diff options
author | friendica <info@friendica.com> | 2014-01-05 17:42:56 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-01-05 17:42:56 -0800 |
commit | cbc34a40adc167de5c0c263f0407ba721d0f973e (patch) | |
tree | 47abd5fe1d6b7e2cc36ad4552ec882add37b7773 /include/reddav.php | |
parent | d0be9d3b23ee980fde94e1a8130ddfa070ee4dba (diff) | |
download | volse-hubzilla-cbc34a40adc167de5c0c263f0407ba721d0f973e.tar.gz volse-hubzilla-cbc34a40adc167de5c0c263f0407ba721d0f973e.tar.bz2 volse-hubzilla-cbc34a40adc167de5c0c263f0407ba721d0f973e.zip |
reddav: bring permissions up to date with recent code changes
Diffstat (limited to 'include/reddav.php')
-rw-r--r-- | include/reddav.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/include/reddav.php b/include/reddav.php index f5298884a..d3a7b35b5 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -125,7 +125,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { return; } - if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'view_storage')) { + if(($this->auth->owner_id) && (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'view_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); return; } @@ -159,7 +159,13 @@ class RedDirectory extends DAV\Node implements DAV\ICollection { // logger('createFile():' . stream_get_contents($data)); - if(! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage')) { + if(! $this->auth->owner_id) { + logger('createFile: permission denied'); + throw new DAV\Exception\Forbidden('Permission denied.'); + return; + } + + if(! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage')) { logger('createFile: permission denied'); throw new DAV\Exception\Forbidden('Permission denied.'); return; @@ -336,7 +342,7 @@ class RedFile extends DAV\Node implements DAV\IFile { function setName($newName) { logger('RedFile::setName: ' . basename($this->name) . ' -> ' . $newName); - if((! $newName) || (! perm_is_allowed($this->auth->channel_id,$this->auth->observer,'write_storage'))) { + if((! $newName) || (! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id,$this->auth->observer,'write_storage'))) { throw new DAV\Exception\Forbidden('Permission denied.'); return; } |