phpgroupware-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-developers] phpWebHosting and ACL


From: Jason Wies
Subject: Re: [Phpgroupware-developers] phpWebHosting and ACL
Date: Mon, 24 Jun 2002 00:11:16 -0400
User-agent: Mutt/1.2.5i

Good patch!  Committed to Version-0_9_14-branch and HEAD.  Some notes:

- We can't remove the buttons when they don't have access because ACL support 
goes down to the file level rather than the directory level.  It is possible a 
user would have access to some files in a directory but not to others.  We can 
hide the upload form and Create folder button because those apply on a 
directory level only.

- Make sure that you unset() or initialize to empty any arrays, or they can be 
filled by a malicious user ($readable_groups, $groups_applications).

- I merged the vfs->check_access() back into vfs->acl_check() to simplify 
things for app developers.

Very well done!  This should handle most organizations' group file sharing 
access needs.

Jason Wies aka Zone

On Thu, Jun 20, 2002 at 06:46:26PM -0300, Giancarlo Susin wrote:
> Jason Wies wrote:
> 
> > 
> > Again, only user <-> group, no user <-> user or group <-> group.  Try these 
> > steps:
> > 
> > 1. Go to Administration, make sure user and group have access to 
> > phpwebhosting
> > 2. Administration -> User groups -> Edit group -> ACL icon next to 
> > phpwebhosting
> > 3. For the user in question, check the boxes for Read and Add, submit
> > 4. Log in as user, go Up to /home, then into the group's directory
> > 5. Upload a file, should work
> > 6. Edit the file, it should work until you try to Save it, in which case an 
> > error message is displayed
> > 7. Delete the file, shouldn't work
> > 
> > The above works fine for me on a fresh 0.9.14 install + the one-liner patch.
> 
> 
> Following your directions now I see this kind of sharing is working fine.
> 
>  
> > The function that controls ACL access is vfs->acl_check ().  Functions such 
> > as vfs->read (), vfs->write (), vfs->rm (), etc. call vfs->acl_check () 
> > with PHPGW_ACL_READ, PHPGW_ACL_EDIT, PHPGW_ACL_DELETE, etc.  phpwebhosting 
> > doesn't handle much of anything itself, it relies on the VFS to do the 
> > checking.
> 
> 
> These checkings done in VFS allow very trustable applications.
> 
> 
> > Things that you could add if you wanted:
> > 
> > * Respect ACL setting in setup
> > * Make acl_check () work for user <-> user and group <-> group
> > 
> > Both of these should be pretty easy, I'll add them when I get the chance, 
> > but you're welcome to beat me to it :)
> 
> 
> Not so easy to me... Past 2 days, I've submitted a patch to add this. 
> Please see 
> http://savannah.gnu.org/patch/?func=detailpatch&patch_id=370&group_id=509
> 
> Thank you for your help!
> 
> Giancarlo
> 
> 
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/phpgroupware-developers



reply via email to

[Prev in Thread] Current Thread [Next in Thread]