mbk-lab
/
wide
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix file permission bug

This commit is contained in:
Liang Ding 2015-07-23 16:31:37 +08:00
parent 5dff1fd490
commit 95cdebcc09
8 changed files with 48 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
editor/formatter.go
View File

@ -54,7 +54,8 @@ func GoFmtHandler(w http.ResponseWriter, r *http.Request) {
filePath := args["file"].(string)
if util.Go.IsAPI(filePath) {
// ignore it
data["succ"] = false
return
}

41
file/files.go
View File

@ -101,7 +101,7 @@ func GetFilesHandler(w http.ResponseWriter, r *http.Request) {
workspaceNode := Node{
Id: filepath.ToSlash(workspacePath), // jQuery API can't accept "\", so we convert it to "/"
Name: workspace[strings.LastIndex(workspace, conf.PathSeparator)+1:],
Path: workspacePath,
Path: filepath.ToSlash(workspacePath),
IconSkin: "ico-ztree-dir-workspace ",
Type: "d",
Creatable: true,
@ -134,7 +134,7 @@ func RefreshDirectoryHandler(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
path := r.FormValue("path")
if !authWorkspace(username, path) {
if !util.Go.IsAPI(path) && !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
@ -178,7 +178,7 @@ func GetFileHandler(w http.ResponseWriter, r *http.Request) {
path := args["path"].(string)
if !authWorkspace(username, path) {
if !util.Go.IsAPI(path) && !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
@ -252,7 +252,7 @@ func SaveFileHandler(w http.ResponseWriter, r *http.Request) {
filePath := args["file"].(string)
sid := args["sid"].(string)
if !authWorkspace(username, filePath) {
if util.Go.IsAPI(filePath) || !session.CanAccess(username, filePath) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
@ -307,7 +307,7 @@ func NewFileHandler(w http.ResponseWriter, r *http.Request) {
path := args["path"].(string)
if !authWorkspace(username, path) {
if util.Go.IsAPI(path) || !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
@ -358,7 +358,8 @@ func RemoveFileHandler(w http.ResponseWriter, r *http.Request) {
}
path := args["path"].(string)
if !authWorkspace(username, path) {
if util.Go.IsAPI(path) || !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
@ -403,14 +404,15 @@ func RenameFileHandler(w http.ResponseWriter, r *http.Request) {
}
oldPath := args["oldPath"].(string)
if !authWorkspace(username, oldPath) {
if util.Go.IsAPI(oldPath) ||
!session.CanAccess(username, oldPath) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
newPath := args["newPath"].(string)
if !authWorkspace(username, newPath) {
if util.Go.IsAPI(newPath) || !session.CanAccess(username, newPath) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
@ -466,7 +468,7 @@ func FindHandler(w http.ResponseWriter, r *http.Request) {
}
path := args["path"].(string) // path of selected file in file tree
if !authWorkspace(username, path) {
if !util.Go.IsAPI(path) && !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
@ -561,7 +563,7 @@ func walk(path string, node *Node, creatable, removable, isGOAPI bool) {
child := Node{
Id: filepath.ToSlash(fpath), // jQuery API can't accept "\", so we convert it to "/"
Name: filename,
Path: fpath,
Path: filepath.ToSlash(fpath),
Removable: removable,
IsGoAPI: isGOAPI,
Children: []*Node{}}
@ -844,22 +846,3 @@ func searchInFile(path string, text string) []*Snippet {
return ret
}
func authWorkspace(username, path string) bool {
path = filepath.FromSlash(path)
if strings.HasPrefix(path, util.Go.GetAPIPath()) {
return true
}
userWorkspace := conf.GetUserWorkspace(username)
workspaces := filepath.SplitList(userWorkspace)
for _, workspace := range workspaces {
if strings.HasPrefix(path, workspace) {
return true
}
}
return false
}

7
output/build.go
View File

@ -59,6 +59,13 @@ func BuildHandler(w http.ResponseWriter, r *http.Request) {
sid := args["sid"].(string)
filePath := args["file"].(string)
if util.Go.IsAPI(filePath) || !session.CanAccess(username, filePath) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
curDir := filepath.Dir(filePath)
fout, err := os.Create(filePath)

16
session/users.go
View File

@ -305,6 +305,22 @@ func FixedTimeSave() {
}()
}
// CanAccess determines whether the user specified by the given username can access the specified path.
func CanAccess(username, path string) bool {
path = filepath.FromSlash(path)
userWorkspace := conf.GetUserWorkspace(username)
workspaces := filepath.SplitList(userWorkspace)
for _, workspace := range workspaces {
if strings.HasPrefix(path, workspace) {
return true
}
}
return false
}
func getOnlineUsers() []*conf.User {
ret := []*conf.User{}

6
static/js/editors.js
View File

@ -335,6 +335,7 @@ var editors = {
},
_initCodeMirrorHotKeys: function () {
CodeMirror.registerHelper("hint", "go", function (editor) {
editor = wide.curEditor; // 使用当前编辑器覆盖实参,因为异步调用的原因,实参不一定正确
var word = /[\w$]+/;
var cur = editor.getCursor(), curLine = editor.getLine(cur.line);
@ -415,7 +416,7 @@ var editors = {
}
editor.doc.markClean();
$(".edit-panel .tabs > div.current > span").removeClass("changed");
$(".edit-panel .tabs .current > span:eq(0)").removeClass("changed");
}
});
@ -756,7 +757,7 @@ var editors = {
// 新建一个编辑器 Tab如果已经存在 Tab 则切换到该 Tab.
newEditor: function (data, cursor) {
var id = wide.curNode.id;
editors.tabs.add({
id: id,
title: '<span title="' + wide.curNode.path + '"><span class="'
@ -786,6 +787,7 @@ var editors = {
foldGutter: true,
cursorHeight: 1,
path: data.path,
readOnly: wide.curNode.isGOAPI,
profile: 'xhtml', // define Emmet output profile
extraKeys: {
"Ctrl-\\": "autocompleteAnyWord",

9
static/js/tree.js
View File

@ -398,7 +398,7 @@ var tree = {
var mode = CodeMirror.findModeByFileName(treeNode.path);
data.mode = mode.mime;
}
if (!data.mode) {
console.error("Can't find mode by file name [" + treeNode.path + "]");
}
@ -412,7 +412,7 @@ var tree = {
if (!tempCursor) {
tempCursor = CodeMirror.Pos(0, 0);
}
editors.newEditor(data, tempCursor);
wide.refreshOutline();
@ -499,10 +499,7 @@ var tree = {
request = newWideRequest();
request.oldPath = wide.curNode.path;
request.newPath = wide.curNode.path.substring(0,
wide.curNode.path.lastIndexOf(config.pathSeparator))
+ config.pathSeparator + name;
request.newPath = wide.curNode.path.substring(0, wide.curNode.path.lastIndexOf("/")) + name;
$.ajax({
type: 'POST',

6
static/js/wide.js
View File

@ -164,7 +164,7 @@ var wide = {
var request = newWideRequest(),
name = $("#dialogNewFilePrompt > input").val();
request.path = wide.curNode.path + config.pathSeparator + name;
request.path = wide.curNode.path + "/" + name;
request.fileType = "f";
$.ajax({
@ -214,7 +214,7 @@ var wide = {
var name = $("#dialogNewDirPrompt > input").val(),
request = newWideRequest();
request.path = wide.curNode.path + config.pathSeparator + name;
request.path = wide.curNode.path + "/" + name;
request.fileType = "d";
$.ajax({
@ -300,7 +300,7 @@ var wide = {
var goFileHTML = '';
for (var i = 0, max = data.founds.length; i < max; i++) {
var path = data.founds[i].path,
name = path.substr(path.lastIndexOf(config.pathSeparator) + 1),
name = path.substr(path.lastIndexOf("/") + 1),
icoSkin = wide.getClassBySuffix(name.split(".")[1]);
if (i === 0) {
goFileHTML += '<li data-index="' + i + '" class="selected" title="'

2
util/go.go
View File

@ -50,7 +50,7 @@ func (*mygo) GetAPIPath() string {
func (*mygo) IsAPI(path string) bool {
apiPath := Go.GetAPIPath()
return strings.HasPrefix(path, apiPath)
return strings.HasPrefix(filepath.FromSlash(path), apiPath)
}
// GetGoFormats gets Go format tools. It may return ["gofmt", "goimports"].