infopark_fiona7 0.71.0.3 → 0.71.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/fiona7/blobs_controller.rb +12 -1
- data/app/controllers/fiona7/default_scrivito_cms_controller.rb +0 -1
- data/lib/fiona7/access_permission_check.rb +50 -0
- data/lib/fiona7/engine.rb +2 -0
- data/lib/fiona7/fiona_connector_patches/basic_obj.rb +1 -0
- data/lib/fiona7/fiona_connector_patches/cms_accessible.rb +16 -0
- data/lib/fiona7/version.rb +1 -1
- metadata +3 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2943d8f71016c77e2923a62ebdc4c196046c7a12
|
4
|
+
data.tar.gz: 8cab80405cc8c406104dc1cf6f468ce63f8a3723
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 29ebb08d03e8b21b8b01abaabd831a538365670613f4c19983fb23762a375109f8aefcabca4e723d1486b1af650c113c1165937d99c16e859070891176a3d433
|
7
|
+
data.tar.gz: 2286addb1ac034a38e69678963fd40ea175a03d784be6a301b7944e105e1fdfce9c1d6fc0339d30546590c6d9976136ab1f3a52dc1f202fcc10bdfac7dde6ff8
|
@@ -1,9 +1,20 @@
|
|
1
1
|
module Fiona7
|
2
2
|
class BlobsController < ActionController::Base
|
3
|
-
|
4
3
|
include Fiona7::BinaryHandling::DeliveryMixin
|
4
|
+
include RailsConnector::CmsAccessible
|
5
|
+
|
6
|
+
before_filter :load_obj
|
7
|
+
before_filter :ensure_object_is_active
|
8
|
+
before_filter :ensure_object_is_permitted
|
5
9
|
|
6
10
|
protected
|
11
|
+
def load_obj
|
12
|
+
@obj = Fiona7::WriteObj.find(binary_id_from_params)
|
13
|
+
end
|
14
|
+
|
15
|
+
def render_obj_error(code, msg)
|
16
|
+
head code
|
17
|
+
end
|
7
18
|
|
8
19
|
def binary_id_from_params
|
9
20
|
params[:id]
|
@@ -0,0 +1,50 @@
|
|
1
|
+
module Fiona7
|
2
|
+
class AccessPermissionCheck
|
3
|
+
def initialize(obj, env, rc_user, reactor_user)
|
4
|
+
self.obj = obj
|
5
|
+
self.env = env
|
6
|
+
self.rc_user = rc_user
|
7
|
+
self.reactor_user = reactor_user
|
8
|
+
end
|
9
|
+
|
10
|
+
def read_permitted?
|
11
|
+
if editing?
|
12
|
+
read_permission_check
|
13
|
+
else
|
14
|
+
live_permission_check
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
protected
|
19
|
+
attr_accessor :obj, :env, :rc_user, :reactor_user
|
20
|
+
|
21
|
+
def editing?
|
22
|
+
editing_context = self.env[Scrivito::EditingContextMiddleware::ENVKEY]
|
23
|
+
editing_context && editing_context.authenticated_editor? && selected_workspace_id(editing_context) == 'rtc'
|
24
|
+
end
|
25
|
+
|
26
|
+
# this is very quick!
|
27
|
+
def live_permission_check
|
28
|
+
self.obj.permitted_for_user?(self.rc_user)
|
29
|
+
end
|
30
|
+
|
31
|
+
# this is very slow!
|
32
|
+
def read_permission_check
|
33
|
+
if !self.reactor_user
|
34
|
+
false
|
35
|
+
else
|
36
|
+
self.reactor_user.superuser? ||
|
37
|
+
(self.obj.permissions.root & self.reactor_user.groups).any? ||
|
38
|
+
(self.obj.permissions.read & self.reactor_user.groups).any?
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
private
|
43
|
+
def selected_workspace_id(editing_context)
|
44
|
+
# NOTE: this does not require workspace lookup/load_obj
|
45
|
+
# and thus is potentially faster
|
46
|
+
editing_context.instance_variable_get(:@selected_workspace_id).to_s
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
end
|
data/lib/fiona7/engine.rb
CHANGED
@@ -36,6 +36,8 @@ require "fiona7/scrivito_patches/page_config"
|
|
36
36
|
require "fiona7/scrivito_patches/type_computer"
|
37
37
|
require "fiona7/scrivito_patches/workspace"
|
38
38
|
|
39
|
+
require "fiona7/fiona_connector_patches/cms_accessible"
|
40
|
+
|
39
41
|
require "fiona7/middleware/table_switching_middleware"
|
40
42
|
require "fiona7/middleware/server_detection_middleware"
|
41
43
|
|
@@ -0,0 +1,16 @@
|
|
1
|
+
require 'rails_connector/cms_accessible'
|
2
|
+
require 'fiona7/access_permission_check'
|
3
|
+
|
4
|
+
module RailsConnector
|
5
|
+
module CmsAccessible
|
6
|
+
# changed to check live and read permissions
|
7
|
+
def ensure_object_is_permitted
|
8
|
+
unless Fiona7::AccessPermissionCheck.new(@obj, request.env, current_user, rsession && rsession.user? && rsession.user).read_permitted?
|
9
|
+
@obj = nil
|
10
|
+
render_obj_error(403, "forbidden")
|
11
|
+
return false
|
12
|
+
end
|
13
|
+
return true
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
data/lib/fiona7/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: infopark_fiona7
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.71.0.
|
4
|
+
version: 0.71.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tomasz Przedmojski
|
@@ -166,6 +166,7 @@ files:
|
|
166
166
|
- config/locales/permissions.yml
|
167
167
|
- config/routes.rb
|
168
168
|
- infopark_fiona7.gemspec
|
169
|
+
- lib/fiona7/access_permission_check.rb
|
169
170
|
- lib/fiona7/assert.rb
|
170
171
|
- lib/fiona7/builder/batch_widget_writer.rb
|
171
172
|
- lib/fiona7/builder/obj_builder.rb
|
@@ -183,6 +184,7 @@ files:
|
|
183
184
|
- lib/fiona7/controllers/rest_api/workspace_controller.rb
|
184
185
|
- lib/fiona7/engine.rb
|
185
186
|
- lib/fiona7/fiona_connector_patches/basic_obj.rb
|
187
|
+
- lib/fiona7/fiona_connector_patches/cms_accessible.rb
|
186
188
|
- lib/fiona7/initializer.rb
|
187
189
|
- lib/fiona7/json/obj_decorator.rb
|
188
190
|
- lib/fiona7/json/reverse_obj_decorator.rb
|