Overview
Comment:Fix call to checkSkeletonWriteAccess
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | templates
Files: files | file ages | folders
SHA3-256: 363a2ae0abbc15dfb319e650cc661dbaa2877b01962a8139c4231e443386a8e7
User & Date: bohwaz on 2022-08-08 01:24:05
Other Links: branch diff | manifest | tags
Context
2022-08-08
01:24
Use css.php for document preview check-in: 8e6f365a1f user: bohwaz tags: templates
01:24
Fix call to checkSkeletonWriteAccess check-in: 363a2ae0ab user: bohwaz tags: templates
01:23
Make UserException a RuntimeException if happening during upgrade check-in: 52f7fac86d user: bohwaz tags: templates
Changes

Modified src/include/lib/Garradin/Entities/Files/File.php from [06a4ee4a96] to [45bc2b7e11].

228
229
230
231
232
233
234
235


236




237
238
239
240
241
242
243
	 * @return bool
	 */
	public function rename(string $new_path): bool
	{
		self::validatePath($new_path);
		self::validateFileName(Utils::basename($new_path));

		if ($new_path == $this->path || 0 === strpos($new_path . '/', $this->path . '/')) {


			throw new UserException('Impossible de renommer ou déplacer un fichier vers lui-même');




		}

		self::ensureDirectoryExists(Utils::dirname($new_path));
		$return = Files::callStorage('move', $this, $new_path);

		Plugin::fireSignal('files.move', ['file' => $this, 'new_path' => $new_path]);








|
>
>
|
>
>
>
>







228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
	 * @return bool
	 */
	public function rename(string $new_path): bool
	{
		self::validatePath($new_path);
		self::validateFileName(Utils::basename($new_path));

		if ($new_path == $this->path) {
			throw new UserException(sprintf('Impossible de renommer "%s" lui-même', $this->path));
		}

		if (0 === strpos($new_path . '/', $this->path . '/')) {
			if ($this->type != self::TYPE_DIRECTORY) {
				throw new UserException(sprintf('Impossible de renommer "%s" vers "%s"', $this->path, $new_path));
			}
		}

		self::ensureDirectoryExists(Utils::dirname($new_path));
		$return = Files::callStorage('move', $this, $new_path);

		Plugin::fireSignal('files.move', ['file' => $this, 'new_path' => $new_path]);

865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
		else if ($context == self::CONTEXT_DOCUMENTS && $session->canAccess($session::SECTION_DOCUMENTS, $session::ACCESS_READ)) {
			return true;
		}

		return false;
	}

	public function checkSkeletonWriteAccess(?Session $session): bool
	{
		if (strpos($this->path, self::CONTEXT_SKELETON . '/web') === 0) {
			return $session->canAccess($session::SECTION_WEB, $session::ACCESS_ADMIN);
		}

		return $session->canAccess($session::SECTION_CONFIG, $session::ACCESS_ADMIN);
	}

	public function checkWriteAccess(?Session $session): bool







|

|







871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
		else if ($context == self::CONTEXT_DOCUMENTS && $session->canAccess($session::SECTION_DOCUMENTS, $session::ACCESS_READ)) {
			return true;
		}

		return false;
	}

	static public function checkSkeletonWriteAccess(string $path, ?Session $session): bool
	{
		if (strpos($path, self::CONTEXT_SKELETON . '/web') === 0) {
			return $session->canAccess($session::SECTION_WEB, $session::ACCESS_ADMIN);
		}

		return $session->canAccess($session::SECTION_CONFIG, $session::ACCESS_ADMIN);
	}

	public function checkWriteAccess(?Session $session): bool
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
				// Only managers can change files
				return $session->canAccess($session::SECTION_DOCUMENTS, $session::ACCESS_WRITE);
			case self::CONTEXT_CONFIG:
				return $session->canAccess($session::SECTION_CONFIG, $session::ACCESS_ADMIN);
			case self::CONTEXT_TRANSACTION:
				return $session->canAccess($session::SECTION_ACCOUNTING, $session::ACCESS_WRITE);
			case self::CONTEXT_SKELETON:
				return $this->checkSkeletonWriteAccess($session);
			case self::CONTEXT_USER:
				return $session->canAccess($session::SECTION_USERS, $session::ACCESS_WRITE);
		}

		return false;
	}

	public function checkDeleteAccess(?Session $session): bool
	{
		if (null === $session) {
			return false;
		}

		switch ($this->context()) {
			case self::CONTEXT_WEB:
				return $session->canAccess($session::SECTION_WEB, $session::ACCESS_WRITE);
			case self::CONTEXT_SKELETON:
				return $this->checkSkeletonWriteAccess($session);
			case self::CONTEXT_DOCUMENTS:
				// Only admins can delete files
				return $session->canAccess($session::SECTION_DOCUMENTS, $session::ACCESS_ADMIN);
			case self::CONTEXT_CONFIG:
				return $session->canAccess($session::SECTION_CONFIG, $session::ACCESS_ADMIN);
			case self::CONTEXT_TRANSACTION:
				return $session->canAccess($session::SECTION_ACCOUNTING, $session::ACCESS_ADMIN);







|

















|







897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
				// Only managers can change files
				return $session->canAccess($session::SECTION_DOCUMENTS, $session::ACCESS_WRITE);
			case self::CONTEXT_CONFIG:
				return $session->canAccess($session::SECTION_CONFIG, $session::ACCESS_ADMIN);
			case self::CONTEXT_TRANSACTION:
				return $session->canAccess($session::SECTION_ACCOUNTING, $session::ACCESS_WRITE);
			case self::CONTEXT_SKELETON:
				return self::checkSkeletonWriteAccess($this->path, $session);
			case self::CONTEXT_USER:
				return $session->canAccess($session::SECTION_USERS, $session::ACCESS_WRITE);
		}

		return false;
	}

	public function checkDeleteAccess(?Session $session): bool
	{
		if (null === $session) {
			return false;
		}

		switch ($this->context()) {
			case self::CONTEXT_WEB:
				return $session->canAccess($session::SECTION_WEB, $session::ACCESS_WRITE);
			case self::CONTEXT_SKELETON:
				return self::checkSkeletonWriteAccess($this->path, $session);
			case self::CONTEXT_DOCUMENTS:
				// Only admins can delete files
				return $session->canAccess($session::SECTION_DOCUMENTS, $session::ACCESS_ADMIN);
			case self::CONTEXT_CONFIG:
				return $session->canAccess($session::SECTION_CONFIG, $session::ACCESS_ADMIN);
			case self::CONTEXT_TRANSACTION:
				return $session->canAccess($session::SECTION_ACCOUNTING, $session::ACCESS_ADMIN);
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
			return false;
		}

		$context = strtok($path, '/');

		switch ($context) {
			case self::CONTEXT_SKELETON:
				return $this->checkSkeletonWriteAccess($session);
			case self::CONTEXT_WEB:
				return $session->canAccess($session::SECTION_WEB, $session::ACCESS_WRITE);
			case self::CONTEXT_DOCUMENTS:
				return $session->canAccess($session::SECTION_DOCUMENTS, $session::ACCESS_WRITE);
			case self::CONTEXT_CONFIG:
				return $session->canAccess($session::SECTION_CONFIG, $session::ACCESS_ADMIN);
			case self::CONTEXT_TRANSACTION:







|







940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
			return false;
		}

		$context = strtok($path, '/');

		switch ($context) {
			case self::CONTEXT_SKELETON:
				return self::checkSkeletonWriteAccess($path, $session);
			case self::CONTEXT_WEB:
				return $session->canAccess($session::SECTION_WEB, $session::ACCESS_WRITE);
			case self::CONTEXT_DOCUMENTS:
				return $session->canAccess($session::SECTION_DOCUMENTS, $session::ACCESS_WRITE);
			case self::CONTEXT_CONFIG:
				return $session->canAccess($session::SECTION_CONFIG, $session::ACCESS_ADMIN);
			case self::CONTEXT_TRANSACTION: