From 1301b27e0e95e54498f669fe8fe552063826ad07 Mon Sep 17 00:00:00 2001
From: ner0 <ner00@users.noreply.github.com>
Date: Sun, 28 May 2023 19:29:16 +0100
Subject: [PATCH 1/2] Exclude multiple items from multiple users

Using multidimensional array to map specific excluded items to specific users.
---
 tinyfilemanager.php | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/tinyfilemanager.php b/tinyfilemanager.php
index 71786c98..72dbd661 100644
--- a/tinyfilemanager.php
+++ b/tinyfilemanager.php
@@ -100,6 +100,12 @@
 // e.g. array('myfile.html', 'personal-folder', '*.php', ...)
 $exclude_items = array();
 
+// Users excluded from listing excluded files and folders
+// e.g. 'username' => array('myfile.html', 'personal-folder', '*.php', ...)
+$exclude_items_users = array(
+    'username' => array(),
+);
+
 // Online office Docs Viewer
 // Availabe rules are 'google', 'microsoft' or false
 // Google => View documents using Google Docs Viewer
@@ -419,6 +425,7 @@ function getClientIP() {
 defined('FM_FILE_EXTENSION') || define('FM_FILE_EXTENSION', $allowed_file_extensions);
 defined('FM_UPLOAD_EXTENSION') || define('FM_UPLOAD_EXTENSION', $allowed_upload_extensions);
 defined('FM_EXCLUDE_ITEMS') || define('FM_EXCLUDE_ITEMS', (version_compare(PHP_VERSION, '7.0.0', '<') ? serialize($exclude_items) : $exclude_items));
+defined('FM_EXCLUDE_ITEMS_USERS') || define('FM_EXCLUDE_ITEMS_USERS', (version_compare(PHP_VERSION, '7.0.0', '<') ? serialize($exclude_items_users) : $exclude_items_users));
 defined('FM_DOC_VIEWER') || define('FM_DOC_VIEWER', $online_viewer);
 define('FM_READONLY', $global_readonly || ($use_auth && !empty($readonly_users) && isset($_SESSION[FM_SESSION_ID]['logged']) && in_array($_SESSION[FM_SESSION_ID]['logged'], $readonly_users)));
 define('FM_IS_WIN', DIRECTORY_SEPARATOR == '\\');
@@ -2566,13 +2573,19 @@ function fm_is_exclude_items($file) {
     }
 
     $exclude_items = FM_EXCLUDE_ITEMS;
+    $exclude_items_users = FM_EXCLUDE_ITEMS_USERS;
     if (version_compare(PHP_VERSION, '7.0.0', '<')) {
         $exclude_items = unserialize($exclude_items);
+        $exclude_items_users = unserialize($exclude_items_users);
     }
-    if (!in_array($file, $exclude_items) && !in_array("*.$ext", $exclude_items)) {
-        return true;
+    if (in_array($file, $exclude_items) || in_array("*.$ext", $exclude_items) || (
+        isset($exclude_items_users[$_SESSION[FM_SESSION_ID]['logged']]) && (
+        in_array($file, $exclude_items_users[$_SESSION[FM_SESSION_ID]['logged']]) ||
+        in_array("*.$ext", $exclude_items_users[$_SESSION[FM_SESSION_ID]['logged']])))
+    ){
+        return false;
     }
-    return false;
+    return true;
 }
 
 /**

From f747457af5a62285dfc6b0cb57da782207d42d3a Mon Sep 17 00:00:00 2001
From: ner0 <ner00@users.noreply.github.com>
Date: Sun, 28 May 2023 20:39:37 +0100
Subject: [PATCH 2/2] Check in file viewer and file editor

---
 tinyfilemanager.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tinyfilemanager.php b/tinyfilemanager.php
index 72dbd661..fff5bf45 100644
--- a/tinyfilemanager.php
+++ b/tinyfilemanager.php
@@ -1650,7 +1650,10 @@ function getSelected($l) {
     $file = $_GET['view'];
     $file = fm_clean_path($file, false);
     $file = str_replace('/', '', $file);
-    if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items'])) {
+    if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items']) || (
+        isset($exclude_items_users[$_SESSION[FM_SESSION_ID]['logged']]) &&
+        in_array($file, $exclude_items_users[$_SESSION[FM_SESSION_ID]['logged']]))
+    ){
         fm_set_msg(lng('File not found'), 'error');
         $FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
     }
@@ -1849,7 +1852,10 @@ class="edit-file"><i class="fa fa-pencil-square-o"></i> <?php echo lng('Advanced
     $file = $_GET['edit'];
     $file = fm_clean_path($file, false);
     $file = str_replace('/', '', $file);
-    if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items'])) {
+    if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items']) || (
+        isset($exclude_items_users[$_SESSION[FM_SESSION_ID]['logged']]) &&
+        in_array($file, $exclude_items_users[$_SESSION[FM_SESSION_ID]['logged']]))
+    ){
         fm_set_msg(lng('File not found'), 'error');
         $FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
     }