Commit 5a0a1003 authored by PENGUEN Julien's avatar PENGUEN Julien

ajout fonction function_check_permission_volume pour tester que l'utilisateur...

ajout fonction function_check_permission_volume pour tester que l'utilisateur a bien les droits d'écriture et lecture sur le volume monté au cas où l'on écrit les résultats sur le volume monté
parent 2e544eaa
......@@ -95,6 +95,9 @@ bash --version
* You must have docker on your mac.(see [Mac-OS docker installation](https://docs.docker.com/docker-for-mac/install/))
__*note*__: don't forget to add folders we want to mount on Docker preferences (preferences -> File Sharing -> +)
# Installation
1. Clone the photos_montage_aladin repository:
......
......@@ -24,6 +24,16 @@ function_message()
echo -e "WARNING => ${message}"
echo -e "=========================================================${COLOR_OFF}"
elif [ "$type_message" == "TYPE_MOUNT_ERROR" ]; then
echo ""
echo "------------------------------------"
echo ""
echo -e "${RED}========================================================="
echo -e "${message}"
echo -e "on volume mounted : ${option}"
echo -e "=========================================================${COLOR_OFF}"
elif [ "$type_message" == "TYPE_FILE_ERROR" ]; then
echo ""
......@@ -673,6 +683,134 @@ function_check_number()
}
function_check_permission_volume()
{
# function_check_permission_volume: check if user have read and write
# permissions for the input volume.
# input: volume
# returns:
# return TRUE if permission OK else FALSE
volume=$1
volume_permissions=$(namei -l $volume | tail -n 1 | awk -F" " '{print $1}')
volume_type=${volume_permissions:0:1}
volume_owner_permissions=${volume_permissions:1:3}
volume_group_permissions=${volume_permissions:4:3}
volume_others_permissions=${volume_permissions:7:3}
volume_owner=$(namei -l $volume | tail -n 1 | awk -F" " '{print $2}')
volume_group_owner=$(namei -l $volume | tail -n 1 | awk -F" " '{print $3}')
user_name=$(whoami)
user_groups=$(id | awk -F " " '{print $3}' | sed 's/^groupes//g' | sed 's/[0-9()=]//g')
tab_user_groups=( ${user_groups//,/ } )
if [[ $user_name == $volume_owner ]]; then
# -----------------------------------------#
# case user is volume owner
# -----------------------------------------#
if [[ $volume_owner_permissions == "rwx" || $volume_owner_permissions == "rw-" ]]; then
#case user could read and write on volume
AUTHORIZATION="TRUE"
else
#case user could not read and write on volume
#we check group authorization
if [[ "${tab_user_groups[@]}" =~ "$volume_group_owner" ]]; then
#case group volume is in user group list
if [[ $volume_group_permissions == "rwx" || $volume_group_permissions == "rw-" ]]; then
#case group volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case group volume not allow user to read and write
#we check other volume permissions
if [[ $volume_others_permissions == "rwx" || $volume_others_permissions == "rw-" ]]; then
#case other permissions volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case other permissions volume not allow user to read and write
AUTHORIZATION="FALSE"
fi
fi
else
#case group volume is not in user group list
#we check other volume permissions
if [[ $volume_others_permissions == "rwx" || $volume_others_permissions == "rw-" ]]; then
#case other permissions volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case other permissions volume not allow user to read and write
AUTHORIZATION="FALSE"
fi
fi
fi
else
# -----------------------------------------#
# case user is not volume owner
# -----------------------------------------#
if [[ "${tab_user_groups[@]}" =~ "$volume_group_owner" ]]; then
#case group volume is in user group list
if [[ $volume_group_permissions == "rwx" || $volume_group_permissions == "rw-" ]]; then
#case group volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case group volume not allow user to read and write
#we check other volume permissions
if [[ $volume_others_permissions == "rwx" || $volume_others_permissions == "rw-" ]]; then
#case other permissions volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case other permissions volume not allow user to read and write
AUTHORIZATION="FALSE"
fi
fi
else
#case group volume is not in user group list
#we check other volume permissions
if [[ $volume_others_permissions == "rwx" || $volume_others_permissions == "rw-" ]]; then
#case other permissions volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case other permissions volume not allow user to read and write
AUTHORIZATION="FALSE"
fi
fi
fi
echo "$AUTHORIZATION"
}
function_jar_updated_search()
{
# function_jar_updated_search: get the last jar version
......@@ -923,6 +1061,17 @@ if [[ $OUTPUT_FOLDER_LINUX != $OLD_OUTPUT_FOLDER_LINUX && $VOLUME_MOUNT != "NONE
if [ "$CHAINE" != "" ]; then
OUTPUT_FOLDER_ON_VOLUME_MOUNT="TRUE"
result_check_permission=`function_check_permission_volume $VOLUME_MOUNT`
echo "result_check_permission=$result_check_permission"
if [ $result_check_permission != 'TRUE' ]; then
function_message "TYPE_MOUNT_ERROR" "you do not have permission to write and / or read" $VOLUME_MOUNT
exit 0
fi
fi
fi
......
......@@ -674,6 +674,134 @@ function_check_number()
}
function_check_permission_volume()
{
# function_check_permission_volume: check if user have read and write
# permissions for the input volume.
# input: volume
# returns:
# return TRUE if permission OK else FALSE
volume=$1
volume_permissions=$(namei -l $volume | tail -n 1 | awk -F" " '{print $1}')
volume_type=${volume_permissions:0:1}
volume_owner_permissions=${volume_permissions:1:3}
volume_group_permissions=${volume_permissions:4:3}
volume_others_permissions=${volume_permissions:7:3}
volume_owner=$(namei -l $volume | tail -n 1 | awk -F" " '{print $2}')
volume_group_owner=$(namei -l $volume | tail -n 1 | awk -F" " '{print $3}')
user_name=$(whoami)
user_groups=$(id | awk -F " " '{print $3}' | sed 's/^groupes//g' | sed 's/[0-9()=]//g')
tab_user_groups=( ${user_groups//,/ } )
if [[ $user_name == $volume_owner ]]; then
# -----------------------------------------#
# case user is volume owner
# -----------------------------------------#
if [[ $volume_owner_permissions == "rwx" || $volume_owner_permissions == "rw-" ]]; then
#case user could read and write on volume
AUTHORIZATION="TRUE"
else
#case user could not read and write on volume
#we check group authorization
if [[ "${tab_user_groups[@]}" =~ "$volume_group_owner" ]]; then
#case group volume is in user group list
if [[ $volume_group_permissions == "rwx" || $volume_group_permissions == "rw-" ]]; then
#case group volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case group volume not allow user to read and write
#we check other volume permissions
if [[ $volume_others_permissions == "rwx" || $volume_others_permissions == "rw-" ]]; then
#case other permissions volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case other permissions volume not allow user to read and write
AUTHORIZATION="FALSE"
fi
fi
else
#case group volume is not in user group list
#we check other volume permissions
if [[ $volume_others_permissions == "rwx" || $volume_others_permissions == "rw-" ]]; then
#case other permissions volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case other permissions volume not allow user to read and write
AUTHORIZATION="FALSE"
fi
fi
fi
else
# -----------------------------------------#
# case user is not volume owner
# -----------------------------------------#
if [[ "${tab_user_groups[@]}" =~ "$volume_group_owner" ]]; then
#case group volume is in user group list
if [[ $volume_group_permissions == "rwx" || $volume_group_permissions == "rw-" ]]; then
#case group volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case group volume not allow user to read and write
#we check other volume permissions
if [[ $volume_others_permissions == "rwx" || $volume_others_permissions == "rw-" ]]; then
#case other permissions volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case other permissions volume not allow user to read and write
AUTHORIZATION="FALSE"
fi
fi
else
#case group volume is not in user group list
#we check other volume permissions
if [[ $volume_others_permissions == "rwx" || $volume_others_permissions == "rw-" ]]; then
#case other permissions volume allow user to read and write
AUTHORIZATION="TRUE"
else
#case other permissions volume not allow user to read and write
AUTHORIZATION="FALSE"
fi
fi
fi
echo "$AUTHORIZATION"
}
function_jar_updated_search()
{
# function_jar_updated_search: get the last jar version
......@@ -940,6 +1068,16 @@ if [[ $OUTPUT_FOLDER_MACOS != $OLD_OUTPUT_FOLDER_MACOS && $VOLUME_MOUNT != "NONE
if [ "$CHAINE" != "" ]; then
OUTPUT_FOLDER_ON_VOLUME_MOUNT="TRUE"
result_check_permission=`function_check_permission_volume $VOLUME_MOUNT`
echo "result_check_permission=$result_check_permission"
if [ $result_check_permission != 'TRUE' ]; then
function_message "TYPE_MOUNT_ERROR" "you do not have permission to write and / or read" $VOLUME_MOUNT
exit 0
fi
fi
fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment