tweak: acl update

This commit is contained in:
KernelDeimos
2024-06-19 00:10:29 -04:00
parent 174e2b7781
commit 3e98f1a8a8
3 changed files with 23 additions and 4 deletions
@@ -165,6 +165,14 @@ module.exports = class FSNodeContext {
return ! this.entry.parent_uid;
}
async isPublic () {
if ( this.isRoot ) return false;
const components = await this.getPathComponents();
if ( await this.isUserDirectory() ) return false;
if ( components[1] === 'Public' ) return true;
return false;
}
async getPathComponents () {
if ( this.isRoot ) return [];
+9 -4
View File
@@ -1433,6 +1433,7 @@ async function generate_system_fsentries(user){
let documents_uuid = uuidv4();
let pictures_uuid = uuidv4();
let videos_uuid = uuidv4();
let public_uuid = uuidv4();
const insert_res = await db.write(
`INSERT INTO fsentries
@@ -1442,6 +1443,7 @@ async function generate_system_fsentries(user){
( ?, ?, ?, ?, ?, true, ?, ?, true),
( ?, ?, ?, ?, ?, true, ?, ?, true),
( ?, ?, ?, ?, ?, true, ?, ?, true),
( ?, ?, ?, ?, ?, true, ?, ?, true),
( ?, ?, ?, ?, ?, true, ?, ?, true)
`,
[
@@ -1457,6 +1459,8 @@ async function generate_system_fsentries(user){
pictures_uuid, root_dir.uid, user.id, 'Pictures', `/${user.username}/Pictures`, ts, ts,
// Videos
videos_uuid, root_dir.uid, user.id, 'Videos', `/${user.username}/Videos`, ts, ts,
// Public
public_uuid, root_dir.uid, user.id, 'Public', `/${user.username}/Public`, ts, ts,
]
);
@@ -1467,6 +1471,7 @@ async function generate_system_fsentries(user){
let documents_id = insert_res.insertId + 3;
let pictures_id = insert_res.insertId + 4;
let videos_id = insert_res.insertId + 5;
let public_id = insert_res.insertId + 6;
// Asynchronously set the user's system folders uuids in database
// This is for caching purposes, so we don't have to query the DB every time we need to access these folders
@@ -1476,13 +1481,13 @@ async function generate_system_fsentries(user){
// (IIAFE manager doesn't exist yet, hence this is a TODO)
db.write(
`UPDATE user SET
trash_uuid=?, appdata_uuid=?, desktop_uuid=?, documents_uuid=?, pictures_uuid=?, videos_uuid=?,
trash_id=?, appdata_id=?, desktop_id=?, documents_id=?, pictures_id=?, videos_id=?
trash_uuid=?, appdata_uuid=?, desktop_uuid=?, documents_uuid=?, pictures_uuid=?, videos_uuid=?, public_uuid=?,
trash_id=?, appdata_id=?, desktop_id=?, documents_id=?, pictures_id=?, videos_id=?, public_id=?
WHERE id=?`,
[
trash_uuid, appdata_uuid, desktop_uuid, documents_uuid, pictures_uuid, videos_uuid,
trash_id, appdata_id, desktop_id, documents_id, pictures_id, videos_id,
trash_uuid, appdata_uuid, desktop_uuid, documents_uuid, pictures_uuid, videos_uuid, public_uuid,
trash_id, appdata_id, desktop_id, documents_id, pictures_id, videos_id, public_id,
user.id
]
);
@@ -53,6 +53,12 @@ class ACLService extends BaseService {
}
return false;
}
// Hard rule: anyone and anything can read /user/public directories
const public_modes = ['read', 'list', 'see'];
if ( public_modes.includes(mode) ) {
if ( await fsNode.isPublic() ) return true;
}
// Access tokens only work if the authorizer has permission
if ( actor.type instanceof AccessTokenActorType ) {