simogeo
diff --git a/Diff for: ‎ReadMe.md
+6 b/Diff for: ‎ReadMe.md
+6
diff --git a/Diff for: ‎connectors/php/filemanager.class.php
+71-29 b/Diff for: ‎connectors/php/filemanager.class.php
+71-29
diff --git a/Diff for: ‎images/fileicons/locked__Open.png
6.46 KB b/Diff for: ‎images/fileicons/locked__Open.png
6.46 KB
diff --git a/Diff for: ‎images/fileicons/locked_default.png
5.67 KB b/Diff for: ‎images/fileicons/locked_default.png
5.67 KB
diff --git a/Diff for: ‎images/fileicons/zip.png
1.41 KB b/Diff for: ‎images/fileicons/zip.png
1.41 KB
diff --git a/Diff for: ‎scripts/filemanager.js
+15-16 b/Diff for: ‎scripts/filemanager.js
+15-16
@@ -23,6 +23,8 @@ Main features
 * Several computer language connectors available. **PHP is up-to-date**
 * Ability to upload, delete, modify, download and move files
 * Ability to create folders
+* Support user permissions - based on session
+* Handle system permissions
 * Multiple uploads support - based on [dropzonejs](http://www.dropzonejs.com)
 * Online text / code edition - based on [codeMirror](http://codemirror.net/)
 * [Opening a given folder](https://github.com/simogeo/Filemanager/wiki/How-to-open-a-given-folder-different-from-root-folder-when-opening-the-filemanager%3F)
@@ -186,6 +188,7 @@ Example Response:
 		"Filename": "logo.png",
 		"File Type": "png",
 		"Preview": "/UserFiles/Image/logo.png",
+		"Protected": 0,
 		"Properties": {
 			"Date Created": null, 
 			"Date Modified": "02/09/2007 14:01:06",
@@ -211,6 +214,8 @@ The keys are as follows:
 		Directories: images/fileicons/_Open.png		
 		Files: images/fileicons/[extension].png		
 		Unknown: images/fileicons/default.png
+		
+	Protected: Indicates if the file has some reading / writing restrictions. If not, set to 0. Else set to 1. 
 
 	Properties: A nested JSON object containing specific properties of the file.
 
@@ -244,6 +249,7 @@ Example Response:
 			"Filename": "logo.png",
 			"File Type": "png",
 			"Preview": "/UserFiles/Image/logo.png",
+			"Protected": 0,
 			"Properties": {
 				"Date Created": null, 
 				"Date Modified": "02/09/2007 14:01:06",
 
@@ -195,11 +195,11 @@ public function getinfo() {
 			$path = $this->get['path'];
 		}
 
-
 		$array = array(
 				'Path'=> $path,
 				'Filename'=>$this->item['filename'],
 				'File Type'=>$this->item['filetype'],
+				'Protected'=>$this->item['protected'],
 				'Preview'=>$this->item['preview'],
 				'Properties'=>$this->item['properties'],
 				'Error'=>"",
@@ -222,6 +222,12 @@ public function getfolder() {
 		if(!is_dir($current_path)) {
 			$this->error(sprintf($this->lang('DIRECTORY_NOT_EXIST'),$this->get['path']));
 		}
+		
+		// check if file is readable
+		if(!$this->has_system_permission($current_path, array('r'))) {
+			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
+		}
+		
 		if(!$handle = @opendir($current_path)) {
 			$this->error(sprintf($this->lang('UNABLE_TO_OPEN_DIRECTORY'),$this->get['path']));
 		} else {
@@ -240,11 +246,22 @@ public function getfolder() {
 
 				if(is_dir($current_path . $file)) {
 					if(!in_array($file, $this->config['exclude']['unallowed_dirs']) && !preg_match( $this->config['exclude']['unallowed_dirs_REGEXP'], $file)) {
+						
+						// check if file is writable and readable
+						if(!$this->has_system_permission($current_path . $file, array('w', 'r'))) {
+							$protected = 1;
+							$previewPath = $this->config['icons']['path'] . 'locked_' . $this->config['icons']['directory'];
+						} else {
+							$protected =0;
+							$previewPath = $this->config['icons']['path'] . $this->config['icons']['directory'];
+						}
+						
 						$array[$this->get['path'] . $file .'/'] = array(
 								'Path'=> $this->get['path'] . $file .'/',
 								'Filename'=>$file,
 								'File Type'=>'dir',
-								'Preview'=> $this->config['icons']['path'] . $this->config['icons']['directory'],
+								'Protected'=>$protected,
+								'Preview'=> $previewPath,
 								'Properties'=>array(
 										'Date Created'=> date($this->config['options']['dateFormat'], filectime($this->getFullPath($this->get['path'] . $file .'/'))),
 										'Date Modified'=> date($this->config['options']['dateFormat'], filemtime($this->getFullPath($this->get['path'] . $file .'/'))),
@@ -261,13 +278,15 @@ public function getfolder() {
 					$this->item = array();
 					$this->item['properties'] = $this->properties;
 					$this->get_file_info($this->get['path'] . $file, true);
+					
 
 					if(!isset($this->params['type']) || (isset($this->params['type']) && strtolower($this->params['type'])=='images' && in_array(strtolower($this->item['filetype']),array_map('strtolower', $this->config['images']['imagesExt'])))) {
 						if($this->config['upload']['imagesOnly']== false || ($this->config['upload']['imagesOnly']== true && in_array(strtolower($this->item['filetype']),array_map('strtolower', $this->config['images']['imagesExt'])))) {
 							$array[$this->get['path'] . $file] = array(
 									'Path'=>$this->get['path'] . $file,
 									'Filename'=>$this->item['filename'],
 									'File Type'=>$this->item['filetype'],
+									'Protected'=>$this->item['protected'],
 									'Preview'=>$this->item['preview'],
 									'Properties'=>$this->item['properties'],
 									'Error'=>"",
@@ -289,9 +308,9 @@ public function editfile() {
 
 		$current_path = $this->getFullPath();
 
-		// check if writable
-		if(!is_writable($this->getFullPath($current_path))) {
-			$this->error(sprintf($this->lang('NOT_ALLOWED')));
+		// check if file is writable
+		if(!$this->has_system_permission($current_path, array('w'))) {
+			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
 		}
 
 		if(!$this->has_permission('edit') || !$this->is_valid_path($current_path) || !$this->is_editable($current_path)) {
@@ -325,7 +344,7 @@ public function savefile() {
 			$this->error("No way.");
 		}
 
-		if(!is_writable($current_path)) {
+		if(!$this->has_system_permission($current_path, array('w'))) {
 			$this->error(sprintf($this->lang('ERROR_WRITING_PERM')));
 		}
 
@@ -366,9 +385,9 @@ public function rename() {
 			$this->error("No way.");
 		}
 
-		// check if writable
-		if(!is_writable($this->getFullPath($old_file))) {
-			$this->error(sprintf($this->lang('NOT_ALLOWED')));
+		// check if file is writable
+		if(!$this->has_system_permission($old_file, array('w'))) {
+			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')),true);
 		}
 
 		// check if not requesting main FM userfiles folder
@@ -423,11 +442,12 @@ public function move() {
 		$rootDir = str_replace('//', '/', $rootDir);
 		$oldPath = $this->getFullPath($this->get['old']);
 
-		// check if writable
-		if(!is_writable($this->getFullPath($oldPath))) {
-			$this->error(sprintf($this->lang('NOT_ALLOWED')));
+		// check if file is writable
+		if(!$this->has_system_permission($oldPath, array('w'))) {
+			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')),true);
 		}
 
+		
 		// check if not requesting main FM userfiles folder
 		if($this->is_root_folder($oldPath)) {
 			$this->error(sprintf($this->lang('NOT_ALLOWED')),true);
@@ -499,15 +519,16 @@ public function delete() {
 		$current_path = $this->getFullPath();
 		$thumbnail_path = $this->get_thumbnail_path($current_path);
 
-		// check if writable
-		if(!is_writable($this->getFullPath($current_path))) {
-			$this->error(sprintf($this->lang('NOT_ALLOWED')));
-		}
 
 		if(!$this->has_permission('delete') || !$this->is_valid_path($current_path)) {
 			$this->error("No way.");
 		}
 
+		// check if file is writable
+		if(!$this->has_system_permission($current_path, array('w'))) {
+			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')));
+		}
+		
 		// check if not requesting main FM userfiles folder
 		if($this->is_root_folder($current_path)) {
 			$this->error(sprintf($this->lang('NOT_ALLOWED')));
@@ -603,9 +624,9 @@ public function replace() {
 
 		$current_path = $this->getFullPath($this->post['newfilepath']);
 
-		// check if writable
-		if(!is_writable($this->getFullPath($current_path))) {
-			$this->error(sprintf($this->lang('NOT_ALLOWED')), true);
+		// check if file is writable
+		if(!$this->has_system_permission($current_path, array('w'))) {
+			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')), true);
 		}
 
 		if(!$this->has_permission('replace') || !$this->is_valid_path($current_path)) {
@@ -818,15 +839,15 @@ public function download() {
 
 		$current_path = $this->getFullPath();
 
-		// check if writable
-		if(!is_writable($this->getFullPath($current_path))) {
-			$this->error(sprintf($this->lang('NOT_ALLOWED')));
-		}
-			
 		if(!$this->has_permission('download') || !$this->is_valid_path($current_path)) {
 			$this->error("No way.");
 		}
 
+		// check if file is writable
+		if(!$this->has_system_permission($current_path, array('w'))) {
+			$this->error(sprintf($this->lang('NOT_ALLOWED_SYSTEM')),true);
+		}
+		
 		// we check if extension is allowed regarding the security Policy settings
 		if(is_file($current_path)) {
 			if(!$this->is_allowed_file_type(basename($current_path))) {
@@ -936,6 +957,20 @@ private function setPermissions() {
 		if($this->config['edit']['enabled']) array_push($this->allowed_actions, 'edit');
 
 	}
+	
+	// check if system permission is granted
+	private function has_system_permission($filepath, $perms) {
+		
+		if(in_array('r', $perms)) {
+			if(!is_readable($filepath)) return false;
+		}
+		if(in_array('w', $perms)) {
+			if(!is_writable($filepath)) return false;
+		}
+		
+		return true;
+
+	}
 
 
 	private function get_file_info($path='', $thumbnail = false) {
@@ -954,12 +989,19 @@ private function get_file_info($path='', $thumbnail = false) {
 		$this->item['filetype'] = $tmp[(sizeof($tmp)-1)];
 		$this->item['filemtime'] = filemtime($this->getFullPath($current_path));
 		$this->item['filectime'] = filectime($this->getFullPath($current_path));
-
-		$this->item['preview'] = $this->config['icons']['path'] . $this->config['icons']['default'];
 
-		// prevent Internal Server Error HTTP_CODE 500 on non readable files/folders
-		// without returning errors
-		if(!is_readable($this->getFullPath($current_path))) return;
+		// check if file is writable and readable
+		if(!$this->has_system_permission($this->getFullPath($current_path), array('w', 'r'))) {
+			$this->item['protected'] = 1;
+			$this->item['preview'] = $this->config['icons']['path'] . 'locked_' . $this->config['icons']['default'];
+			// prevent Internal Server Error HTTP_CODE 500 on non readable files/folders
+			// without returning errors
+			return;
+			
+		}	else {
+			$this->item['protected'] = 0;
+			$this->item['preview'] = $this->config['icons']['path'] . $this->config['icons']['default'];
+		}
 
 		if(is_dir($current_path)) {
 
 
@@ -1252,7 +1252,7 @@ var getFileInfo = function(file) {
 				getAudioPlayer(data);
 			}
 
-			if(isEditableFile(data['Filename']) && config.edit.enabled == true) {
+			if(isEditableFile(data['Filename']) && config.edit.enabled == true && data['Protected']==0) {
 				editItem(data);
 			}
 
@@ -1264,13 +1264,16 @@ var getFileInfo = function(file) {
 			} else {
 				var url = window.location.protocol + '//' + window.location.host + data['Path'];
 			}
-			$('#fileinfo').find('div#tools').append(' <a id="copy-button" data-clipboard-text="'+ url + '" title="' + lg.copy_to_clipboard + '" href="#"><span>' + lg.copy_to_clipboard + '</span></a>');
-			// loading zeroClipboard code
-			loadJS('./scripts/zeroclipboard/copy.js?d' + d.getMilliseconds());
-			$('#copy-button').click(function () {
-				$('#fileinfo').find('div#tools').append('<span id="copied">' + lg.copied + '</span>');
-				$('#copied').delay(500).fadeOut(1000, function() { $(this).remove(); });
-			});
+			if(data['Protected']==0) {
+				$('#fileinfo').find('div#tools').append(' <a id="copy-button" data-clipboard-text="'+ url + '" title="' + lg.copy_to_clipboard + '" href="#"><span>' + lg.copy_to_clipboard + '</span></a>');
+				// loading zeroClipboard code
+				
+				loadJS('./scripts/zeroclipboard/copy.js?d' + d.getMilliseconds());
+				$('#copy-button').click(function () {
+					$('#fileinfo').find('div#tools').append('<span id="copied">' + lg.copied + '</span>');
+					$('#copied').delay(500).fadeOut(1000, function() { $(this).remove(); });
+				});
+			}
 
 			var properties = '';
 
@@ -1490,10 +1493,12 @@ var populateFileTree = function(path, callback) {
 					}
 				}
 				if (data[key]['File Type'] == 'dir') {
-					result += "<li class=\"directory collapsed\"><a href=\"#\" class=\"" + cap_classes + "\" data-path=\"" + data[key]['Path'] + "\">" + data[key]['Filename'] + "</a></li>";
+					var extraclass = data[key]['Protected'] == 0 ? '' : ' directory-locked';
+					result += "<li class=\"directory collapsed" + extraclass + "\"><a href=\"#\" class=\"" + cap_classes + "\" data-path=\"" + data[key]['Path'] + "\">" + data[key]['Filename'] + "</a></li>";
 				} else {
 					if(config.options.listFiles) {
-					result += "<li class=\"file ext_" + data[key]['File Type'].toLowerCase() + "\"><a href=\"#\" class=\"" + cap_classes + "\" data-path=\"" + data[key]['Path'] + "\">" + data[key]['Filename'] + "</a></li>";
+					var extraclass = data[key]['Protected'] == 0 ? '' : ' file-locked';
+					result += "<li class=\"file ext_" + data[key]['File Type'].toLowerCase() + extraclass + "\"><a href=\"#\" class=\"" + cap_classes + "\" data-path=\"" + data[key]['Path'] + "\">" + data[key]['Filename'] + "</a></li>";
 					}
 				}
 			}
@@ -1847,12 +1852,6 @@ $(function(){
 		});
 	}
 
-	// Creates file tree.
-	// setTimeout() necessary to fix bugs
-	// see https://github.com/malihu/malihu-custom-scrollbar-plugin/issues/237
-	// and https://github.com/simogeo/Filemanager/issues/302
-	// setTimeout(function(){ createFileTree(); }, 400);
-	// createFileTree();
 	// Loading CustomScrollbar if enabled
 	// Important, the script should be called after calling createFileTree() to prevent bug 
 	if(config.customScrollbar.enabled) {