rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: Flynsarmy on September 26, 2009, 05:11:42 AM

Title: Anonymous file deletion, move/copy macro errors
Post by: Flynsarmy on September 26, 2009, 05:11:42 AM
Two more issues with macros. Firstly here http://www.rejetto.com/forum/index.php?topic=7437.0 you said that copy and move macros return space if the operation failed and could therefore be tested with a length macro in an if statement. I have a folder containing another folder called 'Folder B' and a file called 'File B'. If i perform this macro call:
Code: [Select]
{.if|{.length|{.move|{.postvar|src.}|{.postvar|destination.}.}.}|Operation failed|.}where 'src' and 'destination' are correct, nothing is returned even if 'src' doesn't exist. In other words the 'Move'
macro isn't checking that the file exists before trying to move it and is therefore returning no space.

Second problem: Anonymous file deletion. I've added a delete macro like so:
Code: [Select]
[delete]
{.if|{.length|{.delete|{.postvar|src.}.}|Operatoin failed.|.}

however anonymous users are then able to go to domain.com/~delete just like logged in users and delete files. I see no way in HFS to set delete/copy/move permissions for anonymous users... Sure I could do a logged in check on that macro but that would refuse anonymous users from being able to do these things if i DID want them to be able to...
Am i missing something?
Title: Re: Anonymous file deletion, move/copy macro errors
Post by: SilentPliz on September 26, 2009, 05:39:08 AM
If I understand what you wanted (?)

[delete]
{.if |{.and|%user%|{.!=|%user%|anonymous.}.}|
{:
{.if|{.length|{.delete|{.postvar|src.}.}|Operation failed.|.}
:}/if.}
Title: Re: Anonymous file deletion, move/copy macro errors
Post by: Flynsarmy on September 26, 2009, 06:05:51 AM
I'm not trying to block anonymous use, i'm trying to set the 'allow file deletion', 'allow file copying', 'allow file moving' property on a folder by folder basis for all users and anonymous users. I can't currently see a way to do this. Currently it just allows anonymous users to delete files which IMO is bad.
Title: Re: Anonymous file deletion, move/copy macro errors
Post by: TSG on September 26, 2009, 07:54:52 AM
Needs the 'get can delete'  'get can rename'  'get can move'  etc etc for each folder feature I brought up the other day. With a permission setting for each functionality. Its just dodgy at the moment. Sure user groups are handy and a fairly neat hack to set these functions up. But they shouldn't be a core functionality of a folder permission and manipulation setup. Its easier if HFS has simple permission settings for each folder manipulation property. Its not like HFS is aimed at 'professional' server users. 'Simple' people need to understand these features.

At the moment, without logging into flynsarmy's server I can copy/move etc without even logging in. Which is very unsecure. And it is because there is no way to check if the current user is allowed to run such a function.
Title: Re: Anonymous file deletion, move/copy macro errors
Post by: rejetto on September 28, 2009, 12:22:36 AM
1. the operation returns blank space if the operation succeed, not on failure.

2. you can set delete permission in properties > permissions > delete
and you can set it for anonymous too. what's wrong with that?
copy and move are not handled in any way by HFS itself, thus there's no permission at the moment.