mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2026-01-12 15:52:39 -07:00
Code Issues Actions Packages Projects Releases Wiki Activity

shares: remove delete-permission (closes #1023);

Browse source 
until now, shares could be created with permissions read/write/delete
(any combination thereof), however the delete option was never fully
implemented and dysfunctional, hence now removed

using vn0/rem0 throughout _handle_rm would almost be sufficient
however the primary concern is ensuring integrity of metadata tables,
and _forget_file expects a dbv rather than the share's vn
This commit is contained in:
ed 2025-12-01 16:32:33 +00:00
parent ba7387209a
commit 04ac7fbd21
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
copyparty/httpcli.py
View file

@ -6231,6 +6231,9 @@ class HttpCli(object):
self.log("unpost was denied" + BADXFF, 1) self.log("unpost was denied" + BADXFF, 1)
raise Pebkac(403, "the delete feature is disabled in server config") raise Pebkac(403, "the delete feature is disabled in server config")
if not unpost and self.vn.shr_src:
raise Pebkac(403, "files in shares can only be deleted with unpost")
if not req: if not req:
req = [self.vpath] req = [self.vpath]
elif self.is_vproxied: elif self.is_vproxied:

2
copyparty/web/browser.js
View file

@ -3825,7 +3825,7 @@ var fileman = (function () {
'<tr><td>perms</td><td class="sh_axs">', '<tr><td>perms</td><td class="sh_axs">',
]; ];
for (var a = 0; a < perms.length; a++) for (var a = 0; a < perms.length; a++)
if (!has(['admin', 'move'], perms[a])) if (!has(['admin', 'move', 'delete'], perms[a]))
html.push('<a href="#" class="tgl btn">' + perms[a] + '</a>'); html.push('<a href="#" class="tgl btn">' + perms[a] + '</a>');
if (has(perms, 'write')) if (has(perms, 'write'))