summaryrefslogtreecommitdiff
path: root/src/server/api/endpoints/drive/files/update.ts
diff options
context:
space:
mode:
authorsyuilo <syuilotan@yahoo.co.jp>2018-12-19 00:57:28 +0900
committersyuilo <syuilotan@yahoo.co.jp>2018-12-19 00:57:28 +0900
commit7f77517fc80f43253a33055b64d30e6d7b751dfd (patch)
treef4ce4b91c0cc3873c8f396df4cfdbf8fb649388e /src/server/api/endpoints/drive/files/update.ts
parent[Client] Fix #3657 (diff)
downloadsharkey-7f77517fc80f43253a33055b64d30e6d7b751dfd.tar.gz
sharkey-7f77517fc80f43253a33055b64d30e6d7b751dfd.tar.bz2
sharkey-7f77517fc80f43253a33055b64d30e6d7b751dfd.zip
[Client] Resolve #3658
Diffstat (limited to 'src/server/api/endpoints/drive/files/update.ts')
-rw-r--r--src/server/api/endpoints/drive/files/update.ts7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/server/api/endpoints/drive/files/update.ts b/src/server/api/endpoints/drive/files/update.ts
index 7f9eb7bad3..a17ff2bf34 100644
--- a/src/server/api/endpoints/drive/files/update.ts
+++ b/src/server/api/endpoints/drive/files/update.ts
@@ -57,14 +57,17 @@ export default define(meta, (ps, user) => new Promise(async (res, rej) => {
// Fetch file
const file = await DriveFile
.findOne({
- _id: ps.fileId,
- 'metadata.userId': user._id
+ _id: ps.fileId
});
if (file === null) {
return rej('file-not-found');
}
+ if (!user.isAdmin && !user.isModerator && !file.metadata.userId.equals(user._id)) {
+ return rej('access denied');
+ }
+
if (ps.name) file.filename = ps.name;
if (ps.isSensitive !== undefined) file.metadata.isSensitive = ps.isSensitive;
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 20:42:17 +0000