[Pkg-owncloud-commits] [owncloud] 04/16: Allow read-only configuration

David Prévot taffit at moszumanska.debian.org
Sun Dec 7 20:58:05 UTC 2014 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit f5d95139579fc1865f1f18e13aab24998d2e7d9d
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Tue Nov 25 16:12:12 2014 +0100

    Allow read-only configuration
    
    Workaround required for IIS setups running ownCloud to prevent dataloss.
    
    Long-term solution would be to move some configuration settings to the database
    
    Conflicts:
    	lib/base.php
    	settings/admin.php
---
 config/config.sample.php     |  9 +++++++++
 lib/base.php                 |  6 +++---
 lib/private/helper.php       |  8 ++++++++
 settings/admin.php           |  2 ++
 settings/templates/admin.php | 20 +++++++++++++++++---
 5 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index c073d94..02d468b 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -429,6 +429,15 @@ $CONFIG = array(
  */
 'check_for_working_htaccess' => true,
 
+/**
+ * In certain environments it is desired to have a read-only config file.
+ * When this switch is set to ``true`` ownCloud will not verify whether the
+ * configuration is writable. However, it will not be possible to configure
+ * all options via the web-interface. Furthermore, when updating ownCloud
+ * it is required to make the config file writable again for the update
+ * process.
+ */
+'config_is_read_only' => false,
 
 /**
  * Logging
diff --git a/lib/base.php b/lib/base.php
index 27b1233..e99159d 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -188,9 +188,9 @@ class OC {
 
 	public static function checkConfig() {
 		$l = OC_L10N::get('lib');
-		if (file_exists(self::$configDir . "/config.php")
-			and !is_writable(self::$configDir . "/config.php")
-		) {
+		$configFileWritable = file_exists(self::$configDir . "/config.php") && is_writable(self::$configDir . "/config.php");
+		if (!$configFileWritable && !OC_Helper::isReadOnlyConfigEnabled()
+			|| !$configFileWritable && \OCP\Util::needUpgrade()) {
 			if (self::$CLI) {
 				echo $l->t('Cannot write into "config" directory!')."\n";
 				echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n";
diff --git a/lib/private/helper.php b/lib/private/helper.php
index 3323322..15cf819 100644
--- a/lib/private/helper.php
+++ b/lib/private/helper.php
@@ -1049,4 +1049,12 @@ class OC_Helper {
 		return array('free' => $free, 'used' => $used, 'total' => $total, 'relative' => $relative);
 
 	}
+
+	/**
+	 * Returns whether the config file is set manually to read-only
+	 * @return bool
+	 */
+	public static function isReadOnlyConfigEnabled() {
+		return \OC::$server->getConfig()->getSystemValue('config_is_read_only', false);
+	}
 }
diff --git a/settings/admin.php b/settings/admin.php
index 9b1a822..31ead44 100644
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -42,6 +42,7 @@ $tmpl->assign('mail_smtppassword', OC_Config::getValue( "mail_smtppassword", ''
 $tmpl->assign('entries', $entries);
 $tmpl->assign('entriesremain', $entriesremain);
 $tmpl->assign('htaccessworking', $htaccessworking);
+$tmpl->assign('readOnlyConfigEnabled', OC_Helper::isReadOnlyConfigEnabled());
 $tmpl->assign('isLocaleWorking', OC_Util::isSetLocaleWorking());
 $tmpl->assign('isAnnotationsWorking', OC_Util::isAnnotationsWorking());
 $tmpl->assign('has_fileinfo', OC_Util::fileInfoLoaded());
@@ -56,6 +57,7 @@ $tmpl->assign('shareEnforceExpireDate', OC_Appconfig::getValue('core', 'shareapi
 $excludeGroups = OC_Appconfig::getValue('core', 'shareapi_exclude_groups', 'no') === 'yes' ? true : false;
 $tmpl->assign('shareExcludeGroups', $excludeGroups);
 $excludedGroupsList = OC_Appconfig::getValue('core', 'shareapi_exclude_groups_list', '');
+
 $excludedGroupsList = explode(',', $excludedGroupsList); // FIXME: this should be JSON!
 $tmpl->assign('shareExcludedGroupsList', implode('|', $excludedGroupsList));
 
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index 90426ef..20b7107 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -62,14 +62,28 @@ if (!$_['isConnectedViaHTTPS']) {
 // is htaccess working ?
 if (!$_['htaccessworking']) {
 	?>
-<div class="section">
-	<h2><?php p($l->t('Security Warning'));?></h2>
+	<div class="section">
+		<h2><?php p($l->t('Security Warning')); ?></h2>
 
 	<span class="securitywarning">
 		<?php p($l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.')); ?>
 	</span>
 
-</div>
+	</div>
+<?php
+}
+
+// is read only config enabled
+if ($_['readOnlyConfigEnabled']) {
+?>
+<div class="section">
+	<h2><?php p($l->t('Read-Only config enabled'));?></h2>
+
+	<span class="securitywarning">
+		<?php p($l->t('The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update.')); ?>
+	</span>
+
+	</div>
 <?php
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list