diff options
author | steckbrief <steckbrief@chefmail.de> | 2016-08-21 12:23:19 +0200 |
---|---|---|
committer | steckbrief <steckbrief@chefmail.de> | 2016-08-21 12:23:19 +0200 |
commit | 3e797e3fe1ea662b308ec2797172eed65a4ce532 (patch) | |
tree | bd80e6e180f17f346abb695279660c6c82b32d52 /storage-backend/index.php | |
parent | 15090fe1bede4e1ad5672c6a645db1a56a777610 (diff) |
added possibility to restrict deletion to the user who originally uploaded the file
Diffstat (limited to 'storage-backend/index.php')
-rw-r--r-- | storage-backend/index.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/storage-backend/index.php b/storage-backend/index.php index 8639499..eae06ef 100644 --- a/storage-backend/index.php +++ b/storage-backend/index.php @@ -81,6 +81,13 @@ switch ($method) { sendHttpReturnCodeAndJson(403, "The slot does not exist."); } + if ($config['delete_only_by_creator']) { + $slotParameters = loadSlotParameters($slotUUID, $config); + if ($slotParameters['user_jid'] != $userJid) { + sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it."); + } + } + // generate delete token, register delete token $deleteToken = generate_uuid(); registerDeleteToken($slotUUID, $filename, $deleteToken, $config); |