Compare commits
3 Commits
453d6ab787
...
029a5c07e1
Author | SHA1 | Date |
---|---|---|
Sam Greytalon | 029a5c07e1 | |
Sam Greytalon | e092a21c40 | |
Sam Greytalon | ea4332d207 |
|
@ -28,6 +28,7 @@ Readonly::Hash my %MEANING_OF_HTTP_CODE => (
|
||||||
'404' => 'File Not Found',
|
'404' => 'File Not Found',
|
||||||
'409' => 'Conflict',
|
'409' => 'Conflict',
|
||||||
'413' => 'Payload Too Large',
|
'413' => 'Payload Too Large',
|
||||||
|
'500' => 'Internal Server Error',
|
||||||
);
|
);
|
||||||
|
|
||||||
Readonly my $ROOT_DIRECTORY => 'public';
|
Readonly my $ROOT_DIRECTORY => 'public';
|
||||||
|
@ -119,7 +120,27 @@ helper render_index => sub ($c) {
|
||||||
my $url = $c->req->url;
|
my $url = $c->req->url;
|
||||||
my $user = $c->req->env->{REMOTE_USER};
|
my $user = $c->req->env->{REMOTE_USER};
|
||||||
my $path = $url->path;
|
my $path = $url->path;
|
||||||
|
|
||||||
|
if ( not user_has_permission_on_path($user, 'READ', $path) ) {
|
||||||
|
$c->render(template => 'error',
|
||||||
|
status => '403',
|
||||||
|
message => 'You are not allowed to view that index!');
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( not -r $ROOT_DIRECTORY . $path->to_route ) {
|
||||||
|
$path->trailing_slash(0);
|
||||||
|
$path = $path->to_dir;
|
||||||
|
$url->path($path);
|
||||||
|
|
||||||
|
$c->render(template => 'error',
|
||||||
|
status => '500',
|
||||||
|
message => 'Dexter cannot read that file or index!');
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if ( not -d $ROOT_DIRECTORY . $path->to_route ) {
|
if ( not -d $ROOT_DIRECTORY . $path->to_route ) {
|
||||||
$path->trailing_slash(0);
|
$path->trailing_slash(0);
|
||||||
$path = $path->to_dir;
|
$path = $path->to_dir;
|
||||||
|
@ -132,14 +153,6 @@ helper render_index => sub ($c) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( not user_has_permission_on_path($user, 'READ', $path) ) {
|
|
||||||
$c->render(template => 'error',
|
|
||||||
status => '403',
|
|
||||||
message => 'You are not allowed to view that index!');
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
my $sort_query = $url->query->param('sort');
|
my $sort_query = $url->query->param('sort');
|
||||||
my $files_hash_ref = get_files_at_path_sorted_by_query($path, $sort_query);
|
my $files_hash_ref = get_files_at_path_sorted_by_query($path, $sort_query);
|
||||||
|
|
||||||
|
@ -326,6 +339,7 @@ sub make_size_human_readable ($size) {
|
||||||
|
|
||||||
sub user_save_file_to_path ($user, $file, $path) {
|
sub user_save_file_to_path ($user, $file, $path) {
|
||||||
my ( $code, $message ) = check_user_can_create_file($user, $path);
|
my ( $code, $message ) = check_user_can_create_file($user, $path);
|
||||||
|
( $code, $message ) = check_dexter_can_edit_file($path);
|
||||||
return $code, $message if $code != 200;
|
return $code, $message if $code != 200;
|
||||||
|
|
||||||
my $path_string = $ROOT_DIRECTORY . $path->to_route;
|
my $path_string = $ROOT_DIRECTORY . $path->to_route;
|
||||||
|
@ -337,6 +351,7 @@ sub user_save_file_to_path ($user, $file, $path) {
|
||||||
|
|
||||||
sub user_mkdir_at_path ($user, $path) {
|
sub user_mkdir_at_path ($user, $path) {
|
||||||
my ( $code, $message ) = check_user_can_create_file($user, $path);
|
my ( $code, $message ) = check_user_can_create_file($user, $path);
|
||||||
|
( $code, $message ) = check_dexter_can_edit_file($path);
|
||||||
return $code, $message if $code != 200;
|
return $code, $message if $code != 200;
|
||||||
|
|
||||||
my $path_string = $ROOT_DIRECTORY . $path->to_route;
|
my $path_string = $ROOT_DIRECTORY . $path->to_route;
|
||||||
|
@ -348,6 +363,7 @@ sub user_mkdir_at_path ($user, $path) {
|
||||||
|
|
||||||
sub user_delete_path ($user, $path) {
|
sub user_delete_path ($user, $path) {
|
||||||
my ( $code, $message ) = check_user_can_delete_file($user, $path);
|
my ( $code, $message ) = check_user_can_delete_file($user, $path);
|
||||||
|
( $code, $message ) = check_dexter_can_edit_file($path);
|
||||||
return $code, $message if $code != 200;
|
return $code, $message if $code != 200;
|
||||||
|
|
||||||
my $path_string = $ROOT_DIRECTORY . $path->to_route;
|
my $path_string = $ROOT_DIRECTORY . $path->to_route;
|
||||||
|
@ -368,9 +384,11 @@ sub user_delete_path ($user, $path) {
|
||||||
|
|
||||||
sub user_move_path_to_path ($user, $path, $new_path) {
|
sub user_move_path_to_path ($user, $path, $new_path) {
|
||||||
my ( $code, $message ) = check_user_can_delete_file($user, $path);
|
my ( $code, $message ) = check_user_can_delete_file($user, $path);
|
||||||
|
( $code, $message ) = check_dexter_can_edit_file($path);
|
||||||
return $code, $message if $code != 200;
|
return $code, $message if $code != 200;
|
||||||
|
|
||||||
( $code, $message ) = check_user_can_create_file($user, $new_path);
|
( $code, $message ) = check_user_can_create_file($user, $new_path);
|
||||||
|
( $code, $message ) = check_dexter_can_edit_file($new_path);
|
||||||
return $code, $message if $code != 200;
|
return $code, $message if $code != 200;
|
||||||
|
|
||||||
my $path_string = $ROOT_DIRECTORY . $path->to_route;
|
my $path_string = $ROOT_DIRECTORY . $path->to_route;
|
||||||
|
@ -592,6 +610,16 @@ sub check_user_can_delete_file ($user, $path) {
|
||||||
return 200, '';
|
return 200, '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub check_dexter_can_edit_file ($path) {
|
||||||
|
my $path_string = $path->to_route;
|
||||||
|
|
||||||
|
if ( not -w $ROOT_DIRECTORY . $path_string ) {
|
||||||
|
return 500, "Dexter cannot edit the file at '$path_string'!";
|
||||||
|
}
|
||||||
|
|
||||||
|
return 200, '';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if ( module_installed('OpenBSD::Unveil') ) {
|
if ( module_installed('OpenBSD::Unveil') ) {
|
||||||
|
|
Loading…
Reference in New Issue