fix file permission bug

This commit is contained in:
Liang Ding 2015-07-23 16:31:37 +08:00
parent 5dff1fd490
commit 95cdebcc09
8 changed files with 48 additions and 42 deletions

View File

@ -54,7 +54,8 @@ func GoFmtHandler(w http.ResponseWriter, r *http.Request) {
filePath := args["file"].(string) filePath := args["file"].(string)
if util.Go.IsAPI(filePath) { if util.Go.IsAPI(filePath) {
// ignore it data["succ"] = false
return return
} }

View File

@ -101,7 +101,7 @@ func GetFilesHandler(w http.ResponseWriter, r *http.Request) {
workspaceNode := Node{ workspaceNode := Node{
Id: filepath.ToSlash(workspacePath), // jQuery API can't accept "\", so we convert it to "/" Id: filepath.ToSlash(workspacePath), // jQuery API can't accept "\", so we convert it to "/"
Name: workspace[strings.LastIndex(workspace, conf.PathSeparator)+1:], Name: workspace[strings.LastIndex(workspace, conf.PathSeparator)+1:],
Path: workspacePath, Path: filepath.ToSlash(workspacePath),
IconSkin: "ico-ztree-dir-workspace ", IconSkin: "ico-ztree-dir-workspace ",
Type: "d", Type: "d",
Creatable: true, Creatable: true,
@ -134,7 +134,7 @@ func RefreshDirectoryHandler(w http.ResponseWriter, r *http.Request) {
r.ParseForm() r.ParseForm()
path := r.FormValue("path") path := r.FormValue("path")
if !authWorkspace(username, path) { if !util.Go.IsAPI(path) && !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return return
@ -178,7 +178,7 @@ func GetFileHandler(w http.ResponseWriter, r *http.Request) {
path := args["path"].(string) path := args["path"].(string)
if !authWorkspace(username, path) { if !util.Go.IsAPI(path) && !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return return
@ -252,7 +252,7 @@ func SaveFileHandler(w http.ResponseWriter, r *http.Request) {
filePath := args["file"].(string) filePath := args["file"].(string)
sid := args["sid"].(string) sid := args["sid"].(string)
if !authWorkspace(username, filePath) { if util.Go.IsAPI(filePath) || !session.CanAccess(username, filePath) {
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return return
@ -307,7 +307,7 @@ func NewFileHandler(w http.ResponseWriter, r *http.Request) {
path := args["path"].(string) path := args["path"].(string)
if !authWorkspace(username, path) { if util.Go.IsAPI(path) || !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return return
@ -358,7 +358,8 @@ func RemoveFileHandler(w http.ResponseWriter, r *http.Request) {
} }
path := args["path"].(string) path := args["path"].(string)
if !authWorkspace(username, path) {
if util.Go.IsAPI(path) || !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return return
@ -403,14 +404,15 @@ func RenameFileHandler(w http.ResponseWriter, r *http.Request) {
} }
oldPath := args["oldPath"].(string) oldPath := args["oldPath"].(string)
if !authWorkspace(username, oldPath) { if util.Go.IsAPI(oldPath) ||
!session.CanAccess(username, oldPath) {
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return return
} }
newPath := args["newPath"].(string) newPath := args["newPath"].(string)
if !authWorkspace(username, newPath) { if util.Go.IsAPI(newPath) || !session.CanAccess(username, newPath) {
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return return
@ -466,7 +468,7 @@ func FindHandler(w http.ResponseWriter, r *http.Request) {
} }
path := args["path"].(string) // path of selected file in file tree path := args["path"].(string) // path of selected file in file tree
if !authWorkspace(username, path) { if !util.Go.IsAPI(path) && !session.CanAccess(username, path) {
http.Error(w, "Forbidden", http.StatusForbidden) http.Error(w, "Forbidden", http.StatusForbidden)
return return
@ -561,7 +563,7 @@ func walk(path string, node *Node, creatable, removable, isGOAPI bool) {
child := Node{ child := Node{
Id: filepath.ToSlash(fpath), // jQuery API can't accept "\", so we convert it to "/" Id: filepath.ToSlash(fpath), // jQuery API can't accept "\", so we convert it to "/"
Name: filename, Name: filename,
Path: fpath, Path: filepath.ToSlash(fpath),
Removable: removable, Removable: removable,
IsGoAPI: isGOAPI, IsGoAPI: isGOAPI,
Children: []*Node{}} Children: []*Node{}}
@ -844,22 +846,3 @@ func searchInFile(path string, text string) []*Snippet {
return ret return ret
} }
func authWorkspace(username, path string) bool {
path = filepath.FromSlash(path)
if strings.HasPrefix(path, util.Go.GetAPIPath()) {
return true
}
userWorkspace := conf.GetUserWorkspace(username)
workspaces := filepath.SplitList(userWorkspace)
for _, workspace := range workspaces {
if strings.HasPrefix(path, workspace) {
return true
}
}
return false
}

View File

@ -59,6 +59,13 @@ func BuildHandler(w http.ResponseWriter, r *http.Request) {
sid := args["sid"].(string) sid := args["sid"].(string)
filePath := args["file"].(string) filePath := args["file"].(string)
if util.Go.IsAPI(filePath) || !session.CanAccess(username, filePath) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
curDir := filepath.Dir(filePath) curDir := filepath.Dir(filePath)
fout, err := os.Create(filePath) fout, err := os.Create(filePath)

View File

@ -305,6 +305,22 @@ func FixedTimeSave() {
}() }()
} }
// CanAccess determines whether the user specified by the given username can access the specified path.
func CanAccess(username, path string) bool {
path = filepath.FromSlash(path)
userWorkspace := conf.GetUserWorkspace(username)
workspaces := filepath.SplitList(userWorkspace)
for _, workspace := range workspaces {
if strings.HasPrefix(path, workspace) {
return true
}
}
return false
}
func getOnlineUsers() []*conf.User { func getOnlineUsers() []*conf.User {
ret := []*conf.User{} ret := []*conf.User{}

View File

@ -335,6 +335,7 @@ var editors = {
}, },
_initCodeMirrorHotKeys: function () { _initCodeMirrorHotKeys: function () {
CodeMirror.registerHelper("hint", "go", function (editor) { CodeMirror.registerHelper("hint", "go", function (editor) {
editor = wide.curEditor; // 使用当前编辑器覆盖实参,因为异步调用的原因,实参不一定正确
var word = /[\w$]+/; var word = /[\w$]+/;
var cur = editor.getCursor(), curLine = editor.getLine(cur.line); var cur = editor.getCursor(), curLine = editor.getLine(cur.line);
@ -415,7 +416,7 @@ var editors = {
} }
editor.doc.markClean(); editor.doc.markClean();
$(".edit-panel .tabs > div.current > span").removeClass("changed"); $(".edit-panel .tabs .current > span:eq(0)").removeClass("changed");
} }
}); });
@ -786,6 +787,7 @@ var editors = {
foldGutter: true, foldGutter: true,
cursorHeight: 1, cursorHeight: 1,
path: data.path, path: data.path,
readOnly: wide.curNode.isGOAPI,
profile: 'xhtml', // define Emmet output profile profile: 'xhtml', // define Emmet output profile
extraKeys: { extraKeys: {
"Ctrl-\\": "autocompleteAnyWord", "Ctrl-\\": "autocompleteAnyWord",

View File

@ -499,10 +499,7 @@ var tree = {
request = newWideRequest(); request = newWideRequest();
request.oldPath = wide.curNode.path; request.oldPath = wide.curNode.path;
request.newPath = wide.curNode.path.substring(0, wide.curNode.path.lastIndexOf("/")) + name;
request.newPath = wide.curNode.path.substring(0,
wide.curNode.path.lastIndexOf(config.pathSeparator))
+ config.pathSeparator + name;
$.ajax({ $.ajax({
type: 'POST', type: 'POST',

View File

@ -164,7 +164,7 @@ var wide = {
var request = newWideRequest(), var request = newWideRequest(),
name = $("#dialogNewFilePrompt > input").val(); name = $("#dialogNewFilePrompt > input").val();
request.path = wide.curNode.path + config.pathSeparator + name; request.path = wide.curNode.path + "/" + name;
request.fileType = "f"; request.fileType = "f";
$.ajax({ $.ajax({
@ -214,7 +214,7 @@ var wide = {
var name = $("#dialogNewDirPrompt > input").val(), var name = $("#dialogNewDirPrompt > input").val(),
request = newWideRequest(); request = newWideRequest();
request.path = wide.curNode.path + config.pathSeparator + name; request.path = wide.curNode.path + "/" + name;
request.fileType = "d"; request.fileType = "d";
$.ajax({ $.ajax({
@ -300,7 +300,7 @@ var wide = {
var goFileHTML = ''; var goFileHTML = '';
for (var i = 0, max = data.founds.length; i < max; i++) { for (var i = 0, max = data.founds.length; i < max; i++) {
var path = data.founds[i].path, var path = data.founds[i].path,
name = path.substr(path.lastIndexOf(config.pathSeparator) + 1), name = path.substr(path.lastIndexOf("/") + 1),
icoSkin = wide.getClassBySuffix(name.split(".")[1]); icoSkin = wide.getClassBySuffix(name.split(".")[1]);
if (i === 0) { if (i === 0) {
goFileHTML += '<li data-index="' + i + '" class="selected" title="' goFileHTML += '<li data-index="' + i + '" class="selected" title="'

View File

@ -50,7 +50,7 @@ func (*mygo) GetAPIPath() string {
func (*mygo) IsAPI(path string) bool { func (*mygo) IsAPI(path string) bool {
apiPath := Go.GetAPIPath() apiPath := Go.GetAPIPath()
return strings.HasPrefix(path, apiPath) return strings.HasPrefix(filepath.FromSlash(path), apiPath)
} }
// GetGoFormats gets Go format tools. It may return ["gofmt", "goimports"]. // GetGoFormats gets Go format tools. It may return ["gofmt", "goimports"].