be more strict about vfs extend in readonly mode

configs/client-default.js

@@ -35,8 +35,6 @@ module.exports = function(options) {
     var devel = options.standalone && !options.local || options.mode === "devel" || options.mode == "onlinedev" || options.dev;
     
     var localExtendFiles = options.localExtend || options.standalone;
-    // allow extend code access only to C9-deveoped plugins
-    var extendToken = options.extendToken || "token";
     
     var plugins = [
         // C9
@@ -412,7 +410,6 @@ module.exports = function(options) {
         "plugins/c9.ide.language.go/go",
         {
             packagePath: "plugins/c9.ide.language.jsonalyzer/jsonalyzer",
-            extendToken: extendToken,
             workspaceDir: workspaceDir,
             homeDir: options.home,
             bashBin: options.bashBin,
@@ -787,7 +784,6 @@ module.exports = function(options) {
         },
         {
             packagePath: "plugins/c9.ide.pubsub/pubsub-client",
-            extendToken: extendToken
         },
         {
             packagePath: "plugins/c9.ide.collab/notifications/bubble",
@@ -868,7 +864,6 @@ module.exports = function(options) {
         plugins.push(
         {
             packagePath: "plugins/c9.ide.collab/connect",
-            extendToken: extendToken,
             enable: collab,
             debug: debug,
             localServerFile: localExtendFiles,

package.json

@@ -65,9 +65,9 @@
         "c9.ide.language.javascript.eslint": "#4de5457db1",
         "c9.ide.language.javascript.tern": "#b55d0069bb",
         "c9.ide.language.javascript.infer": "#18acb93a3a",
-        "c9.ide.language.jsonalyzer": "#4b329741b1",
+        "c9.ide.language.jsonalyzer": "#23457a0bf6",
         "c9.ide.language.codeintel": "#253ae15f5e",
-        "c9.ide.collab": "#bab99a8b38",
+        "c9.ide.collab": "#763cbbfe3f",
         "c9.ide.local": "#10eb45842a",
         "c9.ide.find": "#e33fbaed2f",
         "c9.ide.find.infiles": "#c0a13737ef",
@@ -90,17 +90,17 @@
         "c9.ide.help.support": "#932fbb3743",
         "c9.ide.imgeditor": "#612e75ef4f",
         "c9.ide.immediate": "#19758abe08",
-        "c9.ide.installer": "#1232d4e179",
+        "c9.ide.installer": "#4ec5341876",
         "c9.ide.language.python": "#330b80e3b2",
         "c9.ide.language.go": "#6ce1c7a7ef",
         "c9.ide.mount": "#4c39359b87",
-        "c9.ide.navigate": "#0b7ec7936c",
+        "c9.ide.navigate": "#3941d604b9",
         "c9.ide.newresource": "#981a408a7b",
         "c9.ide.openfiles": "#2ae85a9e33",
         "c9.ide.preview": "#5f5fff0185",
         "c9.ide.preview.browser": "#897177be7f",
         "c9.ide.preview.markdown": "#c3174d86e0",
-        "c9.ide.pubsub": "#a85fb27eca",
+        "c9.ide.pubsub": "#933baeb7b4",
         "c9.ide.readonly": "#719881e192",
         "c9.ide.recentfiles": "#7c099abf40",
         "c9.ide.remote": "#301d2ab519",

plugins/c9.vfs.client/vfs.log.js

@@ -20,6 +20,8 @@ define(function (require, exports, module) {
             if (loaded) return false;
             loaded = true;
             
+            if (c9.readonly) return false;
+            
             ext.loadRemotePlugin("log", {
                 code: require("text!./log-service.js"),
                 redefine: true

plugins/c9.vfs.client/vfs.ping.js

@@ -22,10 +22,9 @@ define(function(require, exports, module) {
             loaded = true;
 
             ext.loadRemotePlugin("ping", {
-                code: require("text!./ping-service.js"),
+                file: "c9.vfs.client/ping-service.js"
-                redefine: true
             }, function(err, remote) {
-                if (err)
+                if (!remote)
                     return console.error(err);
 
                 api = remote;

plugins/c9.vfs.server/vfs.connect.standalone.js

@@ -56,7 +56,6 @@ define(function(require, exports, module) {
                     projectDir: vfsOptions.projectDir,
                     extendDirectory: options.extendDirectory,
                     extendOptions: projectOptions.extendOptions,
-                    extendToken: "not_needed",
                     collab: options.collab,
                     vfsOptions: vfsOptions,
                     public: true

plugins/c9.vfs.server/vfs.js

@@ -24,7 +24,6 @@ function Vfs(vfs, master, options) {
     this.public = options.public || false;
     this.vfsOptions = options.vfsOptions || {};
     this.pid = this.vfsOptions.pid;
-    var extendToken = options.extendToken;
 
     this.homeDir = options.homeDir;
     this.workspaceDir = options.projectDir;
@@ -36,14 +35,12 @@ function Vfs(vfs, master, options) {
         blocked: this.readonly,
         extendDirectory: options.extendDirectory,
         extendOptions: options.extendOptions,
-        extendToken: extendToken
     });
     this.vfsWorkspace = wrapVfs(vfs, {
         root: this.workspaceDir,
         readonly: this.readonly,
         extendDirectory: options.extendDirectory,
         extendOptions: options.extendOptions,
-        extendToken: extendToken
     });
     
     var vfsProxy = proxyVfs(Object.keys(this.vfsHome), this.vfsHome, this.vfsWorkspace);

plugins/c9.vfs.server/vfs_wrapper.js

@@ -8,7 +8,6 @@ module.exports = function(vfs, options) {
     var methods = options.methods || Object.keys(vfs);
     var readonly = "readonly" in options ? options.readonly : false;
     var blocked = !!options.blocked;
-    var extendToken = options.extendToken;
 
     var roMethods = {
         resolve: 1,
@@ -74,18 +73,24 @@ module.exports = function(vfs, options) {
             options[key] = extendOptions[key];
         }
         
-        if (options.code || options.stream) {
+        if (readonly) {
-            if (readonly && (!extendToken || extendToken !== options.extendToken))
+            var whitelist = {
-                return callback(new error.Forbidden("VFS extend: " + name + " with options 'stream' or 'code' not authorized in read only mode"));
+                "c9.ide.collab/server/collab-server.js": true,
-            else
+                "c9.ide.pubsub/pubsub-service.js": true,
-                return vfs.extend(name, options, callback);
+                "c9.vfs.client/ping-service.js": true,
+            };
+            if (!options.file || !whitelist[options.file])
+                return callback(new error.Forbidden("VFS extend: " + name + " is not authorized in read only mode"));
         }
+        
+        if (options.code || options.stream)
+            return vfs.extend(name, options, callback);
 
-         if (!options.file)
+        if (!options.file)
-             return callback(new error.Forbidden("Option 'file' is missing"));
+            return callback(new error.Forbidden("Option 'file' is missing"));
              
-         if (typeof options.file != "string")
+        if (typeof options.file != "string")
-             return callback(new error.Forbidden("Invalid option 'file'"));
+            return callback(new error.Forbidden("Invalid option 'file'"));
 
         if (extendDirectory) {
             var file = options.file = path.normalize(path.join(extendDirectory, options.file));

plugins/c9.vfs.standalone/standalone.js

@@ -255,7 +255,7 @@ function plugin(options, imports, register) {
     };    
     api.updatConfig = api.updatConfig || function(opts, params) {
         var id = params.token;
-        opts.accessToken = opts.extendToken = id || "token";
+        opts.accessToken = id || "token";
         var user = opts.extendOptions.user;
         user.id = id || -1;
         user.name = id ? "user" + id : "johndoe";