From 3e797e3fe1ea662b308ec2797172eed65a4ce532 Mon Sep 17 00:00:00 2001
From: steckbrief <steckbrief@chefmail.de>
Date: Sun, 21 Aug 2016 12:23:19 +0200
Subject: added possibility to restrict deletion to the user who originally
 uploaded the file

---
 storage-backend/index.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'storage-backend/index.php')

diff --git a/storage-backend/index.php b/storage-backend/index.php
index 8639499..eae06ef 100644
--- a/storage-backend/index.php
+++ b/storage-backend/index.php
@@ -81,6 +81,13 @@ switch ($method) {
           sendHttpReturnCodeAndJson(403, "The slot does not exist.");
         }
         
+        if ($config['delete_only_by_creator']) {
+          $slotParameters = loadSlotParameters($slotUUID, $config);
+          if ($slotParameters['user_jid'] != $userJid) {
+            sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it.");
+          }
+        }
+        
         // generate delete token, register delete token
         $deleteToken = generate_uuid();
         registerDeleteToken($slotUUID, $filename, $deleteToken, $config);
-- 
cgit v1.2.3