mirror of
https://github.com/error311/FileRise.git
synced 2026-05-12 06:50:54 -05:00
Ryan
ab2f519cbe
- sources(core): add SourcesConfig + core WebDAV adapter (Local + WebDAV without Pro)
- sources(api/ui): migrate /api/pro/sources/* to SourcesConfig and expose capability metadata (allowedTypes/proExtended)
- admin: add per-source delete-permanently toggle + trash-off badges/hints
- pro: add Gateway Shares admin section + /api/pro/gateways/{list,save,test,delete}
- ui: fix pagination getting stuck on page 2 in table/gallery (pane state sync)
- frontend/security: move pretheme to external js/pretheme.js and remove inline CSP hash requirement
- licensing: attempt yearly-plan instance auto-bind on license save with clearer autoBind responses
94 lines
3.2 KiB
PHP
94 lines
3.2 KiB
PHP
<?php
|
|
// public/api/pro/sources/select.php
|
|
declare(strict_types=1);
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
require_once __DIR__ . '/../../../../config/config.php';
|
|
require_once PROJECT_ROOT . '/src/lib/ACL.php';
|
|
require_once PROJECT_ROOT . '/src/lib/SourceContext.php';
|
|
require_once PROJECT_ROOT . '/src/lib/SourcesConfig.php';
|
|
|
|
try {
|
|
if (($_SERVER['REQUEST_METHOD'] ?? 'GET') !== 'POST') {
|
|
http_response_code(405);
|
|
echo json_encode(['ok' => false, 'error' => 'Method not allowed']);
|
|
exit;
|
|
}
|
|
|
|
if (session_status() !== PHP_SESSION_ACTIVE) {
|
|
session_start();
|
|
}
|
|
|
|
\FileRise\Http\Controllers\AdminController::requireAuth();
|
|
\FileRise\Http\Controllers\AdminController::requireCsrf();
|
|
|
|
$raw = file_get_contents('php://input');
|
|
$body = json_decode($raw, true);
|
|
if (!is_array($body)) {
|
|
http_response_code(400);
|
|
echo json_encode(['ok' => false, 'error' => 'Invalid JSON body']);
|
|
exit;
|
|
}
|
|
|
|
$id = trim((string)($body['id'] ?? ''));
|
|
if ($id === '' || !preg_match('/^[A-Za-z0-9_-]{1,64}$/', $id)) {
|
|
http_response_code(400);
|
|
echo json_encode(['ok' => false, 'error' => 'Invalid source id']);
|
|
exit;
|
|
}
|
|
|
|
$cfg = SourcesConfig::getConfig();
|
|
if (empty($cfg['enabled'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['ok' => false, 'error' => 'Sources are not enabled']);
|
|
exit;
|
|
}
|
|
|
|
$source = SourcesConfig::getSource($id);
|
|
if (!$source || empty($source['enabled'])) {
|
|
http_response_code(404);
|
|
echo json_encode(['ok' => false, 'error' => 'Source not found']);
|
|
exit;
|
|
}
|
|
|
|
$username = (string)($_SESSION['username'] ?? '');
|
|
$perms = [];
|
|
if (function_exists('loadUserPermissions')) {
|
|
$p = loadUserPermissions($username);
|
|
$perms = is_array($p) ? $p : [];
|
|
} elseif (class_exists(\FileRise\Domain\UserModel::class) && method_exists(\FileRise\Domain\UserModel::class, 'getUserPermissions')) {
|
|
$all = \FileRise\Domain\UserModel::getUserPermissions();
|
|
if (is_array($all)) {
|
|
if (isset($all[$username])) {
|
|
$perms = (array)$all[$username];
|
|
} else {
|
|
$lk = strtolower($username);
|
|
if (isset($all[$lk])) $perms = (array)$all[$lk];
|
|
}
|
|
}
|
|
}
|
|
|
|
$originalId = class_exists('SourceContext') ? SourceContext::getActiveId() : '';
|
|
if (class_exists('SourceContext')) {
|
|
SourceContext::setActiveId($id, false);
|
|
}
|
|
if (!ACL::userHasAnyAccess($username, $perms, 'root')) {
|
|
if (class_exists('SourceContext') && $originalId !== '') {
|
|
SourceContext::setActiveId($originalId, false);
|
|
}
|
|
http_response_code(403);
|
|
echo json_encode(['ok' => false, 'error' => 'Access denied']);
|
|
exit;
|
|
}
|
|
|
|
if (class_exists('SourceContext')) {
|
|
SourceContext::setActiveId($id, true);
|
|
}
|
|
|
|
echo json_encode(['ok' => true, 'activeId' => $id], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
|
|
} catch (Throwable $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['ok' => false, 'error' => 'Error selecting source'], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
|
|
}
|