aboutsummaryrefslogtreecommitdiffstats
path: root/storage-backend/index.php
diff options
context:
space:
mode:
authorsteckbrief <steckbrief@chefmail.de>2016-08-21 12:23:19 +0200
committersteckbrief <steckbrief@chefmail.de>2016-08-21 12:23:19 +0200
commit3e797e3fe1ea662b308ec2797172eed65a4ce532 (patch)
treebd80e6e180f17f346abb695279660c6c82b32d52 /storage-backend/index.php
parent15090fe1bede4e1ad5672c6a645db1a56a777610 (diff)
added possibility to restrict deletion to the user who originally uploaded the file
Diffstat (limited to 'storage-backend/index.php')
-rw-r--r--storage-backend/index.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/storage-backend/index.php b/storage-backend/index.php
index 8639499..eae06ef 100644
--- a/storage-backend/index.php
+++ b/storage-backend/index.php
@@ -81,6 +81,13 @@ switch ($method) {
sendHttpReturnCodeAndJson(403, "The slot does not exist.");
}
+ if ($config['delete_only_by_creator']) {
+ $slotParameters = loadSlotParameters($slotUUID, $config);
+ if ($slotParameters['user_jid'] != $userJid) {
+ sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it.");
+ }
+ }
+
// generate delete token, register delete token
$deleteToken = generate_uuid();
registerDeleteToken($slotUUID, $filename, $deleteToken, $config);