static char *
check_virtual_repo_permission (SeafRepoManager *mgr,
const char *repo_id,
const char *origin_repo_id,
const char *user,
GError **error)
{
char *owner = NULL;
char *permission = NULL;
/* If I'm the owner of origin repo, I have full access to sub-repos. */
owner = seaf_repo_manager_get_repo_owner (mgr, origin_repo_id);
if (g_strcmp0 (user, owner) == 0) {
permission = g_strdup("rw");
return permission;
}
g_free (owner);
/* If I'm not the owner of origin repo, this sub-repo can be created
* from a shared repo by me or directly shared by others to me.
* The priority of shared sub-folder is higher than top-level repo.
*/
permission = check_repo_share_permission (mgr, repo_id, user);
if (permission)
return permission;
permission = check_repo_share_permission (mgr, origin_repo_id, user);
return permission;
}
static char *
check_virtual_repo_permission (SeafRepoManager *mgr,
const char *repo_id,
const char *origin_repo_id,
const char *user,
GError **error)
{
char *owner = NULL, *orig_owner = NULL;
char *permission = NULL;
owner = seaf_repo_manager_get_repo_owner (mgr, repo_id);
if (!owner) {
seaf_warning ("Failed to get owner for virtual repo %.10s.\n", repo_id);
goto out;
}
/* If this virtual repo is not created by @user, it is shared by others. */
if (strcmp (user, owner) != 0) {
permission = check_repo_share_permission (mgr, repo_id, user);
goto out;
}
/* otherwise check @user's permission to the origin repo. */
permission = seaf_repo_manager_check_permission (mgr, origin_repo_id,
user, error);
out:
g_free (owner);
g_free (orig_owner);
return permission;
}
/*
* Comprehensive repo access permission checker.
*
* Returns read/write permission.
*/
char *
seaf_repo_manager_check_permission (SeafRepoManager *mgr,
const char *repo_id,
const char *user,
GError **error)
{
SeafVirtRepo *vinfo;
char *owner = NULL;
char *permission = NULL;
/* This is a virtual repo.*/
vinfo = seaf_repo_manager_get_virtual_repo_info (mgr, repo_id);
if (vinfo) {
permission = check_virtual_repo_permission (mgr, repo_id,
vinfo->origin_repo_id,
user, error);
goto out;
}
owner = seaf_repo_manager_get_repo_owner (mgr, repo_id);
if (owner != NULL) {
if (strcmp (owner, user) == 0)
permission = g_strdup("rw");
else
permission = check_repo_share_permission (mgr, repo_id, user);
}
out:
seaf_virtual_repo_info_free (vinfo);
g_free (owner);
return permission;
}
static void *
check_tx (void *vprocessor)
{
CcnetProcessor *processor = vprocessor;
USE_PRIV;
char *owner = NULL;
int org_id;
SearpcClient *rpc_client = NULL;
char *repo_id = priv->repo_id;
rpc_client = create_sync_ccnetrpc_client
(seaf->session->config_dir, "ccnet-threaded-rpcserver");
if (!rpc_client) {
priv->rsp_code = g_strdup(SC_SERVER_ERROR);
priv->rsp_msg = g_strdup(SS_SERVER_ERROR);
goto out;
}
if (!seaf_repo_manager_repo_exists (seaf->repo_mgr, repo_id)) {
priv->rsp_code = g_strdup(SC_BAD_REPO);
priv->rsp_msg = g_strdup(SS_BAD_REPO);
goto out;
}
if (priv->type == CHECK_TX_TYPE_UPLOAD &&
check_repo_owner_quota (processor, rpc_client, repo_id) < 0)
goto out;
owner = seaf_repo_manager_get_repo_owner (seaf->repo_mgr, repo_id);
if (owner != NULL) {
/* If the user is not owner, check share permission */
if (strcmp (owner, priv->email) != 0) {
if(!check_repo_share_permission (rpc_client, repo_id, priv->email)) {
priv->rsp_code = g_strdup(SC_ACCESS_DENIED);
priv->rsp_msg = g_strdup(SS_ACCESS_DENIED);
goto out;
}
}
} else {
/* This should be a repo created in an org. */
org_id = seaf_repo_manager_get_repo_org (seaf->repo_mgr, repo_id);
if (org_id < 0 ||
!ccnet_org_user_exists (rpc_client, org_id, priv->email)) {
priv->rsp_code = g_strdup(SC_ACCESS_DENIED);
priv->rsp_msg = g_strdup(SS_ACCESS_DENIED);
goto out;
}
}
get_branch_head (processor);
out:
g_free (owner);
if (rpc_client)
free_sync_rpc_client (rpc_client);
return vprocessor;
}
