diff --git a/docs/admins/filemanager/Default_Grants.md b/docs/admins/filemanager/Default_Grants.md new file mode 100644 index 00000000000..a4f89f842ca --- /dev/null +++ b/docs/admins/filemanager/Default_Grants.md @@ -0,0 +1,41 @@ +Tinebase Filesystem Default Grants += + +This is the example config of setting default grants for filesystem nodes. + +Template + +~~~php +'Filemanager/folders/personal/([^/]+)/[^/]+' => [ + [ + 'account_id' => ‘$1’, + 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER, + 'addGrant' => true, + ] +] +'Filemanager/folders/shared/[^/]' => [ + [ + 'account_id' => [ + ['field' => 'id', 'operator' => 'equals', 'value' => Tinebase_Group::DEFAULT_USER_GROUP] + ], + 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, + 'addGrant' => true, + ], + [ + 'account_id' => [ + ['field' => 'id', 'operator' => 'equals', 'value' => Tinebase_Group::DEFAULT_ADMIN_GROUP] + ], + 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, + 'addGrant' => true, + ], +] +'Filemanager/folders/shared/Aktenplan/([^/]+)/[^/]' => [ + [ + 'account_id' => [ + ['field' => 'name ', 'operator' => 'equals', 'value' => ‘$1’] + ], + 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, + 'addGrant' => true, + ], +] +~~~ diff --git a/tests/tine20/Filemanager/Frontend/JsonTests.php b/tests/tine20/Filemanager/Frontend/JsonTests.php index 59e9ab1b756..6eebe5ee398 100644 --- a/tests/tine20/Filemanager/Frontend/JsonTests.php +++ b/tests/tine20/Filemanager/Frontend/JsonTests.php @@ -1153,6 +1153,53 @@ public function testCreateDirectoryNodesInPersonal() return $dirpaths; } + + /** + * testCreateDirectoryNodesInPersonal + * + * @return array dir paths + */ + public function testCreateDirectoryNodesWithDefaultGrants() + { + $cfg = [ + 'Filemanager/folders/shared/[^/]+' => [ + [ + 'account_id' => [ + ['field' => 'id', 'operator' => 'equals', 'value' => Tinebase_Group::DEFAULT_USER_GROUP] + ], + 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, + 'addGrant' => true, + 'editGrant' => true, + ], + ], + ]; + $oldCfg = Tinebase_Config::getInstance()->{Tinebase_Config::FILESYSTEM} + ->{Tinebase_Config::FILESYSTEM_DEFAULT_GRANTS}; + $cfgRaii = new Tinebase_RAII(fn() => Tinebase_Config::getInstance()->{Tinebase_Config::FILESYSTEM} + ->{Tinebase_Config::FILESYSTEM_DEFAULT_GRANTS} = $oldCfg); + Tinebase_Config::getInstance()->{Tinebase_Config::FILESYSTEM} + ->{Tinebase_Config::FILESYSTEM_DEFAULT_GRANTS} = $cfg; + + $personas = Zend_Registry::get('personas'); + Tinebase_Core::set(Tinebase_Core::USER, $personas['sclever']); + + $sharedContainerNode = $this->testCreateContainerNodeInSharedFolder(); + $this->assertSame(1, count($sharedContainerNode['grants']), 'it should have default user group grant'); + $this->assertSame(Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP, $sharedContainerNode['grants'][0]['account_type']); + $this->assertSame(Tinebase_Group::getInstance()->getDefaultGroup()->getId(), $sharedContainerNode['grants'][0]['account_id']); + + $this->_objects['paths'][] = Filemanager_Controller_Node::getInstance()->addBasePath($sharedContainerNode['path']); + + $result = $this->_getUit()->createNodes([$sharedContainerNode['path'] . 'dir1'], Tinebase_Model_Tree_FileObject::TYPE_FOLDER, array(), false); + + $this->assertTrue($result[0]['account_grants']['addGrant']); + $this->assertTrue($result[0]['account_grants']['editGrant']); + $this->assertFalse($result[0]['account_grants']['readGrant']); + $this->assertFalse($result[0]['account_grants']['deleteGrant']); + $this->assertFalse($result[0]['account_grants']['adminGrant']); + + unset($cfgRaii); + } /** * testCreateDirectoryNodeInPersonalWithSameNameAsOtherUsersDir @@ -1162,7 +1209,7 @@ public function testCreateDirectoryNodesInPersonal() public function testCreateDirectoryNodeInPersonalWithSameNameAsOtherUsersDir() { $this->testCreateContainerNodeInPersonalFolder(); - + $personas = Zend_Registry::get('personas'); Tinebase_Core::set(Tinebase_Core::USER, $personas['sclever']); $personalContainerNodeOfsclever = $this->testCreateContainerNodeInPersonalFolder(); diff --git a/tine20/Tinebase/Config.php b/tine20/Tinebase/Config.php index f86601296ac..add534c03dc 100644 --- a/tine20/Tinebase/Config.php +++ b/tine20/Tinebase/Config.php @@ -2963,12 +2963,72 @@ class Tinebase_Config extends Tinebase_Config_Abstract self::FILESYSTEM_DEFAULT_GRANTS => [ self::LABEL => 'Filesystem default grants', // _('Filesystem default grants') self::DESCRIPTION => 'Filesystem default grants', // _('Filesystem default grants') - self::TYPE => self::TYPE_OBJECT, - self::CLASSNAME => Tinebase_FileSystem_DefaultGrantsCfg::class, + self::TYPE => self::TYPE_ARRAY, self::CLIENTREGISTRYINCLUDE => false, self::SETBYADMINMODULE => false, self::SETBYSETUPMODULE => false, - self::DEFAULT_STR => [], + self::DEFAULT_STR => [ + '[^/]+/folders/shared/[^/]+' => [ + [ + 'account_id' => [ + ['field' => 'id', 'operator' => 'equals', 'value' => Tinebase_Model_User::CURRENTACCOUNT], + ], + 'account_type' => 'user', + Tinebase_Model_Grants::GRANT_READ => true, + Tinebase_Model_Grants::GRANT_ADD => true, + Tinebase_Model_Grants::GRANT_EDIT => true, + Tinebase_Model_Grants::GRANT_DELETE => true, + Calendar_Model_EventPersonalGrants::GRANT_PRIVATE => true, + Tinebase_Model_Grants::GRANT_EXPORT => true, + Tinebase_Model_Grants::GRANT_SYNC => true, + Tinebase_Model_Grants::GRANT_ADMIN => true, + Calendar_Model_EventPersonalGrants::GRANT_FREEBUSY => true, + Tinebase_Model_Grants::GRANT_DOWNLOAD => true, + Tinebase_Model_Grants::GRANT_PUBLISH => true, + ], [ + 'account_id' => [ + ['field' => 'id', 'operator' => 'equals', 'value' => Tinebase_Group::DEFAULT_ADMIN_GROUP], + ], + 'account_type' => 'group', + Tinebase_Model_Grants::GRANT_READ => true, + Tinebase_Model_Grants::GRANT_ADD => true, + Tinebase_Model_Grants::GRANT_EDIT => true, + Tinebase_Model_Grants::GRANT_DELETE => true, + Calendar_Model_EventPersonalGrants::GRANT_PRIVATE => true, + Tinebase_Model_Grants::GRANT_EXPORT => true, + Tinebase_Model_Grants::GRANT_SYNC => true, + Tinebase_Model_Grants::GRANT_ADMIN => true, + Calendar_Model_EventPersonalGrants::GRANT_FREEBUSY => true, + Tinebase_Model_Grants::GRANT_DOWNLOAD => true, + Tinebase_Model_Grants::GRANT_PUBLISH => true, + ], + /*, [ + 'account_id' => [ + ['field' => 'id', 'operator' => 'equals', 'value' => Tinebase_Group::DEFAULT_USER_GROUP], + ], + 'account_type' => 'group', + Tinebase_Model_Grants::GRANT_READ => true, + Tinebase_Model_Grants::GRANT_SYNC => true, + ]*/ + ], + '[^/]+/folders/personal/([^/]+)/[^/]+' => [ + [ + 'account_id' => '$1', + 'account_type' => 'user', + Tinebase_Model_Grants::GRANT_READ => true, + Tinebase_Model_Grants::GRANT_ADD => true, + Tinebase_Model_Grants::GRANT_EDIT => true, + Tinebase_Model_Grants::GRANT_DELETE => true, + Calendar_Model_EventPersonalGrants::GRANT_PRIVATE => true, + Tinebase_Model_Grants::GRANT_EXPORT => true, + Tinebase_Model_Grants::GRANT_SYNC => true, + Tinebase_Model_Grants::GRANT_ADMIN => true, + Calendar_Model_EventPersonalGrants::GRANT_FREEBUSY => true, + Tinebase_Model_Grants::GRANT_DOWNLOAD => true, + Tinebase_Model_Grants::GRANT_PUBLISH => true, + ] + ] + ], ], self::FILESYSTEM_NUMKEEPREVISIONS => array( //_('Filesystem number of revisions') diff --git a/tine20/Tinebase/FileSystem/DefaultGrantsCfg.php b/tine20/Tinebase/FileSystem/DefaultGrantsCfg.php deleted file mode 100644 index 8ed19304fc2..00000000000 --- a/tine20/Tinebase/FileSystem/DefaultGrantsCfg.php +++ /dev/null @@ -1,48 +0,0 @@ - [ - ['field' => 'id', 'operator' => 'equals', 'value' => Tinebase_Model_User::CURRENTACCOUNT], - ], - 'account_type' => 'user', - ], array_fill_keys(Tinebase_Model_Grants::getAllGrants(), true))/*, [ - 'account_id' => [ - ['field' => 'id', 'operator' => 'equals', 'value' => Tinebase_Group::DEFAULT_USER_GROUP], - ], - 'account_type' => 'group', - Tinebase_Model_Grants::GRANT_READ => true, - Tinebase_Model_Grants::GRANT_SYNC => true, - ]*/, array_merge([ - 'account_id' => [ - ['field' => 'id', 'operator' => 'equals', 'value' => Tinebase_Group::DEFAULT_ADMIN_GROUP], - ], - 'account_type' => 'group', - ], array_fill_keys(Tinebase_Model_Grants::getAllGrants(), true)), - ]; - } - - if (!isset($data['[^/]+/folders/personal/([^/]+)/[^/]+'])) { - $data['[^/]+/folders/personal/([^/]+)/[^/]+'] = [ - array_merge([ - 'account_id' => '$1', - 'account_type' => 'user', - ], array_fill_keys(Tinebase_Model_Grants::getAllGrants(), true)), - ]; - } - - $this->data = $data; - } - - public function toArray(): array - { - return $this->data; - } -} diff --git a/tine20/Tinebase/Model/Tree/Node/Path.php b/tine20/Tinebase/Model/Tree/Node/Path.php index ec442814678..c2c4c4bf5a7 100644 --- a/tine20/Tinebase/Model/Tree/Node/Path.php +++ b/tine20/Tinebase/Model/Tree/Node/Path.php @@ -442,7 +442,7 @@ public function isDefaultACLsPath(): bool return false !== $this->defaultAcls; } - $cfg = Tinebase_Config::getInstance()->{Tinebase_Config::FILESYSTEM}->{Tinebase_Config::FILESYSTEM_DEFAULT_GRANTS}->toArray(); + $cfg = Tinebase_Config::getInstance()->{Tinebase_Config::FILESYSTEM}->{Tinebase_Config::FILESYSTEM_DEFAULT_GRANTS}; foreach ($cfg as $glob => $grants) { list($app, $appendix) = explode('/', $glob, 2);