Allow backup downloads for admin role

This commit is contained in:
Anaggh S 2019-11-15 19:29:26 +05:30
parent 2b504938ec
commit 1a208b0642
2 changed files with 46 additions and 4 deletions

View file

@ -872,4 +872,18 @@ function transformImage($file, $imageDir, $thumbnailDir=false) {
}
return $image;
}
}
function downloadRestrictedFile($file) {
if (is_file($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
exit(0);
}
}

View file

@ -36,8 +36,13 @@ class pluginBackup extends Plugin {
public function adminSidebar()
{
$backups = $this->backupList();
return '<a class="nav-link" href="'.HTML_PATH_ADMIN_ROOT.'configure-plugin/'.$this->className().'">Backups <span class="badge badge-primary badge-pill">'.count($backups).'</span></a>';
global $login;
if ($login->role() === 'admin') {
$backups = $this->backupList();
return '<a class="nav-link" href="'.HTML_PATH_ADMIN_ROOT.'configure-plugin/'.$this->className().'">Backups <span class="badge badge-primary badge-pill">'.count($backups).'</span></a>';
} else {
return '';
}
}
public function form()
@ -66,7 +71,7 @@ class pluginBackup extends Plugin {
$html .= '<h4 class="font-weight-normal">'.Date::format($filename, BACKUP_DATE_FORMAT, 'F j, Y, g:i a').'</h4>';
// Allow download if a zip file
if ($this->zip) {
$html .= '<a class="btn btn-outline-secondary btn-sm mr-1 mt-1" href="'.DOMAIN_CONTENT.'workspaces/backup/'.$filename.'.zip"><span class="fa fa-download"></span> '.$L->get('download').'</a>';
$html .= '<a class="btn btn-outline-secondary btn-sm mr-1 mt-1" href="'.DOMAIN_BASE.'plugin-backup-download?file='.$filename.'.zip"><span class="fa fa-download"></span> '.$L->get('download').'</a>';
}
$html .= '<button name="restoreBackup" value="'.$filename.'" class="btn btn-outline-secondary btn-sm mr-1 mt-1" type="submit"><span class="fa fa-rotate-left"></span> '.$L->get('restore-backup').'</button>';
$html .= '<button name="deleteBackup" value="'.$filename.'" class="btn btn-outline-danger btn-sm mr-1 mt-1" type="submit"><span class="fa fa-trash"></span> '.$L->get('delete-backup').'</button>';
@ -76,6 +81,29 @@ class pluginBackup extends Plugin {
return $html;
}
/**
* Downloading Backups is not allowed by default server config
* This webhook is to allow downloads for admins
* Webhook: plugin-backup-download?file={backup-name.zip}
*/
public function beforeAll()
{
global $L;
$webhook = 'plugin-backup-download';
if ($this->webhook($webhook)) {
if (!empty($_GET['file'])) {
$login = new Login();
if ($login->role() === 'admin') {
downloadRestrictedFile(PATH_WORKSPACES.'backup/'.$_GET['file']);
} else {
Alert::set($L->g('You do not have sufficient permissions'));
Redirect::page('dashboard');
}
}
exit(0);
}
}
public function backupList()
{
if ($this->zip) {