diff options
| -rw-r--r-- | storage-backend/config/config.inc.php | 2 | ||||
| -rw-r--r-- | storage-backend/index.php | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/storage-backend/config/config.inc.php b/storage-backend/config/config.inc.php index 9a96ad9..3b2f80a 100644 --- a/storage-backend/config/config.inc.php +++ b/storage-backend/config/config.inc.php @@ -12,5 +12,7 @@ return [ 'invalid_characters_in_filename' => ['/'], // Validity time of a delete token in seconds 'delete_token_validity' => 5 * 60, + // Flag to whether deletion is only allowed by creator or anybody + 'delete_only_by_creator' => true, ]; ?>
\ No newline at end of file diff --git a/storage-backend/index.php b/storage-backend/index.php index 8639499..eae06ef 100644 --- a/storage-backend/index.php +++ b/storage-backend/index.php @@ -81,6 +81,13 @@ switch ($method) { sendHttpReturnCodeAndJson(403, "The slot does not exist."); } + if ($config['delete_only_by_creator']) { + $slotParameters = loadSlotParameters($slotUUID, $config); + if ($slotParameters['user_jid'] != $userJid) { + sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it."); + } + } + // generate delete token, register delete token $deleteToken = generate_uuid(); registerDeleteToken($slotUUID, $filename, $deleteToken, $config); |