Check user permissions before filesystem permissions in render_index.
This commit is contained in:
parent
e092a21c40
commit
029a5c07e1
|
@ -121,6 +121,14 @@ helper render_index => sub ($c) {
|
||||||
my $user = $c->req->env->{REMOTE_USER};
|
my $user = $c->req->env->{REMOTE_USER};
|
||||||
my $path = $url->path;
|
my $path = $url->path;
|
||||||
|
|
||||||
|
if ( not user_has_permission_on_path($user, 'READ', $path) ) {
|
||||||
|
$c->render(template => 'error',
|
||||||
|
status => '403',
|
||||||
|
message => 'You are not allowed to view that index!');
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if ( not -r $ROOT_DIRECTORY . $path->to_route ) {
|
if ( not -r $ROOT_DIRECTORY . $path->to_route ) {
|
||||||
$path->trailing_slash(0);
|
$path->trailing_slash(0);
|
||||||
$path = $path->to_dir;
|
$path = $path->to_dir;
|
||||||
|
@ -145,14 +153,6 @@ helper render_index => sub ($c) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( not user_has_permission_on_path($user, 'READ', $path) ) {
|
|
||||||
$c->render(template => 'error',
|
|
||||||
status => '403',
|
|
||||||
message => 'You are not allowed to view that index!');
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
my $sort_query = $url->query->param('sort');
|
my $sort_query = $url->query->param('sort');
|
||||||
my $files_hash_ref = get_files_at_path_sorted_by_query($path, $sort_query);
|
my $files_hash_ref = get_files_at_path_sorted_by_query($path, $sort_query);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue