doesnm/quickshare
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(files): sharing path must exactly match

Browse source
This commit is contained in:
hexxa 2021-08-25 14:50:27 +08:00 committed by Hexxa
parent bd6f961d03
commit d3bac9a47d
1 changed files with 5 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/handlers/fileshdr/handlers.go
View file

@ -89,13 +89,13 @@ func (lk *AutoLocker) Exec(handler func()) {
} }
// related elements: role, user, action(listing, downloading)/sharing // related elements: role, user, action(listing, downloading)/sharing
func (h *FileHandlers) canAccess(userName, role, op, path string) bool { func (h *FileHandlers) canAccess(userName, role, op, sharedPath string) bool {
if role == userstore.AdminRole { if role == userstore.AdminRole {
return true return true
} }
// the file path must start with userName: <userName>/... // the file path must start with userName: <userName>/...
parts := strings.Split(path, "/") parts := strings.Split(sharedPath, "/")
if len(parts) < 2 { // the path must be longer than <userName>/files if len(parts) < 2 { // the path must be longer than <userName>/files
return false return false
} else if parts[0] == userName { } else if parts[0] == userName {
@ -107,15 +107,9 @@ func (h *FileHandlers) canAccess(userName, role, op, path string) bool {
if op != "list" && op != "download" { if op != "list" && op != "download" {
return false return false
} }
// TODO: improve performance
for i := 1; i <= len(parts); i++ { _, ok := h.deps.FileInfos().GetSharing(sharedPath)
prefix := strings.Join(parts[0:i], "/") return ok
_, ok := h.deps.FileInfos().GetSharing(prefix)
if ok {
return true
}
}
return false
} }
type CreateReq struct { type CreateReq struct {