Skip to content

Fixed access control is not working properly in the search operation #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fixed access control is not working properly in the search operation #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@

### SQL Server DataBase File Provider

#### Bug Fixes

- `#281523` - The issue with "Access control is not properly working in search operation" has been fixed.

## 18.2.44 (2020-07-06)

### SQL Server DataBase File Provider

#### New Features

- `#151112`, `#152443` - Support has been provided for access control.
Expand Down
34 changes: 30 additions & 4 deletions Models/SQLFileProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1122,6 +1122,7 @@ public FileManagerResponse Search(string path, string searchString, bool showHid
{
if (path == null) { path = string.Empty; };
var searchWord = searchString;
bool hasPermission = true;
FileManagerDirectoryContent searchData;
FileManagerDirectoryContent cwd = new FileManagerDirectoryContent();
cwd.Name = data[0].Name;
Expand All @@ -1134,7 +1135,7 @@ public FileManagerResponse Search(string path, string searchString, bool showHid
sqlConnection.Open();
cwd.FilterPath = GetFilterPath(data[0].Id);
sqlConnection.Close();
AccessPermission permission = GetPermission(cwd.Id, cwd.ParentID, cwd.Name, cwd.IsFile, path);
AccessPermission permission = GetPermission(data[0].Id, data[0].ParentID, cwd.Name, cwd.IsFile, path);
cwd.Permission = permission;
if (cwd.Permission != null && !cwd.Permission.Read)
{
Expand Down Expand Up @@ -1173,10 +1174,16 @@ public FileManagerResponse Search(string path, string searchString, bool showHid
if (searchData.Name != "Products") foundFiles.Add(searchData);
}
reader.Close();
foreach (var file in foundFiles)

for (int i = foundFiles.Count - 1; i >= 0; i--)
{
file.FilterPath = GetFilterPath(file.Id);
file.FilterId = GetFilterId(file.Id);
foundFiles[i].FilterPath = GetFilterPath(foundFiles[i].Id);
foundFiles[i].FilterId = GetFilterId(foundFiles[i].Id);
hasPermission = parentsHavePermission(foundFiles[i]);
if (!hasPermission)
{
foundFiles.Remove(foundFiles[i]);
}
}
}
searchResponse.Files = (IEnumerable<FileManagerDirectoryContent>)foundFiles;
Expand All @@ -1193,6 +1200,25 @@ public FileManagerResponse Search(string path, string searchString, bool showHid
}
finally { sqlConnection.Close(); }
}
protected virtual bool parentsHavePermission(FileManagerDirectoryContent fileDetails)
{
String[] parentPath = fileDetails.FilterId.Split('/');
bool hasPermission = true;
for (int i = 0; i <= parentPath.Length - 3; i++)
{
AccessPermission pathPermission = GetPermission(fileDetails.ParentID, parentPath[i], fileDetails.Name, false, fileDetails.FilterId);
if (pathPermission == null)
{
break;
}
else if (pathPermission != null && !pathPermission.Read)
{
hasPermission = false;
break;
}
}
return hasPermission;
}
// Copies the selected folder
public void CopyFolderFiles(string[] fileId, string[] newTargetId, SqlConnection sqlConnection)
{
Expand Down