From 2e02a3c71e09a86fa2341d80493303925a86e7d9 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Wed, 22 May 2019 14:20:52 -0700
Subject: [PATCH] Revert "only admins have sftp access"

This reverts commit ecc9415679e3c3bea6c2c7ca718241c79d166509.

We want to support the workflow where normal users can have SFTP
access without being cloudron admins. The reason it is admin only
is because it is possible to upload/modify app code via SFTP to
then get cloudron admin credentials.

For this reason, we will fixup the apps as follows:
* Unmanaged WP - remove LDAP integration
* LAMP - remove LDAP. We will make a new major version that informs
  the user NOT to update the app if they use LDAP. In 4.1, we will
  expose the LDAP server, so they can use the public LDAP server for
  any integration.
* Managed WP - Remove SFTP. This is contential but if people want to
  really build/develop plugins then they can use Unmanaged WP for the dev
  environment.
* Surfer - no change. Can have SFTP and LDAP since code is not modifiable

In general, should also be careful then about adding SFTP access to random
apps (like say nextcloud), since this would allow normal user to access
other people's data.
---
 CHANGES     |  1 -
 src/ldap.js | 31 +++++++++++++++++--------------
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8bd294aae..4637a08cd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1591,7 +1591,6 @@
 
 [4.0.1]
 * Make it easier to import email
-* Give SFTP access only to admins
 
 [4.0.2]
 * Fix GCDNS crash
diff --git a/src/ldap.js b/src/ldap.js
index 2d6c3e2d2..9da6c0948 100644
--- a/src/ldap.js
+++ b/src/ldap.js
@@ -520,22 +520,25 @@ function userSearchSftp(req, res, next) {
         users.getByUsername(username, function (error, user) {
             if (error) return next(new ldap.OperationsError(error.toString()));
 
-            if (!user.admin) return next(new ldap.InsufficientAccessRightsError('Not authorized'));
+            apps.hasAccessTo(app, user, function (error, hasAccess) {
+                if (error) return next(new ldap.OperationsError(error.toString()));
+                if (!hasAccess) return next(new ldap.InsufficientAccessRightsError('Not authorized'));
 
-            var obj = {
-                dn: ldap.parseDN(`cn=${username}@${appFqdn},ou=sftp,dc=cloudron`).toString(),
-                attributes: {
-                    homeDirectory: path.join('/app/data', app.id, 'data'),
-                    objectclass: ['user'],
-                    objectcategory: 'person',
-                    cn: user.id,
-                    uid: `${username}@${appFqdn}`,  // for bind after search
-                    uidNumber: uidNumber,           // unix uid for ftp access
-                    gidNumber: uidNumber            // unix gid for ftp access
-                }
-            };
+                var obj = {
+                    dn: ldap.parseDN(`cn=${username}@${appFqdn},ou=sftp,dc=cloudron`).toString(),
+                    attributes: {
+                        homeDirectory: path.join('/app/data', app.id, 'data'),
+                        objectclass: ['user'],
+                        objectcategory: 'person',
+                        cn: user.id,
+                        uid: `${username}@${appFqdn}`,  // for bind after search
+                        uidNumber: uidNumber,           // unix uid for ftp access
+                        gidNumber: uidNumber            // unix gid for ftp access
+                    }
+                };
 
-            finalSend([ obj ], req, res, next);
+                finalSend([ obj ], req, res, next);
+            });
         });
     });
 }