a31e4265bd
* Add delivery api toggle * Add Dockerfile * add docker compose template * Ensure no duplicate database containers * Remove wwwroot/umbraco permission check We don't need write access to this folder * Provide environment variables from dokcer-compose * Build as debug from compose The compose file is intended to be used for local dev * Don't store password in docker files Still not great to store it in .env but it's fine for dev * Add additional template files * Add docker ignore file * Enable delivery API in settings too * Enable models builder mode toggle * Add WIP for umbraco release option * Add starterkit option * Add option to chose LTS or latest * Add development mode option * Add descriptions * Add display names * Add backoffice development at explicit default * Rearrange DevelopmentMode before ModelsBuilderMode * Allow specifying a port for the compose file * Add some notes * Move starterkits into its own template * Don't update version * Remove test configuration from Dockerfile * Add default modelsbuilder option * Update descriptions * overwrite default values in IDE development * Remove obsolete runtime minification * Try and fix healthcheck * Don't use post action for starterkit otherwise it won't work with Rider, also make the version 13.0.0 if LTS is chosen * Move UmbracoVersion above FinalVersion Otherwise, rider will use UmbracoVersion for some weird reason * Fix healthcheck * Use else instead of second if for modelsbuilder * Obsolete UmbracoVersion * Remove custom release option * Use forward slashes for volumes * Add MSSQL_SA_PASSWORD env variable * Temporarily limit acceptance tests so it works * Try again * Disable SQLServer integration tests * Set UseHttps to false in appsettings.Development.json You still want to be able to use non-https when developing locally * Fix LTS version LTS still needs installer endpoints added * Update permissions of wwwroot/umbraco for v13 sites * Fix conditional in Program.cs * Undo pipeline shenanigans
268 lines
8.3 KiB
C#
268 lines
8.3 KiB
C#
// Copyright (c) Umbraco.
|
|
// See LICENSE for more details.
|
|
|
|
using System.Security.AccessControl;
|
|
using System.Security.Principal;
|
|
using Microsoft.Extensions.Options;
|
|
using Umbraco.Cms.Core;
|
|
using Umbraco.Cms.Core.Configuration.Models;
|
|
using Umbraco.Cms.Core.Hosting;
|
|
using Umbraco.Cms.Core.Install;
|
|
using Umbraco.Cms.Core.IO;
|
|
using Umbraco.Extensions;
|
|
|
|
namespace Umbraco.Cms.Infrastructure.Install;
|
|
|
|
/// <inheritdoc />
|
|
public class FilePermissionHelper : IFilePermissionHelper
|
|
{
|
|
private readonly GlobalSettings _globalSettings;
|
|
private readonly IHostingEnvironment _hostingEnvironment;
|
|
private readonly IIOHelper _ioHelper;
|
|
|
|
private readonly string[] _packagesPermissionsDirs;
|
|
|
|
// ensure that these directories exist and Umbraco can write to them
|
|
private readonly string[] _permissionDirs;
|
|
|
|
// ensure Umbraco can write to these files (the directories must exist)
|
|
private readonly string[] _permissionFiles = Array.Empty<string>();
|
|
private readonly string _basePath;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="FilePermissionHelper" /> class.
|
|
/// </summary>
|
|
public FilePermissionHelper(IOptions<GlobalSettings> globalSettings, IIOHelper ioHelper,
|
|
IHostingEnvironment hostingEnvironment)
|
|
{
|
|
_globalSettings = globalSettings.Value;
|
|
_ioHelper = ioHelper;
|
|
_hostingEnvironment = hostingEnvironment;
|
|
_basePath = hostingEnvironment.MapPathContentRoot("/");
|
|
_permissionDirs = new[]
|
|
{
|
|
hostingEnvironment.MapPathWebRoot(_globalSettings.UmbracoCssPath),
|
|
hostingEnvironment.MapPathContentRoot(Constants.SystemDirectories.Config),
|
|
hostingEnvironment.MapPathContentRoot(Constants.SystemDirectories.Data),
|
|
hostingEnvironment.MapPathWebRoot(_globalSettings.UmbracoMediaPhysicalRootPath),
|
|
hostingEnvironment.MapPathContentRoot(Constants.SystemDirectories.Preview),
|
|
};
|
|
_packagesPermissionsDirs = new[]
|
|
{
|
|
hostingEnvironment.MapPathContentRoot(Constants.SystemDirectories.Bin),
|
|
hostingEnvironment.MapPathContentRoot(Constants.SystemDirectories.Umbraco),
|
|
hostingEnvironment.MapPathContentRoot(Constants.SystemDirectories.Packages),
|
|
};
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public bool RunFilePermissionTestSuite(out Dictionary<FilePermissionTest, IEnumerable<string>> report)
|
|
{
|
|
report = new Dictionary<FilePermissionTest, IEnumerable<string>>();
|
|
|
|
EnsureDirectories(_permissionDirs, out IEnumerable<string> errors);
|
|
report[FilePermissionTest.FolderCreation] = errors.ToList();
|
|
|
|
EnsureDirectories(_packagesPermissionsDirs, out errors);
|
|
report[FilePermissionTest.FileWritingForPackages] = errors.ToList();
|
|
|
|
EnsureFiles(_permissionFiles, out errors);
|
|
report[FilePermissionTest.FileWriting] = errors.ToList();
|
|
|
|
EnsureCanCreateSubDirectory(
|
|
_hostingEnvironment.MapPathWebRoot(_globalSettings.UmbracoMediaPhysicalRootPath),
|
|
out errors);
|
|
report[FilePermissionTest.MediaFolderCreation] = errors.ToList();
|
|
|
|
return report.Sum(x => x.Value.Count()) == 0;
|
|
}
|
|
|
|
private bool EnsureDirectories(string[] dirs, out IEnumerable<string> errors, bool writeCausesRestart = false)
|
|
{
|
|
List<string>? temp = null;
|
|
var success = true;
|
|
foreach (var dir in dirs)
|
|
{
|
|
// we don't want to create/ship unnecessary directories, so
|
|
// here we just ensure we can access the directory, not create it
|
|
var tryAccess = TryAccessDirectory(dir, !writeCausesRestart);
|
|
if (tryAccess)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
if (temp == null)
|
|
{
|
|
temp = new List<string>();
|
|
}
|
|
|
|
temp.Add(dir.TrimStart(_basePath));
|
|
success = false;
|
|
}
|
|
|
|
errors = success ? Enumerable.Empty<string>() : temp ?? Enumerable.Empty<string>();
|
|
return success;
|
|
}
|
|
|
|
private bool EnsureFiles(string[] files, out IEnumerable<string> errors)
|
|
{
|
|
List<string>? temp = null;
|
|
var success = true;
|
|
foreach (var file in files)
|
|
{
|
|
var canWrite = TryWriteFile(file);
|
|
if (canWrite)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
if (temp == null)
|
|
{
|
|
temp = new List<string>();
|
|
}
|
|
|
|
temp.Add(file.TrimStart(_basePath));
|
|
success = false;
|
|
}
|
|
|
|
errors = success ? Enumerable.Empty<string>() : temp ?? Enumerable.Empty<string>();
|
|
return success;
|
|
}
|
|
|
|
private bool EnsureCanCreateSubDirectory(string dir, out IEnumerable<string> errors)
|
|
=> EnsureCanCreateSubDirectories(new[] { dir }, out errors);
|
|
|
|
private bool EnsureCanCreateSubDirectories(IEnumerable<string> dirs, out IEnumerable<string> errors)
|
|
{
|
|
List<string>? temp = null;
|
|
var success = true;
|
|
foreach (var dir in dirs)
|
|
{
|
|
var canCreate = TryCreateSubDirectory(dir);
|
|
if (canCreate)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
if (temp == null)
|
|
{
|
|
temp = new List<string>();
|
|
}
|
|
|
|
temp.Add(dir);
|
|
success = false;
|
|
}
|
|
|
|
errors = success ? Enumerable.Empty<string>() : temp ?? Enumerable.Empty<string>();
|
|
return success;
|
|
}
|
|
|
|
// tries to create a sub-directory
|
|
// if successful, the sub-directory is deleted
|
|
// creates the directory if needed - does not delete it
|
|
private bool TryCreateSubDirectory(string dir)
|
|
{
|
|
try
|
|
{
|
|
var path = Path.Combine(dir, _ioHelper.CreateRandomFileName());
|
|
Directory.CreateDirectory(path);
|
|
Directory.Delete(path);
|
|
return true;
|
|
}
|
|
catch
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// tries to create a file
|
|
// if successful, the file is deleted
|
|
//
|
|
// or
|
|
//
|
|
// use the ACL APIs to avoid creating files
|
|
//
|
|
// if the directory does not exist, do nothing & success
|
|
private bool TryAccessDirectory(string dirPath, bool canWrite)
|
|
{
|
|
try
|
|
{
|
|
if (Directory.Exists(dirPath) == false)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
if (canWrite)
|
|
{
|
|
var filePath = dirPath + "/" + _ioHelper.CreateRandomFileName() + ".tmp";
|
|
File.WriteAllText(filePath, "This is an Umbraco internal test file. It is safe to delete it.");
|
|
File.Delete(filePath);
|
|
return true;
|
|
}
|
|
|
|
return HasWritePermission(dirPath);
|
|
}
|
|
catch
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
|
|
private bool HasWritePermission(string path)
|
|
{
|
|
var writeAllow = false;
|
|
var writeDeny = false;
|
|
var accessControlList = new DirectorySecurity(
|
|
path,
|
|
AccessControlSections.Access | AccessControlSections.Owner | AccessControlSections.Group);
|
|
|
|
AuthorizationRuleCollection accessRules;
|
|
try
|
|
{
|
|
accessRules = accessControlList.GetAccessRules(true, true, typeof(SecurityIdentifier));
|
|
}
|
|
catch (Exception)
|
|
{
|
|
// This is not 100% accurate because it could turn out that the current user doesn't
|
|
// have access to read the current permissions but does have write access.
|
|
// I think this is an edge case however
|
|
return false;
|
|
}
|
|
|
|
foreach (FileSystemAccessRule rule in accessRules)
|
|
{
|
|
if ((FileSystemRights.Write & rule.FileSystemRights) != FileSystemRights.Write)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
if (rule.AccessControlType == AccessControlType.Allow)
|
|
{
|
|
writeAllow = true;
|
|
}
|
|
else if (rule.AccessControlType == AccessControlType.Deny)
|
|
{
|
|
writeDeny = true;
|
|
}
|
|
}
|
|
|
|
return writeAllow && writeDeny == false;
|
|
}
|
|
|
|
// tries to write into a file
|
|
// fails if the directory does not exist
|
|
private bool TryWriteFile(string file)
|
|
{
|
|
try
|
|
{
|
|
var path = file;
|
|
File.AppendText(path).Close();
|
|
return true;
|
|
}
|
|
catch
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
}
|