mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-09-28 12:42:26 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

volflag to block sharing of a volume

Browse source
This commit is contained in:
ed 2025-09-07 17:20:51 +00:00
parent e270fe60ed
commit edafa1586a
7 changed files with 38 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
copyparty/__main__.py
View file

@ -1193,6 +1193,7 @@ def add_share(ap):
ap2 = ap.add_argument_group("share-url options") ap2 = ap.add_argument_group("share-url options")
ap2.add_argument("--shr", metavar="DIR", type=u, default="", help="toplevel virtual folder for shared files/folders, for example [\033[32m/share\033[0m]") ap2.add_argument("--shr", metavar="DIR", type=u, default="", help="toplevel virtual folder for shared files/folders, for example [\033[32m/share\033[0m]")
ap2.add_argument("--shr-db", metavar="FILE", type=u, default=db_path, help="database to store shares in") ap2.add_argument("--shr-db", metavar="FILE", type=u, default=db_path, help="database to store shares in")
ap2.add_argument("--shr-who", metavar="TXT", type=u, default="auth", help="who can create a share? [\033[32mno\033[0m]=nobody, [\033[32ma\033[0m]=admin-permission, [\033[32mauth\033[0m]=authenticated (volflag=shr_who)")
ap2.add_argument("--shr-adm", metavar="U,U", type=u, default="", help="comma-separated list of users allowed to view/delete any share") ap2.add_argument("--shr-adm", metavar="U,U", type=u, default="", help="comma-separated list of users allowed to view/delete any share")
ap2.add_argument("--shr-rt", metavar="MIN", type=int, default=1440, help="shares can be revived by their owner if they expired less than MIN minutes ago; [\033[32m60\033[0m]=hour, [\033[32m1440\033[0m]=day, [\033[32m10080\033[0m]=week") ap2.add_argument("--shr-rt", metavar="MIN", type=int, default=1440, help="shares can be revived by their owner if they expired less than MIN minutes ago; [\033[32m60\033[0m]=hour, [\033[32m1440\033[0m]=day, [\033[32m10080\033[0m]=week")
ap2.add_argument("--shr-v", action="store_true", help="debug") ap2.add_argument("--shr-v", action="store_true", help="debug")

17
copyparty/authsrv.py
View file

@ -976,6 +976,14 @@ class AuthSrv(object):
self.indent = "" self.indent = ""
self.is_lxc = args.c == ["/z/initcfg"] self.is_lxc = args.c == ["/z/initcfg"]
self._vf0b = {
"tcolor": self.args.tcolor,
"du_iwho": self.args.du_iwho,
"shr_who": self.args.shr_who if self.args.shr else "no",
}
self._vf0 = self._vf0b.copy()
self._vf0["d2d"] = True
# fwd-decl # fwd-decl
self.vfs = VFS(log_func, "", "", "", AXS(), {}) self.vfs = VFS(log_func, "", "", "", AXS(), {})
self.acct: dict[str, str] = {} # uname->pw self.acct: dict[str, str] = {} # uname->pw
@ -1014,10 +1022,10 @@ class AuthSrv(object):
yield prev, True yield prev, True
def vf0(self): def vf0(self):
return {"d2d": True, "tcolor": self.args.tcolor, "du_iwho": self.args.du_iwho} return self._vf0.copy()
def vf0b(self): def vf0b(self):
return {"tcolor": self.args.tcolor, "du_iwho": self.args.du_iwho} return self._vf0b.copy()
def idp_checkin( def idp_checkin(
self, broker: Optional["BrokerCli"], uname: str, gname: str self, broker: Optional["BrokerCli"], uname: str, gname: str
@ -2298,6 +2306,9 @@ class AuthSrv(object):
vol.flags["du_iwho"] = n_du_who(vol.flags["du_who"]) vol.flags["du_iwho"] = n_du_who(vol.flags["du_who"])
if not enshare:
vol.flags["shr_who"] = "no"
if vol.flags.get("og"): if vol.flags.get("og"):
self.args.uqe = True self.args.uqe = True
@ -2804,6 +2815,7 @@ class AuthSrv(object):
"dcrop": vf["crop"], "dcrop": vf["crop"],
"dth3x": vf["th3x"], "dth3x": vf["th3x"],
"u2ts": vf["u2ts"], "u2ts": vf["u2ts"],
"shr_who": vf["shr_who"],
"frand": bool(vf.get("rand")), "frand": bool(vf.get("rand")),
"lifetime": vf.get("lifetime") or 0, "lifetime": vf.get("lifetime") or 0,
"unlist": vf.get("unlist") or "", "unlist": vf.get("unlist") or "",
@ -2818,6 +2830,7 @@ class AuthSrv(object):
"have_c2flac": self.args.allow_flac, "have_c2flac": self.args.allow_flac,
"have_c2wav": self.args.allow_wav, "have_c2wav": self.args.allow_wav,
"have_shr": self.args.shr, "have_shr": self.args.shr,
"shr_who": vf["shr_who"],
"have_zip": not self.args.no_zip, "have_zip": not self.args.no_zip,
"have_mv": not self.args.no_mv, "have_mv": not self.args.no_mv,
"have_del": not self.args.no_del, "have_del": not self.args.no_del,

2
copyparty/cfg.py
View file

@ -108,6 +108,7 @@ def vf_vmap() -> dict[str, str]:
"put_name", "put_name",
"mv_retry", "mv_retry",
"rm_retry", "rm_retry",
"shr_who",
"sort", "sort",
"tail_fd", "tail_fd",
"tail_rate", "tail_rate",
@ -350,6 +351,7 @@ flagcats = {
"dky": 'allow seeing files (not folders) inside a specific folder\nwith "g" perm, and does not require a valid dirkey to do so', "dky": 'allow seeing files (not folders) inside a specific folder\nwith "g" perm, and does not require a valid dirkey to do so',
"rss": "allow '?rss' URL suffix (experimental)", "rss": "allow '?rss' URL suffix (experimental)",
"rmagic": "expensive analysis for mimetype accuracy", "rmagic": "expensive analysis for mimetype accuracy",
"shr_who=auth": "who can create shares? no/auth/a",
"unp_who=2": "unpost only if same... 1=ip+name, 2=ip, 3=name", "unp_who=2": "unpost only if same... 1=ip+name, 2=ip, 3=name",
"ups_who=2": "restrict viewing the list of recent uploads", "ups_who=2": "restrict viewing the list of recent uploads",
"zip_who=2": "restrict access to download-as-zip/tar", "zip_who=2": "restrict access to download-as-zip/tar",

8
copyparty/httpcli.py
View file

@ -5955,6 +5955,14 @@ class HttpCli(object):
except: except:
raise Pebkac(400, "you dont have all the perms you tried to grant") raise Pebkac(400, "you dont have all the perms you tried to grant")
zs = vfs.flags["shr_who"]
if zs == "auth" and self.uname != "*":
pass
elif zs == "a" and self.uname in vfs.axs.uadmin:
pass
else:
raise Pebkac(400, "you dont have perms to create shares from this volume")
ap, reals, _ = vfs.ls( ap, reals, _ = vfs.ls(
rem, self.uname, not self.args.no_scandir, [[s_rd, s_wr, s_mv, s_del]] rem, self.uname, not self.args.no_scandir, [[s_rd, s_wr, s_mv, s_del]]
) )

13
copyparty/web/browser.js
View file

@ -11807,6 +11807,7 @@ var ACtx = !IPHONE && (window.AudioContext || window.webkitAudioContext),
noih = /[?&]v\b/.exec(sloc0), noih = /[?&]v\b/.exec(sloc0),
dbg_kbd = /[?&]dbgkbd\b/.exec(sloc0), dbg_kbd = /[?&]dbgkbd\b/.exec(sloc0),
abrt_key = "", abrt_key = "",
can_shr = false,
rtt = null, rtt = null,
ldks = [], ldks = [],
dks = {}, dks = {},
@ -14396,7 +14397,7 @@ var fileman = (function () {
hdel = !(have_del && has(perms, 'delete')), hdel = !(have_del && has(perms, 'delete')),
hcut = !(have_mv && has(perms, 'move')), hcut = !(have_mv && has(perms, 'move')),
hpst = !(have_mv && has(perms, 'write')), hpst = !(have_mv && has(perms, 'write')),
hshr = !(have_shr && acct != '*' && (has(perms, 'read') || has(perms, 'write'))); hshr = !can_shr;
if (!(enren || endel || encut || enpst)) if (!(enren || endel || encut || enpst))
hren = hdel = hcut = hpst = true; hren = hdel = hcut = hpst = true;
@ -17887,7 +17888,7 @@ var treectl = (function () {
fun(); fun();
} }
if (window.have_shr && QS('#op_unpost.act') && (cdir.startsWith(SR + have_shr) || get_evpath().startsWith(SR + have_shr))) if (can_shr && QS('#op_unpost.act') && (cdir.startsWith(SR + have_shr) || get_evpath().startsWith(SR + have_shr)))
goto('unpost'); goto('unpost');
} }
@ -18299,9 +18300,10 @@ function apply_perms(res) {
if (konmai < 0) { if (konmai < 0) {
acct = 'Ted Faro'; acct = 'Ted Faro';
srvinf = 'FAS Nexus</span> // <span>57.3 EiB free of 127 EiB'; srvinf = 'FAS Nexus</span> // <span>57.3 EiB free of 127 EiB';
res.shr_who = 'auth';
perms = res.perms = chk; perms = res.perms = chk;
have_up2k_idx = have_tags_idx = 1; have_up2k_idx = have_tags_idx = 1;
have_shr = have_mv = have_del = true; have_mv = have_del = true;
} }
var a = QS('#ops a[data-dest="up2k"]'); var a = QS('#ops a[data-dest="up2k"]');
@ -18366,6 +18368,11 @@ function apply_perms(res) {
de = document.documentElement, de = document.documentElement,
tds = QSA('#u2conf td'); tds = QSA('#u2conf td');
shr_who = res.shr_who || shr_who;
can_shr = acct != '*' && (have_read || have_write) && (
(shr_who == 'a' && has(perms, 'admin')) ||
(shr_who == 'auth'));
clmod(de, "read", have_read); clmod(de, "read", have_read);
clmod(de, "write", have_write); clmod(de, "write", have_write);
clmod(de, "nread", !have_read); clmod(de, "nread", !have_read);

1
copyparty/web/up2k.js
View file

@ -3427,6 +3427,7 @@ if (QS('#op_up2k.act'))
goto_up2k(); goto_up2k();
apply_perms({ "perms": perms, "frand": frand, "u2ts": u2ts }); apply_perms({ "perms": perms, "frand": frand, "u2ts": u2ts });
fileman.render();
(function () { (function () {

1
tests/util.py
View file

@ -208,6 +208,7 @@ class Cfg(Namespace):
rm_retry="0/0", rm_retry="0/0",
s_rd_sz=256 * 1024, s_rd_sz=256 * 1024,
s_wr_sz=256 * 1024, s_wr_sz=256 * 1024,
shr_who="auth",
sort="href", sort="href",
srch_hits=99999, srch_hits=99999,
SRS="/", SRS="/",