Closed evert closed 11 years ago
From evert...@gmail.com on April 09, 2010 03:44:28: Hi Kay,
The return true and false are a little confusing (I should update the wiki); but it works as follows:
Just like javascript events, if you return false the operation will simply cease. If you return anything else the operation will continue.
However, just stopping the operation is probably not what you want, because in most cases it will just result in an empty response.
Instead, throw an exception. Sabre_DAV_Exception_Forbidden is probably the best choice.
Do note though, that clients don't 'like' error conditions. Also, if you're doing any sort of restrictions like this; you probably want to look into the TemporaryFileFilter plugin as well; as operating systems send along crap files anyway.
I don't see a callback specific for validation filetypes happening if the beforeBind method works. So let me know if this will work for you.
From kay.stro...@gmail.com on April 09, 2010 07:18:39: thanks it works, but the behaviour of netdrive and other clients is very scary.
netvibes: having a test.txt renamed it to test.php with netdrive in windows explorer sometimes the filelist is reloaded, and sometimes there is an error "File not found". But renaming is prohibited via DAV response, what is clearly visible in Charles.
datafreeway: rename as described above, no negative feedback, (display new name in filelist) hit refresh, old name is displayed
Totalcommander
Webdav plugin:behaviour as expected
Error Can't write file
windows
explorer: currently i do have a windows 7 only for testing, when using
net use *
what is needed to get windows internal webdav client working?
I alread set up
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient
\Parameters\BasicAuthLevel = 2
From kay.stro...@gmail.com on April 09, 2010 07:49:34: i tried to add http://wiki.davical.org/w/Permissions_Redesign#privilege but that had no influence
From kay.stro...@gmail.com on April 09, 2010 08:23:32: the files are protected for now using the following 3 events:
beforeBind beforeUnbind beforeWriteContent
The user client feedback is still scary, it seems, that a readonly webdav file is not normal for the clients :( or not implemented
From evert...@gmail.com on April 09, 2010 08:45:36: Hi Kay,
Few notes:
It sounds like support for something as simple as a 403 is pretty shitty =( I wonder if you can solve it in a different way creatively with typo3. Perhaps accepting the file and deleting it shortly after or a hack like that..
Can I ask you to post future messages to the mailing list: http://groups.google.com/group/sabredav-discuss
Hope you figure it out, Evert
Original author: kay.stro...@gmail.com (April 08, 2010 20:03:51)
Hello Devs,
as i told, I'm working on a plugin for TYPO3 to get a powerfull webdav interface.
I'm currently working on the security layer of upload remove and so on. I wanted to deny certain filetypes, which will be checked with TYPO3's internal functions. Based on the Wiki i started to write a plugin (see code at the end of this post). The Problem is, that i found no way to tell the user that this special filetype is not allowed during creation, move, etc.
So my question is - do i go the wrong way? - Please have a look on the code. Thanks
PS: I validated that the plugin gets loaded with Charles
<?php
class ks_sabredav_permission_plugin extends Sabre_DAVServerPlugin { public $server; //-------------------------------------------------------------------------- /* \ get Features function /
function getFeatures() { return array(); } //-------------------------------------------------------------------------- / \ get Features function / function initialize(Sabre_DAVServer $server) { $this->server = $server; $this->server->subscribeEvent('beforeBind',array($this,'beforeBind')); } //-------------------------------------------------------------------------- / * decide wether the creation of a node is allowed
/ function beforeBind($path) { global $BE_USER; global $fileMounts; global $TYPO3_CONF_VARS;
"'.$ext.'" not allowed'); // stop when filetype is false return false; } //return false to allow operation return true; } }
Original issue: http://code.google.com/p/sabredav/issues/detail?id=43