doesnm/quickshare
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test(authz): refine authz tests

Browse source
This commit is contained in:
hexxa 2022-02-24 22:28:28 +08:00 committed by Hexxa
parent 731e4029c9
commit 0967ca53dc
6 changed files with 241 additions and 229 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/handlers/fileshdr/handlers.go
View file

@ -829,13 +829,20 @@ func (h *FileHandlers) DelUploading(c *gin.Context) {
}
userID := c.MustGet(q.UserIDParam).(string)
role := c.MustGet(q.RoleParam).(string)
userName := c.MustGet(q.UserParam).(string)
// op is empty, because users must be admin, or the path belongs to this user
if !h.canAccess(userName, role, "", filePath) {
c.JSON(q.ErrResp(c, 403, errors.New("forbidden")))
return
}
userIDInt, err := strconv.ParseUint(userID, 10, 64)
if err != nil {
c.JSON(q.ErrResp(c, 500, err))
return
}
userName := c.MustGet(q.UserParam).(string)
tmpFilePath := q.UploadPath(userName, filePath)
locker := h.NewAutoLocker(c, lockName(tmpFilePath))
locker.Exec(func() {