From b1689d03b0ac8a601f3ff4a225729d1e15b317ba Mon Sep 17 00:00:00 2001 From: adam Date: Fri, 12 Feb 2021 19:09:42 +0200 Subject: almost there --- php/database.php | 125 ++++++++++++++++++++++++++++++++++++++++++++++++++----- php/node.php | 9 ++-- php/readdir.php | 8 +++- php/upload.php | 9 ++-- 4 files changed, 129 insertions(+), 22 deletions(-) (limited to 'php') diff --git a/php/database.php b/php/database.php index 66f2efb..98946ce 100644 --- a/php/database.php +++ b/php/database.php @@ -26,7 +26,7 @@ require_once "node.php"; { $ret=new User; - $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username"); + $prep=$this->pdo->prepare("select user_id,username,email,home_directory from users where username=:username"); $prep->bindParam(':username',$user); $prep->execute(); @@ -106,12 +106,13 @@ require_once "node.php"; error_log("there was a problem with the sql statement at get_nodes_with_code"); return []; } - return $statement->fetchAll(PDO::FETCH_ASSOC); + return $statement->fetch(PDO::FETCH_ASSOC); } /* I think this only makes sense if node is a dir*/ /* returns assoc array of nodes*/ function get_links_of(int $node_id) { + error_log("in get_links_of with argument {$node_id}"); $statement=$this->pdo->prepare(" select node_links.node_id as id, node_links.name as name, @@ -121,7 +122,7 @@ require_once "node.php"; from node_links inner join nodes on nodes.node_id=node_links.node_id - where nodes.node_id=:id + where node_links.directory_id=:id "); $statement->bindParam(':id',$node_id); if($statement->execute()==false) @@ -171,24 +172,111 @@ require_once "node.php"; } + function get_premissions(int $node_id,int $user_id) + { + $prep=$this->pdo->prepare(" + select can_view,can_edit + from node_access + where node_id=:node and user_id=:user + "); + $prep->bindParam(':node',$node_id); + $prep->bindParam(':user',$user_id); + if($prep->execute()==false) + { + error_log("there is an error with the sql statemtent at get_premissions"); + return NULL; + } + $ret=$prep->fetch(PDO::FETCH_ASSOC); + if(gettype($ret)=="boolean") + { + $prep=$this->pdo->prepare("insert into + node_access(node_id,user_id,can_view,can_edit) + values(:node,:user,false,false)"); + $prep->bindParam(':node',$node_id); + $prep->bindParam(':user',$user_id); + if($prep->execute()==false) + { + error_log("couldnt create access entry in get_premissions2"); + return NULL; + } + + $prep=$this->pdo->prepare(" + select can_view,can_edit + from node_access + where node_id=:node and user_id=:user + "); + $prep->bindParam(':node',$node_id); + $prep->bindParam(':user',$user_id); + if($prep->execute()==false) + { + error_log("there is an error with the sql statemtent at get_premissions3"); + return NULL; + } + $ret=$prep->fetch(PDO::FETCH_ASSOC); + } + return $ret; + } + + function give_view_access(int $node_id,int $user_id) + { + $premissions=$this->get_premissions($node_id,$user_id); + /*this isn't futile because we create access entries in get_premission if there are none*/ + if($premissions["can_view"]==false) + { + $prep=$this->pdo->prepare("update node_access + set can_view=true + where node_id=:node and user_id=:user + "); + $prep->bindParam(':node',$node_id); + $prep->bindParam(':user',$user_id); + if($prep->execute()==false) + { + error_log("could not execute sql statement in guve_view_access"); + } + + } + } + + function give_edit_access(int $node_id,int $user_id) + { + $premissions=$this->get_premissions($node_id,$user_id); + /*this isn't futile because we create access entries in get_premission if there are none*/ + if($premissions["can_edit"]==false) + { + $prep=$this->pdo->prepare("update node_access + set can_edit=true + where node_id=:node and user_id=:user + "); + $prep->bindParam(':node',$node_id); + $prep->bindParam(':user',$user_id); + if($prep->execute()==false) + { + error_log("could not execute sql statement in give_edit_access"); + } + + } + } + /*this is used to create seperate roots for the users*/ function create_dangling_directory(): int { $code_name=$this->get_random_node_name(""); global $storage_root; + /*create directory node*/ $prep=$this->pdo->prepare("insert into nodes(is_directory,relative_path,code) values(true,:root,:code)"); $prep->bindParam(':code',$code_name); - $prep->bindParam(':root',$storage_root); + $prep->bindParam(':root',$code_name); if($prep->execute()==false) { error_log("tried to create a dangling directory but sql statement failed. Fatal error!"); exit(1); } - + /*give premissions*/ + $id=$this->get_node_with_code($code_name); if(count($id)!=1) { @@ -197,7 +285,7 @@ require_once "node.php"; } //print count($id); - return $id[0]["id"]; + return $id["id"]; } /*links source to target*/ @@ -217,7 +305,7 @@ require_once "node.php"; } } /*returns the file name as it must be in the filesystem relative to the storage root*/ - function create_file_node(string $filename,string $note,int $dir_id): string + function create_file_node(string $filename,string $note,int $dir_id,User $user): string { global $storage_root; /*checkout the directory*/ @@ -236,14 +324,22 @@ require_once "node.php"; error_log("could not exedude dir sql statement in create_file_node"); return "error"; } - $dir=$dir_prep->fetch(PDO::FETCH_ASSOC); + if(($dir=$dir_prep->fetch(PDO::FETCH_ASSOC))==false) + { + error_log("create_file_node dir isnt a directory"); + return "error"; + } if($dir["is_directory"]==false) { + /*remove this TODO*/ + error_log("create_file_node: dir is not a directory directory=".print_r($dir).gettype($dir)); return "error"; } if($dir["can_edit"]==false) { /*TODO*/ + /*remove this TODO*/ + error_log("create_file_node: dir is not modifiable"); return "error"; } @@ -253,7 +349,7 @@ require_once "node.php"; $prep=$this->pdo->prepare("insert into nodes(is_directory,relative_path,code) values(false,:root,:code) "); - $prep->bindParam(':root',"/".$code); + $prep->bindParam(':root',$code); $prep->bindParam(':code',$code); if($prep->execute()==false) @@ -262,9 +358,13 @@ require_once "node.php"; /*not so quiet error*/ return "error"; } - $new_id=get_node_with_code($code); + $new_id=$this->get_node_with_code($code)["id"]; /*link the node to the directory*/ - link_nodes($dir_id,$new_id,$filename,$note); + $this->link_nodes($dir_id,$new_id,$filename,$note); + /*give premissions to the creator*/ + + $this->give_view_access($new_id,$user->user_id); + $this->give_edit_access($new_id,$user->user_id); return $code; } /*checks if there is a link between two node_id-s*/ @@ -323,6 +423,9 @@ require_once "node.php"; /*todo make an error page*/ exit(1); } + $user_id=$this->get_user($user)->user_id; + $this->give_view_access($home_dir,$user_id); + $this->give_edit_access($home_dir,$user_id); } return true; } diff --git a/php/node.php b/php/node.php index 62b9ad2..3d56d99 100644 --- a/php/node.php +++ b/php/node.php @@ -7,25 +7,26 @@ require_once "user.php"; /*path is in terms of the simulated filesystem*/ function get_directory(string $abstract_path,User $user) { + global $database; if($abstract_path[0]!="/") { return NULL; } if($component=strtok($abstract_path,"/")==false) { - return NULL; + return $database->get_links_of($user->home_directory); } - $current_dir=$database->get_node($component,$user->home_directory); + $current_dir=$database->get_node_id($component,$user->home_directory); if($current_dir==NULL) return NULL; /*traverse path*/ while($component=strtok("/")) { - $current_dir=get_node($component,$current_dir); + $current_dir=$database->get_node_id($component,$current_dir); if($current_dir==NULL) return NULL; } - return get_links_of(NULL,$current_dir); + return $database->get_links_of($current_dir); } ?> diff --git a/php/readdir.php b/php/readdir.php index b6a1916..b913cb1 100644 --- a/php/readdir.php +++ b/php/readdir.php @@ -1,3 +1,9 @@ diff --git a/php/upload.php b/php/upload.php index b36a0f1..b22c3a8 100644 --- a/php/upload.php +++ b/php/upload.php @@ -3,23 +3,20 @@ require_once "database.php"; require_once "configuration.php"; session_start(); -echo 1; if (!isset( $_POST["filename"]) || !isset($_FILES["the_file"])) { error_log("someone tried to upload something impropperly"); http_response_code(400); exit(1); } -echo 2; $file=$_FILES["the_file"]; $filename=$_POST["filename"]; -$homedir=$_SESSION['user_object']; +$user=$_SESSION['user_object']; +$homedir=$user->home_directory; -echo 3; -$codename=$database->create_file_node($filename,"",$_SESSION['user_object']->home_directory); -echo $codename; +$codename=$database->create_file_node($filename,"",$homedir,$user); if($codename=="error") { error_log("could not create file_node in upload.php"); -- cgit v1.2.3