infopark_fiona7 0.71.0.3 → 0.71.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/fiona7/blobs_controller.rb +12 -1
- data/app/controllers/fiona7/default_scrivito_cms_controller.rb +0 -1
- data/lib/fiona7/access_permission_check.rb +50 -0
- data/lib/fiona7/engine.rb +2 -0
- data/lib/fiona7/fiona_connector_patches/basic_obj.rb +1 -0
- data/lib/fiona7/fiona_connector_patches/cms_accessible.rb +16 -0
- data/lib/fiona7/version.rb +1 -1
- metadata +3 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2943d8f71016c77e2923a62ebdc4c196046c7a12
|
|
4
|
+
data.tar.gz: 8cab80405cc8c406104dc1cf6f468ce63f8a3723
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 29ebb08d03e8b21b8b01abaabd831a538365670613f4c19983fb23762a375109f8aefcabca4e723d1486b1af650c113c1165937d99c16e859070891176a3d433
|
|
7
|
+
data.tar.gz: 2286addb1ac034a38e69678963fd40ea175a03d784be6a301b7944e105e1fdfce9c1d6fc0339d30546590c6d9976136ab1f3a52dc1f202fcc10bdfac7dde6ff8
|
|
@@ -1,9 +1,20 @@
|
|
|
1
1
|
module Fiona7
|
|
2
2
|
class BlobsController < ActionController::Base
|
|
3
|
-
|
|
4
3
|
include Fiona7::BinaryHandling::DeliveryMixin
|
|
4
|
+
include RailsConnector::CmsAccessible
|
|
5
|
+
|
|
6
|
+
before_filter :load_obj
|
|
7
|
+
before_filter :ensure_object_is_active
|
|
8
|
+
before_filter :ensure_object_is_permitted
|
|
5
9
|
|
|
6
10
|
protected
|
|
11
|
+
def load_obj
|
|
12
|
+
@obj = Fiona7::WriteObj.find(binary_id_from_params)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def render_obj_error(code, msg)
|
|
16
|
+
head code
|
|
17
|
+
end
|
|
7
18
|
|
|
8
19
|
def binary_id_from_params
|
|
9
20
|
params[:id]
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
module Fiona7
|
|
2
|
+
class AccessPermissionCheck
|
|
3
|
+
def initialize(obj, env, rc_user, reactor_user)
|
|
4
|
+
self.obj = obj
|
|
5
|
+
self.env = env
|
|
6
|
+
self.rc_user = rc_user
|
|
7
|
+
self.reactor_user = reactor_user
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def read_permitted?
|
|
11
|
+
if editing?
|
|
12
|
+
read_permission_check
|
|
13
|
+
else
|
|
14
|
+
live_permission_check
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
protected
|
|
19
|
+
attr_accessor :obj, :env, :rc_user, :reactor_user
|
|
20
|
+
|
|
21
|
+
def editing?
|
|
22
|
+
editing_context = self.env[Scrivito::EditingContextMiddleware::ENVKEY]
|
|
23
|
+
editing_context && editing_context.authenticated_editor? && selected_workspace_id(editing_context) == 'rtc'
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
# this is very quick!
|
|
27
|
+
def live_permission_check
|
|
28
|
+
self.obj.permitted_for_user?(self.rc_user)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# this is very slow!
|
|
32
|
+
def read_permission_check
|
|
33
|
+
if !self.reactor_user
|
|
34
|
+
false
|
|
35
|
+
else
|
|
36
|
+
self.reactor_user.superuser? ||
|
|
37
|
+
(self.obj.permissions.root & self.reactor_user.groups).any? ||
|
|
38
|
+
(self.obj.permissions.read & self.reactor_user.groups).any?
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
private
|
|
43
|
+
def selected_workspace_id(editing_context)
|
|
44
|
+
# NOTE: this does not require workspace lookup/load_obj
|
|
45
|
+
# and thus is potentially faster
|
|
46
|
+
editing_context.instance_variable_get(:@selected_workspace_id).to_s
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
end
|
|
50
|
+
end
|
data/lib/fiona7/engine.rb
CHANGED
|
@@ -36,6 +36,8 @@ require "fiona7/scrivito_patches/page_config"
|
|
|
36
36
|
require "fiona7/scrivito_patches/type_computer"
|
|
37
37
|
require "fiona7/scrivito_patches/workspace"
|
|
38
38
|
|
|
39
|
+
require "fiona7/fiona_connector_patches/cms_accessible"
|
|
40
|
+
|
|
39
41
|
require "fiona7/middleware/table_switching_middleware"
|
|
40
42
|
require "fiona7/middleware/server_detection_middleware"
|
|
41
43
|
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
require 'rails_connector/cms_accessible'
|
|
2
|
+
require 'fiona7/access_permission_check'
|
|
3
|
+
|
|
4
|
+
module RailsConnector
|
|
5
|
+
module CmsAccessible
|
|
6
|
+
# changed to check live and read permissions
|
|
7
|
+
def ensure_object_is_permitted
|
|
8
|
+
unless Fiona7::AccessPermissionCheck.new(@obj, request.env, current_user, rsession && rsession.user? && rsession.user).read_permitted?
|
|
9
|
+
@obj = nil
|
|
10
|
+
render_obj_error(403, "forbidden")
|
|
11
|
+
return false
|
|
12
|
+
end
|
|
13
|
+
return true
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
data/lib/fiona7/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: infopark_fiona7
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.71.0.
|
|
4
|
+
version: 0.71.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tomasz Przedmojski
|
|
@@ -166,6 +166,7 @@ files:
|
|
|
166
166
|
- config/locales/permissions.yml
|
|
167
167
|
- config/routes.rb
|
|
168
168
|
- infopark_fiona7.gemspec
|
|
169
|
+
- lib/fiona7/access_permission_check.rb
|
|
169
170
|
- lib/fiona7/assert.rb
|
|
170
171
|
- lib/fiona7/builder/batch_widget_writer.rb
|
|
171
172
|
- lib/fiona7/builder/obj_builder.rb
|
|
@@ -183,6 +184,7 @@ files:
|
|
|
183
184
|
- lib/fiona7/controllers/rest_api/workspace_controller.rb
|
|
184
185
|
- lib/fiona7/engine.rb
|
|
185
186
|
- lib/fiona7/fiona_connector_patches/basic_obj.rb
|
|
187
|
+
- lib/fiona7/fiona_connector_patches/cms_accessible.rb
|
|
186
188
|
- lib/fiona7/initializer.rb
|
|
187
189
|
- lib/fiona7/json/obj_decorator.rb
|
|
188
190
|
- lib/fiona7/json/reverse_obj_decorator.rb
|