phpgroupware-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-developers] phpWebHosting and ACL


From: Jason Wies
Subject: Re: [Phpgroupware-developers] phpWebHosting and ACL
Date: Tue, 18 Jun 2002 21:28:19 -0400
User-agent: Mutt/1.2.5i

On Tue, Jun 18, 2002 at 02:09:46PM -0300, Giancarlo Susin wrote:
> I've tried your patch, but haven't got ACL working as expected; only 
> full access to the user/group who owns the folder.
> 
> What I think would be the expected behaviour is:
> - a group can give to another group or user access to its folder
> - a group can set the privileges (read, add, edit or delete) other 
> groups or users have on its folder
> - a group can restrict the privileges its own members have (e.g. to give 
>   full access to one user only)

Again, only user <-> group, no user <-> user or group <-> group.  Try these 
steps:

1. Go to Administration, make sure user and group have access to phpwebhosting
2. Administration -> User groups -> Edit group -> ACL icon next to phpwebhosting
3. For the user in question, check the boxes for Read and Add, submit
4. Log in as user, go Up to /home, then into the group's directory
5. Upload a file, should work
6. Edit the file, it should work until you try to Save it, in which case an 
error message is displayed
7. Delete the file, shouldn't work

The above works fine for me on a fresh 0.9.14 install + the one-liner patch.

> This would be set in Admin ACL page, having the defaults set through the 
> Setup option you've mentioned.
> 
> Looking at files phpgwapi/inc/class.vfs_sql.inc.php and 
> phpwebhosting/index.php it seems some coding is still needed to get 
> things working this way. I'm not sure I can get this, but I can try.

The function that controls ACL access is vfs->acl_check ().  Functions such as 
vfs->read (), vfs->write (), vfs->rm (), etc. call vfs->acl_check () with 
PHPGW_ACL_READ, PHPGW_ACL_EDIT, PHPGW_ACL_DELETE, etc.  phpwebhosting doesn't 
handle much of anything itself, it relies on the VFS to do the checking.

Things that you could add if you wanted:

* Respect ACL setting in setup
* Make acl_check () work for user <-> user and group <-> group

Both of these should be pretty easy, I'll add them when I get the chance, but 
you're welcome to beat me to it :)

Jason Wies aka Zone

> 
> Jason Wies wrote:
> 
> > Try the attached patch, that should fix it.
> > 
> > Notes:
> > 
> > * No user <-> user sharing (must be user <-> group)
> > * As Chris mentioned, you have to go "Up" to /home before the group 
> > directories become active
> > * If a user is in a group and no ACL access is specified, they have full 
> > access (I believe the 'acl_default' option in setup is for this situation, 
> > but it is not supported for files)
> > 
> > I just did a full run-through with the patch, and Read/Add/Edit/Delete all 
> > work as expected.  Please let me know if it works for you.
> > 
> > Jason Wies aka Zone
> > 
> > On Mon, Jun 17, 2002 at 07:16:08PM -0300, Giancarlo Susin wrote:
> > 
> >>Hi,
> >>
> >>ACL seems not yet implemented in phpWebHosting. With any permission I 
> >>set in the Admin page, the users/groups always have full access to their 
> >>files and can't see other users/groups' files.
> >>
> >>Is there somebody working on this? Or has some hint on where can I start 
> >>in the code?
> >>
> >>Thanks,
> >>
> >>Giancarlo
> >>
> 
> 
> 
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/phpgroupware-developers



reply via email to

[Prev in Thread] Current Thread [Next in Thread]