Allow backup downloads for admin role
This commit is contained in:
parent
2b504938ec
commit
1a208b0642
|
@ -873,3 +873,17 @@ function transformImage($file, $imageDir, $thumbnailDir=false) {
|
||||||
|
|
||||||
return $image;
|
return $image;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function downloadRestrictedFile($file) {
|
||||||
|
if (is_file($file)) {
|
||||||
|
header('Content-Description: File Transfer');
|
||||||
|
header('Content-Type: application/octet-stream');
|
||||||
|
header('Content-Disposition: attachment; filename="'.basename($file).'"');
|
||||||
|
header('Expires: 0');
|
||||||
|
header('Cache-Control: must-revalidate');
|
||||||
|
header('Pragma: public');
|
||||||
|
header('Content-Length: ' . filesize($file));
|
||||||
|
readfile($file);
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -36,8 +36,13 @@ class pluginBackup extends Plugin {
|
||||||
|
|
||||||
public function adminSidebar()
|
public function adminSidebar()
|
||||||
{
|
{
|
||||||
$backups = $this->backupList();
|
global $login;
|
||||||
return '<a class="nav-link" href="'.HTML_PATH_ADMIN_ROOT.'configure-plugin/'.$this->className().'">Backups <span class="badge badge-primary badge-pill">'.count($backups).'</span></a>';
|
if ($login->role() === 'admin') {
|
||||||
|
$backups = $this->backupList();
|
||||||
|
return '<a class="nav-link" href="'.HTML_PATH_ADMIN_ROOT.'configure-plugin/'.$this->className().'">Backups <span class="badge badge-primary badge-pill">'.count($backups).'</span></a>';
|
||||||
|
} else {
|
||||||
|
return '';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function form()
|
public function form()
|
||||||
|
@ -66,7 +71,7 @@ class pluginBackup extends Plugin {
|
||||||
$html .= '<h4 class="font-weight-normal">'.Date::format($filename, BACKUP_DATE_FORMAT, 'F j, Y, g:i a').'</h4>';
|
$html .= '<h4 class="font-weight-normal">'.Date::format($filename, BACKUP_DATE_FORMAT, 'F j, Y, g:i a').'</h4>';
|
||||||
// Allow download if a zip file
|
// Allow download if a zip file
|
||||||
if ($this->zip) {
|
if ($this->zip) {
|
||||||
$html .= '<a class="btn btn-outline-secondary btn-sm mr-1 mt-1" href="'.DOMAIN_CONTENT.'workspaces/backup/'.$filename.'.zip"><span class="fa fa-download"></span> '.$L->get('download').'</a>';
|
$html .= '<a class="btn btn-outline-secondary btn-sm mr-1 mt-1" href="'.DOMAIN_BASE.'plugin-backup-download?file='.$filename.'.zip"><span class="fa fa-download"></span> '.$L->get('download').'</a>';
|
||||||
}
|
}
|
||||||
$html .= '<button name="restoreBackup" value="'.$filename.'" class="btn btn-outline-secondary btn-sm mr-1 mt-1" type="submit"><span class="fa fa-rotate-left"></span> '.$L->get('restore-backup').'</button>';
|
$html .= '<button name="restoreBackup" value="'.$filename.'" class="btn btn-outline-secondary btn-sm mr-1 mt-1" type="submit"><span class="fa fa-rotate-left"></span> '.$L->get('restore-backup').'</button>';
|
||||||
$html .= '<button name="deleteBackup" value="'.$filename.'" class="btn btn-outline-danger btn-sm mr-1 mt-1" type="submit"><span class="fa fa-trash"></span> '.$L->get('delete-backup').'</button>';
|
$html .= '<button name="deleteBackup" value="'.$filename.'" class="btn btn-outline-danger btn-sm mr-1 mt-1" type="submit"><span class="fa fa-trash"></span> '.$L->get('delete-backup').'</button>';
|
||||||
|
@ -76,6 +81,29 @@ class pluginBackup extends Plugin {
|
||||||
return $html;
|
return $html;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Downloading Backups is not allowed by default server config
|
||||||
|
* This webhook is to allow downloads for admins
|
||||||
|
* Webhook: plugin-backup-download?file={backup-name.zip}
|
||||||
|
*/
|
||||||
|
public function beforeAll()
|
||||||
|
{
|
||||||
|
global $L;
|
||||||
|
$webhook = 'plugin-backup-download';
|
||||||
|
if ($this->webhook($webhook)) {
|
||||||
|
if (!empty($_GET['file'])) {
|
||||||
|
$login = new Login();
|
||||||
|
if ($login->role() === 'admin') {
|
||||||
|
downloadRestrictedFile(PATH_WORKSPACES.'backup/'.$_GET['file']);
|
||||||
|
} else {
|
||||||
|
Alert::set($L->g('You do not have sufficient permissions'));
|
||||||
|
Redirect::page('dashboard');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public function backupList()
|
public function backupList()
|
||||||
{
|
{
|
||||||
if ($this->zip) {
|
if ($this->zip) {
|
||||||
|
|
Loading…
Reference in New Issue