yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: files.create permissions (#5877)

Browse Source 
* fix: files.create permissions

* test

* new
This commit is contained in:
Tom Moor
2023-09-24 15:02:49 -04:00
committed by GitHub
parent e50e0bba53
commit 42cc991317
4 changed files with 106 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/storage/server/api/files.ts
View File

@@ -2,7 +2,11 @@ import JWT from "jsonwebtoken";
import Router from "koa-router";
import mime from "mime-types";
import env from "@server/env";
import { AuthenticationError, ValidationError } from "@server/errors";
import {
AuthenticationError,
AuthorizationError,
ValidationError,
} from "@server/errors";
import auth from "@server/middlewares/authentication";
import multipart from "@server/middlewares/multipart";
import { rateLimiter } from "@server/middlewares/rateLimiter";
@@ -37,11 +41,11 @@ router.post(
rejectOnEmpty: true,
});
if (attachment.isPrivate) {
authorize(actor, "createAttachment", actor.team);
if (attachment?.userId !== actor.id) {
throw AuthorizationError("Invalid key");
}
await attachment.overwriteFile(file);
await attachment.writeFile(file);
ctx.body = {
success: true,