shares: remove delete-permission (closes #1023);

until now, shares could be created with permissions read/write/delete (any combination thereof), however the delete option was never fully implemented and dysfunctional, hence now removed using vn0/rem0 throughout _handle_rm would almost be sufficient however the primary concern is ensuring integrity of metadata tables, and _forget_file expects a dbv rather than the share's vn
2025-12-08 06:03:29 -07:00 · 2025-12-01 16:32:33 +00:00 · 2025-12-01 16:32:33 +00:00 · 04ac7fbd21
parent ba7387209a
commit 04ac7fbd21
2 changed files with 4 additions and 1 deletions
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@ -6231,6 +6231,9 @@ class HttpCli(object):
            self.log("unpost was denied" + BADXFF, 1)
            raise Pebkac(403, "the delete feature is disabled in server config")

+        if not unpost and self.vn.shr_src:
+            raise Pebkac(403, "files in shares can only be deleted with unpost")
+
        if not req:
            req = [self.vpath]
        elif self.is_vproxied:
--- a/copyparty/web/browser.js
+++ b/copyparty/web/browser.js
@ -3825,7 +3825,7 @@ var fileman = (function () {
 			'<tr><td>perms</td><td class="sh_axs">',
 		];
 		for (var a = 0; a < perms.length; a++)
-			if (!has(['admin', 'move'], perms[a]))
+			if (!has(['admin', 'move', 'delete'], perms[a]))
 				html.push('<a href="#" class="tgl btn">' + perms[a] + '</a>');

 		if (has(perms, 'write'))