Update acl if they already exists, or create a default role if role.ser doesn't exists

2013-09-26 19:57:24 +02:00 · 2013-09-26 19:57:24 +02:00 · faf021bf08
parent 5a10c7d865
commit faf021bf08
1 changed files with 39 additions and 28 deletions
--- a/root/etc/e-smith/events/actions/ajaxplorer-user-rights
+++ b/root/etc/e-smith/events/actions/ajaxplorer-user-rights
@ -41,43 +41,54 @@ unlink(</var/cache/ajaxplorer/i18n/*.ser>);

 foreach my $user (($a->users),$a->get('admin')){
    my $name = $user->key;
+    my $data;
    mkpath('/var/lib/ajaxplorer/plugins/auth.serial/' . $name);
    chmod 0770, "/var/lib/ajaxplorer/plugins/auth.serial/$name";
    chown '0', '102', "/var/lib/ajaxplorer/plugins/auth.serial/$name";
-
    if (-s "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser"){
        open RROLE, "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser";
-        my $data = <RROLE>;
+        $data = <RROLE>;
        close RROLE;
        $data = unserialize($data);
        delete $data->{"\0*\0acls"} if (defined $data->{"\0*\0acls"});
-        foreach my $share ($a->get_all_by_prop(type => 'share')){
-            my $sharename = $share->key;
-            my $access = $share->prop('Ajaxplorer') || 'disabled';
-            next unless ($access eq 'enabled');
-            my @readgroups = split(/[;,]/, $share->prop('ReadGroups') || '');
-            my @writegroups = split(/[;,]/, $share->prop('WriteGroups') || '');
-            my @readusers = split(/[;,]/, $share->prop('ReadUsers') || '');
-            my @writeusers = split(/[;,]/, $share->prop('WriteUsers') || '');
-
-           foreach (@readgroups){
-                $data->{"\0*\0acls"}->{$sharename} = 'r' if ( $a->is_user_in_group($name,$_) );
-            }
-            foreach (@writegroups){
-                $data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $a->is_user_in_group($name,$_) );
-            }
-            foreach (@readusers){
-                $data->{"\0*\0acls"}->{$sharename} = 'r' if ( $_ eq $name );
-            }
-            foreach (@writeusers){
-                $data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $_ eq $name );
-            }
-        }
-
-        open WROLE, '+>', "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser";
-        print WROLE serialize($data);
-        close WROLE;
    }
+    # No role yet ? lets create it
+    else{
+        $data->{"\0*\0groupPath"} = undef;
+        $data->{"\0*\0autoApplies"} = [];
+        $data->{"\0*\0parameters"} = [];
+        $data->{"\0*\0roleLabel"} = undef;
+        $data->{"\0*\0actions"} = [];
+        $data->{"\0*\0roleId"} = "AJXP_USR_/$name";
+        $data = bless $data, 'PHP::Serialization::Object::AJXP_Role';
+    }
+    # In any case, re-compute the effective permissions
+    foreach my $share ($a->get_all_by_prop(type => 'share')){
+        my $sharename = $share->key;
+        my $access = $share->prop('Ajaxplorer') || 'disabled';
+        next unless ($access eq 'enabled');
+        my @readgroups = split(/[;,]/, $share->prop('ReadGroups') || '');
+        my @writegroups = split(/[;,]/, $share->prop('WriteGroups') || '');
+        my @readusers = split(/[;,]/, $share->prop('ReadUsers') || '');
+        my @writeusers = split(/[;,]/, $share->prop('WriteUsers') || '');
+
+        foreach (@readgroups){
+            $data->{"\0*\0acls"}->{$sharename} = 'r' if ( $a->is_user_in_group($name,$_) );
+        }
+        foreach (@writegroups){
+            $data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $a->is_user_in_group($name,$_) );
+        }
+        foreach (@readusers){
+            $data->{"\0*\0acls"}->{$sharename} = 'r' if ( $_ eq $name );
+        }
+        foreach (@writeusers){
+            $data->{"\0*\0acls"}->{$sharename} = 'rw' if ( $_ eq $name );
+        }
+    }
+
+    open WROLE, '+>', "/var/lib/ajaxplorer/plugins/auth.serial/$name/role.ser";
+    print WROLE serialize($data);
+    close WROLE;
 }

 my $ajxp = $c->get('ajaxplorer') || die "Couldn't find ajaxplorer entry in ConfigDB\n";