Add User Permission check
Former-commit-id: 7ebed9e49ec603879685519d1faf7ed3d83e1ac6 [formerly 31dbbd185fa977815ceb6ea249f13c6935043e0f] [formerly f5c6acbcaea7fe009c2c26c8e9f3c10ed302d702 [formerly 7889b8488d
]]
Former-commit-id: 6f4a50f74ea9e573f1d520d91bec9f1d09213cca [formerly 957d5ecb7e92a81995eda1e41097beb21ef27f3f]
Former-commit-id: 1503bc70e1ff6eab125278aade3493e5b7ab5a71
pull/726/head
parent
fc1a78bb27
commit
9af6519280
|
@ -81,9 +81,10 @@ type User struct {
|
|||
CSS string `json:"css"`
|
||||
|
||||
// These indicate if the user can perform certain actions.
|
||||
AllowNew bool `json:"allowNew"` // Create files and folders
|
||||
AllowEdit bool `json:"allowEdit"` // Edit/rename files
|
||||
AllowCommands bool `json:"allowCommands"` // Execute commands
|
||||
AllowNew bool `json:"allowNew"` // Create files and folders
|
||||
AllowEdit bool `json:"allowEdit"` // Edit/rename files
|
||||
AllowCommands bool `json:"allowCommands"` // Execute commands
|
||||
Permissions map[string]bool `json:"permissions"` // Permissions added by plugins
|
||||
|
||||
// Commands is the list of commands the user can execute.
|
||||
Commands []string `json:"commands"`
|
||||
|
|
14
resource.go
14
resource.go
|
@ -116,7 +116,7 @@ func listingHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (
|
|||
|
||||
func resourceDeleteHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
|
||||
// Prevent the removal of the root directory.
|
||||
if r.URL.Path == "/" {
|
||||
if r.URL.Path == "/" || !c.User.AllowEdit {
|
||||
return http.StatusForbidden, nil
|
||||
}
|
||||
|
||||
|
@ -130,6 +130,14 @@ func resourceDeleteHandler(c *RequestContext, w http.ResponseWriter, r *http.Req
|
|||
}
|
||||
|
||||
func resourcePostPutHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
|
||||
if !c.User.AllowNew && r.Method == http.MethodPost {
|
||||
return http.StatusForbidden, nil
|
||||
}
|
||||
|
||||
if !c.User.AllowEdit && r.Method == http.MethodPut {
|
||||
return http.StatusForbidden, nil
|
||||
}
|
||||
|
||||
// Checks if the current request is for a directory and not a file.
|
||||
if strings.HasSuffix(r.URL.Path, "/") {
|
||||
// If the method is PUT, we return 405 Method not Allowed, because
|
||||
|
@ -179,6 +187,10 @@ func resourcePostPutHandler(c *RequestContext, w http.ResponseWriter, r *http.Re
|
|||
}
|
||||
|
||||
func resourcePatchHandler(c *RequestContext, w http.ResponseWriter, r *http.Request) (int, error) {
|
||||
if !c.User.AllowEdit {
|
||||
return http.StatusForbidden, nil
|
||||
}
|
||||
|
||||
dst := r.Header.Get("Destination")
|
||||
dst, err := url.QueryUnescape(dst)
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in New Issue