fix file permission bug

2015-07-23 16:31:37 +08:00 · 2015-07-23 16:31:37 +08:00 · 95cdebcc09
parent 5dff1fd490
commit 95cdebcc09
8 changed files with 48 additions and 42 deletions
--- a/editor/formatter.go
+++ b/editor/formatter.go
@ -54,7 +54,8 @@ func GoFmtHandler(w http.ResponseWriter, r *http.Request) {
 	filePath := args["file"].(string)
 	if util.Go.IsAPI(filePath) {
-		// ignore it
+		data["succ"] = false
 		return
 	}
--- a/file/files.go
+++ b/file/files.go
@ -101,7 +101,7 @@ func GetFilesHandler(w http.ResponseWriter, r *http.Request) {
 		workspaceNode := Node{
 			Id:        filepath.ToSlash(workspacePath), // jQuery API can't accept "\", so we convert it to "/"
 			Name:      workspace[strings.LastIndex(workspace, conf.PathSeparator)+1:],
-			Path:      workspacePath,
+			Path:      filepath.ToSlash(workspacePath),
 			IconSkin:  "ico-ztree-dir-workspace ",
 			Type:      "d",
 			Creatable: true,
@ -134,7 +134,7 @@ func RefreshDirectoryHandler(w http.ResponseWriter, r *http.Request) {
 	r.ParseForm()
 	path := r.FormValue("path")
-	if !authWorkspace(username, path) {
+	if !util.Go.IsAPI(path) && !session.CanAccess(username, path) {
 		http.Error(w, "Forbidden", http.StatusForbidden)
 		return
@ -178,7 +178,7 @@ func GetFileHandler(w http.ResponseWriter, r *http.Request) {
 	path := args["path"].(string)
-	if !authWorkspace(username, path) {
+	if !util.Go.IsAPI(path) && !session.CanAccess(username, path) {
 		http.Error(w, "Forbidden", http.StatusForbidden)
 		return
@ -252,7 +252,7 @@ func SaveFileHandler(w http.ResponseWriter, r *http.Request) {
 	filePath := args["file"].(string)
 	sid := args["sid"].(string)
-	if !authWorkspace(username, filePath) {
+	if util.Go.IsAPI(filePath) || !session.CanAccess(username, filePath) {
 		http.Error(w, "Forbidden", http.StatusForbidden)
 		return
@ -307,7 +307,7 @@ func NewFileHandler(w http.ResponseWriter, r *http.Request) {
 	path := args["path"].(string)
-	if !authWorkspace(username, path) {
+	if util.Go.IsAPI(path) || !session.CanAccess(username, path) {
 		http.Error(w, "Forbidden", http.StatusForbidden)
 		return
@ -358,7 +358,8 @@ func RemoveFileHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	path := args["path"].(string)
-	if !authWorkspace(username, path) {
+
 	if util.Go.IsAPI(path) || !session.CanAccess(username, path) {
 		http.Error(w, "Forbidden", http.StatusForbidden)
 		return
@ -403,14 +404,15 @@ func RenameFileHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	oldPath := args["oldPath"].(string)
-	if !authWorkspace(username, oldPath) {
+	if util.Go.IsAPI(oldPath) ||
 		!session.CanAccess(username, oldPath) {
 		http.Error(w, "Forbidden", http.StatusForbidden)
 		return
 	}
 	newPath := args["newPath"].(string)
-	if !authWorkspace(username, newPath) {
+	if util.Go.IsAPI(newPath) || !session.CanAccess(username, newPath) {
 		http.Error(w, "Forbidden", http.StatusForbidden)
 		return
@ -466,7 +468,7 @@ func FindHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	path := args["path"].(string) // path of selected file in file tree
-	if !authWorkspace(username, path) {
+	if !util.Go.IsAPI(path) && !session.CanAccess(username, path) {
 		http.Error(w, "Forbidden", http.StatusForbidden)
 		return
@ -561,7 +563,7 @@ func walk(path string, node *Node, creatable, removable, isGOAPI bool) {
 		child := Node{
 			Id:        filepath.ToSlash(fpath), // jQuery API can't accept "\", so we convert it to "/"
 			Name:      filename,
-			Path:      fpath,
+			Path:      filepath.ToSlash(fpath),
 			Removable: removable,
 			IsGoAPI:   isGOAPI,
 			Children:  []*Node{}}
@ -844,22 +846,3 @@ func searchInFile(path string, text string) []*Snippet {
 	return ret
 }
 func authWorkspace(username, path string) bool {
 	path = filepath.FromSlash(path)
 	if strings.HasPrefix(path, util.Go.GetAPIPath()) {
 		return true
 	}
 	userWorkspace := conf.GetUserWorkspace(username)
 	workspaces := filepath.SplitList(userWorkspace)
 	for _, workspace := range workspaces {
 		if strings.HasPrefix(path, workspace) {
 			return true
 		}
 	}
 	return false
 }
--- a/output/build.go
+++ b/output/build.go
@ -59,6 +59,13 @@ func BuildHandler(w http.ResponseWriter, r *http.Request) {
 	sid := args["sid"].(string)
 	filePath := args["file"].(string)
 	if util.Go.IsAPI(filePath) || !session.CanAccess(username, filePath) {
 		http.Error(w, "Forbidden", http.StatusForbidden)
 		return
 	}
 	curDir := filepath.Dir(filePath)
 	fout, err := os.Create(filePath)
--- a/session/users.go
+++ b/session/users.go
@ -305,6 +305,22 @@ func FixedTimeSave() {
 	}()
 }
 // CanAccess determines whether the user specified by the given username can access the specified path.
 func CanAccess(username, path string) bool {
 	path = filepath.FromSlash(path)
 	userWorkspace := conf.GetUserWorkspace(username)
 	workspaces := filepath.SplitList(userWorkspace)
 	for _, workspace := range workspaces {
 		if strings.HasPrefix(path, workspace) {
 			return true
 		}
 	}
 	return false
 }
 func getOnlineUsers() []*conf.User {
 	ret := []*conf.User{}
--- a/static/js/editors.js
+++ b/static/js/editors.js
@ -335,6 +335,7 @@ var editors = {
    },
    _initCodeMirrorHotKeys: function () {
        CodeMirror.registerHelper("hint", "go", function (editor) {
            editor = wide.curEditor; // 使用当前编辑器覆盖实参，因为异步调用的原因，实参不一定正确
            var word = /[\w$]+/;
            var cur = editor.getCursor(), curLine = editor.getLine(cur.line);
@ -415,7 +416,7 @@ var editors = {
                    }
                    editor.doc.markClean();
-                    $(".edit-panel .tabs > div.current > span").removeClass("changed");
+                    $(".edit-panel .tabs .current > span:eq(0)").removeClass("changed");
                }
            });
@ -756,7 +757,7 @@ var editors = {
    // 新建一个编辑器 Tab，如果已经存在 Tab 则切换到该 Tab.
    newEditor: function (data, cursor) {
        var id = wide.curNode.id;
-
+        
        editors.tabs.add({
            id: id,
            title: '<span title="' + wide.curNode.path + '"><span class="'
@ -786,6 +787,7 @@ var editors = {
            foldGutter: true,
            cursorHeight: 1,
            path: data.path,
            readOnly: wide.curNode.isGOAPI,
            profile: 'xhtml', // define Emmet output profile
            extraKeys: {
                "Ctrl-\\": "autocompleteAnyWord",
--- a/static/js/tree.js
+++ b/static/js/tree.js
@ -398,7 +398,7 @@ var tree = {
                        var mode = CodeMirror.findModeByFileName(treeNode.path);
                        data.mode = mode.mime;
                    }
-                    
+
                    if (!data.mode) {
                        console.error("Can't find mode by file name [" + treeNode.path + "]");
                    }
@ -412,7 +412,7 @@ var tree = {
                    if (!tempCursor) {
                        tempCursor = CodeMirror.Pos(0, 0);
                    }
-                    
+
                    editors.newEditor(data, tempCursor);
                    wide.refreshOutline();
@ -499,10 +499,7 @@ var tree = {
                        request = newWideRequest();
                request.oldPath = wide.curNode.path;
-
+                request.newPath = wide.curNode.path.substring(0, wide.curNode.path.lastIndexOf("/")) + name;
                request.newPath = wide.curNode.path.substring(0,
                        wide.curNode.path.lastIndexOf(config.pathSeparator))
                        + config.pathSeparator + name;
                $.ajax({
                    type: 'POST',
--- a/static/js/wide.js
+++ b/static/js/wide.js
@ -164,7 +164,7 @@ var wide = {
                var request = newWideRequest(),
                        name = $("#dialogNewFilePrompt > input").val();
-                request.path = wide.curNode.path + config.pathSeparator + name;
+                request.path = wide.curNode.path + "/" + name;
                request.fileType = "f";
                $.ajax({
@ -214,7 +214,7 @@ var wide = {
                var name = $("#dialogNewDirPrompt > input").val(),
                        request = newWideRequest();
-                request.path = wide.curNode.path + config.pathSeparator + name;
+                request.path = wide.curNode.path + "/" + name;
                request.fileType = "d";
                $.ajax({
@ -300,7 +300,7 @@ var wide = {
                            var goFileHTML = '';
                            for (var i = 0, max = data.founds.length; i < max; i++) {
                                var path = data.founds[i].path,
-                                        name = path.substr(path.lastIndexOf(config.pathSeparator) + 1),
+                                        name = path.substr(path.lastIndexOf("/") + 1),
                                        icoSkin = wide.getClassBySuffix(name.split(".")[1]);
                                if (i === 0) {
                                    goFileHTML += '<li data-index="' + i + '" class="selected" title="'
--- a/util/go.go
+++ b/util/go.go
@ -50,7 +50,7 @@ func (*mygo) GetAPIPath() string {
 func (*mygo) IsAPI(path string) bool {
 	apiPath := Go.GetAPIPath()
-	return strings.HasPrefix(path, apiPath)
+	return strings.HasPrefix(filepath.FromSlash(path), apiPath)
 }
 // GetGoFormats gets Go format tools. It may return ["gofmt", "goimports"].