Mirror/filesafe
1
0
Fork 0
mirror of https://github.com/BobbyWibowo/lolisafe.git synced 2025-02-07 05:49:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: limit upload to specific usergroups

Browse Source
This commit is contained in:
Bobby Wibowo 2021-05-22 20:59:00 +07:00
parent 38388e90c7
commit 48488667c8
No known key found for this signature in database
GPG Key ID: 51C3A1E1E22D26CF
2 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config.sample.js
View File

@ -7,6 +7,14 @@ module.exports = {
*/ */
private: true, private: true,
/*
If set, only the specified group AND any groups higher than it
will be allowed to upload new files.
Any other groups, assuming registered, will still be able to manage their previously uploaded files.
*/
privateUploadGroup: null, // Other group names in controllers/permissionController.js
privateUploadCustomRespond: null,
/* /*
If true, users will be able to create accounts and access their uploaded files. If true, users will be able to create accounts and access their uploaded files.
*/ */

6
controllers/uploadController.js
View File

@ -264,6 +264,12 @@ self.upload = async (req, res, next) => {
user = await utils.assertUser(req.headers.token) user = await utils.assertUser(req.headers.token)
} }
if (config.privateUploadGroup) {
if (!user || !perms.is(user, config.privateUploadGroup)) {
throw new ClientError(config.privateUploadCustomRespond || 'Your usergroup is not permitted to upload new files.', { statusCode: 403 })
}
}
let albumid = parseInt(req.headers.albumid || req.params.albumid) let albumid = parseInt(req.headers.albumid || req.params.albumid)
if (isNaN(albumid)) albumid = null if (isNaN(albumid)) albumid = null