static char * check_virtual_repo_permission (SeafRepoManager *mgr, const char *repo_id, const char *origin_repo_id, const char *user, GError **error) { char *owner = NULL; char *permission = NULL; /* If I'm the owner of origin repo, I have full access to sub-repos. */ owner = seaf_repo_manager_get_repo_owner (mgr, origin_repo_id); if (g_strcmp0 (user, owner) == 0) { permission = g_strdup("rw"); return permission; } g_free (owner); /* If I'm not the owner of origin repo, this sub-repo can be created * from a shared repo by me or directly shared by others to me. * The priority of shared sub-folder is higher than top-level repo. */ permission = check_repo_share_permission (mgr, repo_id, user); if (permission) return permission; permission = check_repo_share_permission (mgr, origin_repo_id, user); return permission; }
static char * check_virtual_repo_permission (SeafRepoManager *mgr, const char *repo_id, const char *origin_repo_id, const char *user, GError **error) { char *owner = NULL, *orig_owner = NULL; char *permission = NULL; owner = seaf_repo_manager_get_repo_owner (mgr, repo_id); if (!owner) { seaf_warning ("Failed to get owner for virtual repo %.10s.\n", repo_id); goto out; } /* If this virtual repo is not created by @user, it is shared by others. */ if (strcmp (user, owner) != 0) { permission = check_repo_share_permission (mgr, repo_id, user); goto out; } /* otherwise check @user's permission to the origin repo. */ permission = seaf_repo_manager_check_permission (mgr, origin_repo_id, user, error); out: g_free (owner); g_free (orig_owner); return permission; }
/* * Comprehensive repo access permission checker. * * Returns read/write permission. */ char * seaf_repo_manager_check_permission (SeafRepoManager *mgr, const char *repo_id, const char *user, GError **error) { SeafVirtRepo *vinfo; char *owner = NULL; char *permission = NULL; /* This is a virtual repo.*/ vinfo = seaf_repo_manager_get_virtual_repo_info (mgr, repo_id); if (vinfo) { permission = check_virtual_repo_permission (mgr, repo_id, vinfo->origin_repo_id, user, error); goto out; } owner = seaf_repo_manager_get_repo_owner (mgr, repo_id); if (owner != NULL) { if (strcmp (owner, user) == 0) permission = g_strdup("rw"); else permission = check_repo_share_permission (mgr, repo_id, user); } out: seaf_virtual_repo_info_free (vinfo); g_free (owner); return permission; }
static void * check_tx (void *vprocessor) { CcnetProcessor *processor = vprocessor; USE_PRIV; char *owner = NULL; int org_id; SearpcClient *rpc_client = NULL; char *repo_id = priv->repo_id; rpc_client = create_sync_ccnetrpc_client (seaf->session->config_dir, "ccnet-threaded-rpcserver"); if (!rpc_client) { priv->rsp_code = g_strdup(SC_SERVER_ERROR); priv->rsp_msg = g_strdup(SS_SERVER_ERROR); goto out; } if (!seaf_repo_manager_repo_exists (seaf->repo_mgr, repo_id)) { priv->rsp_code = g_strdup(SC_BAD_REPO); priv->rsp_msg = g_strdup(SS_BAD_REPO); goto out; } if (priv->type == CHECK_TX_TYPE_UPLOAD && check_repo_owner_quota (processor, rpc_client, repo_id) < 0) goto out; owner = seaf_repo_manager_get_repo_owner (seaf->repo_mgr, repo_id); if (owner != NULL) { /* If the user is not owner, check share permission */ if (strcmp (owner, priv->email) != 0) { if(!check_repo_share_permission (rpc_client, repo_id, priv->email)) { priv->rsp_code = g_strdup(SC_ACCESS_DENIED); priv->rsp_msg = g_strdup(SS_ACCESS_DENIED); goto out; } } } else { /* This should be a repo created in an org. */ org_id = seaf_repo_manager_get_repo_org (seaf->repo_mgr, repo_id); if (org_id < 0 || !ccnet_org_user_exists (rpc_client, org_id, priv->email)) { priv->rsp_code = g_strdup(SC_ACCESS_DENIED); priv->rsp_msg = g_strdup(SS_ACCESS_DENIED); goto out; } } get_branch_head (processor); out: g_free (owner); if (rpc_client) free_sync_rpc_client (rpc_client); return vprocessor; }