added possibility to restrict deletion to the user who originally uploaded the file
This commit is contained in:
steckbrief
parent
15090fe1be
commit
3e797e3fe1
2 changed files with 9 additions and 0 deletions
|
|
@ -12,5 +12,7 @@ return [
|
|||
'invalid_characters_in_filename' => ['/'],
|
||||
// Validity time of a delete token in seconds
|
||||
'delete_token_validity' => 5 * 60,
|
||||
// Flag to whether deletion is only allowed by creator or anybody
|
||||
'delete_only_by_creator' => true,
|
||||
];
|
||||
?>
|
||||
|
|
@ -81,6 +81,13 @@ switch ($method) {
|
|||
sendHttpReturnCodeAndJson(403, "The slot does not exist.");
|
||||
}
|
||||
|
||||
if ($config['delete_only_by_creator']) {
|
||||
$slotParameters = loadSlotParameters($slotUUID, $config);
|
||||
if ($slotParameters['user_jid'] != $userJid) {
|
||||
sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it.");
|
||||
}
|
||||
}
|
||||
|
||||
// generate delete token, register delete token
|
||||
$deleteToken = generate_uuid();
|
||||
registerDeleteToken($slotUUID, $filename, $deleteToken, $config);
|
||||
|
|
|
|||
Loading…
Reference in a new issue