public static checkPermissions ( string $filter, integer $permission = Horde_Perms::READ, string $resource = null ) : boolean | ||
$filter | string | What are we checking for. Either 'backend' or 'directory'. |
$permission | integer | The permission to check for. One of the Horde_Perms constants. |
$resource | string | The resource to check. If empty, check the current backend/directory. |
return | boolean | Returns true if the user has permission. |
public static function checkPermissions($filter, $permission = Horde_Perms::READ, $resource = null)
{
$userID = $GLOBALS['registry']->getAuth();
switch ($filter) {
case 'backend':
if (is_null($resource)) {
$resource = $GLOBALS['session']->get('gollem', 'backend_key');
}
$backendTag = 'gollem:backends:' . $resource;
$perms = $GLOBALS['injector']->getInstance('Horde_Perms');
return !$perms->exists($backendTag) || $perms->hasPermission($backendTag, $userID, $permission);
case 'directory':
if (empty(self::$backend['shares'])) {
return true;
}
if (is_null($resource)) {
$resource = self::$backend['dir'];
}
if (strpos($resource, self::$backend['home']) === 0) {
return true;
}
$shares = $GLOBALS['injector']->getInstance('Gollem_Shares');
$backend = $GLOBALS['session']->get('gollem', 'backend_key');
$directory = $resource;
while (strlen($directory) && $directory != './' && $directory != '/') {
try {
return $shares->getShare($backend . '|' . $directory)->hasPermission($userID, $permission);
} catch (Horde_Exception_NotFound $e) {
}
$directory = dirname($directory);
}
/* Intermediate solution until we display shared folders
* independent from the directory tree. Check if there are
* any sub-directories with show permissions and allow
* browsing the directory in this case. */
if ($permission == Horde_Perms::READ || $permission == Horde_Perms::SHOW) {
$dirs = $shares->listShares($userID, array('perm' => Horde_Perms::SHOW));
foreach ($dirs as $dir) {
if (strpos($dir->getName(), $backend . '|' . $resource) === 0) {
return true;
}
}
}
break;
}
return false;
}
/** * @throws Gollem_Exception */ protected function _getBackend($path) { // A file or directory has been requested. // Locate the backend_key in the path. $backend_key = strchr($path, '/') ? substr($path, 0, strpos($path, '/')) : $path; throw new Gollem_Exception('Not implemented'); // Validate and perform permissions checks on the requested backend if (!$GLOBALS['session']->exists('gollem', 'backends/' . $backend_key)) { throw new Gollem_Exception(sprintf(_("Invalid backend requested: %s"), $backend_key)); } if (!Gollem_Session::createSession($backend_key)) { throw new Gollem_Exception(_("Unable to create Gollem session")); } if (!Gollem::checkPermissions('backend', Horde_Perms::READ)) { throw new Gollem_Exception(_("Permission denied to this backend.")); } return $backend_key; }