我想创建一个简单的权限系统,并能够控制用户是否可以在目录中读取和/或写入 a。为此,我创建了一个插件。如果用户没有正确的权限,则会引发 Forbidden 异常。让我们想象以下具有当前用户相应权限的目录结构:
Folder 1 (read & write)
Subfolder 1 (no read nor write)
...
Folder 2 (read & write)
....
当用户尝试访问文件夹 2 或子文件夹 1 时,一切正常。他要么获得预期的文件夹数据(文件夹 2),要么获得禁止的异常(子文件夹 1)。但是,如果他尝试访问文件夹 1,则会引发 Forbidden 异常。我怎样才能以某种方式实现这个系统,用户仍然可以访问文件夹 1 但不能访问子文件夹 1? 这是我当前的(简化的)代码:
class SabreServerPlugin extends \Sabre\DAV\ServerPlugin
{
public const BEFORE_CREATE_FILE = 'beforeCreateFile';
public const BEFORE_FILE_UPDATE = 'beforeWriteContent';
public const BEFORE_CREATION_DUE_TO_UPDATE = 'beforeBind';
public const BEFORE_DELETION_DUE_TO_UPDATE = 'beforeUnbind';
public const BEFORE_LOCK = 'beforeLock';
public const BEFORE_UNLOCK = 'beforeUnlock';
public const BEFORE_PROPERTY_REQUEST = 'propFind';
private Server $server;
private Security $security;
public function __construct(Security $security)
{
$this->security = $security;
}
public function initialize(Server $server): void
{
$this->server = $server;
$this->server->on(self::BEFORE_CREATE_FILE, [$this, 'beforeCreateFile']);
$this->server->on(self::BEFORE_FILE_UPDATE, [$this, 'beforeFileUpdate']);
$this->server->on(self::BEFORE_CREATION_DUE_TO_UPDATE, [$this, 'beforeCreationDueToUpdate']);
$this->server->on(self::BEFORE_DELETION_DUE_TO_UPDATE, [$this, 'beforeDeletionDueToUpdate']);
$this->server->on(self::BEFORE_LOCK, [$this, 'beforeLock']);
$this->server->on(self::BEFORE_UNLOCK, [$this, 'beforeUnlock']);
$this->server->on(self::BEFORE_PROPERTY_REQUEST, [$this, 'beforePropertyRequest']);
}
public function beforeCreateFile(string $path, &$data, \Sabre\DAV\ICollection $parent, &$modified): void
{
if (!$this->security->isGranted(FileVoter::CREATE, $path)) {
throw new Forbidden();
}
}
public function beforeFileUpdate($path, \Sabre\DAV\IFile $node, &$data, &$modified): void
{
if (!$this->security->isGranted(FileVoter::UPDATE, $path)) {
throw new Forbidden();
}
}
public function beforeCreationDueToUpdate($path): bool
{
if (!$this->security->isGranted(FileVoter::CREATE, $path)) {
throw new Forbidden();
}
return true;
}
public function beforeDeletionDueToUpdate($path): bool
{
if (!$this->security->isGranted(FileVoter::DELETE, $path)) {
throw new Forbidden();
}
return true;
}
public function beforeLock($path, \Sabre\DAV\Locks\LockInfo $lock): bool
{
if (!$this->security->isGranted(FileVoter::UPDATE, $path)) {
throw new Forbidden();
}
return true;
}
public function beforeUnlock($path, \Sabre\DAV\Locks\LockInfo $lock): bool
{
if (!$this->security->isGranted(FileVoter::UPDATE, $path)) {
throw new Forbidden();
}
return true;
}
public function beforePropertyRequest(\Sabre\DAV\PropFind $propfind, \Sabre\Dav\INode $node): void
{
if (!$this->security->isGranted(FileVoter::VIEW, $path)) {
throw new Forbidden();
}
}
}
据我了解,只有在处理路径“子文件夹 2”的 profind 时才会引发异常,这是正确的,但异常不包含在此节点内,因此不会仅标记文件夹/节点“子文件夹 2 “作为禁止。