Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-11 15:56:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

filemanagerfull

Browse Source
This commit is contained in:
habi
2022-04-05 15:53:07 +05:00
parent f8c38a8c56
commit bcdb0ac595
4 changed files with 592 additions and 363 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
baseTemplate/templates/baseTemplate/FileManager.html
View File

@@ -81,9 +81,7 @@
<li id="extractFile" class="nav-item">
<a onclick="return false;" ng-click="showExtractionModal()" class="nav-link point-events" href="#"><i class="fa fa-expand" aria-hidden="true"></i> {% trans "Extract" %}</a>
</li>
<li id="fixPermissions" class="nav-item">
<a onclick="return false;" ng-click="fixPermissions()" class="nav-link point-events" href="#"><i class="fa fa-wrench" aria-hidden="true"></i> {% trans "Fix Permissions" %}</a>
</li>
</ul>
</div>
</div>
@@ -113,7 +111,7 @@
</div>
<ul class="list-group list-group-flush">
<li class="list-group-item">
<a href="#" onclick="return false;" ng-click="fetchChilds($event,completeStartingPath,'primary')">
<a href="#" onclick="return false;" ng-click="fetchChilds($event,currentRPath,'primary')">
<i class="fa fa-plus" aria-hidden="true" ></i>
</a>
<a onclick="return false;" ng-click="fetchForTableSecondary($event,'fromTree',completeStartingPath)" href="#">
@@ -597,97 +595,8 @@
<!--- rename modal -->
<!-- Permissions modal -->
<div id="showPermissions" class="modal fade bd-example-modal-lg" tabindex="-1" role="dialog" aria-labelledby="myLargeModalLabel" aria-hidden="true">
<div class="modal-dialog modal-lg" role="document">
<div class="modal-content">
<div id="htmlEditorLable" class="modal-header">
<h5 class="modal-title">{% trans "Changing permissions for" %} {$ permissionsPath $} <img ng-hide="changePermissionsLoading" src="{% static 'filemanager/images/loadingSmall.gif' %}"></h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body">
<table class="table text-center">
<thead id="tableHead">
<tr>
<th scope="col">{% trans "Mode" %}</th>
<th scope="col">{% trans "User" %}</th>
<th scope="col">{% trans "Group" %}</th>
<th scope="col">{% trans "World" %}</th>
</tr>
</thead>
<tbody>
<tr>
<td>{% trans "Read" %}</td>
<td><input ng-click="updateReadPermissions('userRead')" ng-model="userRead" type="checkbox" class="form-check-input" value=""></td>
<td><input ng-click="updateReadPermissions('groupRead')" ng-model="groupRead" type="checkbox" class="form-check-input" value=""></td>
<td><input ng-click="updateReadPermissions('worldRead')" ng-model="worldRead" type="checkbox" class="form-check-input" value=""></td>
</tr>
<tr>
<td>{% trans "Write" %}</td>
<td><input ng-click="updateWritePermissions('userWrite')" ng-model="userWrite" type="checkbox" class="form-check-input" value=""></td>
<td><input ng-click="updateWritePermissions('groupWrite')" ng-model="groupWrite" type="checkbox" class="form-check-input" value=""></td>
<td><input ng-click="updateWritePermissions('worldWrite')" ng-model="worldWrite" type="checkbox" class="form-check-input" value=""></td>
</tr>
<tr>
<td>{% trans "Execute" %}</td>
<td><input ng-click="updateExecutePermissions('userExecute')" ng-model="userExecute" type="checkbox" class="form-check-input" value=""></td>
<td><input ng-click="updateExecutePermissions('groupExecute')" ng-model="groupExecute" type="checkbox" class="form-check-input" value=""></td>
<td><input ng-click="updateExecutePermissions('worldExecute')" ng-model="worldExecute" type="checkbox" class="form-check-input" value=""></td>
</tr>
<tr>
<td></td>
<td><input ng-model="userPermissions" type="number" class="form-control" readonly></td>
<td><input ng-model="groupPermissions" type="number" class="form-control" readonly></td>
<td><input ng-model="wordlPermissions" type="number" class="form-control" readonly></td>
</tr>
</tbody>
</table>
</div>
<div class="modal-footer">
<button ng-click="changePermissions(0)" type="button" class="btn btn-primary">{% trans "Change Permissions" %}</button>
<button ng-click="changePermissionsRecursively()" type="button" class="btn btn-primary">{% trans "Change Recursively" %}</button>
<button type="button" class="btn btn-secondary" data-dismiss="modal">{% trans "Close" %}</button>
</div>
</div>
</div>
</div>
<!--- Permissions modal -->
<!--- Restore modal -->
<div id="showRestore" class="modal fade bd-example-modal-lg" tabindex="-1" role="dialog" aria-labelledby="myLargeModalLabel" aria-hidden="true">
<div class="modal-dialog modal-lg" role="document">
<div class="modal-content">
<div id="htmlEditorLable" class="modal-header">
<h5 class="modal-title" >{% trans "Confirm Restore!" %} <img ng-hide="cyberPanelLoading" src="{% static 'filemanager/images/loadingSmall.gif' %}"></h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body">
<form action="/">
<div class="form-group">
<small class="form-text text-muted">{% trans "This will restore file to its original location." %}</small>
</div>
</form>
<p>Are you sure?</p>
</div>
<div class="modal-footer">
<button ng-click="restoreFinal()" type="button" class="btn btn-primary">{% trans "Restore" %}</button>
<button type="button" class="btn btn-secondary" data-dismiss="modal">{% trans "Close" %}</button>
</div>
</div>
</div>
</div>
<!--- Restore modal -->

677
filemanager/filemanager.py
View File

@@ -161,14 +161,17 @@ class FileManager:
return "'" + path + "'"
def changeOwner(self, path):
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
try:
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
if path.find('..') > -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if path.find('..') > -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = "chown -R " + website.externalApp + ':' + website.externalApp + ' ' + self.returnPathEnclosed(path)
ProcessUtilities.executioner(command, website.externalApp)
command = "chown -R " + website.externalApp + ':' + website.externalApp + ' ' + self.returnPathEnclosed(path)
ProcessUtilities.executioner(command, website.externalApp)
except:
print("Permisson not changed")
def listForTable(self):
try:
@@ -235,36 +238,63 @@ class FileManager:
try:
finalData = {}
finalData['status'] = 1
try:
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
command = "ls -la --group-directories-first " + self.returnPathEnclosed(
self.data['completeStartingPath'])
output = ProcessUtilities.outputExecutioner(command, website.externalApp).splitlines()
command = "ls -la --group-directories-first " + self.returnPathEnclosed(
self.data['completeStartingPath'])
output = ProcessUtilities.outputExecutioner(command, website.externalApp).splitlines()
counter = 0
for items in output:
try:
currentFile = items.split(' ')
currentFile = [a for a in currentFile if a != '']
counter = 0
for items in output:
try:
currentFile = items.split(' ')
currentFile = [a for a in currentFile if a != '']
if currentFile[-1] == '.' or currentFile[-1] == '..' or currentFile[0] == 'total':
continue
if currentFile[-1] == '.' or currentFile[-1] == '..' or currentFile[0] == 'total':
if len(currentFile) > 9:
fileName = currentFile[8:]
currentFile[-1] = " ".join(fileName)
dirCheck = False
if currentFile[0][0] == 'd':
dirCheck = True
finalData[str(counter)] = [currentFile[-1],
self.data['completeStartingPath'] + '/' + currentFile[-1], dirCheck]
counter = counter + 1
except:
continue
except:
command = "ls -la --group-directories-first " + self.returnPathEnclosed(
self.data['completeStartingPath'])
output = ProcessUtilities.outputExecutioner(command).splitlines()
if len(currentFile) > 9:
fileName = currentFile[8:]
currentFile[-1] = " ".join(fileName)
counter = 0
for items in output:
try:
currentFile = items.split(' ')
currentFile = [a for a in currentFile if a != '']
dirCheck = False
if currentFile[0][0] == 'd':
dirCheck = True
if currentFile[-1] == '.' or currentFile[-1] == '..' or currentFile[0] == 'total':
continue
finalData[str(counter)] = [currentFile[-1],
self.data['completeStartingPath'] + '/' + currentFile[-1], dirCheck]
counter = counter + 1
except:
continue
if len(currentFile) > 9:
fileName = currentFile[8:]
currentFile[-1] = " ".join(fileName)
dirCheck = False
if currentFile[0][0] == 'd':
dirCheck = True
finalData[str(counter)] = [currentFile[-1],
self.data['completeStartingPath'] + '/' + currentFile[-1], dirCheck]
counter = counter + 1
except:
continue
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -278,7 +308,6 @@ class FileManager:
finalData['status'] = 1
try:
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
homePath = '/home/%s' % (domainName)
@@ -288,6 +317,7 @@ class FileManager:
command = "touch " + self.returnPathEnclosed(self.data['fileName'])
ProcessUtilities.executioner(command, website.externalApp)
self.changeOwner(self.returnPathEnclosed(self.data['fileName']))
except:
homePath = '/'
@@ -296,31 +326,41 @@ class FileManager:
command = "touch " + self.returnPathEnclosed(self.data['fileName'])
ProcessUtilities.executioner(command)
self.changeOwner(self.returnPathEnclosed(self.data['fileName']))
self.changeOwner(self.returnPathEnclosed(self.data['fileName']))
json_data = json.dumps(finalData)
return HttpResponse(json_data)
except BaseException as msg:
return self.ajaxPre(0, str("......."+msg))
return self.ajaxPre(0, str(msg))
def createNewFolder(self):
try:
finalData = {}
finalData['status'] = 1
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
try:
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
homePath = '/home/%s' % (domainName)
homePath = '/home/%s' % (domainName)
if self.data['folderName'].find('..') > -1 or self.data['folderName'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if self.data['folderName'].find('..') > -1 or self.data['folderName'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = "mkdir " + self.returnPathEnclosed(self.data['folderName'])
ProcessUtilities.executioner(command, website.externalApp)
command = "mkdir " + self.returnPathEnclosed(self.data['folderName'])
ProcessUtilities.executioner(command, website.externalApp)
self.changeOwner(self.returnPathEnclosed(self.data['folderName']))
except:
homePath = '/'
if self.data['folderName'].find('..') > -1 or self.data['folderName'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = "mkdir " + self.returnPathEnclosed(self.data['folderName'])
ProcessUtilities.executioner(command)
self.changeOwner(self.returnPathEnclosed(self.data['folderName']))
self.changeOwner(self.returnPathEnclosed(self.data['folderName']))
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -332,57 +372,94 @@ class FileManager:
try:
finalData = {}
finalData['status'] = 1
domainName = self.data['domainName']
try:
skipTrash = self.data['skipTrash']
except:
skipTrash = False
try:
skipTrash = self.data['skipTrash']
except:
skipTrash = False
website = Websites.objects.get(domain=domainName)
self.homePath = '/home/%s' % (domainName)
website = Websites.objects.get(domain=domainName)
self.homePath = '/home/%s' % (domainName)
RemoveOK = 1
RemoveOK = 1
command = 'touch %s/hello.txt' % (self.homePath)
result = ProcessUtilities.outputExecutioner(command)
command = 'touch %s/hello.txt' % (self.homePath)
result = ProcessUtilities.outputExecutioner(command)
if result.find('No such file or directory') > -1:
RemoveOK = 0
if result.find('No such file or directory') > -1:
RemoveOK = 0
command = 'chattr -R -i %s' % (self.homePath)
ProcessUtilities.executioner(command)
command = 'chattr -R -i %s' % (self.homePath)
ProcessUtilities.executioner(command)
else:
command = 'rm -f %s/hello.txt' % (self.homePath)
ProcessUtilities.executioner(command)
for item in self.data['fileAndFolders']:
if (self.data['path'] + '/' + item).find('..') > -1 or (self.data['path'] + '/' + item).find(
self.homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if skipTrash:
command = 'rm -rf ' + self.returnPathEnclosed(self.data['path'] + '/' + item)
ProcessUtilities.executioner(command, website.externalApp)
else:
trashPath = '%s/.trash' % (self.homePath)
command = 'rm -f %s/hello.txt' % (self.homePath)
ProcessUtilities.executioner(command)
command = 'mkdir %s' % (trashPath)
ProcessUtilities.executioner(command, website.externalApp)
Trash(website=website, originalPath=self.returnPathEnclosed(self.data['path']),
fileName=self.returnPathEnclosed(item)).save()
for item in self.data['fileAndFolders']:
command = 'mv %s %s' % (self.returnPathEnclosed(self.data['path'] + '/' + item), trashPath)
ProcessUtilities.executioner(command, website.externalApp)
if (self.data['path'] + '/' + item).find('..') > -1 or (self.data['path'] + '/' + item).find(
self.homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if RemoveOK == 0:
command = 'chattr -R +i %s' % (self.homePath)
ProcessUtilities.executioner(command)
if skipTrash:
command = 'rm -rf ' + self.returnPathEnclosed(self.data['path'] + '/' + item)
ProcessUtilities.executioner(command, website.externalApp)
else:
trashPath = '%s/.trash' % (self.homePath)
command = 'mkdir %s' % (trashPath)
ProcessUtilities.executioner(command, website.externalApp)
Trash(website=website, originalPath=self.returnPathEnclosed(self.data['path']),
fileName=self.returnPathEnclosed(item)).save()
command = 'mv %s %s' % (self.returnPathEnclosed(self.data['path'] + '/' + item), trashPath)
ProcessUtilities.executioner(command, website.externalApp)
if RemoveOK == 0:
command = 'chattr -R +i %s' % (self.homePath)
ProcessUtilities.executioner(command)
except:
try:
skipTrash = self.data['skipTrash']
except:
skipTrash = False
self.homePath = '/'
RemoveOK = 1
command = 'touch %s/hello.txt' % (self.homePath)
result = ProcessUtilities.outputExecutioner(command)
if result.find('No such file or directory') > -1:
RemoveOK = 0
command = 'chattr -R -i %s' % (self.homePath)
ProcessUtilities.executioner(command)
else:
command = 'rm -f %s/hello.txt' % (self.homePath)
ProcessUtilities.executioner(command)
for item in self.data['fileAndFolders']:
if (self.data['path'] + '/' + item).find('..') > -1 or (self.data['path'] + '/' + item).find(
self.homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if skipTrash:
command = 'rm -rf ' + self.returnPathEnclosed(self.data['path'] + '/' + item)
ProcessUtilities.executioner(command)
if RemoveOK == 0:
command = 'chattr -R +i %s' % (self.homePath)
ProcessUtilities.executioner(command)
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -433,40 +510,77 @@ class FileManager:
finalData['status'] = 1
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
try:
website = Websites.objects.get(domain=domainName)
homePath = '/home/%s' % (domainName)
homePath = '/home/%s' % (domainName)
if self.data['newPath'].find('..') > -1 or self.data['newPath'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if len(self.data['fileAndFolders']) == 1:
if (self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find('..') > -1 or (
self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find(homePath) == -1:
if self.data['newPath'].find('..') > -1 or self.data['newPath'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'yes| cp -Rf %s %s' % (
self.returnPathEnclosed(self.data['basePath'] + '/' + self.data['fileAndFolders'][0]),
self.data['newPath'])
if len(self.data['fileAndFolders']) == 1:
if (self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find('..') > -1 or (
self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'yes| cp -Rf %s %s' % (
self.returnPathEnclosed(self.data['basePath'] + '/' + self.data['fileAndFolders'][0]),
self.data['newPath'])
ProcessUtilities.executioner(command, website.externalApp)
self.changeOwner(self.data['newPath'])
json_data = json.dumps(finalData)
return HttpResponse(json_data)
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
ProcessUtilities.executioner(command, website.externalApp)
for item in self.data['fileAndFolders']:
if (self.data['basePath'] + '/' + item).find('..') > -1 or (self.data['basePath'] + '/' + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = '%scp -Rf ' % ('yes |') + self.returnPathEnclosed(
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(self.data['newPath'])
ProcessUtilities.executioner(command, website.externalApp)
self.changeOwner(self.data['newPath'])
json_data = json.dumps(finalData)
return HttpResponse(json_data)
except:
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
ProcessUtilities.executioner(command, website.externalApp)
for item in self.data['fileAndFolders']:
if (self.data['basePath'] + '/' + item).find('..') > -1 or (self.data['basePath'] + '/' + item).find(
homePath) == -1:
homePath = '/'
if self.data['newPath'].find('..') > -1 or self.data['newPath'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = '%scp -Rf ' % ('yes |') + self.returnPathEnclosed(
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(self.data['newPath'])
ProcessUtilities.executioner(command, website.externalApp)
if len(self.data['fileAndFolders']) == 1:
self.changeOwner(self.data['newPath'])
if (self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find('..') > -1 or (
self.data['basePath'] + '/' + self.data['fileAndFolders'][0]).find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'yes| cp -Rf %s %s' % (
self.returnPathEnclosed(self.data['basePath'] + '/' + self.data['fileAndFolders'][0]),
self.data['newPath'])
ProcessUtilities.executioner(command,)
self.changeOwner(self.data['newPath'])
json_data = json.dumps(finalData)
return HttpResponse(json_data)
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
ProcessUtilities.executioner(command)
for item in self.data['fileAndFolders']:
if (self.data['basePath'] + '/' + item).find('..') > -1 or (
self.data['basePath'] + '/' + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = '%scp -Rf ' % ('yes |') + self.returnPathEnclosed(
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(self.data['newPath'])
ProcessUtilities.executioner(command)
self.changeOwner(self.data['newPath'])
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -480,31 +594,58 @@ class FileManager:
finalData = {}
finalData['status'] = 1
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
try:
website = Websites.objects.get(domain=domainName)
homePath = '/home/%s' % (domainName)
homePath = '/home/%s' % (domainName)
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
ProcessUtilities.executioner(command, website.externalApp)
for item in self.data['fileAndFolders']:
if (self.data['basePath'] + '/' + item).find('..') > -1 or (self.data['basePath'] + '/' + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['newPath'] + '/' + item).find('..') > -1 or (self.data['newPath'] + '/' + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'mv ' + self.returnPathEnclosed(
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(
self.data['newPath'] + '/' + item)
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
ProcessUtilities.executioner(command, website.externalApp)
self.changeOwner(self.data['newPath'])
for item in self.data['fileAndFolders']:
if (self.data['basePath'] + '/' + item).find('..') > -1 or (self.data['basePath'] + '/' + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['newPath'] + '/' + item).find('..') > -1 or (self.data['newPath'] + '/' + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'mv ' + self.returnPathEnclosed(
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(
self.data['newPath'] + '/' + item)
ProcessUtilities.executioner(command, website.externalApp)
self.changeOwner(self.data['newPath'])
self.fixPermissions(domainName)
except:
homePath = '/'
command = 'mkdir ' + self.returnPathEnclosed(self.data['newPath'])
ProcessUtilities.executioner(command)
for item in self.data['fileAndFolders']:
if (self.data['basePath'] + '/' + item).find('..') > -1 or (
self.data['basePath'] + '/' + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['newPath'] + '/' + item).find('..') > -1 or (self.data['newPath'] + '/' + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'mv ' + self.returnPathEnclosed(
self.data['basePath'] + '/' + item) + ' ' + self.returnPathEnclosed(
self.data['newPath'] + '/' + item)
ProcessUtilities.executioner(command)
self.changeOwner(self.data['newPath'])
self.fixPermissions(domainName)
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -518,23 +659,40 @@ class FileManager:
finalData = {}
finalData['status'] = 1
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
try:
website = Websites.objects.get(domain=domainName)
homePath = '/home/%s' % (domainName)
homePath = '/home/%s' % (domainName)
if (self.data['basePath'] + '/' + self.data['existingName']).find('..') > -1 or (
self.data['basePath'] + '/' + self.data['existingName']).find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['basePath'] + '/' + self.data['existingName']).find('..') > -1 or (
self.data['basePath'] + '/' + self.data['existingName']).find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['newFileName']).find('..') > -1 or (self.data['basePath']).find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['newFileName']).find('..') > -1 or (self.data['basePath']).find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'mv ' + self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['existingName']) + ' ' + self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['newFileName'])
ProcessUtilities.executioner(command, website.externalApp)
command = 'mv ' + self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['existingName']) + ' ' + self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['newFileName'])
ProcessUtilities.executioner(command, website.externalApp)
self.changeOwner(self.data['basePath'] + '/' + self.data['newFileName'])
self.changeOwner(self.data['basePath'] + '/' + self.data['newFileName'])
except:
homePath = '/'
if (self.data['basePath'] + '/' + self.data['existingName']).find('..') > -1 or (
self.data['basePath'] + '/' + self.data['existingName']).find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['newFileName']).find('..') > -1 or (self.data['basePath']).find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'mv ' + self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['existingName']) + ' ' + self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['newFileName'])
ProcessUtilities.executioner(command)
self.changeOwner(self.data['basePath'] + '/' + self.data['newFileName'])
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -548,15 +706,25 @@ class FileManager:
finalData = {}
finalData['status'] = 1
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
try:
website = Websites.objects.get(domain=domainName)
pathCheck = '/home/%s' % (domainName)
pathCheck = '/home/%s' % (domainName)
if self.data['fileName'].find(pathCheck) == -1 or self.data['fileName'].find('..') > -1:
return self.ajaxPre(0, 'Not allowed.')
if self.data['fileName'].find(pathCheck) == -1 or self.data['fileName'].find('..') > -1:
return self.ajaxPre(0, 'Not allowed.')
command = 'cat ' + self.returnPathEnclosed(self.data['fileName'])
finalData['fileContents'] = ProcessUtilities.outputExecutioner(command, website.externalApp)
except:
pathCheck = '/'
if self.data['fileName'].find(pathCheck) == -1 or self.data['fileName'].find('..') > -1:
return self.ajaxPre(0, 'Not allowed.')
command = 'cat ' + self.returnPathEnclosed(self.data['fileName'])
finalData['fileContents'] = ProcessUtilities.outputExecutioner(command)
command = 'cat ' + self.returnPathEnclosed(self.data['fileName'])
finalData['fileContents'] = ProcessUtilities.outputExecutioner(command, website.externalApp)
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -569,25 +737,40 @@ class FileManager:
finalData = {}
finalData['status'] = 1
self.data['home'] = '/home/%s' % (self.data['domainName'])
try:
self.data['home'] = '/home/%s' % (self.data['domainName'])
ACLManager.CreateSecureDir()
tempPath = '%s/%s' % ('/usr/local/CyberCP/tmp', str(randint(1000, 9999)))
ACLManager.CreateSecureDir()
tempPath = '%s/%s' % ('/usr/local/CyberCP/tmp', str(randint(1000, 9999)))
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
writeToFile = open(tempPath, 'wb')
writeToFile.write(self.data['fileContent'].encode('utf-8'))
writeToFile.close()
writeToFile = open(tempPath, 'wb')
writeToFile.write(self.data['fileContent'].encode('utf-8'))
writeToFile.close()
command = 'chown %s:%s %s' % (website.externalApp, website.externalApp, tempPath)
ProcessUtilities.executioner(command)
command = 'chown %s:%s %s' % (website.externalApp, website.externalApp, tempPath)
ProcessUtilities.executioner(command)
command = 'cp %s %s' % (tempPath, self.returnPathEnclosed(self.data['fileName']))
ProcessUtilities.executioner(command, website.externalApp)
command = 'cp %s %s' % (tempPath, self.returnPathEnclosed(self.data['fileName']))
ProcessUtilities.executioner(command, website.externalApp)
os.remove(tempPath)
except:
self.data['home'] = '/'
ACLManager.CreateSecureDir()
tempPath = '%s/%s' % ('/usr/local/CyberCP/tmp', str(randint(1000, 9999)))
writeToFile = open(tempPath, 'wb')
writeToFile.write(self.data['fileContent'].encode('utf-8'))
writeToFile.close()
command = 'cp %s %s' % (tempPath, self.returnPathEnclosed(self.data['fileName']))
ProcessUtilities.executioner(command)
os.remove(tempPath)
os.remove(tempPath)
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -618,35 +801,60 @@ class FileManager:
except BaseException as msg:
logging.writeToFile('%s. [375:upload]' % (str(msg)))
pathCheck = '/home/%s' % (self.data['domainName'])
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
command = 'ls -la %s' % (self.data['completePath'])
result = ProcessUtilities.outputExecutioner(command, website.externalApp)
#
if result.find('->') > -1:
return self.ajaxPre(0, "Symlink attack.")
if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['completePath'] + '/' + myfile.name).find(pathCheck) == -1 or (
(self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'cp ' + self.returnPathEnclosed(
UploadPath + RanddomFileName) + ' ' + self.returnPathEnclosed(
self.data['completePath'] + '/' + myfile.name)
ProcessUtilities.executioner(command, website.externalApp)
self.changeOwner(self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
try:
os.remove(UploadPath + RanddomFileName)
pathCheck = '/home/%s' % (self.data['domainName'])
website = Websites.objects.get(domain=domainName)
command = 'ls -la %s' % (self.data['completePath'])
result = ProcessUtilities.outputExecutioner(command, website.externalApp)
#
if result.find('->') > -1:
return self.ajaxPre(0, "Symlink attack.")
if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['completePath'] + '/' + myfile.name).find(pathCheck) == -1 or (
(self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'cp ' + self.returnPathEnclosed(
UploadPath + RanddomFileName) + ' ' + self.returnPathEnclosed(
self.data['completePath'] + '/' + myfile.name)
ProcessUtilities.executioner(command, website.externalApp)
self.changeOwner(self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
try:
os.remove(UploadPath + RanddomFileName)
except:
pass
except:
pass
pathCheck = '/'
command = 'ls -la %s' % (self.data['completePath'])
result = ProcessUtilities.outputExecutioner(command)
logging.writeToFile("upload file res %s" % result)
if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['completePath'] + '/' + myfile.name).find(pathCheck) == -1 or (
(self.data['completePath'] + '/' + myfile.name)).find('..') > -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = 'cp ' + self.returnPathEnclosed(
UploadPath + RanddomFileName) + ' ' + self.returnPathEnclosed(
self.data['completePath'] + '/' + myfile.name)
ProcessUtilities.executioner(command)
self.changeOwner(self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
try:
os.remove(UploadPath + RanddomFileName)
except:
pass
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -665,26 +873,49 @@ class FileManager:
finalData['status'] = 1
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
homePath = '/home/%s' % (domainName)
try:
if self.data['extractionLocation'].find('..') > -1 or self.data['extractionLocation'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
website = Websites.objects.get(domain=domainName)
if self.data['fileToExtract'].find('..') > -1 or self.data['fileToExtract'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
homePath = '/home/%s' % (domainName)
if self.data['extractionType'] == 'zip':
command = 'unzip -o ' + self.returnPathEnclosed(
self.data['fileToExtract']) + ' -d ' + self.returnPathEnclosed(self.data['extractionLocation'])
else:
command = 'tar -xf ' + self.returnPathEnclosed(
self.data['fileToExtract']) + ' -C ' + self.returnPathEnclosed(self.data['extractionLocation'])
if self.data['extractionLocation'].find('..') > -1 or self.data['extractionLocation'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
ProcessUtilities.executioner(command, website.externalApp)
if self.data['fileToExtract'].find('..') > -1 or self.data['fileToExtract'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if self.data['extractionType'] == 'zip':
command = 'unzip -o ' + self.returnPathEnclosed(
self.data['fileToExtract']) + ' -d ' + self.returnPathEnclosed(self.data['extractionLocation'])
else:
command = 'tar -xf ' + self.returnPathEnclosed(
self.data['fileToExtract']) + ' -C ' + self.returnPathEnclosed(self.data['extractionLocation'])
ProcessUtilities.executioner(command, website.externalApp)
self.fixPermissions(domainName)
except:
homePath = '/'
if self.data['extractionLocation'].find('..') > -1 or self.data['extractionLocation'].find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if self.data['fileToExtract'].find('..') > -1 or self.data['fileToExtract'].find(homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if self.data['extractionType'] == 'zip':
command = 'unzip -o ' + self.returnPathEnclosed(
self.data['fileToExtract']) + ' -d ' + self.returnPathEnclosed(self.data['extractionLocation'])
else:
command = 'tar -xf ' + self.returnPathEnclosed(
self.data['fileToExtract']) + ' -C ' + self.returnPathEnclosed(self.data['extractionLocation'])
ProcessUtilities.executioner(command)
self.fixPermissions(domainName)
json_data = json.dumps(finalData)
return HttpResponse(json_data)
@@ -698,32 +929,58 @@ class FileManager:
finalData = {}
finalData['status'] = 1
domainName = self.data['domainName']
website = Websites.objects.get(domain=domainName)
try:
website = Websites.objects.get(domain=domainName)
if self.data['compressionType'] == 'zip':
compressedFileName = self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.zip')
command = 'zip -r ' + compressedFileName + ' '
else:
compressedFileName = self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.tar.gz')
command = 'tar -czvf ' + compressedFileName + ' '
if self.data['compressionType'] == 'zip':
compressedFileName = self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.zip')
command = 'zip -r ' + compressedFileName + ' '
else:
compressedFileName = self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.tar.gz')
command = 'tar -czvf ' + compressedFileName + ' '
homePath = '/home/%s' % (domainName)
homePath = '/home/%s' % (domainName)
for item in self.data['listOfFiles']:
for item in self.data['listOfFiles']:
if (self.data['basePath'] + item).find('..') > -1 or (self.data['basePath'] + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
if (self.data['basePath'] + item).find('..') > -1 or (self.data['basePath'] + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = '%s%s ' % (command, self.returnPathEnclosed(item))
command = '%s%s ' % (command, self.returnPathEnclosed(item))
finalCommand = 'cd %s && %s' % (self.data['basePath'], command)
finalCommand = 'cd %s && %s' % (self.data['basePath'], command)
ProcessUtilities.executioner(finalCommand, website.externalApp)
ProcessUtilities.executioner(finalCommand, website.externalApp)
self.changeOwner(self.data['compressedFileName'])
self.changeOwner(self.data['compressedFileName'])
except:
if self.data['compressionType'] == 'zip':
compressedFileName = self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.zip')
command = 'zip -r ' + compressedFileName + ' '
else:
compressedFileName = self.returnPathEnclosed(
self.data['basePath'] + '/' + self.data['compressedFileName'] + '.tar.gz')
command = 'tar -czvf ' + compressedFileName + ' '
homePath = '/'
for item in self.data['listOfFiles']:
if (self.data['basePath'] + item).find('..') > -1 or (self.data['basePath'] + item).find(
homePath) == -1:
return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
command = '%s%s ' % (command, self.returnPathEnclosed(item))
finalCommand = 'cd %s && %s' % (self.data['basePath'], command)
res = ProcessUtilities.outputExecutioner(finalCommand, "root")
logging.writeToFile("compress file res %s"%res)
self.changeOwner(self.data['compressedFileName'])
json_data = json.dumps(finalData)
return HttpResponse(json_data)

167
filemanager/static/filemanager/js/fileManager.js
View File

@@ -39,7 +39,7 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
var domainRandomSeed = "";
$scope.currentRPath = "/";
var homeRPathBack = "";
var homeRPathBack = "/";
var homePathBack = "/home/" + domainName;
@@ -443,8 +443,7 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
var fileOrFolderNode = document.createTextNode("Folder");
fifthTDNode.appendChild(fileOrFolderNode)
}
else {
} else {
thNode.appendChild(iNodeFile);
trNode.appendChild(thNode);
trNode.addEventListener("click", function () {
@@ -476,10 +475,10 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
$scope.buttonActivator = function () {
// for restore button
if($scope.currentPath === trashPath) {
if ($scope.currentPath === trashPath) {
var restoreBTN = document.getElementById("restoreRight");
restoreBTN.style.display = "block";
}else{
} else {
var restoreBTN = document.getElementById("restoreRight");
restoreBTN.style.display = "none";
}
@@ -506,12 +505,10 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
} else if (result[0] === "php") {
aceEditorMode = "ace/mode/php";
editNotRight.style.display = "Block";
}
else if (result[0] === "py") {
} else if (result[0] === "py") {
aceEditorMode = "ace/mode/python";
editNotRight.style.display = "Block";
}
else if (result[0] === "txt") {
} else if (result[0] === "txt") {
aceEditorMode = "";
editNotRight.style.display = "Block";
} else if (result[0] === "htaccess") {
@@ -527,8 +524,7 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
editNode.style.pointerEvents = "none";
editNotRight.style.display = "None";
}
}
else {
} else {
var editNode = document.getElementById("editFile");
editNode.style.pointerEvents = "none";
}
@@ -635,13 +631,12 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
url = "/filemanager/controller";
var completePathToFile = "";
if (domainName === "")
{
completePathToFile = "/";
if (domainName === "") {
if (functionName === "startPoint") {
completePathToFile = $scope.currentRPath;
} else if (functionName === "doubleClick") {
$scope.currentRPath = ""
completePathToFile = $scope.currentRPath + "/" + node.innerHTML;
} else if (functionName === "homeFetch") {
completePathToFile = homeRPathBack;
@@ -656,7 +651,7 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
}
$scope.currentRPath = completePathToFile;
}else {
} else {
if (functionName === "startPoint") {
completePathToFile = $scope.currentPath;
} else if (functionName === "doubleClick") {
@@ -671,13 +666,9 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
var rightClickNode = document.getElementById("rightClick");
} else if (functionName === "fromTree") {
completePathToFile = arguments[2];
}
$scope.currentPath = completePathToFile;
}
$scope.currentPath = completePathToFile;
}
var data = {
@@ -847,7 +838,7 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
/// code mirror open
$scope.editWithCodeMirror = function(){
$scope.editWithCodeMirror = function () {
var completePathForFile = $scope.currentPath + "/" + allFilesAndFolders[0];
var finalURL = 'https://' + window.location.hostname + ':' + window.location.port + '/filemanager/editFile?domainName=' + domainName + '&fileName=' + completePathForFile;
window.open(finalURL);
@@ -857,17 +848,32 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
// uploads
$scope.errorMessage = true;
var uploader;
if (domainName == "") {
uploader = $scope.uploader = new FileUploader({
url: "/filemanager/upload",
headers: {
'X-CSRFToken': getCookie('csrftoken') // X-CSRF-TOKEN is used for Ruby on Rails Tokens
},
formData: [{
"method": "upload",
"home": homeRPathBack
}]
});
} else {
uploader = $scope.uploader = new FileUploader({
url: "/filemanager/upload",
headers: {
'X-CSRFToken': getCookie('csrftoken') // X-CSRF-TOKEN is used for Ruby on Rails Tokens
},
formData: [{
"method": "upload",
"home": homePathBack
}]
});
}
var uploader = $scope.uploader = new FileUploader({
url: "/filemanager/upload",
headers: {
'X-CSRFToken': getCookie('csrftoken') // X-CSRF-TOKEN is used for Ruby on Rails Tokens
},
formData: [{
"method": "upload",
"home": homePathBack
}]
});
uploader.onCompleteItem = function (fileItem, response, status, headers) {
if (response.uploadStatus === 1) {
@@ -881,10 +887,16 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
};
uploader.onAfterAddingFile = function (fileItem) {
var basepath;
if (domainName == "") {
basepath = $scope.currentRPath;
} else {
basepath = $scope.currentPath
}
$scope.errorMessage = true;
fileItem.formData.push(
{
"completePath": $scope.currentPath,
"completePath": basepath,
domainRandomSeed: domainRandomSeed,
domainName: domainName
@@ -914,9 +926,14 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
$scope.createNewFolder = function () {
$scope.errorMessageFolder = true;
var completePathForFolder = $scope.currentPath + "/" + $scope.newFolderName;
var completePathForFolder;
if (domainName === "") {
completePathForFolder = $scope.currentRPath + "/" + $scope.newFolderName;
$scope.errorMessageFile = true;
} else {
completePathForFolder = $scope.currentPath + "/" + $scope.newFolderName;
$scope.errorMessageFile = true;
}
if ($scope.newFolderName.length === 0) {
$scope.errorMessageFolder = false;
@@ -982,18 +999,16 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
};
$scope.createNewFile = function () {
if(domainName === "")
{
var completePathForFile = $scope.currentRPath + "/" + $scope.newFileName;
$scope.errorMessageFile = true;
}
else {
var completePathForFile = $scope.currentPath + "/" + $scope.newFileName;
var completePathForFile;
if (domainName === "") {
completePathForFile = $scope.currentRPath + "/" + $scope.newFileName;
$scope.errorMessageFile = true;
} else {
completePathForFile = $scope.currentPath + "/" + $scope.newFileName;
$scope.errorMessageFile = true;
}
if ($scope.newFileName.length === 0) {
$scope.errorMessageFile = false;
$scope.error_message = "Please enter file name!";
@@ -1047,16 +1062,26 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
};
$scope.deleteFolderOrFile = function () {
var pth;
var trash;
if (domainName === "") {
pth = $scope.currentRPath;
trash = true;
} else {
pth = $scope.currentPath;
trash = $scope.skipTrash
}
$scope.deleteLoading = false;
var data = {
path: $scope.currentPath,
path: pth,
method: "deleteFolderOrFile",
fileAndFolders: allFilesAndFolders,
domainRandomSeed: domainRandomSeed,
domainName: domainName,
skipTrash: $scope.skipTrash
skipTrash: trash
};
@@ -1106,12 +1131,19 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
};
$scope.startCompression = function () {
var basepathh;
if (domainName === "") {
basepathh = $scope.currentRPath;
} else {
basepathh = $scope.currentPath;
}
$scope.compressionLoading = false;
var data = {
home: homePathBack,
basePath: $scope.currentPath,
basePath: basepathh,
listOfFiles: allFilesAndFolders,
compressedFileName: $scope.compressedFileName,
compressionType: $scope.compressionType,
@@ -1162,10 +1194,16 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
$scope.startExtraction = function () {
var pathbase;
if (domainName === "") {
pathbase = $scope.currentRPath;
} else {
pathbase = $scope.currentPath;
}
$scope.extractionLoading = false;
var basePath = $scope.currentPath;
var completeFileToExtract = $scope.currentPath + "/" + allFilesAndFolders[0];
var completeFileToExtract = $scope.currentRPath + "/" + allFilesAndFolders[0];
var extractionType = "";
if (findFileExtension(completeFileToExtract) == "gz") {
@@ -1176,7 +1214,7 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
var data = {
home: homePathBack,
basePath: basePath,
basePath: pathbase,
fileToExtract: completeFileToExtract,
extractionType: extractionType,
extractionLocation: $scope.extractionLocation,
@@ -1236,11 +1274,18 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
$scope.startMoving = function () {
var basepth;
if (domainName == "") {
basepth = $scope.currentRPath;
} else {
basepth = $scope.currentPath;
}
$scope.moveLoading = false;
var data = {
home: homePathBack,
basePath: $scope.currentPath,
basePath: basepth,
newPath: $scope.pathToMoveTo,
fileAndFolders: allFilesAndFolders,
method: 'move',
@@ -1297,12 +1342,19 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
$scope.startCopying = function () {
var basepath;
if (domainName == "") {
basepath = $scope.currentRPath;
} else {
basepath = $scope.currentPath;
}
$scope.copyLoading = false;
var data = {
home: homePathBack,
basePath: $scope.currentPath,
basePath: basepath,
newPath: $scope.pathToCopyTo,
fileAndFolders: allFilesAndFolders,
method: 'copy',
@@ -1432,10 +1484,17 @@ fileManager.controller('fileManagerCtrl', function ($scope, $http, FileUploader,
$scope.renameFile = function () {
var bpath;
if (domainName === "") {
bpath = $scope.currentRPath;
} else {
bpath = $scope.currentPath;
}
$scope.renameLoading = false;
var data = {
basePath: $scope.currentPath,
basePath: bpath,
existingName: $scope.fileToRename,
newFileName: $scope.newFileName,
method: 'rename',

16
filemanager/views.py
View File

@@ -153,14 +153,18 @@ def upload(request):
data = request.POST
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
currentACL = ACLManager.loadedACL(userID)
try:
if ACLManager.checkOwnership(data['domainName'], admin, currentACL) == 1:
userID = request.session['userID']
admin = Administrator.objects.get(pk=userID)
currentACL = ACLManager.loadedACL(userID)
if ACLManager.checkOwnership(data['domainName'], admin, currentACL) == 1:
pass
else:
return ACLManager.loadErrorJson()
except:
pass
else:
return ACLManager.loadErrorJson()
fm = FM(request, data)
return fm.upload()