Commit f4b17a3d authored by Henning Leutz's avatar Henning Leutz 🥋

refactor: upload permissions; permission string fixes

parent ce1088c9
......@@ -419,7 +419,7 @@
<option value="404">404 - Not Found</option>
</select>
<input type="hidden" conf="globals.nonce" label="false" />
<input type="hidden" conf="globals.nonce" label="false"/>
</settings>
<settings title="templateengine" name="templateengine">
......
......@@ -13,8 +13,7 @@ define('controls/permissions/Panel', [
], function (QUI, QUIPanel, QUILocale) {
"use strict";
var lg = 'quiqqer/system';
var lg = 'quiqqer/quiqqer';
return new Class({
......
......@@ -98,11 +98,11 @@ define('controls/upload/File', [
this.$is_paused = false;
this.$file_size = this.$File.size;
this.$chunk_size = (1024 * 100);
this.$chunk_size = (1024 * 256); // 256kb
this.$range_start = 0;
this.$range_end = this.$chunk_size;
this.$upload_time = null;
this.$execute = true; // false if no excute of the update routine
this.$execute = true; // false if no execute of the update routine
this.$result = null;
this.$error = false;
......
......@@ -304,6 +304,8 @@ class Manager
* defaultvalue =>
* src =>
* )
*
* @throws QUI\Database\Exception
*/
public function addPermission($params)
{
......@@ -430,7 +432,11 @@ class Manager
$permission['defaultvalue'] = $permission['default'];
}
$this->addPermission($permission);
try {
$this->addPermission($permission);
} catch (QUI\Exception $Exception) {
QUI\System\Log::addError($Exception->getMessage());
}
}
}
......@@ -527,7 +533,7 @@ class Manager
* Return the current permissions from a group, user, site, project or media
* Returns the set permissions
*
* @param QUI\Groups\Group|QUI\Users\User|QUI\Projects\Project|QUI\Projects\Site $Obj
* @param QUI\Groups\Group|QUI\Interfaces\Users\User|QUI\Projects\Project|QUI\Projects\Site $Obj
*
* @return array
*/
......@@ -1517,7 +1523,6 @@ class Manager
break;
case 'string':
$val = Orthos::clearMySQL($val);
break;
default:
......
......@@ -718,6 +718,32 @@ class Permission
return isset($permissions[$perm]) ? $permissions[$perm] : false;
}
/**
* Return a permission of the user
* - can be user for string permissions
*
* @param string $perm
* @param QUI\Interfaces\Users\User|null $User
*
* @return mixed|boolean
*/
public static function getPermission($perm, $User = null)
{
if ($User === null) {
$User = self::getUser();
}
$Manager = QUI::getPermissionManager();
$permissions = $Manager->getPermissions($User);
// first check user permission
if (isset($permissions[$perm]) && !empty($permissions[$perm])) {
return $permissions[$perm];
}
return isset($permissions[$perm]) ? $permissions[$perm] : false;
}
/**
* has the User the permission at the site?
*
......
......@@ -27,13 +27,21 @@ class Form extends QUI\QDOM
'hasFile' => false,
'deleteFile' => true,
'allowedFileTypes' => false, // eq: ['image/jpeg', 'image/png']
'maxFileSize' => false, // eq: 20000000 = 20mb
'allowedFileTypes' => false, // eq: ['image/jpeg', 'image/png']
'allowedFileEnding' => false, // eq: ['.gif', '.jpg']
'maxFileSize' => false, // eq: 20000000 = 20mb
'typeOfLook' => 'DragDrop', // DragDrop, Icon, Single
'typeOfLookIcon' => 'fa fa-upload'
]);
// set default allowed file types
// @todo
// set default allowed file endings
// @todo
parent::setAttributes($params);
}
......
......@@ -10,6 +10,7 @@ use QUI;
use QUI\Utils\System\File as QUIFile;
use QUI\Utils\Security\Orthos;
use QUI\Utils\System\File;
use QUI\Permissions\Permission;
/**
* Upload Manager
......@@ -211,7 +212,13 @@ class Manager
'filesize' => true
]);
$configMaxFileSize = QUI\Projects\Manager::get()->getConfig('media_maxUploadFileSize');
$configMaxFileSize = Permission::getPermission('quiqqer.upload.maxFileUploadSize');
if (QUI\Projects\Manager::get()->getConfig('media_maxUploadFileSize')) {
$configMaxFileSize = QUI\Projects\Manager::get()->getConfig('media_maxUploadFileSize');
}
if ($configMaxFileSize && (int)$fileinfo['filesize'] > $configMaxFileSize) {
QUIFile::unlink($tmp_name);
......@@ -220,7 +227,8 @@ class Manager
'quiqqer/quiqqer',
'exception.media.upload.fileSize.is.to.big',
[
'size' => QUI\Utils\System\File::formatSize($configMaxFileSize)
'size' => QUI\Utils\System\File::formatSize($configMaxFileSize),
'file' => $filename
]
]);
}
......
......@@ -615,7 +615,14 @@
<de><![CDATA[Sie besitzen nicht die nötigen Rechte um die Konfiguration zu speichern.]]></de>
</locale>
<locale name="exception.media.upload.fileSize.is.to.big">
<de><![CDATA[Die Datei ist leider zu gross. Die maximale Uploadgröße ist einer Datei beträgt [size]]]></de>
<de>
<![CDATA[Die Datei [file] ist leider zu gross. Die maximale Uploadgröße einer Datei beträgt [size]]]></de>
</locale>
<locale name="exception.media.upload.fileType.not.allowed">
<de><![CDATA[
Der Dateityp der Datei [file] ist leider nicht erlaubt.
Bitte nutze nur folgende Dateitypen: [filetypes]
]]></de>
</locale>
<locale name="exception.media.move.is.no.folder">
<de><![CDATA[Bitte wählen Sie einen Ordner aus um die Dateien zu verschieben.]]></de>
......@@ -1484,6 +1491,9 @@
<locale name="permissions.panel.btn.select.project">
<de><![CDATA[Für ein Projekt]]></de>
</locale>
<locale name="permissions.panel.btn.select.media">
<de><![CDATA[Für den Mediabereich]]></de>
</locale>
<locale name="permissions.panel.btn.select.manage">
<de><![CDATA[Rechte verwalten]]></de>
</locale>
......@@ -4245,6 +4255,46 @@ Hinweis: Wenn QUIQQER als GIT Repository installiert ist, existiert keine MD5 Su
So kann QUIQQER dich bei Fehlern informieren.
]]></de>
</locale>
<locale name="permission.quiqqer.upload._header">
<de><![CDATA[Upload]]></de>
</locale>
<locale name="permission.quiqqer.upload.maxUploadCount">
<de><![CDATA[Max. Grösse eines Upload-Vorgangs]]></de>
</locale>
<locale name="permission.quiqqer.upload.maxUploadCount.description">
<de><![CDATA[
Legt die maximale Grösse eines Upload-Vorgangs fest.
Hier zählen alle Dateien die während eines Upload-Vorgangs hochgeladen werden, zusammen.
]]></de>
</locale>
<locale name="permission.quiqqer.upload.maxFileUploadSize">
<de><![CDATA[Max. Dateigröße bei einem Upload]]></de>
</locale>
<locale name="permission.quiqqer.upload.maxFileUploadSize.description">
<de><![CDATA[
Legt die maximale Grösse einer Datei während eines Upload-Vorgangs fest.
]]></de>
</locale>
<locale name="permission.quiqqer.upload.allowedTypes">
<de><![CDATA[Erlaubte Dateiarten]]></de>
</locale>
<locale name="permission.quiqqer.upload.allowedTypes.description">
<de><![CDATA[
Bitte gebe die erlaubten Dateiarten kommasepariert an. Zusätzlich können Wildcards verwenden werdet.
Beispiel: images/*,application/*
]]></de>
</locale>
<locale name="permission.quiqqer.upload.allowedEndings">
<de><![CDATA[Erlaubte Dateiendungen]]></de>
</locale>
<locale name="permission.quiqqer.upload.allowedEndings.description">
<de><![CDATA[
Bitte gebe die erlaubten Dateiendung kommasepariert an. Zusätzlich können Wildcards verwenden werdet.
Beispiel: .gif,.jpg,.jpeg,.pdf
]]></de>
</locale>
</groups>
<groups name="quiqqer/quiqqer" datatype="php">
......@@ -4281,6 +4331,7 @@ Hinweis: Wenn QUIQQER als GIT Repository installiert ist, existiert keine MD5 Su
Gültigkeitsdauer in <b>Minuten</b> für den Link zur Bestätigung des Zurücksetzens des Passworts.
]]></de>
</locale>
<locale name="projects.project.settings.panel.settings.title">
<de><![CDATA[Allgemeine Projekt Einstellungen]]></de>
</locale>
......
......@@ -617,7 +617,13 @@
<en><![CDATA[You do not have the necessary permissions to save the configuration]]></en>
</locale>
<locale name="exception.media.upload.fileSize.is.to.big">
<en><![CDATA[The file is unfortunately too big. The maximum upload size for a file is [size]]]></en>
<en><![CDATA[The file [file] is unfortunately too big. The maximum upload size for a file is [size]]]></en>
</locale>
<locale name="exception.media.upload.fileType.not.allowed">
<de><![CDATA[
Unfortunately, the file type of the [file] file is not allowed.
Please use only the following file types: [filetypes]
]]></de>
</locale>
<locale name="exception.media.move.is.no.folder">
<en><![CDATA[Please select a folder to move the files.]]></en>
......@@ -1468,6 +1474,9 @@ You can also ignore the console user permissions check with '--ignore-file-permi
<locale name="permissions.panel.btn.select.project">
<en><![CDATA[For a project]]></en>
</locale>
<locale name="permissions.panel.btn.select.media">
<en><![CDATA[For a media area]]></en>
</locale>
<locale name="permissions.panel.btn.select.manage">
<en><![CDATA[Permission management only]]></en>
</locale>
......@@ -4099,6 +4108,44 @@ Note: If QUIQQER is installed as GIT repository, no MD5 summary file exists.
On this way QUIQQER can inform you about errors.
]]></en>
</locale>
<locale name="permission.quiqqer.upload._header">
<en><![CDATA[Upload]]></en>
</locale>
<locale name="permission.quiqqer.upload.maxUploadCount">
<en><![CDATA[Max. uploads]]></en>
</locale>
<locale name="permission.quiqqer.upload.maxUploadCount.description">
<en><![CDATA[
]]></en>
</locale>
<locale name="permission.quiqqer.upload.maxFileUploadSize">
<en><![CDATA[Max. Size of an upload]]></en>
</locale>
<locale name="permission.quiqqer.upload.maxFileUploadSize.description">
<en><![CDATA[
Defines the maximum size of a file during an upload process.
]]></en>
</locale>
<locale name="permission.quiqqer.upload.allowedTypes">
<en><![CDATA[Allowed file types]]></en>
</locale>
<locale name="permission.quiqqer.upload.allowedTypes.description">
<en><![CDATA[
Please enter the ALLOWED file types separated by commas. Additionally you can use wildcards.
Example: images/*,application/*
]]></en>
</locale>
<locale name="permission.quiqqer.upload.allowedEndings">
<en><![CDATA[Allowed file extensions]]></en>
</locale>
<locale name="permission.quiqqer.upload.allowedEndings.description">
<en><![CDATA[
Please enter the ALLOWED file extension separated by commas. Additionally you can use wildcards.
Example: .gif, .jpg, .jpeg, .pdf
]]></en>
</locale>
</groups>
<groups name="quiqqer/quiqqer" datatype="php">
......@@ -4132,6 +4179,7 @@ Note: If QUIQQER is installed as GIT repository, no MD5 summary file exists.
<locale name="quiqqer.settings.auth.passwordResetLinkValidTime.description" html="true">
<en><![CDATA[Period of validity in <b>minutes</b> for the link to confirm password reset.]]></en>
</locale>
<locale name="projects.project.settings.panel.settings.title">
<en><![CDATA[General Project Settings]]></en>
</locale>
......
......@@ -60,6 +60,15 @@
<defaultvalue>1</defaultvalue>
</permission>
<permission name="quiqqer.upload.maxUploadCount" type="int">
<defaultvalue>10</defaultvalue>
</permission>
<permission name="quiqqer.upload.maxFileUploadSize" type="int">
<defaultvalue>10000</defaultvalue>
</permission>
<permission name="quiqqer.upload.allowedTypes" type="string"/>
<permission name="quiqqer.upload.allowedEndings" type="string"/>
<!-- Darf Projekte anlegen -->
<permission name="quiqqer.projects.create" type="bool"/>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment