enhance(backend): 管理者/モデレーターはファイルのアップロード制限をバイパスするように

Resolve #16687

1 files changed, 28 insertions, 25 deletions

diff --git a/packages/backend/src/core/DriveService.ts b/packages/backend/src/core/DriveService.ts
index 567bad2a2d..816f83ec93 100644
--- a/packages/backend/src/core/DriveService.ts
+++ b/packages/backend/src/core/DriveService.ts
@@ -517,40 +517,43 @@ export class DriveService {
 		this.registerLogger.debug(`ADD DRIVE FILE: user ${user?.id ?? 'not set'}, name ${detectedName}, tmp ${path}`);
 
 		//#region Check drive usage and mime type
-		if (user && !isLink) {
+		if (user != null && !isLink) {
 			const isLocalUser = this.userEntityService.isLocalUser(user);
-			const policies = await this.roleService.getUserPolicies(user.id);
+			const isModerator = isLocalUser ? await this.roleService.isModerator(user) : false;
+			if (!isModerator) {
+				const policies = await this.roleService.getUserPolicies(user.id);
 
-			const allowedMimeTypes = policies.uploadableFileTypes;
-			const isAllowed = allowedMimeTypes.some((mimeType) => {
-				if (mimeType === '*' || mimeType === '*/*') return true;
-				if (mimeType.endsWith('/*')) return info.type.mime.startsWith(mimeType.slice(0, -1));
-				return info.type.mime === mimeType;
-			});
-			if (!isAllowed) {
-				throw new IdentifiableError('bd71c601-f9b0-4808-9137-a330647ced9b', `Unallowed file type: ${info.type.mime}`);
-			}
+				const allowedMimeTypes = policies.uploadableFileTypes;
+				const isAllowed = allowedMimeTypes.some((mimeType) => {
+					if (mimeType === '*' || mimeType === '*/*') return true;
+					if (mimeType.endsWith('/*')) return info.type.mime.startsWith(mimeType.slice(0, -1));
+					return info.type.mime === mimeType;
+				});
+				if (!isAllowed) {
+					throw new IdentifiableError('bd71c601-f9b0-4808-9137-a330647ced9b', `Unallowed file type: ${info.type.mime}`);
+				}
 
-			const driveCapacity = 1024 * 1024 * policies.driveCapacityMb;
-			const maxFileSize = 1024 * 1024 * policies.maxFileSizeMb;
+				const driveCapacity = 1024 * 1024 * policies.driveCapacityMb;
+				const maxFileSize = 1024 * 1024 * policies.maxFileSizeMb;
 
-			if (maxFileSize < info.size) {
-				if (isLocalUser) {
-					throw new IdentifiableError('f9e4e5f3-4df4-40b5-b400-f236945f7073', 'Max file size exceeded.');
+				if (maxFileSize < info.size) {
+					if (isLocalUser) {
+						throw new IdentifiableError('f9e4e5f3-4df4-40b5-b400-f236945f7073', 'Max file size exceeded.');
+					}
 				}
-			}
 
-			const usage = await this.driveFileEntityService.calcDriveUsageOf(user);
+				const usage = await this.driveFileEntityService.calcDriveUsageOf(user);
 
-			this.registerLogger.debug('drive capacity override applied');
-			this.registerLogger.debug(`overrideCap: ${driveCapacity}bytes, usage: ${usage}bytes, u+s: ${usage + info.size}bytes`);
+				this.registerLogger.debug('drive capacity override applied');
+				this.registerLogger.debug(`overrideCap: ${driveCapacity}bytes, usage: ${usage}bytes, u+s: ${usage + info.size}bytes`);
 
-			// If usage limit exceeded
-			if (driveCapacity < usage + info.size) {
-				if (isLocalUser) {
-					throw new IdentifiableError('c6244ed2-a39a-4e1c-bf93-f0fbd7764fa6', 'No free space.');
+				// If usage limit exceeded
+				if (driveCapacity < usage + info.size) {
+					if (isLocalUser) {
+						throw new IdentifiableError('c6244ed2-a39a-4e1c-bf93-f0fbd7764fa6', 'No free space.');
+					}
+					await this.expireOldFile(await this.usersRepository.findOneByOrFail({ id: user.id }) as MiRemoteUser, driveCapacity - info.size);
 				}
-				await this.expireOldFile(await this.usersRepository.findOneByOrFail({ id: user.id }) as MiRemoteUser, driveCapacity - info.size);
 			}
 		}
 		//#endregion