DontSellMe/richdocuments
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactoring permissions. Allow guests to join session

Browse Source
This commit is contained in:
Victor Dubiniuk 2013-09-25 16:34:35 +03:00
parent fd60eddf2c
commit e3e8ef5b58
10 changed files with 208 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ajax/controller.php
View File

@ -28,4 +28,16 @@ class Controller {
return \OCP\User::getUser(); return \OCP\User::getUser();
} }
/**
* Do security precheck for not logged in users
* @param bool callcheck - whether security token check is needed
*/
public static function preDispatchGuest($callcheck = true){
if ($callcheck){
\OCP\JSON::callCheck();
}
\OCP\JSON::checkAppEnabled('documents');
return '(guest)';
}
} }

6
ajax/otpoll.php
View File

@ -37,7 +37,11 @@
namespace OCA\Documents; namespace OCA\Documents;
\OCP\JSON::checkLoggedIn();
//TODO: check if the session is related to a public share
//\OCP\JSON::checkLoggedIn();
\OCP\JSON::checkAppEnabled('documents'); \OCP\JSON::checkAppEnabled('documents');
// session_write_close(); // session_write_close();

41
ajax/sessionController.php
View File

@ -14,34 +14,23 @@ namespace OCA\Documents;
class SessionController extends Controller{ class SessionController extends Controller{
public static function join($args){ public static function joinAsGuest($args){
$uid = self::preDispatchGuest();
$token = @$args['token'];
$file = File::getByShareToken($token);
self::join($uid, $file);
}
public static function joinAsUser($args){
$uid = self::preDispatch(); $uid = self::preDispatch();
$fileId = intval(@$args['file_id']); $fileId = intval(@$args['file_id']);
$file = new File($fileId);
self::join($uid, $file);
}
protected static function join($uid, $file){
try{ try{
$file = new File($fileId); $session = Session::start($uid, $file);
list($ownerView, $path) = $file->getOwnerViewAndPath();
$session = Session::getSessionByFileId($fileId);
//If there is no existing session we need to start a new one
if (!$session || empty($session)){
$genesisPath = $ownerView->storeDocument($ownerView, $path);
if (!$genesisPath){
throw new \Exception('Unable to copy document. Check permissions and make sure you have enought free space.');
}
$hash = $ownerView->getHashByGenesis($genesisPath);
$session = Session::add(
$genesisPath,
$hash,
$file->getOwner(),
$fileId
);
}
$session['permissions'] = $ownerView->getFilePermissions($path);
$session['member_id'] = (string) Member::add($session['es_id'], $uid, Helper::getRandomColor());
\OCP\JSON::success($session); \OCP\JSON::success($session);
exit(); exit();
} catch (\Exception $e){ } catch (\Exception $e){
@ -51,7 +40,7 @@ class SessionController extends Controller{
} }
} }
/** /**
* Store the document content to its origin * Store the document content to its origin
*/ */
public static function save(){ public static function save(){

1
ajax/userController.php
View File

@ -46,5 +46,4 @@ class UserController extends Controller{
echo $image->show(); echo $image->show();
} }
} }

16
appinfo/routes.php
View File

@ -57,13 +57,21 @@ $this->create('documents_session_listhtml', 'ajax/session/listHtml')
->action('\OCA\Documents\SessionController', 'listAllHtml') ->action('\OCA\Documents\SessionController', 'listAllHtml')
; ;
$this->create('documents_session_join', 'ajax/session/join/{file_id}') $this->create('documents_session_joinasuser', 'ajax/session/joinasuser/{file_id}')
->get() ->get()
->action('\OCA\Documents\SessionController', 'join') ->action('\OCA\Documents\SessionController', 'joinAsUser')
; ;
$this->create('documents_session_join', 'ajax/session/join/{file_id}') $this->create('documents_session_joinasuser', 'ajax/session/joinasuser/{file_id}')
->post() ->post()
->action('\OCA\Documents\SessionController', 'join') ->action('\OCA\Documents\SessionController', 'joinAsUser')
;
$this->create('documents_session_joinasguest', 'ajax/session/joinasguest/{token}')
->get()
->action('\OCA\Documents\SessionController', 'joinAsGuest')
;
$this->create('documents_session_joinasguest', 'ajax/session/joinasguest/{token}')
->post()
->action('\OCA\Documents\SessionController', 'joinAsGuest')
; ;
$this->create('documents_session_save', 'ajax/session/save') $this->create('documents_session_save', 'ajax/session/save')

31
js/documents.js
View File

@ -5,6 +5,7 @@ var documentsMain = {
_members: [], _members: [],
isEditormode : false, isEditormode : false,
useUnstable : false, useUnstable : false,
isGuest : false,
UI : { UI : {
/* Overlay HTML */ /* Overlay HTML */
@ -89,10 +90,14 @@ var documentsMain = {
"use strict"; "use strict";
documentsMain.UI.init(); documentsMain.UI.init();
// Does anything indicate that we need to autostart a session? if (!OC.currentUser){
var fileId = parent.location.hash.replace(/\W*/g, '') documentsMain.isGuest = true;
|| $("[name='document']").val() var fileId = $("[name='document']").val();
; } else {
// Does anything indicate that we need to autostart a session?
var fileId = parent.location.hash.replace(/\W*/g, '');
}
if ($("[name='document']").val()){ if ($("[name='document']").val()){
// !Login page mess wih WebODF toolbars // !Login page mess wih WebODF toolbars
@ -138,7 +143,6 @@ var documentsMain = {
initSession: function(response) { initSession: function(response) {
"use strict"; "use strict";
if (!response || !response.es_id || !response.status || response.status==='error'){ if (!response || !response.es_id || !response.status || response.status==='error'){
OC.Notification.show(t('documents', 'Failed to load this document. Please check if it can be opened with an external odt editor. This might also mean it has been unshared or deleted recently.')); OC.Notification.show(t('documents', 'Failed to load this document. Please check if it can be opened with an external odt editor. This might also mean it has been unshared or deleted recently.'));
documentsMain.prepareGrid(); documentsMain.prepareGrid();
@ -175,9 +179,15 @@ var documentsMain = {
joinSession: function(fileId) { joinSession: function(fileId) {
console.log('joining session '+fileId); console.log('joining session '+fileId);
var url;
if (documentsMain.isGuest){
url = OC.Router.generate('documents_session_joinasguest') + '/' + fileId
} else {
url = OC.Router.generate('documents_session_joinasuser') + '/' + fileId
}
$.post( $.post(
OC.Router.generate('documents_session_join') + '/' + fileId, url,
{}, { },
documentsMain.initSession documentsMain.initSession
); );
}, },
@ -230,7 +240,12 @@ var documentsMain = {
// successfull shutdown - all is good. // successfull shutdown - all is good.
// TODO: proper session leaving call to server, either by webodfServerInstance or custom // TODO: proper session leaving call to server, either by webodfServerInstance or custom
// documentsMain.webodfServerInstance.leaveSession(sessionId, memberId, function() { // documentsMain.webodfServerInstance.leaveSession(sessionId, memberId, function() {
if (documentsMain.isGuest){
$(document.body).attr('id', 'body-login');
$('header,footer').show();
}
documentsMain.webodfEditorInstance.destroy(documentsMain.UI.hideEditor); documentsMain.webodfEditorInstance.destroy(documentsMain.UI.hideEditor);
// }); // });
}); });
}, },
@ -240,7 +255,7 @@ var documentsMain = {
}, },
show: function(){ show: function(){
if (!OC.currentUser){ if (documentsMain.isGuest){
return; return;
} }

107
lib/file.php
View File

@ -25,6 +25,8 @@ namespace OCA\Documents;
class File { class File {
protected $fileId; protected $fileId;
protected $owner;
protected $path;
public function __construct($fileId){ public function __construct($fileId){
if (!$fileId){ if (!$fileId){
@ -34,38 +36,68 @@ class File {
$this->fileId = $fileId; $this->fileId = $fileId;
} }
public static function getByShareToken($token){
$linkItem = \OCP\Share::getShareByToken($token);
if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
// seems to be a valid share
$rootLinkItem = \OCP\Share::resolveReShare($linkItem);
$fileOwner = $rootLinkItem['uid_owner'];
} else {
throw new \Exception('This file was probably unshared');
}
$file = new File($rootLinkItem['file_source']);
$file->setOwner($rootLinkItem['uid_owner']);
$file->setPath('/files' . $rootLinkItem['file_target']);
return $file;
}
public function getFileId(){
return $this->fileId;
}
public function setOwner($owner){
$this->owner = $owner;
}
public function setPath($path){
$this->path = $path;
}
/** /**
* *
* @return string owner of the current file item * @return string owner of the current file item
* @throws \Exception * @throws \Exception
*/ */
public function getOwnerViewAndPath(){ public function getOwnerViewAndPath(){
$fileInfo = \OC\Files\Cache\Cache::getById($this->fileId); if (!$this->owner || !$this->path){
$fileInfo = \OC\Files\Cache\Cache::getById($this->fileId);
//is it shared //is it shared
$sharedInfo = \OCP\Share::getItemSharedWithBySource( $sharedInfo = $this->getSharedBySource();
'file',
$this->fileId,
\OCP\Share::FORMAT_NONE,
null,
true
);
if (is_array($sharedInfo)){ if (is_array($sharedInfo)){
$owner = $sharedInfo['uid_owner']; $owner = $sharedInfo['uid_owner'];
$path = $sharedInfo['path']; $path = $sharedInfo['path'];
} else {
// owner is myself
$owner = \OCP\User::getUser();
$path = @$fileInfo[1];
}
if (!$path){
throw new \Exception($this->fileId . ' can not be resolved');
}
$view = new View('/' . $owner);
$this->owner = $owner;
} else { } else {
// owner is myself $view = new View('/' . $this->owner);
$owner = \OCP\User::getUser(); $path = $this->path;
$path = @$fileInfo[1];
} }
if (!$path){
throw new \Exception($this->fileId . ' can not be resolved');
}
$view = new View('/' . $owner);
if (!$view->file_exists($path)){ if (!$view->file_exists($path)){
throw new \Exception($path . ' doesn\'t exist'); throw new \Exception($path . ' doesn\'t exist');
} }
@ -74,25 +106,34 @@ class File {
} }
public function getOwner(){ public function getOwner(){
$fileInfo = \OC\Files\Cache\Cache::getById($this->fileId); if (!$this->owner){
//is it shared $fileInfo = \OC\Files\Cache\Cache::getById($this->fileId);
$sharedInfo = \OCP\Share::getItemSharedWithBySource(
//is it shared
$sharedInfo = $this->getSharedBySource();
if (!is_array($sharedInfo)){
$sharedInfo = $this->getSharedByLink();
}
if (is_array($sharedInfo)){
$this->owner = $sharedInfo['uid_owner'];
} else {
// owner is myself
$this->owner = \OCP\User::getUser();
}
}
return $this->owner;
}
protected function getSharedBySource(){
return \OCP\Share::getItemSharedWithBySource(
'file', 'file',
$this->fileId, $this->fileId,
\OCP\Share::FORMAT_NONE, \OCP\Share::FORMAT_NONE,
null, null,
true true
); );
if (is_array($sharedInfo)){
$owner = $sharedInfo['uid_owner'];
} else {
// owner is myself
$owner = \OCP\User::getUser();
}
return $owner;
} }
} }

4
lib/member.php
View File

@ -21,14 +21,14 @@ class Member extends Db{
const MEMBER_STATUS_ACTIVE = 1; const MEMBER_STATUS_ACTIVE = 1;
const MEMBER_STATUS_INACTIVE = 2; const MEMBER_STATUS_INACTIVE = 2;
public static function add($esId, $displayname, $color){ public static function add($esId, $uid, $color){
$query = \OCP\DB::prepare(' $query = \OCP\DB::prepare('
INSERT INTO ' . self::DB_TABLE . ' (`es_id`, `uid`, `color`, `last_activity`) INSERT INTO ' . self::DB_TABLE . ' (`es_id`, `uid`, `color`, `last_activity`)
VALUES (?, ?, ?, ?) VALUES (?, ?, ?, ?)
'); ');
$query->execute(array( $query->execute(array(
$esId, $esId,
\OCP\User::getUser(), $uid,
$color, $color,
time() time()
)); ));

55
lib/session.php
View File

@ -1,4 +1,5 @@
<?php <?php
/** /**
* ownCloud - Documents App * ownCloud - Documents App
* *
@ -11,9 +12,35 @@
namespace OCA\Documents; namespace OCA\Documents;
class Session extends Db{ class Session extends Db {
const DB_TABLE = '`*PREFIX*documents_session`'; const DB_TABLE = '`*PREFIX*documents_session`';
public static function start($uid, File $file){
list($ownerView, $path) = $file->getOwnerViewAndPath();
$session = Session::getSessionByFileId( $file->getFileId() );
//If there is no existing session we need to start a new one
if (!$session || empty($session)){
$genesisPath = $ownerView->storeDocument($ownerView, $path);
if (!$genesisPath){
throw new \Exception('Unable to copy document. Check permissions and make sure you have enought free space.');
}
$hash = $ownerView->getHashByGenesis($genesisPath);
$session = Session::add(
$genesisPath, $hash, $file->getOwner(), $file->getFileId()
);
}
$session['permissions'] = $ownerView->getFilePermissions($path);
$session['member_id'] = (string) Member::add($session['es_id'], $uid, Helper::getRandomColor());
return $session;
}
public static function add($genesis, $hash, $owner, $fileId){ public static function add($genesis, $hash, $owner, $fileId){
$query = \OCP\DB::prepare(' $query = \OCP\DB::prepare('
INSERT INTO ' . self::DB_TABLE . ' (`es_id`, `genesis_url`, `genesis_hash`, `owner`, `file_id`) INSERT INTO ' . self::DB_TABLE . ' (`es_id`, `genesis_url`, `genesis_hash`, `owner`, `file_id`)
@ -54,15 +81,15 @@ class Session extends Db{
SELECT `s`.*, COUNT(`m`.`member_id`) AS `users` SELECT `s`.*, COUNT(`m`.`member_id`) AS `users`
FROM ' . self::DB_TABLE . ' AS `s` FROM ' . self::DB_TABLE . ' AS `s`
LEFT JOIN `*PREFIX*documents_member` AS `m` ON `s`.`es_id`=`m`.`es_id` LEFT JOIN `*PREFIX*documents_member` AS `m` ON `s`.`es_id`=`m`.`es_id`
AND `m`.`status`='. Member::MEMBER_STATUS_ACTIVE .' AND `m`.`status`=' . Member::MEMBER_STATUS_ACTIVE . '
AND `m`.`uid` != ? AND `m`.`uid` != ?
WHERE `s`.`es_id` = ? WHERE `s`.`es_id` = ?
GROUP BY `m`.`es_id` GROUP BY `m`.`es_id`
'); ');
$result = $query->execute( $result = $query->execute(
array( array(
\OCP\User::getUser(), \OCP\User::getUser(),
$esId $esId
) )
); );
@ -75,11 +102,11 @@ class Session extends Db{
public static function getSessionByFileId($fileId){ public static function getSessionByFileId($fileId){
$sessions = self::getSessionsByFileIds(array($fileId)); $sessions = self::getSessionsByFileIds(array($fileId));
if (count($sessions) > 1) { if (count($sessions) > 1){
Helper::errorLog('documents','more than one session found for file id ' . $fileId); Helper::errorLog('documents', 'more than one session found for file id ' . $fileId);
} }
if (count($sessions)) { if (count($sessions)){
return $sessions[0]; return $sessions[0];
} }
@ -92,7 +119,7 @@ class Session extends Db{
} }
$stmt = self::buildPlaceholders($fileIds); $stmt = self::buildPlaceholders($fileIds);
$query = \OCP\DB::prepare('SELECT * FROM ' . self::DB_TABLE . ' WHERE `file_id` IN (' . $stmt .')'); $query = \OCP\DB::prepare('SELECT * FROM ' . self::DB_TABLE . ' WHERE `file_id` IN (' . $stmt . ')');
$result = $query->execute($fileIds); $result = $query->execute($fileIds);
$sessions = $result->fetchAll(); $sessions = $result->fetchAll();
if (!is_array($sessions)){ if (!is_array($sessions)){
@ -115,8 +142,8 @@ class Session extends Db{
SELECT `s`.*, COUNT(`m`.`member_id`) AS `users` SELECT `s`.*, COUNT(`m`.`member_id`) AS `users`
FROM ' . self::DB_TABLE . ' AS `s` FROM ' . self::DB_TABLE . ' AS `s`
LEFT JOIN `*PREFIX*documents_member` AS `m` ON `s`.`es_id`=`m`.`es_id` LEFT JOIN `*PREFIX*documents_member` AS `m` ON `s`.`es_id`=`m`.`es_id`
AND `m`.`status`='. Member::MEMBER_STATUS_ACTIVE .' AND `m`.`status`=' . Member::MEMBER_STATUS_ACTIVE . '
WHERE `s`.`file_id` IN (' . $stmt .') WHERE `s`.`file_id` IN (' . $stmt . ')
GROUP BY `m`.`es_id` GROUP BY `m`.`es_id`
'); ');
$result = $query->execute($fileIds); $result = $query->execute($fileIds);
@ -140,15 +167,15 @@ class Session extends Db{
} }
protected static function getUniqueSessionId(){ protected static function getUniqueSessionId(){
do { do{
// this prevents branching for stable5 for now: // this prevents branching for stable5 for now:
// OC_Util::generate_random_bytes was camelCased // OC_Util::generate_random_bytes was camelCased
if (method_exists('\OC_Util', 'generate_random_bytes')) { if (method_exists('\OC_Util', 'generate_random_bytes')){
$id = \OC_Util::generate_random_bytes(30); $id = \OC_Util::generate_random_bytes(30);
} else { } else {
$id = \OC_Util::generateRandomBytes(30); $id = \OC_Util::generateRandomBytes(30);
} }
} while (self::getSession($id)); }while (self::getSession($id));
return $id; return $id;
} }

2
public.php
View File

@ -38,7 +38,7 @@ if (isset($fileOwner)) {
\OCP\Util::addStyle( 'documents', '3rdparty/webodf/dojo-app'); \OCP\Util::addStyle( 'documents', '3rdparty/webodf/dojo-app');
\OCP\Util::addStyle( 'documents', '3rdparty/webodf/editor' ); \OCP\Util::addStyle( 'documents', '3rdparty/webodf/editor' );
\OCP\Util::addScript('documents', 'documents'); \OCP\Util::addScript('documents', 'documents');
$tmpl->assign('document', $rootLinkItem['file_source']); $tmpl->assign('document', $token);
} else { } else {
// TODO: show nice 404 page // TODO: show nice 404 page
} }