thedevstack/httpupload
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added possibility to restrict deletion to the user who originally uploaded the file

Browse source
This commit is contained in:
steckbrief 2016-08-21 12:23:19 +02:00
parent 15090fe1be
commit 3e797e3fe1
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
storage-backend/config/config.inc.php
View file

@ -12,5 +12,7 @@ return [
'invalid_characters_in_filename' => ['/'],
// Validity time of a delete token in seconds
'delete_token_validity' => 5 * 60,
// Flag to whether deletion is only allowed by creator or anybody
'delete_only_by_creator' => true,
];
?>

7
storage-backend/index.php
View file

@ -81,6 +81,13 @@ switch ($method) {
sendHttpReturnCodeAndJson(403, "The slot does not exist.");
}
if ($config['delete_only_by_creator']) {
$slotParameters = loadSlotParameters($slotUUID, $config);
if ($slotParameters['user_jid'] != $userJid) {
sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it.");
}
}
// generate delete token, register delete token
$deleteToken = generate_uuid();
registerDeleteToken($slotUUID, $filename, $deleteToken, $config);