From 95b827f1a5248ae4ee89c630a9ed563a1d85dca9 Mon Sep 17 00:00:00 2001 From: ed Date: Sat, 31 Jan 2026 18:06:22 +0000 Subject: [PATCH] shares: add `get` perm (closes #1264); option was available in ui but never implemented serverside --- copyparty/authsrv.py | 1 + copyparty/httpcli.py | 22 ++++++++++++++-------- tests/util.py | 2 +- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py index 0a6b1d17..3b71ba22 100644 --- a/copyparty/authsrv.py +++ b/copyparty/authsrv.py @@ -1965,6 +1965,7 @@ class AuthSrv(object): [sun] if "w" in s_pr else [], [sun] if "m" in s_pr else [], [sun] if "d" in s_pr else [], + [sun] if "g" in s_pr else [], ) # don't know the abspath yet + wanna ensure the user diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py index d5bdbb9d..f9b5dc18 100644 --- a/copyparty/httpcli.py +++ b/copyparty/httpcli.py @@ -6355,8 +6355,11 @@ class HttpCli(object): s_wr = "write" in req["perms"] s_mv = "move" in req["perms"] s_del = "delete" in req["perms"] + s_get = "get" in req["perms"] + s_axs = [s_rd, s_wr, s_mv, s_del, s_get] + try: - vfs, rem = self.asrv.vfs.get(vp, self.uname, s_rd, s_wr, s_mv, s_del) + vfs, rem = self.asrv.vfs.get(vp, self.uname, s_rd, s_wr, s_mv, s_del, s_get) except: raise Pebkac(400, "you dont have all the perms you tried to grant") @@ -6368,9 +6371,7 @@ class HttpCli(object): else: raise Pebkac(400, "you dont have perms to create shares from this volume") - ap, reals, _ = vfs.ls( - rem, self.uname, not self.args.no_scandir, [[s_rd, s_wr, s_mv, s_del]] - ) + ap, reals, _ = vfs.ls(rem, self.uname, not self.args.no_scandir, [s_axs]) rfns = set([x[0] for x in reals]) for fn in fns: if fn not in rfns: @@ -6382,7 +6383,7 @@ class HttpCli(object): sexp = req["exp"] exp = int(sexp) if sexp else 0 exp = now + exp * 60 if exp else 0 - pr = "".join(zc for zc, zb in zip("rwmd", (s_rd, s_wr, s_mv, s_del)) if zb) + pr = "".join(zc for zc, zb in zip("rwmdg", s_axs) if zb) q = "insert into sh values (?,?,?,?,?,?,?,?)" cur.execute(q, (skey, pw, vp, pr, len(fns), self.uname, now, exp)) @@ -6808,9 +6809,14 @@ class HttpCli(object): fk_pass = True if not is_dir and (self.can_read or self.can_get): - if not self.can_read and not fk_pass and "fk" in vn.flags: - if not use_filekey: - return self.tx_404(True) + if ( + not self.can_read + and not fk_pass + and "fk" in vn.flags + and not use_filekey + and not self.vpath.startswith(self.args.shr1 or "\n") + ): + return self.tx_404(True) is_md = abspath.lower().endswith(".md") if add_og and not is_md: diff --git a/tests/util.py b/tests/util.py index a665c090..bab194d3 100644 --- a/tests/util.py +++ b/tests/util.py @@ -164,7 +164,7 @@ class Cfg(Namespace): ex = "ctl_re db_act forget_ip idp_cookie idp_store k304 loris no304 nosubtle qr_pin qr_wait re_maxage rproxy rsp_jtr rsp_slp s_wr_slp snap_wri theme themes turbo u2ow zipmaxn zipmaxs" ka.update(**{k: 0 for k in ex.split()}) - ex = "ah_alg bname chdir chmod_f chpw_db db_xattr doctitle df epilogues exit favico ipa ipar html_head html_head_d html_head_s idp_login idp_logout lg_sba lg_sbf log_date log_fk md_sba md_sbf name og_desc og_site og_th og_title og_title_a og_title_v og_title_i opds_exts preadmes prologues readmes shr shr_site site smsg tcolor textfiles txt_eol ufavico ufavico_h unlist up_site vname xff_src zipmaxt R RS SR" + ex = "ah_alg bname chdir chmod_f chpw_db db_xattr doctitle df epilogues exit favico ipa ipar html_head html_head_d html_head_s idp_login idp_logout lg_sba lg_sbf log_date log_fk md_sba md_sbf name og_desc og_site og_th og_title og_title_a og_title_v og_title_i opds_exts preadmes prologues readmes shr shr1 shr_site site smsg tcolor textfiles txt_eol ufavico ufavico_h unlist up_site vname xff_src zipmaxt R RS SR" ka.update(**{k: "" for k in ex.split()}) ex = "apnd_who ban_403 ban_404 ban_422 ban_pw ban_pwc ban_url dont_ban cachectl http_vary rcm rss_fmt_d rss_fmt_t spinner"