[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] phpWebHosting and ACL
From: |
Jason Wies |
Subject: |
Re: [Phpgroupware-developers] phpWebHosting and ACL |
Date: |
Mon, 24 Jun 2002 00:11:16 -0400 |
User-agent: |
Mutt/1.2.5i |
Good patch! Committed to Version-0_9_14-branch and HEAD. Some notes:
- We can't remove the buttons when they don't have access because ACL support
goes down to the file level rather than the directory level. It is possible a
user would have access to some files in a directory but not to others. We can
hide the upload form and Create folder button because those apply on a
directory level only.
- Make sure that you unset() or initialize to empty any arrays, or they can be
filled by a malicious user ($readable_groups, $groups_applications).
- I merged the vfs->check_access() back into vfs->acl_check() to simplify
things for app developers.
Very well done! This should handle most organizations' group file sharing
access needs.
Jason Wies aka Zone
On Thu, Jun 20, 2002 at 06:46:26PM -0300, Giancarlo Susin wrote:
> Jason Wies wrote:
>
> >
> > Again, only user <-> group, no user <-> user or group <-> group. Try these
> > steps:
> >
> > 1. Go to Administration, make sure user and group have access to
> > phpwebhosting
> > 2. Administration -> User groups -> Edit group -> ACL icon next to
> > phpwebhosting
> > 3. For the user in question, check the boxes for Read and Add, submit
> > 4. Log in as user, go Up to /home, then into the group's directory
> > 5. Upload a file, should work
> > 6. Edit the file, it should work until you try to Save it, in which case an
> > error message is displayed
> > 7. Delete the file, shouldn't work
> >
> > The above works fine for me on a fresh 0.9.14 install + the one-liner patch.
>
>
> Following your directions now I see this kind of sharing is working fine.
>
>
> > The function that controls ACL access is vfs->acl_check (). Functions such
> > as vfs->read (), vfs->write (), vfs->rm (), etc. call vfs->acl_check ()
> > with PHPGW_ACL_READ, PHPGW_ACL_EDIT, PHPGW_ACL_DELETE, etc. phpwebhosting
> > doesn't handle much of anything itself, it relies on the VFS to do the
> > checking.
>
>
> These checkings done in VFS allow very trustable applications.
>
>
> > Things that you could add if you wanted:
> >
> > * Respect ACL setting in setup
> > * Make acl_check () work for user <-> user and group <-> group
> >
> > Both of these should be pretty easy, I'll add them when I get the chance,
> > but you're welcome to beat me to it :)
>
>
> Not so easy to me... Past 2 days, I've submitted a patch to add this.
> Please see
> http://savannah.gnu.org/patch/?func=detailpatch&patch_id=370&group_id=509
>
> Thank you for your help!
>
> Giancarlo
>
>
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
- [Phpgroupware-developers] phpWebHosting and ACL, Giancarlo Susin, 2002/06/17
- Re: [Phpgroupware-developers] phpWebHosting and ACL, Jason Wies, 2002/06/18
- Re: [Phpgroupware-developers] phpWebHosting and ACL, Giancarlo Susin, 2002/06/18
- Re: [Phpgroupware-developers] phpWebHosting and ACL, Jason Wies, 2002/06/18
- Re: [Phpgroupware-developers] phpWebHosting and ACL, Giancarlo Susin, 2002/06/20
- Re: [Phpgroupware-developers] phpWebHosting and ACL,
Jason Wies <=
- Re: [Phpgroupware-developers] phpWebHosting and ACL, Giancarlo Susin, 2002/06/24
- Re: [Phpgroupware-developers] phpWebHosting and ACL, Jason Wies, 2002/06/24
- Re: [Phpgroupware-developers] phpWebHosting and ACL, Giancarlo Susin, 2002/06/25