) { if (AuthService::userExists($userName)) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); if (ConfService::getCoreConf("ALLOW_CROSSUSERS_SHARING", "conf") != true && (!$userObject->hasParent() || $userObject->getParent() != $loggedUser->id)) { return 102; } } else { if ($httpVars["create_guest_user"] != "true" && !ConfService::getCoreConf("USER_CREATE_USERS", "conf") || AuthService::isReservedUserId($userName)) { return 102; } if (!isset($httpVars["shared_pass"]) || $httpVars["shared_pass"] == "") { return 100; } } } // CREATE SHARED OPTIONS $options = $accessDriver->makeSharedRepositoryOptions($httpVars, $repository); $customData = array(); foreach ($httpVars as $key => $value) { if (substr($key, 0, strlen("PLUGINS_DATA_")) == "PLUGINS_DATA_") { $customData[substr($key, strlen("PLUGINS_DATA_"))] = $value; } } if (count($customData)) { $options["PLUGINS_DATA"] = $customData; } if (isset($editingRepo)) { $newRepo = $editingRepo; if ($editingRepo->getDisplay() != $label) { $newRepo->setDisplay($label); ConfService::replaceRepository($httpVars["repository_id"], $newRepo); } $editingRepo->setDescription($description); } else { if ($repository->getOption("META_SOURCES")) { $options["META_SOURCES"] = $repository->getOption("META_SOURCES"); foreach ($options["META_SOURCES"] as $index => $data) { if (isset($data["USE_SESSION_CREDENTIALS"]) && $data["USE_SESSION_CREDENTIALS"] === true) { $options["META_SOURCES"][$index]["ENCODED_CREDENTIALS"] = AJXP_Safe::getEncodedCredentialString(); } } } $newRepo = $repository->createSharedChild($label, $options, $repository->id, $loggedUser->id, null); $gPath = $loggedUser->getGroupPath(); if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) { $newRepo->setGroupPath($gPath); } $newRepo->setDescription($description); ConfService::addRepository($newRepo); } $file = AJXP_Utils::decodeSecureMagic($httpVars["file"]); if (isset($editingRepo)) { $currentRights = $this->computeSharedRepositoryAccessRights($httpVars["repository_id"], false, $this->urlBase . $file); $originalUsers = array_keys($currentRights["USERS"]); $removeUsers = array_diff($originalUsers, $users); if (count($removeUsers)) { foreach ($removeUsers as $user) { if (AuthService::userExists($user)) { $userObject = $confDriver->createUserObject($user); $userObject->personalRole->setAcl($newRepo->getUniqueId(), ""); $userObject->save("superuser"); } } } $originalGroups = array_keys($currentRights["GROUPS"]); $removeGroups = array_diff($originalGroups, $groups); if (count($removeGroups)) { foreach ($removeGroups as $groupId) { $role = AuthService::getRole("AJXP_GRP_" . AuthService::filterBaseGroup($groupId)); if ($role !== false) { $role->setAcl($newRepo->getUniqueId(), ""); AuthService::updateRole($role); } } } } foreach ($users as $userName) { if (AuthService::userExists($userName, "r")) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); } else { if (ConfService::getAuthDriverImpl()->getOption("TRANSMIT_CLEAR_PASS")) { $pass = $uPasses[$userName]; } else { $pass = md5($uPasses[$userName]); } $limit = $loggedUser->personalRole->filterParameterValue("core.conf", "USER_SHARED_USERS_LIMIT", AJXP_REPO_SCOPE_ALL, ""); if (!empty($limit) && intval($limit) > 0) { $count = count(ConfService::getConfStorageImpl()->getUserChildren($loggedUser->getId())); if ($count >= $limit) { $mess = ConfService::getMessages(); throw new Exception($mess['483']); } } AuthService::createUser($userName, $pass); $userObject = $confDriver->createUserObject($userName); $userObject->personalRole->clearAcls(); $userObject->setParent($loggedUser->id); $userObject->setGroupPath($loggedUser->getGroupPath()); $userObject->setProfile("shared"); if (isset($httpVars["minisite"])) { $mess = ConfService::getMessages(); $userObject->personalRole->setParameterValue("core.conf", "USER_DISPLAY_NAME", "[" . $mess["share_center.109"] . "] " . $newRepo->getDisplay()); } AJXP_Controller::applyHook("user.after_create", array($userObject)); } // CREATE USER WITH NEW REPO RIGHTS $userObject->personalRole->setAcl($newRepo->getUniqueId(), $uRights[$userName]); if (isset($httpVars["minisite"])) { $newRole = new AJXP_Role("AJXP_SHARED-" . $newRepo->getUniqueId()); $r = AuthService::getRole("MINISITE"); if (is_a($r, "AJXP_Role")) { if ($httpVars["disable_download"]) { $f = AuthService::getRole("MINISITE_NODOWNLOAD"); if (is_a($f, "AJXP_Role")) { $r = $f->override($r); } } $allData = $r->getDataArray(); $newData = $newRole->getDataArray(); if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) { $newData["ACTIONS"][$newRepo->getUniqueId()] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED]; } if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) { $newData["PARAMETERS"][$newRepo->getUniqueId()] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED]; } $newRole->bunchUpdate($newData); AuthService::updateRole($newRole); $userObject->addRole($newRole); } } $userObject->save("superuser"); if ($this->watcher !== false) { // Register a watch on the current folder for shared user if ($uWatches[$userName] == "true") { $this->watcher->setWatchOnFolder(new AJXP_Node($this->urlBase . $file), $userName, MetaWatchRegister::$META_WATCH_USERS_CHANGE, array(AuthService::getLoggedUser()->getId())); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $userName, true); } } } if ($this->watcher !== false) { // Register a watch on the new repository root for current user if ($httpVars["self_watch_folder"] == "true") { $this->watcher->setWatchOnFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_BOTH); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node($this->baseProtocol . "://" . $newRepo->getUniqueId() . "/"), AuthService::getLoggedUser()->getId()); } } foreach ($groups as $group) { $grRole = AuthService::getRole("AJXP_GRP_" . AuthService::filterBaseGroup($group), true); $grRole->setAcl($newRepo->getUniqueId(), $uRights[$group]); AuthService::updateRole($grRole); } if (array_key_exists("minisite", $httpVars) && $httpVars["minisite"] != true) { AJXP_Controller::applyHook("node.share.create", array('type' => 'repository', 'repository' => &$repository, 'accessDriver' => &$accessDriver, 'new_repository' => &$newRepo)); } return $newRepo; }
/** * Main callback for all share- actions. * @param string $action * @param array $httpVars * @param array $fileVars * @return null * @throws Exception */ public function switchAction($action, $httpVars, $fileVars) { if (strpos($action, "sharelist") === false && !isset($this->accessDriver)) { throw new Exception("Cannot find access driver!"); } if (strpos($action, "sharelist") === false && $this->accessDriver->getId() == "access.demo") { $errorMessage = "This is a demo, all 'write' actions are disabled!"; if ($httpVars["sub_action"] == "delegate_repo") { return AJXP_XMLWriter::sendMessage(null, $errorMessage, false); } else { print $errorMessage; } return null; } switch ($action) { //------------------------------------ // SHARING FILE OR FOLDER //------------------------------------ case "share": $subAction = isset($httpVars["sub_action"]) ? $httpVars["sub_action"] : ""; // REST API COMPATIBILITY if (empty($subAction) && isset($httpVars["simple_share_type"])) { $subAction = "create_minisite"; if (!isset($httpVars["simple_right_read"]) && !isset($httpVars["simple_right_download"])) { $httpVars["simple_right_read"] = $httpVars["simple_right_download"] = "true"; } $httpVars["create_guest_user"] = "******"; if ($httpVars["simple_share_type"] == "private" && !isset($httpVars["guest_user_pass"])) { throw new Exception("Please provide a guest_user_pass for private link"); } } $userSelection = new UserSelection(ConfService::getRepository(), $httpVars); $ajxpNode = $userSelection->getUniqueNode(); if (!file_exists($ajxpNode->getUrl())) { throw new Exception("Cannot share a non-existing file: " . $ajxpNode->getUrl()); } $this->updateToMaxAllowedValue($httpVars, "downloadlimit", "FILE_MAX_DOWNLOAD"); $this->updateToMaxAllowedValue($httpVars, "expiration", "FILE_MAX_EXPIRATION"); $httpHash = null; $originalHash = null; if (!isset($httpVars["share_scope"]) || !in_array($httpVars["share_scope"], array("public", "private"))) { $httpVars["share_scope"] = "private"; } $shareScope = $httpVars["share_scope"]; $plainResult = 'unknown sub_action'; if ($subAction == "delegate_repo") { $auth = $this->getAuthorization("folder", "workspace"); if (!$auth) { $mess = ConfService::getMessages(); throw new Exception($mess["351"]); } $users = array(); $groups = array(); $this->getRightsManager()->createUsersFromParameters($httpVars, $users, $groups); $result = $this->createSharedRepository($httpVars, $isUpdate, $users, $groups); if (is_a($result, "Repository")) { if (!$isUpdate) { $this->getShareStore()->storeShare($this->repository->getId(), array("REPOSITORY" => $result->getUniqueId(), "OWNER_ID" => AuthService::getLoggedUser()->getId()), "repository"); } AJXP_Controller::applyHook($isUpdate ? "node.share.update" : "node.share.create", array('type' => 'repository', 'repository' => &$this->repository, 'accessDriver' => &$this->accessDriver, 'new_repository' => &$result)); if ($ajxpNode->hasMetaStore() && !$ajxpNode->isRoot()) { $this->getShareStore()->getMetaManager()->addShareInMeta($ajxpNode, "repository", $result->getUniqueId(), $shareScope == "public", $originalHash); } $plainResult = 200; } else { $plainResult = $result; } } else { if ($subAction == "create_minisite") { if (isset($httpVars["hash"]) && !empty($httpVars["hash"])) { $httpHash = $httpVars["hash"]; } $result = $this->createSharedMinisite($httpVars, $isUpdate); if (!is_array($result)) { $url = $result; } else { list($hash, $url) = $result; if ($ajxpNode->hasMetaStore() && !$ajxpNode->isRoot()) { $this->getShareStore()->getMetaManager()->addShareInMeta($ajxpNode, "minisite", $hash, $shareScope == "public", $httpHash != null && $hash != $httpHash ? $httpHash : null); } } $plainResult = $url; } else { if ($subAction == "share_node") { $httpVars["return_json"] = true; if (isset($httpVars["hash"]) && !empty($httpVars["hash"])) { $httpHash = $httpVars["hash"]; } $ajxpNode->loadNodeInfo(); $results = $this->shareNode($ajxpNode, $httpVars, $isUpdate); if (is_array($results) && $ajxpNode->hasMetaStore() && !$ajxpNode->isRoot()) { foreach ($results as $shareObject) { if ($shareObject instanceof \Pydio\OCS\Model\TargettedLink) { $hash = $shareObject->getHash(); $this->getShareStore()->getMetaManager()->addShareInMeta($ajxpNode, "ocs_remote", $hash, $shareScope == "public", $hash); } else { if (is_a($shareObject, "ShareLink")) { $hash = $shareObject->getHash(); $this->getShareStore()->getMetaManager()->addShareInMeta($ajxpNode, "minisite", $hash, $shareScope == "public", $httpHash != null && $hash != $httpHash ? $httpHash : null); } else { if (is_a($shareObject, "Repository")) { $this->getShareStore()->getMetaManager()->addShareInMeta($ajxpNode, "repository", $shareObject->getUniqueId(), $shareScope == "public", null); } } } } } } } } AJXP_Controller::applyHook("msg.instant", array("<reload_shared_elements/>", ConfService::getRepository()->getId())); /* * Send IM to inform that node has been shared or unshared. * Should be done only if share scope is public. */ if ($shareScope == "public") { $ajxpNode->loadNodeInfo(); $content = AJXP_XMLWriter::writeNodesDiff(["UPDATE" => array($ajxpNode->getPath() => $ajxpNode)]); AJXP_Controller::applyHook("msg.instant", array($content, $ajxpNode->getRepositoryId(), null, null, [$ajxpNode->getPath()])); } if (!isset($httpVars["return_json"])) { header("Content-Type: text/plain"); print $plainResult; } else { $compositeShare = $this->getShareStore()->getMetaManager()->getCompositeShareForNode($ajxpNode); header("Content-type:application/json"); if (!empty($compositeShare)) { echo json_encode($this->compositeShareToJson($compositeShare)); } else { echo json_encode(array()); } } // as the result can be quite small (e.g error code), make sure it's output in case of OB active. flush(); break; case "toggle_link_watch": $userSelection = new UserSelection($this->repository, $httpVars); $shareNode = $selectedNode = $userSelection->getUniqueNode(); $watchValue = $httpVars["set_watch"] == "true" ? true : false; $folder = false; if (isset($httpVars["element_type"]) && $httpVars["element_type"] == "folder") { $folder = true; $selectedNode = new AJXP_Node("pydio://" . AJXP_Utils::sanitize($httpVars["repository_id"], AJXP_SANITIZE_ALPHANUM) . "/"); } $shares = array(); $this->getShareStore()->getMetaManager()->getSharesFromMeta($shareNode, $shares, false); if (!count($shares)) { break; } if (isset($httpVars["element_id"]) && isset($shares[$httpVars["element_id"]])) { $elementId = $httpVars["element_id"]; } else { $sKeys = array_keys($shares); $elementId = $sKeys[0]; } if ($this->watcher !== false) { if (!$folder) { if ($watchValue) { $this->watcher->setWatchOnFolder($selectedNode, AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_USERS_READ, array($elementId)); } else { $this->watcher->removeWatchFromFolder($selectedNode, AuthService::getLoggedUser()->getId(), true, $elementId); } } else { if ($watchValue) { $this->watcher->setWatchOnFolder($selectedNode, AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_BOTH); } else { $this->watcher->removeWatchFromFolder($selectedNode, AuthService::getLoggedUser()->getId()); } } } $mess = ConfService::getMessages(); AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["share_center.47"], null); AJXP_XMLWriter::close(); break; case "load_shared_element_data": $node = null; if (isset($httpVars["hash"]) && $httpVars["element_type"] == "file") { // LEGACY LINKS $parsedMeta = array($httpVars["hash"] => array("type" => "file")); $jsonData = array(); foreach ($parsedMeta as $shareId => $shareMeta) { $jsonData[] = $this->shareToJson($shareId, $shareMeta, $node); } header("Content-type:application/json"); echo json_encode($jsonData); } else { $file = AJXP_Utils::decodeSecureMagic($httpVars["file"]); $node = new AJXP_Node($this->urlBase . $file); $loggedUser = AuthService::getLoggedUser(); if (isset($httpVars["owner"]) && $loggedUser->isAdmin() && $loggedUser->getGroupPath() == "/" && $loggedUser->getId() != AJXP_Utils::sanitize($httpVars["owner"], AJXP_SANITIZE_EMAILCHARS)) { // Impersonate the current user $node->setUser(AJXP_Utils::sanitize($httpVars["owner"], AJXP_SANITIZE_EMAILCHARS)); } if (!file_exists($node->getUrl())) { $mess = ConfService::getMessages(); throw new Exception(str_replace('%s', "Cannot find file " . $file, $mess["share_center.219"])); } if (isset($httpVars["tmp_repository_id"]) && AuthService::getLoggedUser()->isAdmin()) { $compositeShare = $this->getShareStore()->getMetaManager()->getCompositeShareForNode($node, true); } else { $compositeShare = $this->getShareStore()->getMetaManager()->getCompositeShareForNode($node); } if (empty($compositeShare)) { $mess = ConfService::getMessages(); throw new Exception(str_replace('%s', "Cannot find share for node " . $file, $mess["share_center.219"])); } header("Content-type:application/json"); $json = $this->compositeShareToJson($compositeShare); echo json_encode($json); } break; case "unshare": $mess = ConfService::getMessages(); $userSelection = new UserSelection($this->repository, $httpVars); if (isset($httpVars["hash"])) { $sanitizedHash = AJXP_Utils::sanitize($httpVars["hash"], AJXP_SANITIZE_ALPHANUM); $ajxpNode = $userSelection->isEmpty() ? null : $userSelection->getUniqueNode(); $result = $this->getShareStore()->deleteShare($httpVars["element_type"], $sanitizedHash, false, false, $ajxpNode); if ($result !== false) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["share_center.216"], null); AJXP_XMLWriter::close(); } } else { $userSelection = new UserSelection($this->repository, $httpVars); $ajxpNode = $userSelection->getUniqueNode(); $shares = array(); $this->getShareStore()->getMetaManager()->getSharesFromMeta($ajxpNode, $shares, false); if (isset($httpVars["element_id"]) && isset($shares[$httpVars["element_id"]])) { $elementId = $httpVars["element_id"]; if (isset($shares[$elementId])) { $shares = array($elementId => $shares[$elementId]); } } if (count($shares)) { $res = true; foreach ($shares as $shareId => $share) { $t = isset($share["type"]) ? $share["type"] : "file"; try { $result = $this->getShareStore()->deleteShare($t, $shareId, false, true); } catch (Exception $e) { if ($e->getMessage() == "repo-not-found") { $result = true; } else { throw $e; } } $this->getShareStore()->getMetaManager()->removeShareFromMeta($ajxpNode, $shareId); $res = $result && $res; } if ($res !== false) { AJXP_XMLWriter::header(); AJXP_XMLWriter::sendMessage($mess["share_center.216"], null); AJXP_XMLWriter::close(); AJXP_Controller::applyHook("msg.instant", array("<reload_shared_elements/>", ConfService::getRepository()->getId())); if (isset($httpVars["share_scope"]) && $httpVars["share_scope"] == "public") { $ajxpNode->loadNodeInfo(); $content = AJXP_XMLWriter::writeNodesDiff(["UPDATE" => [$ajxpNode->getPath() => $ajxpNode]]); AJXP_Controller::applyHook("msg.instant", array($content, $ajxpNode->getRepositoryId(), null, null, [$ajxpNode->getPath()])); } } } } break; case "reset_counter": if (isset($httpVars["hash"])) { $userId = AuthService::getLoggedUser()->getId(); if (isset($httpVars["owner_id"]) && $httpVars["owner_id"] != $userId) { if (!AuthService::getLoggedUser()->isAdmin()) { throw new Exception("You are not allowed to access this resource"); } $userId = $httpVars["owner_id"]; } $this->getShareStore()->resetDownloadCounter($httpVars["hash"], $userId); } else { $userSelection = new UserSelection($this->repository, $httpVars); $ajxpNode = $userSelection->getUniqueNode(); $metadata = $this->getShareStore()->getMetaManager()->getNodeMeta($ajxpNode); if (!isset($metadata["shares"]) || !is_array($metadata["shares"])) { return null; } if (isset($httpVars["element_id"]) && isset($metadata["shares"][$httpVars["element_id"]])) { $this->getShareStore()->resetDownloadCounter($httpVars["element_id"], $httpVars["owner_id"]); } else { $keys = array_keys($metadata["shares"]); foreach ($keys as $key) { $this->getShareStore()->resetDownloadCounter($key, null); } } } break; case "update_shared_element_data": if (!in_array($httpVars["p_name"], array("counter", "tags"))) { return null; } $hash = AJXP_Utils::decodeSecureMagic($httpVars["element_id"]); $userSelection = new UserSelection($this->repository, $httpVars); $ajxpNode = $userSelection->getUniqueNode(); if ($this->getShareStore()->shareIsLegacy($hash)) { // Store in metadata $metadata = $this->getShareStore()->getMetaManager()->getNodeMeta($ajxpNode); if (isset($metadata["shares"][$httpVars["element_id"]])) { if (!is_array($metadata["shares"][$httpVars["element_id"]])) { $metadata["shares"][$httpVars["element_id"]] = array(); } $metadata["shares"][$httpVars["element_id"]][$httpVars["p_name"]] = $httpVars["p_value"]; // Set Private=true by default. $this->getShareStore()->getMetaManager()->setNodeMeta($ajxpNode, $metadata, true); } } else { // TODO: testUserCanEditShare ? $this->getShareStore()->updateShareProperty($hash, $httpVars["p_name"], $httpVars["p_value"]); } break; case "sharelist-load": $parentRepoId = isset($httpVars["parent_repository_id"]) ? $httpVars["parent_repository_id"] : ""; $userContext = $httpVars["user_context"]; $currentUser = true; if ($userContext == "global" && AuthService::getLoggedUser()->isAdmin()) { $currentUser = false; } else { if ($userContext == "user" && AuthService::getLoggedUser()->isAdmin() && !empty($httpVars["user_id"])) { $currentUser = AJXP_Utils::sanitize($httpVars["user_id"], AJXP_SANITIZE_EMAILCHARS); } } $nodes = $this->listSharesAsNodes("/data/repositories/{$parentRepoId}/shares", $currentUser, $parentRepoId); AJXP_XMLWriter::header(); if ($userContext == "current") { AJXP_XMLWriter::sendFilesListComponentConfig('<columns template_name="ajxp_user.shares"> <column messageId="ajxp_conf.8" attributeName="ajxp_label" sortType="String"/> <column messageId="share_center.132" attributeName="shared_element_parent_repository_label" sortType="String"/> <column messageId="3" attributeName="share_type_readable" sortType="String"/> </columns>'); } else { AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchDisplayMode="list" switchGridMode="filelist" template_name="ajxp_conf.repositories"> <column messageId="ajxp_conf.8" attributeName="ajxp_label" sortType="String"/> <column messageId="share_center.159" attributeName="owner" sortType="String"/> <column messageId="3" attributeName="share_type_readable" sortType="String"/> <column messageId="share_center.52" attributeName="share_data" sortType="String"/> </columns>'); } foreach ($nodes as $node) { AJXP_XMLWriter::renderAjxpNode($node); } AJXP_XMLWriter::close(); break; case "sharelist-clearExpired": $accessType = ConfService::getRepository()->getAccessType(); $currentUser = $accessType != "ajxp_conf" && $accessType != "ajxp_admin"; $count = $this->getShareStore()->clearExpiredFiles($currentUser); AJXP_XMLWriter::header(); if ($count) { AJXP_XMLWriter::sendMessage("Removed " . count($count) . " expired links", null); } else { AJXP_XMLWriter::sendMessage("Nothing to do", null); } AJXP_XMLWriter::close(); break; default: break; } return null; }
/** * @param Array $httpVars * @param Repository $repository * @param AbstractAccessDriver $accessDriver * @param null $uniqueUser * @throws Exception * @return int|Repository */ public function createSharedRepository($httpVars, $repository, $accessDriver, $uniqueUser = null) { // ERRORS // 100 : missing args // 101 : repository label already exists // 102 : user already exists // 103 : current user is not allowed to share // SUCCESS // 200 if (!isset($httpVars["repo_label"]) || $httpVars["repo_label"] == "") { return 100; } /* // FILE IS ALWAYS THE PARENT FOLDER SO WE NOW CHECK FOLDER_SHARING AT A HIGHER LEVEL $file = AJXP_Utils::decodeSecureMagic($httpVars["file"]); $foldersharing = $this->getFilteredOption("ENABLE_FOLDER_SHARING", $this->repository->getId()); $foldersharingDisabled = isset($foldersharing) && ($foldersharing === false || (is_string($foldersharing) && $foldersharing == "disable")); if (is_dir($this->urlBase.$file) && $foldersharingDisabled) { return 103; } */ $loggedUser = AuthService::getLoggedUser(); $actRights = $loggedUser->mergedRole->listActionsStatesFor($repository); if (isset($actRights["share"]) && $actRights["share"] === false) { return 103; } $users = array(); $uRights = array(); $uPasses = array(); $groups = array(); $uWatches = array(); $index = 0; $prefix = $this->getFilteredOption("SHARED_USERS_TMP_PREFIX", $this->repository->getId()); while (isset($httpVars["user_" . $index])) { $eType = $httpVars["entry_type_" . $index]; $uWatch = false; $rightString = ($httpVars["right_read_" . $index] == "true" ? "r" : "") . ($httpVars["right_write_" . $index] == "true" ? "w" : ""); if ($this->watcher !== false) { $uWatch = $httpVars["right_watch_" . $index] == "true" ? true : false; } if (empty($rightString)) { $index++; continue; } if ($eType == "user") { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index], AJXP_SANITIZE_EMAILCHARS); if (!AuthService::userExists($u) && !isset($httpVars["user_pass_" . $index])) { $index++; continue; } else { if (AuthService::userExists($u, "w") && isset($httpVars["user_pass_" . $index])) { throw new Exception("User {$u} already exists, please choose another name."); } } if (!AuthService::userExists($u, "r") && !empty($prefix) && strpos($u, $prefix) !== 0) { $u = $prefix . $u; } $users[] = $u; } else { $u = AJXP_Utils::decodeSecureMagic($httpVars["user_" . $index]); if (strpos($u, "/AJXP_TEAM/") === 0) { $confDriver = ConfService::getConfStorageImpl(); if (method_exists($confDriver, "teamIdToUsers")) { $teamUsers = $confDriver->teamIdToUsers(str_replace("/AJXP_TEAM/", "", $u)); foreach ($teamUsers as $userId) { $users[] = $userId; $uRights[$userId] = $rightString; if ($this->watcher !== false) { $uWatches[$userId] = $uWatch; } } } $index++; continue; } else { $groups[] = $u; } } $uRights[$u] = $rightString; $uPasses[$u] = isset($httpVars["user_pass_" . $index]) ? $httpVars["user_pass_" . $index] : ""; if ($this->watcher !== false) { $uWatches[$u] = $uWatch; } $index++; } $label = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_label"]), AJXP_SANITIZE_HTML); $description = AJXP_Utils::sanitize(AJXP_Utils::securePath($httpVars["repo_description"]), AJXP_SANITIZE_HTML); if (isset($httpVars["repository_id"])) { $editingRepo = ConfService::getRepositoryById($httpVars["repository_id"]); } // CHECK USER & REPO DOES NOT ALREADY EXISTS if ($this->getFilteredOption("AVOID_SHARED_FOLDER_SAME_LABEL", $this->repository->getId()) == true) { $count = 0; $similarLabelRepos = ConfService::listRepositoriesWithCriteria(array("display" => $label), $count); if ($count && !isset($editingRepo)) { return 101; } if ($count && isset($editingRepo)) { foreach ($similarLabelRepos as $slr) { if ($slr->getUniqueId() != $editingRepo->getUniqueId()) { return 101; } } } /* $repos = ConfService::getRepositoriesList(); foreach ($repos as $obj) { if ($obj->getDisplay() == $label && (!isSet($editingRepo) || $editingRepo != $obj)) { } } */ } $confDriver = ConfService::getConfStorageImpl(); foreach ($users as $userName) { if (AuthService::userExists($userName)) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); if (ConfService::getCoreConf("ALLOW_CROSSUSERS_SHARING", "conf") != true && (!$userObject->hasParent() || $userObject->getParent() != $loggedUser->id)) { return 102; } } else { if ($httpVars["create_guest_user"] != "true" && !ConfService::getCoreConf("USER_CREATE_USERS", "conf") || AuthService::isReservedUserId($userName)) { return 102; } if (!isset($httpVars["shared_pass"]) || $httpVars["shared_pass"] == "") { return 100; } } } // CREATE SHARED OPTIONS $options = $accessDriver->makeSharedRepositoryOptions($httpVars, $repository); $customData = array(); foreach ($httpVars as $key => $value) { if (substr($key, 0, strlen("PLUGINS_DATA_")) == "PLUGINS_DATA_") { $customData[substr($key, strlen("PLUGINS_DATA_"))] = $value; } } if (count($customData)) { $options["PLUGINS_DATA"] = $customData; } if (isset($editingRepo)) { $this->getShareStore()->testUserCanEditShare($editingRepo->getOwner()); $newRepo = $editingRepo; $replace = false; if ($editingRepo->getDisplay() != $label) { $newRepo->setDisplay($label); $replace = true; } if ($editingRepo->getDescription() != $description) { $newRepo->setDescription($description); $replace = true; } if ($replace) { ConfService::replaceRepository($httpVars["repository_id"], $newRepo); } } else { if ($repository->getOption("META_SOURCES")) { $options["META_SOURCES"] = $repository->getOption("META_SOURCES"); foreach ($options["META_SOURCES"] as $index => &$data) { if (isset($data["USE_SESSION_CREDENTIALS"]) && $data["USE_SESSION_CREDENTIALS"] === true) { $options["META_SOURCES"][$index]["ENCODED_CREDENTIALS"] = AJXP_Safe::getEncodedCredentialString(); } if ($index == "meta.syncable" && (!isset($data["REPO_SYNCABLE"]) || $data["REPO_SYNCABLE"] === true)) { $data["REQUIRES_INDEXATION"] = true; } } } $newRepo = $repository->createSharedChild($label, $options, $repository->id, $loggedUser->id, null); $gPath = $loggedUser->getGroupPath(); if (!empty($gPath) && !ConfService::getCoreConf("CROSSUSERS_ALLGROUPS", "conf")) { $newRepo->setGroupPath($gPath); } $newRepo->setDescription($description); $newRepo->options["PATH"] = SystemTextEncoding::fromStorageEncoding($newRepo->options["PATH"]); if (isset($httpVars["filter_nodes"])) { $newRepo->setContentFilter(new ContentFilter($httpVars["filter_nodes"])); } ConfService::addRepository($newRepo); if (!isset($httpVars["minisite"])) { $this->getShareStore()->storeShare($repository->getId(), array("REPOSITORY" => $newRepo->getUniqueId(), "OWNER_ID" => $loggedUser->getId()), "repository"); } } $sel = new UserSelection($this->repository, $httpVars); $file = $sel->getUniqueFile(); $newRepoUniqueId = $newRepo->getUniqueId(); if (isset($editingRepo)) { $currentRights = $this->computeSharedRepositoryAccessRights($httpVars["repository_id"], false, $this->urlBase . $file); $originalUsers = array_keys($currentRights["USERS"]); $removeUsers = array_diff($originalUsers, $users); if (count($removeUsers)) { foreach ($removeUsers as $user) { if (AuthService::userExists($user)) { $userObject = $confDriver->createUserObject($user); $userObject->personalRole->setAcl($newRepoUniqueId, ""); $userObject->save("superuser"); } if ($this->watcher !== false) { $this->watcher->removeWatchFromFolder(new AJXP_Node($this->urlBase . $file), $user, true); } } } $originalGroups = array_keys($currentRights["GROUPS"]); $removeGroups = array_diff($originalGroups, $groups); if (count($removeGroups)) { foreach ($removeGroups as $groupId) { $role = AuthService::getRole($groupId); if ($role !== false) { $role->setAcl($newRepoUniqueId, ""); AuthService::updateRole($role); } } } } foreach ($users as $userName) { if (AuthService::userExists($userName, "r")) { // check that it's a child user $userObject = $confDriver->createUserObject($userName); } else { if (ConfService::getAuthDriverImpl()->getOptionAsBool("TRANSMIT_CLEAR_PASS")) { $pass = $uPasses[$userName]; } else { $pass = md5($uPasses[$userName]); } if (!isset($httpVars["minisite"])) { // This is an explicit user creation - check possible limits AJXP_Controller::applyHook("user.before_create", array($userName, null, false, false)); $limit = $loggedUser->personalRole->filterParameterValue("core.conf", "USER_SHARED_USERS_LIMIT", AJXP_REPO_SCOPE_ALL, ""); if (!empty($limit) && intval($limit) > 0) { $count = count(ConfService::getConfStorageImpl()->getUserChildren($loggedUser->getId())); if ($count >= $limit) { $mess = ConfService::getMessages(); throw new Exception($mess['483']); } } } AuthService::createUser($userName, $pass, false, isset($httpVars["minisite"])); $userObject = $confDriver->createUserObject($userName); $userObject->personalRole->clearAcls(); $userObject->setParent($loggedUser->id); $userObject->setGroupPath($loggedUser->getGroupPath()); $userObject->setProfile("shared"); if (isset($httpVars["minisite"])) { $mess = ConfService::getMessages(); $userObject->setHidden(true); $userObject->personalRole->setParameterValue("core.conf", "USER_DISPLAY_NAME", "[" . $mess["share_center.109"] . "] " . AJXP_Utils::sanitize($newRepo->getDisplay(), AJXP_SANITIZE_EMAILCHARS)); } AJXP_Controller::applyHook("user.after_create", array($userObject)); } // CREATE USER WITH NEW REPO RIGHTS $userObject->personalRole->setAcl($newRepoUniqueId, $uRights[$userName]); // FORK MASK IF THERE IS ANY if ($file != "/" && $loggedUser->mergedRole->hasMask($repository->getId())) { $parentTree = $loggedUser->mergedRole->getMask($repository->getId())->getTree(); // Try to find a branch on the current selection $parts = explode("/", trim($file, "/")); while (($next = array_shift($parts)) !== null) { if (isset($parentTree[$next])) { $parentTree = $parentTree[$next]; } else { $parentTree = null; break; } } if ($parentTree != null) { $newMask = new AJXP_PermissionMask(); $newMask->updateTree($parentTree); } if (isset($newMask)) { $userObject->personalRole->setMask($newRepoUniqueId, $newMask); } } if (isset($httpVars["minisite"])) { if (isset($editingRepo)) { try { AuthService::deleteRole("AJXP_SHARED-" . $newRepoUniqueId); } catch (Exception $e) { } } $newRole = new AJXP_Role("AJXP_SHARED-" . $newRepoUniqueId); $r = AuthService::getRole("MINISITE"); if (is_a($r, "AJXP_Role")) { if ($httpVars["disable_download"]) { $f = AuthService::getRole("MINISITE_NODOWNLOAD"); if (is_a($f, "AJXP_Role")) { $r = $f->override($r); } } $allData = $r->getDataArray(); $newData = $newRole->getDataArray(); if (isset($allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED])) { $newData["ACTIONS"][$newRepoUniqueId] = $allData["ACTIONS"][AJXP_REPO_SCOPE_SHARED]; } if (isset($allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED])) { $newData["PARAMETERS"][$newRepoUniqueId] = $allData["PARAMETERS"][AJXP_REPO_SCOPE_SHARED]; } $newRole->bunchUpdate($newData); AuthService::updateRole($newRole); $userObject->addRole($newRole); } } $userObject->save("superuser"); if ($this->watcher !== false) { // Register a watch on the current folder for shared user if ($uWatches[$userName]) { $this->watcher->setWatchOnFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), $userName, MetaWatchRegister::$META_WATCH_USERS_CHANGE, array(AuthService::getLoggedUser()->getId())); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), $userName, true); } } } if ($this->watcher !== false) { // Register a watch on the new repository root for current user if ($httpVars["self_watch_folder"] == "true") { $this->watcher->setWatchOnFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), AuthService::getLoggedUser()->getId(), MetaWatchRegister::$META_WATCH_BOTH); } else { $this->watcher->removeWatchFromFolder(new AJXP_Node("pydio://" . $newRepoUniqueId . "/"), AuthService::getLoggedUser()->getId()); } } foreach ($groups as $group) { $r = $uRights[$group]; /*if($group == "AJXP_GRP_/") { $group = "ROOT_ROLE"; }*/ $grRole = AuthService::getRole($group, true); $grRole->setAcl($newRepoUniqueId, $r); AuthService::updateRole($grRole); } if (array_key_exists("minisite", $httpVars) && $httpVars["minisite"] != true) { AJXP_Controller::applyHook(isset($editingRepo) ? "node.share.update" : "node.share.create", array('type' => 'repository', 'repository' => &$repository, 'accessDriver' => &$accessDriver, 'new_repository' => &$newRepo)); } return $newRepo; }