Handle readonly access

This commit is contained in:
Andreas Schneider 2020-10-18 11:29:07 +02:00
parent 47a708de0e
commit 3d5976f3c3
2 changed files with 26 additions and 1 deletions

View File

@ -82,10 +82,11 @@ func (cmd *CmdServe) Run(app *app) error {
return return
} }
// TODO determine permissions readonly := share.ReadOnly || share.Role == ShareRoleReader
directoryMapping := DirectoryMapping{ directoryMapping := DirectoryMapping{
DataDirName: share.UUID.String(), DataDirName: share.UUID.String(),
ReadOnly: readonly,
} }
// Use the WebDAV handler to actually serve the request. Also enhance the context // Use the WebDAV handler to actually serve the request. Also enhance the context

View File

@ -35,6 +35,7 @@ package main
import ( import (
"context" "context"
"fmt"
"os" "os"
"path" "path"
"path/filepath" "path/filepath"
@ -45,6 +46,7 @@ import (
type DirectoryMapping struct { type DirectoryMapping struct {
DataDirName string DataDirName string
ReadOnly bool
} }
// slashClean is equivalent to but slightly more efficient than // slashClean is equivalent to but slightly more efficient than
@ -74,6 +76,11 @@ func (d BaseDir) resolve(ctx context.Context, name string) string {
} }
func (d BaseDir) Mkdir(ctx context.Context, name string, perm os.FileMode) error { func (d BaseDir) Mkdir(ctx context.Context, name string, perm os.FileMode) error {
directoryMapping := ctx.Value("mapping").(*DirectoryMapping)
if directoryMapping.ReadOnly {
return fmt.Errorf("forbidden")
}
if name = d.resolve(ctx, name); name == "" { if name = d.resolve(ctx, name); name == "" {
return os.ErrNotExist return os.ErrNotExist
} }
@ -81,6 +88,13 @@ func (d BaseDir) Mkdir(ctx context.Context, name string, perm os.FileMode) error
} }
func (d BaseDir) OpenFile(ctx context.Context, name string, flag int, perm os.FileMode) (webdav.File, error) { func (d BaseDir) OpenFile(ctx context.Context, name string, flag int, perm os.FileMode) (webdav.File, error) {
directoryMapping := ctx.Value("mapping").(*DirectoryMapping)
const writeFlags = os.O_APPEND | os.O_CREATE | os.O_RDWR | os.O_WRONLY | os.O_TRUNC
if flag&writeFlags != 0 && directoryMapping.ReadOnly {
return nil, fmt.Errorf("forbidden")
}
if name = d.resolve(ctx, name); name == "" { if name = d.resolve(ctx, name); name == "" {
return nil, os.ErrNotExist return nil, os.ErrNotExist
} }
@ -92,6 +106,11 @@ func (d BaseDir) OpenFile(ctx context.Context, name string, flag int, perm os.Fi
} }
func (d BaseDir) RemoveAll(ctx context.Context, name string) error { func (d BaseDir) RemoveAll(ctx context.Context, name string) error {
directoryMapping := ctx.Value("mapping").(*DirectoryMapping)
if directoryMapping.ReadOnly {
return fmt.Errorf("forbidden")
}
if name = d.resolve(ctx, name); name == "" { if name = d.resolve(ctx, name); name == "" {
return os.ErrNotExist return os.ErrNotExist
} }
@ -103,6 +122,11 @@ func (d BaseDir) RemoveAll(ctx context.Context, name string) error {
} }
func (d BaseDir) Rename(ctx context.Context, oldName, newName string) error { func (d BaseDir) Rename(ctx context.Context, oldName, newName string) error {
directoryMapping := ctx.Value("mapping").(*DirectoryMapping)
if directoryMapping.ReadOnly {
return fmt.Errorf("forbidden")
}
if oldName = d.resolve(ctx, oldName); oldName == "" { if oldName = d.resolve(ctx, oldName); oldName == "" {
return os.ErrNotExist return os.ErrNotExist
} }