disable web browser post inputs if no storage write permission

2 files changed, 95 insertions, 78 deletions

diff --git a/include/reddav.php b/include/reddav.php
index fc4a53b17..34dbfa0fd 100644
--- a/include/reddav.php
+++ b/include/reddav.php
@@ -92,6 +92,8 @@ class RedDirectory extends DAV\Node implements DAV\ICollection {
 		$this->folder_hash = '';
 
 		$this->getDir();
+		if($this->auth->browser)
+			$this->auth->browser->set_writeable();
 
 	}
 
@@ -657,3 +659,90 @@ dbg(0);
 }
 
 
+class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {
+
+	public $channel_name = '';
+	public $channel_id = 0;
+	public $channel_hash = '';
+	public $observer = '';
+	public $browser;
+	public $owner_id;
+
+    protected function validateUserPass($username, $password) {
+		require_once('include/auth.php');
+		$record = account_verify_password($email,$pass);
+		if($record && $record['account_default_channel']) {
+			$r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1",
+				intval($record['account_id']),
+				intval($record['account_default_channel'])
+			);
+			if($r) {
+				$this->currentUser = $r[0]['channel_address'];
+				$this->channel_name = $r[0]['channel_address'];
+				$this->channel_id = $r[0]['channel_id'];
+				$this->channel_hash = $this->observer = $r[0]['channel_hash'];
+				return true;
+			}
+		}
+		$r = q("select * from channel where channel_address = '%s' limit 1",
+			dbesc($username)
+		);
+		if($r) {
+			$x = q("select * from account where account_id = %d limit 1",
+				intval($r[0]['channel_account_id'])
+			);
+			if($x) {
+			    foreach($x as $record) {
+			        if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+            		&& (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) {
+			            logger('(DAV) RedBasicAuth: password verified for ' . $username);
+						$this->currentUser = $r[0]['channel_address'];
+						$this->channel_name = $r[0]['channel_address'];
+						$this->channel_id = $r[0]['channel_id'];
+						$this->channel_hash = $this->observer = $r[0]['channel_hash'];
+            			return true;
+        			}
+    			}
+			}
+		}
+	    logger('(DAV) RedBasicAuth: password failed for ' . $username);
+    	return false;
+	}
+
+	function setCurrentUser($name) {
+		$this->currentUser = $name;
+	}
+
+	function setBrowserPlugin($browser) {
+		$this->browser = $browser;
+	}
+		
+}
+
+
+class RedBrowser extends DAV\Browser\Plugin {
+
+	private $auth;
+
+	function __construct(&$auth) {
+
+		$this->auth = $auth;
+
+
+	}
+
+	function set_writeable() {
+		logger('RedBrowser: ' . print_r($this->auth,true));
+
+		if(! $this->auth->owner_id)
+			$this->enablePost = false;
+
+
+		if(! perm_is_allowed($this->auth->owner_id, get_observer_hash(), 'write_storage'))
+			$this->enablePost = false;
+		else
+			$this->enablePost = true;
+
+	}
+
+}
\ No newline at end of file
diff --git a/mod/cloud.php b/mod/cloud.php
index 1b2b65d05..a72d0f108 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -1,23 +1,5 @@
 <?php
 
-	// This module is currently !!!HIGHLY EXPERIMENTAL!!!
-	// You should think twice before running this on a production server
-	// as security mechanisms are not yet implemented and those that
-	// are implemented probably don't work.
-
-	// DAV mounts will probably fail if you don't use SSL, because some platforms refuse to send
-	// basic auth over non-encrypted connections.
-	// One could use digest auth - but then one has to calculate the A1 digest and store it for
-	// all acounts. We aren't doing that. We have a stored password already. We don't need another
-	// one. The login unfortunately is the channel nickname (webbie) as we have no way of passing 
-	// the destination channel to DAV. You should be able to login with your account credentials 
-	// and be directed to your default channel. 
-
-	// This interface does not yet support Red stored files. Consider any content in your "store" 
-	// directory to be throw-away until advised otherwise.
-
-
-
 	use Sabre\DAV;
 
     require_once('vendor/autoload.php');
@@ -44,69 +26,10 @@
 
 
 
-class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {
-
-	public $channel_name = '';
-	public $channel_id = 0;
-	public $channel_hash = '';
-	public $observer = '';
-
-	public $owner_id;
-
-    protected function validateUserPass($username, $password) {
-		require_once('include/auth.php');
-		$record = account_verify_password($email,$pass);
-		if($record && $record['account_default_channel']) {
-			$r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1",
-				intval($record['account_id']),
-				intval($record['account_default_channel'])
-			);
-			if($r) {
-				$this->currentUser = $r[0]['channel_address'];
-				$this->channel_name = $r[0]['channel_address'];
-				$this->channel_id = $r[0]['channel_id'];
-				$this->channel_hash = $this->observer = $r[0]['channel_hash'];
-				return true;
-			}
-		}
-		$r = q("select * from channel where channel_address = '%s' limit 1",
-			dbesc($username)
-		);
-		if($r) {
-			$x = q("select * from account where account_id = %d limit 1",
-				intval($r[0]['channel_account_id'])
-			);
-			if($x) {
-			    foreach($x as $record) {
-			        if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
-            		&& (hash('whirlpool',$record['account_salt'] . $password) === $record['account_password'])) {
-			            logger('(DAV) RedBasicAuth: password verified for ' . $username);
-						$this->currentUser = $r[0]['channel_address'];
-						$this->channel_name = $r[0]['channel_address'];
-						$this->channel_id = $r[0]['channel_id'];
-						$this->channel_hash = $this->observer = $r[0]['channel_hash'];
-            			return true;
-        			}
-    			}
-			}
-		}
-	    logger('(DAV) RedBasicAuth: password failed for ' . $username);
-    	return false;
-	}
-
-	function setCurrentUser($name) {
-		$this->currentUser = $name;
-	}
-
-
-}
 
 
 function cloud_init(&$a) {
 
-	if(! get_config('system','enable_cloud'))
-		killme();
-
 	require_once('include/reddav.php');
 
 	$auth = new RedBasicAuth();
@@ -136,7 +59,12 @@ function cloud_init(&$a) {
 	if(! $auth->observer)
 		$auth->Authenticate($server,'Red Matrix');
 
-	$browser = new DAV\Browser\Plugin();
+//	$browser = new DAV\Browser\Plugin();
+
+	$browser = new RedBrowser($auth);
+
+	$auth->setBrowserPlugin($browser);
+
 	$server->addPlugin($browser);