Re: [openupload-devel] New Plugin: account_expire
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
Re: [openupload-devel] New Plugin: account_expire
|
From: Jochen D. <jo...@co...> - 2009-05-23 17:05:10
|
Hey Alessandro, Thanks for reviewing it and giving me feedback. Although, sorry to say, I'm not entirely sure what you mean. Are you saying that I misused the plugin system for administrating user data (should I have made a module?) Or do you mean that plugins altogether where never meant as an enhancement of the user (or other) administration? The way I interpreted it is that plugins can (or could or should) manipulate all entities in the system (users, groups, ...) and not just files. Please let me know if I can be of any assistance with making changes to either the plugin or any other part of the system. Indeed I code on windows, my apologies for not catching the case sensitivity of the filenames. It might have been more of a reflex, writing the directory name in camelcase (-: In the mean while, I've made progres on the group assignment of files. I have managed to implement it using a plugin as well. I did have to make some (very minor) changes to the base system to get it to work but, I'll write you later today or tomorrow to with the patch and an explanation. There is one potentially critical issue I noticed though: anyone can download files without necessarily having the rights to them. When a user has the right to download files and knows the id of a file in the system (not necessarily one he has access to) he can still download it. I did not find any check on ownership of the file in the whole download procedure (downloadForm, downloadRequest and downloadConfirm). Any user with the download rights can thus craft a request string (http://localhost/~OpenUpload/www/?action=d&id=******) and proceed with the download. I have tested this a bit, but I'm not yet sure if it's definitely, absolutely always the case. Some of my tests blocked the download from happening, others allowed it. I also didn't test on a clean system, so perhaps my changes broke something. Enjoy Jochen -----Original Message----- From: Alessandro Briosi [mailto:ts...@br...] Sent: vrijdag 22 mei 2009 19:16 To: OpenUpload Delvel and General talk Subject: Re: [openupload-devel] New Plugin: account_expire Hi Jochen, I'm not really convinced about this. Though coding is correct (only minor fixes), the plugin must be enabled also for admins to be used in the administration page. Imho, we should differenciate between plugins for functionality, and administration. Won't commit it right now. I'll have a look in the next few days on how to fix this. I already thought that a module and a plugin should handle the administration of itself, and not the admin module. That's another thing I want to change for 0.5 Ciao, Alessandro P.S. I suppose you are coding on Windows as I had some troubles finding out that the directory for the templates was called accountExpire and not accountexpire. Please use all lowercase for the file/directories. Jochen Derwae ha scritto: > Dear Alessandro, > > I've finally come round to finishing the first version of the > account_expire plugin. The administrator can now enter an expiration date in the user form. > This date is checkec when the user tries to log on, to allow or deny > authentication. > > I did have to make some minor changes to the admin module (to call and > display plugins in the useredit method) in order to get this plugin to work. > The code I've provided is probably not up to the standards of the rest > of the code base. I think mostly acl is missing from this plugin. I > would still appreciate it if you could take a look and tell me what you think. > > I'm going to work on assigning files to groups now, I might do it > differently then what you had in mind, due to the database code not > being able to do joins. Anyway, I'll patch something together (-: > > Thanks, > Jochen > > > ---------------------------------------------------------------------- > -- > > ---------------------------------------------------------------------- > -------- Crystal Reports - New Free Runtime and 30 Day Trial Check out > the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > > > ---------------------------------------------------------------------- > -- > > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel ---------------------------------------------------------------------------- -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Openupload-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openupload-devel |
