Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

subdir perms: allow empty perms

Browse Source 
empty perms will allow nothing on the specified subdir.

Non empty permissions for the "/" dir are still required.

Fixes #70
This commit is contained in:
Nicola Murino
2020-02-10 19:28:35 +01:00
parent 7bfe0ddf80
commit 8eff2df39c
5 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
httpd/httpd_test.go
View File

@@ -285,11 +285,18 @@ func TestAddUserInvalidPerms(t *testing.T) {
t.Errorf("unexpected error adding user with invalid perms: %v", err)
}
// permissions for root dir are mandatory
u.Permissions["/"] = []string{}
u.Permissions["/somedir"] = []string{dataprovider.PermAny}
_, _, err = httpd.AddUser(u, http.StatusBadRequest)
if err != nil {
t.Errorf("unexpected error adding user with no root dir perms: %v", err)
}
u.Permissions["/"] = []string{dataprovider.PermAny}
u.Permissions["/subdir/.."] = []string{dataprovider.PermAny}
_, _, err = httpd.AddUser(u, http.StatusBadRequest)
if err != nil {
t.Errorf("unexpected error adding user with invalid dir perms: %v", err)
}
}
func TestAddUserInvalidFilters(t *testing.T) {
@@ -407,6 +414,14 @@ func TestUpdateUser(t *testing.T) {
if err != nil {
t.Errorf("unable to update user: %v", err)
}
user.Permissions["/subdir"] = []string{}
user, _, err = httpd.UpdateUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to update user: %v", err)
}
if len(user.Permissions["/subdir"]) > 0 {
t.Errorf("unexpected subdir permissions, must be empty")
}
_, err = httpd.RemoveUser(user, http.StatusOK)
if err != nil {
t.Errorf("unable to remove: %v", err)
@@ -1136,12 +1151,18 @@ func TestUserPermissionsMock(t *testing.T) {
if err != nil {
t.Errorf("Error get user: %v", err)
}
user.Permissions["/somedir"] = []string{}
user.Permissions["/somedir"] = []string{"invalid"}
userAsJSON = getUserAsJSON(t, user)
req, _ = http.NewRequest(http.MethodPut, userPath+"/"+strconv.FormatInt(user.ID, 10), bytes.NewBuffer(userAsJSON))
rr = executeRequest(req)
checkResponseCode(t, http.StatusBadRequest, rr.Code)
delete(user.Permissions, "/somedir")
user.Permissions["/somedir/.."] = []string{dataprovider.PermAny}
userAsJSON = getUserAsJSON(t, user)
req, _ = http.NewRequest(http.MethodPut, userPath+"/"+strconv.FormatInt(user.ID, 10), bytes.NewBuffer(userAsJSON))
rr = executeRequest(req)
checkResponseCode(t, http.StatusBadRequest, rr.Code)
delete(user.Permissions, "/somedir/..")
user.Permissions["not_abs_path"] = []string{dataprovider.PermAny}
userAsJSON = getUserAsJSON(t, user)
req, _ = http.NewRequest(http.MethodPut, userPath+"/"+strconv.FormatInt(user.ID, 10), bytes.NewBuffer(userAsJSON))

2
httpd/web.go
View File

@@ -200,7 +200,7 @@ func getUserPermissionsFromPostFields(r *http.Request) map[string][]string {
perms = append(perms, cleanedPerm)
}
}
if len(dir) > 0 && len(perms) > 0 {
if len(dir) > 0 {
permissions[dir] = perms
}
}