feat: limit upload to specific usergroups

2025-01-18 17:21:33 +00:00 · 2021-05-22 20:59:00 +07:00 · 2021-05-22 20:59:00 +07:00 · 48488667c8
commit 48488667c8
parent 38388e90c7
2 changed files with 26 additions and 12 deletions
--- a/config.sample.js
+++ b/config.sample.js
@ -7,6 +7,14 @@ module.exports = {
  */
  private: true,

+  /*
+    If set, only the specified group AND any groups higher than it
+    will be allowed to upload new files.
+    Any other groups, assuming registered, will still be able to manage their previously uploaded files.
+  */
+  privateUploadGroup: null, // Other group names in controllers/permissionController.js
+  privateUploadCustomRespond: null,
+
  /*
    If true, users will be able to create accounts and access their uploaded files.
  */
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@ -264,6 +264,12 @@ self.upload = async (req, res, next) => {
      user = await utils.assertUser(req.headers.token)
    }

+    if (config.privateUploadGroup) {
+      if (!user || !perms.is(user, config.privateUploadGroup)) {
+        throw new ClientError(config.privateUploadCustomRespond || 'Your usergroup is not permitted to upload new files.', { statusCode: 403 })
+      }
+    }
+
    let albumid = parseInt(req.headers.albumid || req.params.albumid)
    if (isNaN(albumid)) albumid = null