nicoeri/filebrowser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make user without download permission unable to get resource that is file

Browse Source
This commit is contained in:
Dimas Ananda 2022-11-04 09:20:53 +07:00
parent 0401adf7f4
commit c08d58c05b
No known key found for this signature in database
GPG Key ID: BD0BB716C3B016E0
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
http/resource.go
View File

@ -33,6 +33,10 @@ var resourceGetHandler = withUser(func(w http.ResponseWriter, r *http.Request, d
return errToStatus(err), err
}
if !file.IsDir && !d.user.Perm.Download {
return 0, os.ErrPermission
}
if file.IsDir {
file.Listing.Sorting = d.user.Sorting
file.Listing.ApplySort()
@ -98,7 +102,7 @@ func resourcePostHandler(fileCache FileCache) handleFunc {
// Directories creation on POST.
if strings.HasSuffix(r.URL.Path, "/") {
err := d.user.Fs.MkdirAll(r.URL.Path, 0775) //nolint:gomnd
err := d.user.Fs.MkdirAll(r.URL.Path, 0o775) //nolint:gomnd
return errToStatus(err), err
}
@ -256,12 +260,12 @@ func addVersionSuffix(source string, fs afero.Fs) string {
func writeFile(fs afero.Fs, dst string, in io.Reader) (os.FileInfo, error) {
dir, _ := path.Split(dst)
err := fs.MkdirAll(dir, 0775) //nolint:gomnd
err := fs.MkdirAll(dir, 0o775) //nolint:gomnd
if err != nil {
return nil, err
}
file, err := fs.OpenFile(dst, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0775) //nolint:gomnd
file, err := fs.OpenFile(dst, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o775) //nolint:gomnd
if err != nil {
return nil, err
}