Jørn Wildt
Dealing with Zikula and other interesting stuff
more permissions for xinha (folder access)
-
- rank:
- 12
- registered:
- March 2009
- Status:
- offline
- last visit:
- Posts:
- 0
I wrote a little hack to the extended file manager that should be easy to integrate.
It allows you to distinguish between admin users and "normal" users.
Each normal user will receive his own folder(named with his postnuke userid), where he can upload his pictures. He will not have access to pictures of other users.
Admin users however, can access all folders and depending on the configurations in config.inc.php they can have more extra permissions like editing pics creating folders or get more upload disk space than "normal " users.
OK how do you do it ?
first create a file permissions.php and store it in /pagesetter/guppy/xinha/plugins/ExtendedFileManager/
this file shall look as follows:
Code
<?
//////////////////////////////////////
// file : permissions.php
// enables permissionsettings for use with xinhaplugin extendedfilemanager inside pagesetter
// change in
// by apollo13 11-2005
//////////////////////////////////////////////////////////
$managerpath="modules/pagesetter/guppy/xinha/plugins/ExtendedFileManager/";
$postnukepath=$_SERVER['SCRIPT_FILENAME'];
$postnukepath=substr($postnukepath,0,(strrpos ( $postnukepath, '/' ))).'/';
$postnukepath=str_replace($managerpath, '', $postnukepath);
$postnukepath=str_replace(strtolower($managerpath), '', $postnukepath);
//////////////////////////////////
/// GET USER ID
//
include $postnukepath.'config.php';
$sessionid=$HTTP_COOKIE_VARS['POSTNUKESID'];
if ($pnconfig['encoded']==1)
{
$pnconfig['dbuname']=base64_decode($pnconfig['dbuname']);
$pnconfig['dbpass']=base64_decode($pnconfig['dbpass']);
}
//validate sessionid
if (!preg_match('/^[A-Za-z0-9]*$/', $sessionid))
{
$sessionid = '';
}
$linkdb = mysql_connect($pnconfig['dbhost'], $pnconfig['dbuname'], $pnconfig['dbpass']);
if (!$linkdb) {
die('cannot connect to database: ' . mysql_error());
}
mysql_select_db($pnconfig['dbname']) or die("cannot select database");
$query = 'SELECT pn_uid FROM '.$pnconfig['prefix'].'_session_info WHERE pn_sessid="'.$sessionid.'"';
$result = mysql_query($query) or die("invalid database query: " . mysql_error());
while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
{
foreach ($line as $uid){}
}
mysql_close($linkdb);
if (!$uid)
{
die("no user id found!");
}
//////////////////////////////
// define new dir
/////////////////////////////
if (!in_array($uid,$adminusers))// check if user has admin rights
{
$IMConfig['base_dir'].=$uid.'/';
$IMConfig['base_url'].=$uid.'/';
}
// create folder if it does not exist yet
if (!file_exists($IMConfig['base_dir']))
{
mkdir ($IMConfig['base_dir']);
}
?>
then open your config.inc.php of the extended file manager plugin:
at the beginning you should have a line where you define youre basedir
$IMConfig['base_dir'] = $_SERVER['DOCUMENT_ROOT']......
after that you should define your baseurl:
$IMConfig['base_url'] = "http://".....
This should already be there. No changes so far. But after that line you should insert the following lines:
Code
//
// Define adminusers
//
// add list with postnuke userids of all users with right to access all folders here
//(uncomment to enable permissions)
// examle: $adminusers=array(2,4,5); //will give users with uid 2,4 and 5 access to all folders
$adminusers=array(2);
//
// Load permission file
// (uncomment to enable permissions)
//
include 'permissions.php';
//
=================================
We are finnished here but if you want you can go on and
change all settings in config.inc.php to distinguish between admins and "normal" users.
for example you can change
Code
$IMConfig['max_foldersize_mb'] = 5;
to:
Code
if (in_array($uid,$adminusers))// check if user has admin rights
{
$IMConfig['max_foldersize_mb'] = 500; // for admins
}
else
{
$IMConfig['max_foldersize_mb'] = 5; // for users
}
Enjoy :cool:
[Edited on 1/9/2005 by apollo13]
[Edited on 1/9/2005 by apollo13]
edited by: apollo13, Nov 08, 2005 - 03:45 PM
-
- rank:
- 12
- registered:
- March 2009
- Status:
- offline
- last visit:
- Posts:
- 0
If you had problems with that hack try it again. I realized some bugs in permissions.php and corrected them.
changes were made in line 9 extendetfilemanager was changed to ExtendedFileManager
line 14 and lines 24-28 are new!
-
- rank:
- 12
- registered:
- March 2009
- Status:
- offline
- last visit:
- Posts:
- 0
Hello everyone !
This is 3 years later but still a very important feature for Xinha ! The Extended File Manager is a great plugin that integrate smoothly with the editor but that lacks permission control...
I don't think this is implemented yet in Scribite 2.1... is it ?
Nevertheless, thanks to apollo 13, i just adapted his solution to zikula... i don't think it is the best solution but it works... if anyone is interested, here is my permission.php file updated :
Code
<?php
//////////////////////////////////////
// file : permissions.php
// enables permissionsettings for use with xinhaplugin extendedfilemanager inside pagesetter
// change in
// by apollo13 11-2005
// modified by guitch 27/7/08
//////////////////////////////////////////////////////////
$managerpath="javascript/scribite_editors/xinha/plugins/ExtendedFileManager/";
$postnukepath=$_SERVER['SCRIPT_FILENAME'];
$postnukepath=substr($postnukepath,0,(strrpos ( $postnukepath, '/' ))).'/';
$postnukepath=str_replace($managerpath, '', $postnukepath);
$postnukepath=str_replace(strtolower($managerpath), '', $postnukepath);
//////////////////////////////////
/// GET USER ID
//
include $postnukepath.'/config/config.php';
$sessionid=$HTTP_COOKIE_VARS['PNSID2'];
if ($PNConfig['DBInfo']['default']['encoded']==1)
{
$PNConfig['DBInfo']['default']['dbuname']=base64_decode($PNConfig['DBInfo']['default']['dbuname']);
$PNConfig['DBInfo']['default']['dbpass']=base64_decode($PNConfig['DBInfo']['default']['dbpass']);
}
//validate sessionid
if (!preg_match('/^[A-Za-z0-9]*$/', $sessionid))
{
$sessionid = '';
}
//$linkdb = mysql_connect($pnconfig['dbhost'], $pnconfig['dbuname'], $pnconfig['dbpass']);
$linkdb = mysql_connect($PNConfig['DBInfo']['default']['dbhost'], $PNConfig['DBInfo']['default']['dbuname'], $PNConfig['DBInfo']['default']['dbpass']);
if (!$linkdb) {
die('cannot connect to database: ' . mysql_error() );
}
mysql_select_db($PNConfig['DBInfo']['default']['dbname']) or die("cannot select database");
$query = 'SELECT pn_uid FROM '.$PNConfig['System']['prefix'].'_session_info WHERE pn_sessid="'.$sessionid.'"';
$result = mysql_query($query) or die("invalid database query: " . mysql_error());
while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
{
foreach ($line as $uid){}
}
mysql_close($linkdb);
if (!$uid)
{
die("no user id found!");
}
//////////////////////////////
// define new dir
/////////////////////////////
if (!in_array($uid,$adminusers))// check if user has admin rights
{
$IMConfig['images_dir'].="/$uid";
$IMConfig['images_url'].="/$uid";
}
// create folder if it does not exist yet
if (!file_exists($IMConfig['images_dir']))
{
mkdir ($IMConfig['images_dir']);
}
?>
If anyone knows a better solution, could you please share it ?
Thanks in advance !
Guitch