haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-19 18:29:23 +00:00
Code Issues Releases Wiki Activity

check folder permission before set user/group perm

Browse Source
This commit is contained in:
lian
2015-10-15 15:15:43 +08:00
parent 54f76e77e5
commit 2411e296c2
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
seahub/views/ajax.py
View File

@@ -2362,6 +2362,10 @@ def set_user_folder_perm(request, repo_id):
return HttpResponse(json.dumps({"error": _('Library does not exist')}), return HttpResponse(json.dumps({"error": _('Library does not exist')}),
status=400, content_type=content_type) status=400, content_type=content_type)
if check_folder_permission(request, repo_id, path) != 'rw':
return HttpResponse(json.dumps({"error": _('Permission denied')}),
status=403, content_type=content_type)
if is_org_context(request): if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id) repo_owner = seafile_api.get_org_repo_owner(repo_id)
else: else:
@@ -2504,6 +2508,10 @@ def set_group_folder_perm(request, repo_id):
return HttpResponse(json.dumps({"error": _('Library does not exist')}), return HttpResponse(json.dumps({"error": _('Library does not exist')}),
status=400, content_type=content_type) status=400, content_type=content_type)
if check_folder_permission(request, repo_id, path) != 'rw':
return HttpResponse(json.dumps({"error": _('Permission denied')}),
status=403, content_type=content_type)
if is_org_context(request): if is_org_context(request):
repo_owner = seafile_api.get_org_repo_owner(repo_id) repo_owner = seafile_api.get_org_repo_owner(repo_id)
else: else: