Commit21af86e

authored

feat: Allow users to make files (#4423)

1 parent510287b commit21af86eCopy full SHA for 21af86e

File tree

-2

lines changed

-2

lines changed

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ func (api API) postFile(rw http.ResponseWriter, r http.Request) {`
`23`	`23`	`apiKey:=httpmw.APIKey(r)`
`24`	`24`	`// This requires the site wide action to create files.`
`25`	`25`	`// Once created, a user can read their own files uploaded`
`26`		`-if!api.Authorize(r,rbac.ActionCreate,rbac.ResourceFile) {`
	`26`	`+if!api.Authorize(r,rbac.ActionCreate,rbac.ResourceFile.WithOwner(apiKey.UserID.String())) {`
`27`	`27`	`httpapi.Forbidden(rw)`
`28`	`28`	`return`
`29`	`29`	`}`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -250,7 +250,7 @@ func TestRolePermissions(t *testing.T) {`
`250`	`250`	`},`
`251`	`251`	`{`
`252`	`252`	`Name:"MyFile",`
`253`		`-Actions: []rbac.Action{rbac.ActionRead,rbac.ActionUpdate,rbac.ActionDelete},`
	`253`	`+Actions: []rbac.Action{rbac.ActionCreate,rbac.ActionRead,rbac.ActionUpdate,rbac.ActionDelete},`
`254`	`254`	`Resource:rbac.ResourceFile.WithOwner(currentUser.String()),`
`255`	`255`	`AuthorizeMap:map[bool][]authSubject{`
`256`	`256`	`true: {owner,memberMe,orgMemberMe,templateAdmin},`

Comments

(0)