diff options
Diffstat (limited to 'Zotlabs/Storage/File.php')
| -rw-r--r-- | Zotlabs/Storage/File.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php index 68edde166..ee96363c4 100644 --- a/Zotlabs/Storage/File.php +++ b/Zotlabs/Storage/File.php @@ -121,6 +121,11 @@ class File extends DAV\Node implements DAV\IFile { logger('put file: ' . basename($this->name), LOGGER_DEBUG); $size = 0; + if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) { + logger('permission denied for put operation'); + throw new DAV\Exception\Forbidden('Permission denied.'); + } + // @todo only 3 values are needed $c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1", intval($this->auth->owner_id) |