diff options
| author | steckbrief <steckbrief@chefmail.de> | 2016-08-21 12:23:19 +0200 |
|---|---|---|
| committer | steckbrief <steckbrief@chefmail.de> | 2016-08-21 12:23:19 +0200 |
| commit | 3e797e3fe1ea662b308ec2797172eed65a4ce532 (patch) | |
| tree | bd80e6e180f17f346abb695279660c6c82b32d52 | |
| parent | 15090fe1bede4e1ad5672c6a645db1a56a777610 (diff) | |
added possibility to restrict deletion to the user who originally uploaded the file
| -rw-r--r-- | storage-backend/config/config.inc.php | 2 | ||||
| -rw-r--r-- | storage-backend/index.php | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/storage-backend/config/config.inc.php b/storage-backend/config/config.inc.php index 9a96ad9..3b2f80a 100644 --- a/storage-backend/config/config.inc.php +++ b/storage-backend/config/config.inc.php @@ -12,5 +12,7 @@ return [ 'invalid_characters_in_filename' => ['/'], // Validity time of a delete token in seconds 'delete_token_validity' => 5 * 60, + // Flag to whether deletion is only allowed by creator or anybody + 'delete_only_by_creator' => true, ]; ?>
\ No newline at end of file diff --git a/storage-backend/index.php b/storage-backend/index.php index 8639499..eae06ef 100644 --- a/storage-backend/index.php +++ b/storage-backend/index.php @@ -81,6 +81,13 @@ switch ($method) { sendHttpReturnCodeAndJson(403, "The slot does not exist."); } + if ($config['delete_only_by_creator']) { + $slotParameters = loadSlotParameters($slotUUID, $config); + if ($slotParameters['user_jid'] != $userJid) { + sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it."); + } + } + // generate delete token, register delete token $deleteToken = generate_uuid(); registerDeleteToken($slotUUID, $filename, $deleteToken, $config); |