From 0f9ec1287539e61f4dd089131cf69cb90fb3f8e2 Mon Sep 17 00:00:00 2001 From: Roch D'Amour Date: Tue, 17 Apr 2018 14:24:07 -0400 Subject: [PATCH] Bug 11317: Add a way to access files from the intranet MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This squash contains all of these commits: - Adds a page to access log files on the server from the intranet - Update ID to allow for permalinking - Rename config to "'accessdir' and fix qa - Allows for multiple directories to be accessible - Update the link under reports - (Follow-up) Fixing merge error and cosmetic changes - (Follow-up) Fix tab chars and move javascript to the footer - (QA Follow-up) Fix datatable - Make filename unicode-proof, renamed accessdir to access_dir and fix update Test plans: - Apply patch, update database - Add to koha-conf: /tmp/koha-public/one /tmp/koha-public/two /tmp/koha-public - Create these directories ( mkdir /tmp/koha-public , etc...) - Create these files: echo "hello world!" > /tmp/koha-public/❤ echo "test" > /tmp/koha-public/one/samename.txt echo "this is not the same" > /tmp/koha-public/two/samename.txt - Login as Superadmin, go to tools > reports files - Click on ❤, make sure it's downloadable and readable - Click on both samename.txt, look inside and make sure the file is different - Login as NON-superadmin. Go under tools, see no Report/Log under the third column - Go to add tools/access_file permission to user - See new entry under tools third column. - validate link is ok. Signed-off-by: Kyle M Hall Signed-off-by: Katrin Fischer Signed-off-by: Jonathan Druart --- debian/templates/koha-conf-site.xml.in | 5 +- etc/koha-conf.xml | 3 + ...7-add-permission-for-tools-access-file.sql | 1 + installer/data/mysql/userpermissions.sql | 1 + .../prog/en/includes/permissions.inc | 1 + .../prog/en/includes/tools-menu.inc | 3 + .../prog/en/modules/reports/reports-home.tt | 38 +++--- .../prog/en/modules/tools/access_files.tt | 71 +++++++++++ .../prog/en/modules/tools/tools-home.tt | 6 + tools/access_files.pl | 111 ++++++++++++++++++ 10 files changed, 221 insertions(+), 19 deletions(-) create mode 100644 installer/data/mysql/atomicupdate/bz11317-add-permission-for-tools-access-file.sql create mode 100644 koha-tmpl/intranet-tmpl/prog/en/modules/tools/access_files.tt create mode 100755 tools/access_files.pl diff --git a/debian/templates/koha-conf-site.xml.in b/debian/templates/koha-conf-site.xml.in index d6f515ffe0..3c2aa46e44 100644 --- a/debian/templates/koha-conf-site.xml.in +++ b/debian/templates/koha-conf-site.xml.in @@ -296,7 +296,10 @@ __END_SRU_PUBLICSERVER__ __API_SECRET__ - + + + + /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerif.ttf /usr/share/fonts/truetype/ttf-dejavu/DejaVuSerif-Bold.ttf diff --git a/etc/koha-conf.xml b/etc/koha-conf.xml index 092a26c536..37b304c2db 100644 --- a/etc/koha-conf.xml +++ b/etc/koha-conf.xml @@ -127,6 +127,9 @@ __PAZPAR2_TOGGLE_XML_POST__ CHANGEME + + + __FONT_DIR__/DejaVuSerif.ttf diff --git a/installer/data/mysql/atomicupdate/bz11317-add-permission-for-tools-access-file.sql b/installer/data/mysql/atomicupdate/bz11317-add-permission-for-tools-access-file.sql new file mode 100644 index 0000000000..8861378cb5 --- /dev/null +++ b/installer/data/mysql/atomicupdate/bz11317-add-permission-for-tools-access-file.sql @@ -0,0 +1 @@ +INSERT IGNORE INTO permissions (module_bit, code, description) VALUES (13, 'access_files', 'Access to the files stored on the server'); diff --git a/installer/data/mysql/userpermissions.sql b/installer/data/mysql/userpermissions.sql index 2ea387e8a5..047ec42439 100644 --- a/installer/data/mysql/userpermissions.sql +++ b/installer/data/mysql/userpermissions.sql @@ -58,6 +58,7 @@ INSERT INTO permissions (module_bit, code, description) VALUES (13, 'records_batchmod', 'Perform batch modification of records (biblios or authorities)'), (13, 'marc_modification_templates', 'Manage marc modification templates'), (13, 'records_batchdel', 'Perform batch deletion of records (bibliographic or authority)'), + (13, 'access_files', 'Access to the files stored on the server'), (13, 'upload_general_files', 'Upload any file'), (13, 'upload_manage', 'Manage uploaded files'), (15, 'check_expiration', 'Check the expiration of a serial'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc index 78f4995c23..017ffb918e 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/permissions.inc @@ -107,6 +107,7 @@ [%- CASE 'delete_public_lists' -%]Delete public lists [%- CASE 'upload_general_files' -%]Upload any file [%- CASE 'upload_manage' -%]Manage uploaded files (Useless without upload_general_files) + [%- CASE 'access_files' -%]Access to the files stored on the server [%- CASE 'edit_clubs' -%]Create and edit clubs [%- CASE 'edit_templates' -%]Create and edit club templates [%- CASE 'enroll' -%]Enroll patrons in clubs diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc index 50e52f73c0..67783e267c 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/tools-menu.inc @@ -108,4 +108,7 @@ [% IF ( CAN_user_tools_upload_general_files ) %]
  • Upload any file
  • [% END %] + [% IF ( CAN_user_tools_access_files ) %] +
  • Report/log files
  • + [% END %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/reports-home.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/reports-home.tt index 527f7a3638..86d58ba520 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/reports-home.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/reports-home.tt @@ -63,27 +63,29 @@ +<<<<<<< 3dd4c261c3d9d152edb12ead6b10b71b44418eab +

    Other

    + diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/access_files.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/access_files.tt new file mode 100644 index 0000000000..34e4922b81 --- /dev/null +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/access_files.tt @@ -0,0 +1,71 @@ +[% SET footerjs = 1 %] +[% INCLUDE 'doc-head-open.inc' %] +Report/log files +[% INCLUDE 'doc-head-close.inc' %] + + + +[% INCLUDE 'header.inc' %] +[% INCLUDE 'cat-search.inc' %] + + + +
    +
    +
    +
    + +

    Report/log files

    + +[% IF ( error_no_dir ) %] +
    Error : Report/log files could not be found because the "access_dir" option was not set in "koha-conf.xml". Contact your system administrator to add this option.
    +[% ELSE %] + [% IF ( files_loop ) %] + + + + + + + + + + [% FOREACH file IN files_loop %] + + + + + + [% END %] + +
    NameSize (bytes)Date last modified
    [% file.name %][% file.size %][% file.date %]
    + [% ELSE %] + No file found. + [% END %] +[% END %] + +
    +
    +
    +[% INCLUDE 'tools-menu.inc' %] +
    +
    + +[% MACRO jsinclude BLOCK %] + + [% INCLUDE 'datatables.inc' %] + +[% END %] +[% INCLUDE 'intranet-bottom.inc' %] diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt index 4c8cca9192..da1884b865 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/tools-home.tt @@ -113,6 +113,12 @@
    Upload
    Upload any type of file, manage uploads
    [% END %] + + [% IF CAN_user_tools_access_files %] +
    Report/log files
    +
    Access report or log files
    + [% END %] +
    diff --git a/tools/access_files.pl b/tools/access_files.pl new file mode 100755 index 0000000000..4f58123663 --- /dev/null +++ b/tools/access_files.pl @@ -0,0 +1,111 @@ +#!/usr/bin/perl + +# Frédérick Capovilla, 2011 - Libéo +# +# Show a list of all the files in the directory specified by the option +# "access_dir" in koha-conf.xml so they can be downloaded by users with the +# "access_files" permission. +# +# This file is part of Koha. +# +# Koha is free software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the Free Software +# Foundation; either version 3 of the License, or (at your option) any later +# version. +# +# Koha is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with Koha; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +use Modern::Perl; + +use C4::Auth; +use CGI; +use C4::Context; +use C4::Output; +use C4::Koha; +use File::stat qw(stat); +use Digest::MD5 qw(md5_hex); +use Encode; + +my $input = new CGI; +my $file_id = $input->param("id"); +my $access_dir = C4::Context->config('access_dir'); +my @directories = $access_dir ? (ref $access_dir ? @{$access_dir} : ($access_dir)) : (); + +my ($template, $borrowernumber, $cookie) + = get_template_and_user({template_name => "tools/access_files.tt", + query => $input, + type => "intranet", + authnotrequired => 0, + flagsrequired => { tools => 'access_files' }, + }); + +unless(@directories) { + $template->param(error_no_dir => 1); +} +else { + #Get the files list + my @files_list; + foreach my $dir(@directories){ + opendir(DIR, $dir); + foreach my $filename (readdir(DIR)) { + my $full_path = "$dir/$filename"; + my $id = md5_hex($full_path); + next if ($filename =~ /^\./ or -d $full_path); + + # Make sure the filename is unicode-friendly + my $decoded_filename = decode('utf8', $filename); + my $st = stat("$dir/$decoded_filename"); + + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =localtime($st->mtime); + my $dt=DateTime->new(year => $year + 1900, + month => $mon + 1, + day => $mday, + hour => $hour, + minute => $min, + ); + push(@files_list, {name => $decoded_filename, + access_dir => $dir, + date =>Koha::DateUtils::output_pref($dt), + size => $st->size, + id => $id}); + } + closedir(DIR); + } + + my %files_hash = map { $_->{id} => $_ } @files_list; + # If we received a file_id and it is valid, send the file to the browser + if(defined $file_id and exists $files_hash{$file_id} ){ + my $filename = $files_hash{$file_id}->{name}; + my $dir = $files_hash{$file_id}->{access_dir}; + binmode STDOUT; + # Open the selected file and send it to the browser + print $input->header(-type => 'application/x-download', + -name => "$filename", + -Content_length => -s "$dir/$filename", + -attachment => "$filename"); + + my $fh; + open $fh, "<:encoding(UTF-8)", "$dir/$filename"; + binmode $fh; + + my $buf; + while(read($fh, $buf, 65536)) { + print $buf; + } + close $fh; + + exit(0); + } + else{ + # Send the file list to the template + $template->param(files_loop => \@files_list); + } +} + +output_html_with_http_headers $input, $cookie, $template->output; -- 2.39.5