diff --git a/templates/my-shares.html b/templates/my-shares.html
index 9a6d047..af8e8c6 100644
--- a/templates/my-shares.html
+++ b/templates/my-shares.html
@@ -62,6 +62,6 @@
Add User
{{ end }}
- Create Share
+ Create Share
{{ end }}
\ No newline at end of file
diff --git a/webadmin.go b/webadmin.go
index be2675e..f41997e 100644
--- a/webadmin.go
+++ b/webadmin.go
@@ -477,11 +477,24 @@ Are you sure you want to continue?`, loginName)
ar.Route("/create-share", func(r chi.Router) {
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
sessionContext := h.buildSessionContext(w, r)
+
+ owned := r.FormValue("owned") == "true"
+ if !owned && sessionContext.user.Role != GlobalRoleAdmin {
+ sessionContext.Unauthorized()
+ return
+ }
+
sessionContext.RenderPage(h.tplCreateShare, nil)
})
r.Post("/", func(w http.ResponseWriter, r *http.Request) {
sessionContext := h.buildSessionContext(w, r)
+ owned := r.FormValue("owned") == "true"
+ if !owned && sessionContext.user.Role != GlobalRoleAdmin {
+ sessionContext.Unauthorized()
+ return
+ }
+
share, err := app.shareStore.CreateShare()
if err != nil {
sessionContext.RenderError(template.HTML("Cannot create share: "+err.Error()), "")
@@ -496,7 +509,15 @@ Are you sure you want to continue?`, loginName)
return
}
- sessionContext.Redirect("shares#share-" + share.UUID.String())
+ if owned {
+ if err := app.shareStore.AddUserToShare(share, sessionContext.user.Username, ShareRoleAdmin); err != nil {
+ sessionContext.RenderError(template.HTML("Cannot add self to share: "+err.Error()), "")
+ return
+ }
+ sessionContext.Redirect("my-shares#share-" + share.UUID.String())
+ } else {
+ sessionContext.Redirect("shares#share-" + share.UUID.String())
+ }
})
})
ar.Post("/delete-share", func(w http.ResponseWriter, r *http.Request) {