277faae8a1
Conflicts: docs/gotcha.txt docs/previousVersion.sql docs/templates.txt lib/WebGUI.pm lib/WebGUI/Asset.pm lib/WebGUI/Asset/Event.pm lib/WebGUI/Asset/File.pm lib/WebGUI/Asset/MapPoint.pm lib/WebGUI/Asset/RichEdit.pm lib/WebGUI/Asset/Sku/Product.pm lib/WebGUI/Asset/Snippet.pm lib/WebGUI/Asset/Story.pm lib/WebGUI/Asset/Template.pm lib/WebGUI/Asset/Template/TemplateToolkit.pm lib/WebGUI/Asset/Wobject/Calendar.pm lib/WebGUI/Asset/Wobject/Carousel.pm lib/WebGUI/Asset/Wobject/Collaboration.pm lib/WebGUI/Asset/Wobject/Dashboard.pm lib/WebGUI/Asset/Wobject/DataForm.pm lib/WebGUI/Asset/Wobject/Folder.pm lib/WebGUI/Asset/Wobject/Map.pm lib/WebGUI/Asset/Wobject/Search.pm lib/WebGUI/Asset/Wobject/Shelf.pm lib/WebGUI/Asset/Wobject/StockData.pm lib/WebGUI/Asset/Wobject/StoryTopic.pm lib/WebGUI/Asset/Wobject/SyndicatedContent.pm lib/WebGUI/Asset/Wobject/Thingy.pm lib/WebGUI/Asset/Wobject/WeatherData.pm lib/WebGUI/AssetClipboard.pm lib/WebGUI/AssetCollateral/DataForm/Entry.pm lib/WebGUI/AssetExportHtml.pm lib/WebGUI/AssetLineage.pm lib/WebGUI/AssetMetaData.pm lib/WebGUI/AssetTrash.pm lib/WebGUI/AssetVersioning.pm lib/WebGUI/Auth.pm lib/WebGUI/Cache/CHI.pm lib/WebGUI/Content/AssetManager.pm lib/WebGUI/Fork/ProgressBar.pm lib/WebGUI/Form/JsonTable.pm lib/WebGUI/Form/TimeField.pm lib/WebGUI/Form/Zipcode.pm lib/WebGUI/Group.pm lib/WebGUI/International.pm lib/WebGUI/Macro/AssetProxy.pm lib/WebGUI/Macro/FileUrl.pm lib/WebGUI/Operation/SSO.pm lib/WebGUI/Operation/User.pm lib/WebGUI/Role/Asset/Subscribable.pm lib/WebGUI/Shop/Cart.pm lib/WebGUI/Shop/Transaction.pm lib/WebGUI/Shop/TransactionItem.pm lib/WebGUI/Test.pm lib/WebGUI/URL/Content.pm lib/WebGUI/URL/Uploads.pm lib/WebGUI/User.pm lib/WebGUI/Workflow/Activity/ExtendCalendarRecurrences.pm lib/WebGUI/Workflow/Activity/SendNewsletters.pm lib/WebGUI/i18n/English/Asset.pm lib/WebGUI/i18n/English/WebGUI.pm sbin/installClass.pl sbin/rebuildLineage.pl sbin/search.pl sbin/testEnvironment.pl t/Asset/Asset.t t/Asset/AssetClipboard.t t/Asset/AssetLineage.t t/Asset/AssetMetaData.t t/Asset/Event.t t/Asset/File.t t/Asset/File/Image.t t/Asset/Post/notification.t t/Asset/Sku.t t/Asset/Story.t t/Asset/Template.t t/Asset/Wobject/Collaboration/templateVariables.t t/Asset/Wobject/Collaboration/unarchiveAll.t t/Asset/Wobject/Shelf.t t/Auth.t t/Macro/EditableToggle.t t/Macro/FilePump.t t/Shop/Cart.t t/Shop/Transaction.t t/Storage.t t/User.t t/Workflow.t
81 lines
2.4 KiB
Perl
81 lines
2.4 KiB
Perl
package WebGUI::Middleware::WGAccess;
|
|
use strict;
|
|
use parent qw(Plack::Middleware);
|
|
use Path::Class::File;
|
|
use Scalar::Util;
|
|
use JSON ();
|
|
|
|
=head1 NAME
|
|
|
|
WebGUI::Middleware::WGAccess - control access to .wgaccess protected uploads
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This is PSGI middleware for WebGUI that delivers static files (uploads) with .wgaccess
|
|
awareness.
|
|
|
|
This middleware should really only be used in development, for production you want
|
|
to be serving static files with something a lot faster.
|
|
|
|
=head2 call ($env)
|
|
|
|
Interface subroutine to implement the privilege checks inside the WGaccess files.
|
|
|
|
=head3 $env
|
|
|
|
A Plack environment hash
|
|
|
|
=cut
|
|
|
|
sub call {
|
|
my $self = shift;
|
|
my $env = shift;
|
|
my $session = $env->{'webgui.session'};
|
|
if (! $session) {
|
|
my $logger = $env->{'psgix.logger'};
|
|
$logger && $logger->({ level => 'error', message => 'WebGUI session missing!'});
|
|
return [500, ['Content-Type' => 'text/plain'], 'Internal Server Error'];
|
|
}
|
|
|
|
my $r = $self->app->($env);
|
|
$self->response_cb($r, sub {
|
|
my ($status, $headers, $body) = @$r;
|
|
return
|
|
unless Scalar::Util::blessed($body) && $body->can('path');
|
|
|
|
my $file = Path::Class::File->new($body->path);
|
|
my $wgaccess = $file->dir->file('.wgaccess');
|
|
return
|
|
unless -e $wgaccess;
|
|
my $contents = $wgaccess->slurp;
|
|
my $privs;
|
|
if ($contents =~ /\A(\d+|[A-Za-z0-9_-]{22})\n(\d+|[A-Za-z0-9_-]{22})\n(\d+|[A-Za-z0-9_-]{22})/) {
|
|
$privs = {
|
|
users => [ $1 ],
|
|
groups => [ $2, $3 ],
|
|
assets => [],
|
|
};
|
|
}
|
|
else {
|
|
$privs = JSON->new->utf8->decode($contents);
|
|
}
|
|
|
|
return @$r = (403, [ 'Content-Type' => 'text/plain' ], [ 'Forbidden' ])
|
|
if $privs->{state} eq 'trash';
|
|
|
|
require WebGUI::Asset;
|
|
my $userId = $session->get('userId');
|
|
|
|
return
|
|
if grep { $_ eq '1' || $_ eq $userId } @{ $privs->{users} }
|
|
or grep { $_ eq '1' || $_ eq '7' } @{ $privs->{groups} }
|
|
or grep { $session->user->isInGroup($_) } @{ $privs->{groups} }
|
|
or grep { WebGUI::Asset->newById($session, $_)->canView } @{ $privs->{assets} }
|
|
;
|
|
|
|
# failed auto, change response into auth failure
|
|
@$r = (401, [ 'Content-Type' => 'text/plain' ], [ 'Authorization Required' ]);
|
|
});
|
|
}
|
|
|
|
1;
|