web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update rights in inner

Browse Source
This commit is contained in:
yflory
2019-10-14 12:01:44 +02:00
parent d443c93893
commit a3d273ec47
8 changed files with 141 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
www/common/drive-ui.js
View File

@@ -544,7 +544,8 @@ define([
Object.keys(folders).forEach(function (id) {
var f = folders[id];
var sfData = files.sharedFolders[id] || {};
var parsed = Hash.parsePadUrl(sfData.href || sfData.roHref);
var href = manager.user.userObject.getHref(sfData);
var parsed = Hash.parsePadUrl(href);
var secret = Hash.getSecrets('drive', parsed.hash, sfData.password);
manager.addProxy(id, {proxy: f}, null, secret.keys.secondaryKey);
});

2
www/common/outer/mailbox-handlers.js
View File

@@ -431,7 +431,7 @@ define([
var team;
Object.keys(myTeams).some(function (k) {
var _team = myTeams[k];
if (_team.channel === content.teamChannel) {
if (_team.channel === content.teamData.channel) {
teamId = k;
team = _team;
return true;

9
www/common/outer/team.js
View File

@@ -990,6 +990,7 @@ define([
uo.setReadOnly(!secret.keys.secondaryKey, secret.keys.secondaryKey);
}
});
ctx.updateMetadata();
ctx.emit('ROSTER_CHANGE_RIGHTS', teamId, team.clients);
};
@@ -1006,10 +1007,14 @@ define([
teamData.hash = data.hash;
teamData.keys.drive.edPrivate = data.keys.drive.edPrivate;
teamData.keys.chat.edit = data.keys.chat.edit;
var secret = Hash.getSecrets('team', data.hash, teamData.password);
team.secondaryKey = secret && secret.keys.secondaryKey;
} else {
delete teamData.hash;
delete teamData.keys.drive.edPrivate;
delete teamData.keys.chat.edit;
delete team.secondaryKey;
}
updateMyRights(ctx, teamId, data.hash);
@@ -1055,14 +1060,14 @@ define([
// Viewer to editor
if (user.role === "VIEWER" && data.data.role !== "VIEWER") {
return void changeEditRights(ctx, teamId, user, true, function (err) {
changeEditRights(ctx, teamId, user, true, function (err) {
return void cb({error: err});
});
}
// Editor to viewer
if (user.role !== "VIEWER" && data.data.role === "VIEWER") {
return void changeEditRights(ctx, teamId, user, false, function (err) {
changeEditRights(ctx, teamId, user, false, function (err) {
return void cb({error: err});
});
}

32
www/common/proxy-manager.js
View File

@@ -172,6 +172,22 @@ define([
return data;
};
var getSharedFolderData = function (Env, id) {
if (!Env.folders[id]) { return {}; }
var obj = Env.folders[id].proxy.metadata || {};
for (var k in Env.user.proxy[UserObject.SHARED_FOLDERS][id] || {}) {
var data = JSON.parse(JSON.stringify(Env.user.proxy[UserObject.SHARED_FOLDERS][id][k]));
if (data.href && data.href.indexOf('#') === -1) {
try {
data.href = Env.user.userObject.cryptor.decrypt(data.href);
} catch (e) {}
}
obj[k] = data;
}
return obj;
};
// Transform an absolute path into a path relative to the correct shared folder
var _resolvePath = function (Env, path) {
var res = {
@@ -979,6 +995,7 @@ define([
setPadAttribute: callWithEnv(setPadAttribute),
getTagsList: callWithEnv(getTagsList),
getSecureFilesList: callWithEnv(getSecureFilesList),
getSharedFolderData: callWithEnv(getSharedFolderData),
// Store
getChannelsList: callWithEnv(getChannelsList),
addPad: callWithEnv(addPad),
@@ -1149,21 +1166,6 @@ define([
return Env.user.userObject.getOwnedPads(Env.edPublic);
};
var getSharedFolderData = function (Env, id) {
if (!Env.folders[id]) { return {}; }
var obj = Env.folders[id].proxy.metadata || {};
for (var k in Env.user.proxy[UserObject.SHARED_FOLDERS][id] || {}) {
var data = JSON.parse(JSON.stringify(Env.user.proxy[UserObject.SHARED_FOLDERS][id][k]));
if (data.href && data.href.indexOf('#') === -1) {
try {
data.href = Env.user.userObject.cryptor.decrypt(data.href);
} catch (e) {}
}
obj[k] = data;
}
return obj;
};
var getFolderData = function (Env, path) {
var resolved = _resolvePath(Env, path);
if (!resolved || !resolved.userObject) { return {}; }

8
www/common/sframe-common-outer.js
View File

@@ -433,6 +433,10 @@ define([
Cryptpad.mailbox.execCommand(data, cb);
});
sframeChan.on('Q_STORE_IN_TEAM', function (data, cb) {
Cryptpad.storeInTeam(data, cb);
});
};
addCommonRpc(sframeChan);
@@ -465,10 +469,6 @@ define([
setDocumentTitle();
});
sframeChan.on('Q_STORE_IN_TEAM', function (data, cb) {
Cryptpad.storeInTeam(data, cb);
});
sframeChan.on('EV_SET_HASH', function (hash) {
window.location.hash = hash;
});

71
www/common/userObject.js
View File

@@ -29,29 +29,46 @@ define([
return name;
};
var createCryptor = module.createCryptor = function (key) {
var cryptor = {};
if (!key) {
cryptor.encrypt = function (x) { return x; };
cryptor.decrypt = function (x) { return x; };
return cryptor;
}
try {
var c = Crypto.createEncryptor(key);
cryptor.encrypt = function (href) {
// Never encrypt blob href, they are always read-only
if (href.slice(0,7) === '/file/#') { return href; }
return c.encrypt(href);
};
cryptor.decrypt = c.decrypt;
} catch (e) {
console.error(e);
}
return cryptor;
};
module.getHref = function (pad, cryptor) {
if (pad.href && pad.href.indexOf('#') !== -1) {
// Href exists and is not encrypted: return href
return pad.href;
}
if (pad.href) {
// Href exists and is encrypted
var d = cryptor.decrypt(pad.href);
// If we can decrypt, return the decrypted value, otherwise continue and return roHref
if (d.indexOf('#') !== -1) {
return d;
}
}
return pad.roHref;
};
module.init = function (files, config) {
var exp = {};
exp.cryptor = {};
var createCryptor = function (key) {
if (!key) {
exp.cryptor.encrypt = function (x) { return x; };
exp.cryptor.decrypt = function (x) { return x; };
return;
}
try {
var c = Crypto.createEncryptor(key);
exp.cryptor.encrypt = function (href) {
// Never encrypt blob href, they are always read-only
if (href.slice(0,7) === '/file/#') { return href; }
return c.encrypt(href);
};
exp.cryptor.decrypt = c.decrypt;
} catch (e) {
console.error(e);
}
};
createCryptor(config.editKey);
exp.cryptor = createCryptor(config.editKey);
exp.setReadOnly = function (state, key) {
config.editKey = key;
@@ -124,19 +141,7 @@ define([
};
var getHref = exp.getHref = function (pad) {
if (pad.href && pad.href.indexOf('#') !== -1) {
// Href exists and is not encrypted: return href
return pad.href;
}
if (pad.href) {
// Href exists and is encrypted
var d = exp.cryptor.decrypt(pad.href);
// If we can decrypt, return the decrypted value, otherwise continue and return roHref
if (d.indexOf('#') !== -1) {
return d;
}
}
return pad.roHref;
return module.getHref(pad, exp.cryptor);
};
var type = function (dat) {