mirror of
https://github.com/filebrowser/filebrowser
synced 2026-04-21 13:27:17 +00:00
fix: check download permission when sharing permission is enabled (#5875)
This commit is contained in:
Ariel Leyva
GitHub
parent
860c19ddf5
commit
0f39bd055e
4 changed files with 29 additions and 2 deletions
|
|
@ -23,6 +23,7 @@ var (
|
|||
ErrSourceIsParent = errors.New("source is parent")
|
||||
ErrRootUserDeletion = errors.New("the sole admin can't be deleted")
|
||||
ErrCurrentPasswordIncorrect = errors.New("the current password is incorrect")
|
||||
ErrShareRequiresDownload = errors.New("permission to share requires permission to download")
|
||||
)
|
||||
|
||||
type ErrShortPassword struct {
|
||||
|
|
|
|||
|
|
@ -17,7 +17,11 @@
|
|||
{{ $t("settings.perm.delete") }}
|
||||
</p>
|
||||
<p>
|
||||
<input type="checkbox" :disabled="admin" v-model="perm.download" />
|
||||
<input
|
||||
type="checkbox"
|
||||
:disabled="admin || perm.share"
|
||||
v-model="perm.download"
|
||||
/>
|
||||
{{ $t("settings.perm.download") }}
|
||||
</p>
|
||||
<p>
|
||||
|
|
@ -61,5 +65,15 @@ export default {
|
|||
},
|
||||
isExecEnabled: () => enableExec,
|
||||
},
|
||||
watch: {
|
||||
perm: {
|
||||
deep: true,
|
||||
handler() {
|
||||
if (this.perm.share === true) {
|
||||
this.perm.download = true;
|
||||
}
|
||||
},
|
||||
},
|
||||
},
|
||||
};
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -245,7 +245,7 @@
|
|||
"execute": "Execute commands",
|
||||
"modify": "Edit files",
|
||||
"rename": "Rename or move files and directories",
|
||||
"share": "Share files"
|
||||
"share": "Share files (require download permission)"
|
||||
},
|
||||
"permissions": "Permissions",
|
||||
"permissionsHelp": "You can set the user to be an administrator or choose the permissions individually. If you select \"Administrator\", all of the other options will be automatically checked. The management of users remains a privilege of an administrator.\n",
|
||||
|
|
|
|||
|
|
@ -156,6 +156,10 @@ var userPostHandler = withAdmin(func(w http.ResponseWriter, r *http.Request, d *
|
|||
return http.StatusBadRequest, err
|
||||
}
|
||||
|
||||
if req.Data.Perm.Share && !req.Data.Perm.Download {
|
||||
return http.StatusBadRequest, fberrors.ErrShareRequiresDownload
|
||||
}
|
||||
|
||||
userHome, err := d.settings.MakeUserDir(req.Data.Username, req.Data.Scope, d.server.Root)
|
||||
if err != nil {
|
||||
log.Printf("create user: failed to mkdir user home dir: [%s]", userHome)
|
||||
|
|
@ -204,6 +208,14 @@ var userPutHandler = withSelfOrAdmin(func(w http.ResponseWriter, r *http.Request
|
|||
return http.StatusBadRequest, nil
|
||||
}
|
||||
|
||||
for _, field := range req.Which {
|
||||
if strings.ToLower(field) == "perm" || strings.ToLower(field) == "all" {
|
||||
if req.Data.Perm.Share && !req.Data.Perm.Download {
|
||||
return http.StatusBadRequest, fberrors.ErrShareRequiresDownload
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if len(req.Which) == 0 || (len(req.Which) == 1 && req.Which[0] == "all") {
|
||||
if !d.user.Perm.Admin {
|
||||
return http.StatusForbidden, nil
|
||||
|
|
|
|||
Loading…
Reference in a new issue