aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-01-05 17:42:56 -0800
committerfriendica <info@friendica.com>2014-01-05 17:42:56 -0800
commitcbc34a40adc167de5c0c263f0407ba721d0f973e (patch)
tree47abd5fe1d6b7e2cc36ad4552ec882add37b7773
parentd0be9d3b23ee980fde94e1a8130ddfa070ee4dba (diff)
downloadvolse-hubzilla-cbc34a40adc167de5c0c263f0407ba721d0f973e.tar.gz
volse-hubzilla-cbc34a40adc167de5c0c263f0407ba721d0f973e.tar.bz2
volse-hubzilla-cbc34a40adc167de5c0c263f0407ba721d0f973e.zip
reddav: bring permissions up to date with recent code changes
-rw-r--r--include/reddav.php12
1 files changed, 9 insertions, 3 deletions
diff --git a/include/reddav.php b/include/reddav.php
index f5298884a..d3a7b35b5 100644
--- a/include/reddav.php
+++ b/include/reddav.php
@@ -125,7 +125,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection {
return;
}
- if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) {
+ if(($this->auth->owner_id) && (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'view_storage'))) {
throw new DAV\Exception\Forbidden('Permission denied.');
return;
}
@@ -159,7 +159,13 @@ class RedDirectory extends DAV\Node implements DAV\ICollection {
// logger('createFile():' . stream_get_contents($data));
- if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage')) {
+ if(! $this->auth->owner_id) {
+ logger('createFile: permission denied');
+ throw new DAV\Exception\Forbidden('Permission denied.');
+ return;
+ }
+
+ if(! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage')) {
logger('createFile: permission denied');
throw new DAV\Exception\Forbidden('Permission denied.');
return;
@@ -336,7 +342,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
function setName($newName) {
logger('RedFile::setName: ' . basename($this->name) . ' -> ' . $newName);
- if((! $newName) || (! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage'))) {
+ if((! $newName) || (! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage'))) {
throw new DAV\Exception\Forbidden('Permission denied.');
return;
}