shares: add get perm (closes #1264);

option was available in ui but never implemented serverside
This commit is contained in:
ed 2026-01-31 18:06:22 +00:00
parent 32c11f142e
commit 95b827f1a5
3 changed files with 16 additions and 9 deletions

View file

@ -1965,6 +1965,7 @@ class AuthSrv(object):
[sun] if "w" in s_pr else [],
[sun] if "m" in s_pr else [],
[sun] if "d" in s_pr else [],
[sun] if "g" in s_pr else [],
)
# don't know the abspath yet + wanna ensure the user

View file

@ -6355,8 +6355,11 @@ class HttpCli(object):
s_wr = "write" in req["perms"]
s_mv = "move" in req["perms"]
s_del = "delete" in req["perms"]
s_get = "get" in req["perms"]
s_axs = [s_rd, s_wr, s_mv, s_del, s_get]
try:
vfs, rem = self.asrv.vfs.get(vp, self.uname, s_rd, s_wr, s_mv, s_del)
vfs, rem = self.asrv.vfs.get(vp, self.uname, s_rd, s_wr, s_mv, s_del, s_get)
except:
raise Pebkac(400, "you dont have all the perms you tried to grant")
@ -6368,9 +6371,7 @@ class HttpCli(object):
else:
raise Pebkac(400, "you dont have perms to create shares from this volume")
ap, reals, _ = vfs.ls(
rem, self.uname, not self.args.no_scandir, [[s_rd, s_wr, s_mv, s_del]]
)
ap, reals, _ = vfs.ls(rem, self.uname, not self.args.no_scandir, [s_axs])
rfns = set([x[0] for x in reals])
for fn in fns:
if fn not in rfns:
@ -6382,7 +6383,7 @@ class HttpCli(object):
sexp = req["exp"]
exp = int(sexp) if sexp else 0
exp = now + exp * 60 if exp else 0
pr = "".join(zc for zc, zb in zip("rwmd", (s_rd, s_wr, s_mv, s_del)) if zb)
pr = "".join(zc for zc, zb in zip("rwmdg", s_axs) if zb)
q = "insert into sh values (?,?,?,?,?,?,?,?)"
cur.execute(q, (skey, pw, vp, pr, len(fns), self.uname, now, exp))
@ -6808,9 +6809,14 @@ class HttpCli(object):
fk_pass = True
if not is_dir and (self.can_read or self.can_get):
if not self.can_read and not fk_pass and "fk" in vn.flags:
if not use_filekey:
return self.tx_404(True)
if (
not self.can_read
and not fk_pass
and "fk" in vn.flags
and not use_filekey
and not self.vpath.startswith(self.args.shr1 or "\n")
):
return self.tx_404(True)
is_md = abspath.lower().endswith(".md")
if add_og and not is_md:

View file

@ -164,7 +164,7 @@ class Cfg(Namespace):
ex = "ctl_re db_act forget_ip idp_cookie idp_store k304 loris no304 nosubtle qr_pin qr_wait re_maxage rproxy rsp_jtr rsp_slp s_wr_slp snap_wri theme themes turbo u2ow zipmaxn zipmaxs"
ka.update(**{k: 0 for k in ex.split()})
ex = "ah_alg bname chdir chmod_f chpw_db db_xattr doctitle df epilogues exit favico ipa ipar html_head html_head_d html_head_s idp_login idp_logout lg_sba lg_sbf log_date log_fk md_sba md_sbf name og_desc og_site og_th og_title og_title_a og_title_v og_title_i opds_exts preadmes prologues readmes shr shr_site site smsg tcolor textfiles txt_eol ufavico ufavico_h unlist up_site vname xff_src zipmaxt R RS SR"
ex = "ah_alg bname chdir chmod_f chpw_db db_xattr doctitle df epilogues exit favico ipa ipar html_head html_head_d html_head_s idp_login idp_logout lg_sba lg_sbf log_date log_fk md_sba md_sbf name og_desc og_site og_th og_title og_title_a og_title_v og_title_i opds_exts preadmes prologues readmes shr shr1 shr_site site smsg tcolor textfiles txt_eol ufavico ufavico_h unlist up_site vname xff_src zipmaxt R RS SR"
ka.update(**{k: "" for k in ex.split()})
ex = "apnd_who ban_403 ban_404 ban_422 ban_pw ban_pwc ban_url dont_ban cachectl http_vary rcm rss_fmt_d rss_fmt_t spinner"