From e5a996452db95905251d1c48393eff40c4fe84a3 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Sun, 1 Nov 2020 15:22:59 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20new=20own=20share=20not=20?= =?UTF-8?q?being=20accessible?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/my-shares.html | 2 +- webadmin.go | 23 ++++++++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/templates/my-shares.html b/templates/my-shares.html index 9a6d047..af8e8c6 100644 --- a/templates/my-shares.html +++ b/templates/my-shares.html @@ -62,6 +62,6 @@ Add User {{ end }} - Create Share + Create Share {{ end }} \ No newline at end of file diff --git a/webadmin.go b/webadmin.go index be2675e..f41997e 100644 --- a/webadmin.go +++ b/webadmin.go @@ -477,11 +477,24 @@ Are you sure you want to continue?`, loginName) ar.Route("/create-share", func(r chi.Router) { r.Get("/", func(w http.ResponseWriter, r *http.Request) { sessionContext := h.buildSessionContext(w, r) + + owned := r.FormValue("owned") == "true" + if !owned && sessionContext.user.Role != GlobalRoleAdmin { + sessionContext.Unauthorized() + return + } + sessionContext.RenderPage(h.tplCreateShare, nil) }) r.Post("/", func(w http.ResponseWriter, r *http.Request) { sessionContext := h.buildSessionContext(w, r) + owned := r.FormValue("owned") == "true" + if !owned && sessionContext.user.Role != GlobalRoleAdmin { + sessionContext.Unauthorized() + return + } + share, err := app.shareStore.CreateShare() if err != nil { sessionContext.RenderError(template.HTML("Cannot create share: "+err.Error()), "") @@ -496,7 +509,15 @@ Are you sure you want to continue?`, loginName) return } - sessionContext.Redirect("shares#share-" + share.UUID.String()) + if owned { + if err := app.shareStore.AddUserToShare(share, sessionContext.user.Username, ShareRoleAdmin); err != nil { + sessionContext.RenderError(template.HTML("Cannot add self to share: "+err.Error()), "") + return + } + sessionContext.Redirect("my-shares#share-" + share.UUID.String()) + } else { + sessionContext.Redirect("shares#share-" + share.UUID.String()) + } }) }) ar.Post("/delete-share", func(w http.ResponseWriter, r *http.Request) {