Update acl if they already exists, or create a default role if role.ser doesn't exists
This commit is contained in:
parent
5a10c7d865
commit
faf021bf08
|
@ -41,43 +41,54 @@ unlink(</var/cache/ajaxplorer/i18n/*.ser>);
|
|||
|
||||
foreach my $user (($a->users),$a->get('admin')){
|
||||
my $name = $user->key;
|
||||
my $data;
|
||||
mkpath('/var/lib/ajaxplorer/plugins/auth.serial/' . $name);
|
||||
chmod 0770, "/var/lib/ajaxplorer/plugins/auth.serial/$name";
|
||||
chown '0', '102', "/var/lib/ajaxplorer/plugins/auth.serial/$name";
|
||||
|
||||
if (-s "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser"){
|
||||
open RROLE, "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser";
|
||||
my $data = <RROLE>;
|
||||
$data = <RROLE>;
|
||||
close RROLE;
|
||||
$data = unserialize($data);
|
||||
delete $data->{"\0*\0acls"} if (defined $data->{"\0*\0acls"});
|
||||
foreach my $share ($a->get_all_by_prop(type => 'share')){
|
||||
my $sharename = $share->key;
|
||||
my $access = $share->prop('Ajaxplorer') || 'disabled';
|
||||
next unless ($access eq 'enabled');
|
||||
my @readgroups = split(/[;,]/, $share->prop('ReadGroups') || '');
|
||||
my @writegroups = split(/[;,]/, $share->prop('WriteGroups') || '');
|
||||
my @readusers = split(/[;,]/, $share->prop('ReadUsers') || '');
|
||||
my @writeusers = split(/[;,]/, $share->prop('WriteUsers') || '');
|
||||
|
||||
foreach (@readgroups){
|
||||
$data->{"\0*\0acls"}->{$sharename} = 'r' if ( $a->is_user_in_group($name,$_) );
|
||||
}
|
||||
foreach (@writegroups){
|
||||
$data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $a->is_user_in_group($name,$_) );
|
||||
}
|
||||
foreach (@readusers){
|
||||
$data->{"\0*\0acls"}->{$sharename} = 'r' if ( $_ eq $name );
|
||||
}
|
||||
foreach (@writeusers){
|
||||
$data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $_ eq $name );
|
||||
}
|
||||
}
|
||||
|
||||
open WROLE, '+>', "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser";
|
||||
print WROLE serialize($data);
|
||||
close WROLE;
|
||||
}
|
||||
# No role yet ? lets create it
|
||||
else{
|
||||
$data->{"\0*\0groupPath"} = undef;
|
||||
$data->{"\0*\0autoApplies"} = [];
|
||||
$data->{"\0*\0parameters"} = [];
|
||||
$data->{"\0*\0roleLabel"} = undef;
|
||||
$data->{"\0*\0actions"} = [];
|
||||
$data->{"\0*\0roleId"} = "AJXP_USR_/$name";
|
||||
$data = bless $data, 'PHP::Serialization::Object::AJXP_Role';
|
||||
}
|
||||
# In any case, re-compute the effective permissions
|
||||
foreach my $share ($a->get_all_by_prop(type => 'share')){
|
||||
my $sharename = $share->key;
|
||||
my $access = $share->prop('Ajaxplorer') || 'disabled';
|
||||
next unless ($access eq 'enabled');
|
||||
my @readgroups = split(/[;,]/, $share->prop('ReadGroups') || '');
|
||||
my @writegroups = split(/[;,]/, $share->prop('WriteGroups') || '');
|
||||
my @readusers = split(/[;,]/, $share->prop('ReadUsers') || '');
|
||||
my @writeusers = split(/[;,]/, $share->prop('WriteUsers') || '');
|
||||
|
||||
foreach (@readgroups){
|
||||
$data->{"\0*\0acls"}->{$sharename} = 'r' if ( $a->is_user_in_group($name,$_) );
|
||||
}
|
||||
foreach (@writegroups){
|
||||
$data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $a->is_user_in_group($name,$_) );
|
||||
}
|
||||
foreach (@readusers){
|
||||
$data->{"\0*\0acls"}->{$sharename} = 'r' if ( $_ eq $name );
|
||||
}
|
||||
foreach (@writeusers){
|
||||
$data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $_ eq $name );
|
||||
}
|
||||
}
|
||||
|
||||
open WROLE, '+>', "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser";
|
||||
print WROLE serialize($data);
|
||||
close WROLE;
|
||||
}
|
||||
|
||||
my $ajxp = $c->get('ajaxplorer') || die "Couldn't find ajaxplorer entry in ConfigDB\n";
|
||||
|
|
Loading…
Reference in New Issue