Boxroom
Security issue
A bug was discovered that let users access files they don't have read permissions for. To make sure that you are not affected by this do one of the following:
- Upgrade to the latest master branch source version
- Upgrade to Boxroom v2.1
- Download clipboard_contoller.patch and files_controller.patch and apply the patches as follows:
$ patch app/controllers/clipboard_controller.rb < clipboard_controller.patch
$ patch app/controllers/files_controller.rb < files_controller.patch
Intro
Boxroom is a Rails application that aims to be a simple interface for managing and sharing files in a web browser. It lets users create folders and upload, download and share files. Admins can manage users, groups and permissions.
Website: http://boxroomapp.com/
Bug reports and feature requests: https://github.com/mischa78/boxroom/issues/new
Requirements
The requirements for running Boxroom are:
- Ruby 2.1.0 or newer
- Rails 4.2.8
- A database (e.g. MySQL or SQLite)
Installation
Follow these steps:
- Extract, checkout or clone Boxroom into a new folder
cd
into the new folder- Install necessary gems:
$ bundle install
- Run the install script:
$ bundle exec rake install
- Start the server:
$ bundle exec rails server
- Point your browser to http://localhost:3000/
- Enjoy!
Mail settings
Boxroom sends email on the following occasions:
- When inviting new users
- On a reset password request
- When a file is shared
For the application to be able to send email, a few things have to be set up. Depending on the environment
you're working in, either open config/environments/development.rb
or config/environments/production.rb
.
Uncomment the following lines and fill in the correct settings of your mail server:
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => 'mailhost',
:port => 587,
:user_name => 'user_name',
:password => 'password',
:authentication => 'plain'
}
Also uncomment the following and replace localhost:3000
with the host name the app will be running under:
config.action_mailer.default_url_options = { :host => 'localhost:3000' }
Lastly, you have to choose the address emails will be sent from. You can do this by uncommenting and adjusting the following:
ActionMailer::Base.default :from => 'Boxroom <[email protected]>'
Languages
Thanks to Rob Halff, Marcus Ilgner, Jessica Marcon, Arnaud Sellenet, Burnaby John and marcosantoniocaro Boxroom is now available in Dutch, German, Italian, French, Simplified Chinese and Spanish.
English is the default. To change the language, open config/application.rb
and set the language you desire:
config.i18n.default_locale = :en # English
config.i18n.default_locale = :nl # Dutch
config.i18n.default_locale = :de # German
config.i18n.default_locale = :it # Italian
config.i18n.default_locale = :fr # French
config.i18n.default_locale = :'zh-CN' # Simplified Chinese
config.i18n.default_locale = :es # Spanish
It would be great to have many more languages. I am waiting for your pull requests.
JavaScript runtime
You need to have a JavaScript runtime installed to run Boxroom. Your system may already have a
runtime installed, but if not, you'll get an error message about a missing JavaScript runtime when
running the install script. In that case uncomment the following line in the Gemfile
:
# gem 'therubyracer', platforms: :ruby
and try running $ bundle install
and $ bundle exec rake install
again.
Roadmap
These are the features I am planning to implement at some point:
- Upgrade to Rails 5
- Functional tests
- Thumbnail view
- Full text search
- Extract uploaded zip files
- Batch create new users for admins
Credits
Contributors:
- Jessica Marcon
- Marcus Ilgner
- Rob Halff
- Ryan Michael
- Thomas Volkmar Worm
- Joan Marc Carbo
- Stian Haklev
- Craig Box
- Stephan Toggweiler
- Kale Worsley
- Arnaud Sellenet
- Patrick Fratczak
- Alessandro Lepore
- Cayce Balara
- Burnaby John
- Andreas Venturini
- marcosantoniocaro
- Claudio Ceballos Paz
Donations:
- IT Partners
- Matt Meshulam
- April Colo
- Mohd Sofian
Icons:
License
Copyright (c) 2006-2017 Mischa Berger
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.