aboutsummaryrefslogtreecommitdiffstats
path: root/storage-backend
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--storage-backend/config/config.inc.php2
-rw-r--r--storage-backend/index.php7
2 files changed, 9 insertions, 0 deletions
diff --git a/storage-backend/config/config.inc.php b/storage-backend/config/config.inc.php
index 9a96ad9..3b2f80a 100644
--- a/storage-backend/config/config.inc.php
+++ b/storage-backend/config/config.inc.php
@@ -12,5 +12,7 @@ return [
'invalid_characters_in_filename' => ['/'],
// Validity time of a delete token in seconds
'delete_token_validity' => 5 * 60,
+ // Flag to whether deletion is only allowed by creator or anybody
+ 'delete_only_by_creator' => true,
];
?> \ No newline at end of file
diff --git a/storage-backend/index.php b/storage-backend/index.php
index 8639499..eae06ef 100644
--- a/storage-backend/index.php
+++ b/storage-backend/index.php
@@ -81,6 +81,13 @@ switch ($method) {
sendHttpReturnCodeAndJson(403, "The slot does not exist.");
}
+ if ($config['delete_only_by_creator']) {
+ $slotParameters = loadSlotParameters($slotUUID, $config);
+ if ($slotParameters['user_jid'] != $userJid) {
+ sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it.");
+ }
+ }
+
// generate delete token, register delete token
$deleteToken = generate_uuid();
registerDeleteToken($slotUUID, $filename, $deleteToken, $config);