Commit d0792ee3 authored by Eric's avatar Eric

[update] add download\upload\connect action pem validate

parent 04326cc4
......@@ -116,6 +116,11 @@ func (fs *sftpHandler) Filelist(r *sftp.Request) (sftp.ListerAt, error) {
return nil, sftp.ErrSshFxNoSuchFile
}
realPath = sysUserDir.ParsePath(r.Filepath)
if !fs.validatePermission(hostDir.asset.ID, sysUserDir.systemUser.ID, model.ConnectAction) {
return nil, sftp.ErrSshFxPermissionDenied
}
if sysUserDir.client == nil {
client, conn, err := fs.GetSftpClient(hostDir.asset, sysUserDir.systemUser)
if err != nil {
......@@ -155,6 +160,11 @@ func (fs *sftpHandler) Filecmd(r *sftp.Request) (err error) {
}
hostDir := fs.hosts[pathNames[0]]
suDir := hostDir.suMaps[pathNames[1]]
if !fs.validatePermission(hostDir.asset.ID, suDir.systemUser.ID, model.ConnectAction) {
return sftp.ErrSshFxPermissionDenied
}
if suDir.client == nil {
client, conn, err := fs.GetSftpClient(hostDir.asset, suDir.systemUser)
if err != nil {
......@@ -210,6 +220,11 @@ func (fs *sftpHandler) Filewrite(r *sftp.Request) (io.WriterAt, error) {
}
hostDir := fs.hosts[pathNames[0]]
suDir := hostDir.suMaps[pathNames[1]]
if !fs.validatePermission(hostDir.asset.ID, suDir.systemUser.ID, model.UploadAction) {
return nil, sftp.ErrSshFxPermissionDenied
}
if suDir.client == nil {
client, conn, err := fs.GetSftpClient(hostDir.asset, suDir.systemUser)
if err != nil {
......@@ -246,6 +261,9 @@ func (fs *sftpHandler) Fileread(r *sftp.Request) (io.ReaderAt, error) {
}
hostDir := fs.hosts[pathNames[0]]
suDir := hostDir.suMaps[pathNames[1]]
if !fs.validatePermission(hostDir.asset.ID, suDir.systemUser.ID, model.DownloadAction) {
return nil, sftp.ErrSshFxPermissionDenied
}
if suDir.client == nil {
ftpClient, client, err := fs.GetSftpClient(hostDir.asset, suDir.systemUser)
if err != nil {
......@@ -312,6 +330,12 @@ func (fs *sftpHandler) Close() {
}
}
func (fs *sftpHandler) validatePermission(aid, suid, operate string) bool {
return service.ValidateUserAssetPermission(
fs.user.ID, aid, suid, operate,
)
}
type HostNameDir struct {
rootPath string
hostname string
......
......@@ -117,6 +117,9 @@ func (u *UserVolume) Info(path string) (elfinder.FileDir, error) {
if path == sysUserVol.suPath {
return sysUserVol.info(), nil
}
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(path)
if sysUserVol.client == nil {
......@@ -261,6 +264,11 @@ func (u *UserVolume) GetFile(path string) (reader io.ReadCloser, err error) {
if !ok {
return nil, os.ErrNotExist
}
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.DownloadAction) {
return nil, os.ErrPermission
}
realPath := sysUserVol.ParsePath(path)
if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
......@@ -337,6 +345,9 @@ func (u *UserVolume) UploadFile(dir, filename string, reader io.Reader) (elfinde
}
realFilenamePath := filepath.Join(realPath, filename)
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.UploadAction) {
return rest, os.ErrPermission
}
fd, err := sysUserVol.client.Create(realFilenamePath)
if err != nil {
......@@ -416,6 +427,16 @@ func (u *UserVolume) MergeChunk(cid, total int, dirPath, filename string) (elfin
if !ok {
return rest, os.ErrNotExist
}
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.UploadAction) {
for i := 0; i <= total; i++ {
partPath := fmt.Sprintf("%s.%d_%d.part_%d",
filepath.Join(u.localTmpPath, dirPath, filename), i, total, cid)
_ = os.Remove(partPath)
}
return rest, os.ErrPermission
}
realDirPath := sysUserVol.ParsePath(dirPath)
if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
......@@ -511,6 +532,11 @@ func (u *UserVolume) MakeDir(dir, newDirname string) (elfinder.FileDir, error) {
if !ok {
return rest, os.ErrNotExist
}
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(dir)
if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
......@@ -574,6 +600,11 @@ func (u *UserVolume) MakeFile(dir, newFilename string) (elfinder.FileDir, error)
if !ok {
return rest, os.ErrNotExist
}
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(dir)
if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
......@@ -633,6 +664,10 @@ func (u *UserVolume) Rename(oldNamePath, newName string) (elfinder.FileDir, erro
return rest, os.ErrPermission
}
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(oldNamePath)
if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
......@@ -698,6 +733,11 @@ func (u *UserVolume) Remove(path string) error {
if sysUserVol.suPath == path {
return os.ErrPermission
}
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.ConnectAction) {
return os.ErrPermission
}
realPath := sysUserVol.ParsePath(path)
if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
......@@ -760,6 +800,10 @@ func (u *UserVolume) Paste(dir, filename, suffix string, reader io.ReadCloser) (
if !ok {
return rest, os.ErrNotExist
}
if !u.validatePermission(hostVol.asset.ID, sysUserVol.systemUser.ID, model.UploadAction) {
return rest, os.ErrPermission
}
realPath := sysUserVol.ParsePath(dir)
if sysUserVol.client == nil {
sftClient, conn, err := u.GetSftpClient(hostVol.asset, sysUserVol.systemUser)
......@@ -846,6 +890,12 @@ func (u *UserVolume) CreateFTPLog(data *model.FTPLog) {
}
}
func (u *UserVolume) validatePermission(aid, suid, operate string) bool {
return service.ValidateUserAssetPermission(
u.user.ID, aid, suid, operate,
)
}
type hostnameVolume struct {
VID string
homePath string
......
......@@ -178,6 +178,12 @@ func SortAssetNodesByKey(assetNodes []Node) {
const LoginModeManual = "manual"
const (
ConnectAction = "connect"
UploadAction = "upload_file"
DownloadAction = "download_file"
)
type SystemUser struct {
ID string `json:"id"`
Name string `json:"name"`
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment