CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-29 08:51:28 +13:00
Code Issues Projects Releases Wiki Activity

Remove permissions check

Browse source
This commit is contained in:
Jake Barnby 2024-03-08 09:46:43 +01:00
parent 2318fad508
commit 2c92837d3a
No known key found for this signature in database
GPG key ID: C437A8CC85B96E9C
1 changed files with 2 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
app/controllers/api/storage.php
View file

@ -1351,18 +1351,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/push')
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
}
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
$validator = new Authorization(Database::PERMISSION_READ);
$valid = $validator->isValid($bucket->getRead());
if (!$fileSecurity && !$valid) {
throw new Exception(Exception::USER_UNAUTHORIZED);
}
if ($fileSecurity && !$valid) {
$file = $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId);
} else {
$file = Authorization::skip(fn () => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
}
$file = Authorization::skip(fn () => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
if ($file->isEmpty()) {
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
@ -1388,8 +1377,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/push')
->addHeader('X-Content-Type-Options', 'nosniff')
->addHeader('Content-Disposition', 'inline; filename="' . $file->getAttribute('name', '') . '"')
->addHeader('Expires', \date('D, d M Y H:i:s', \time() + (60 * 60 * 24 * 45)) . ' GMT') // 45 days cache
->addHeader('X-Peak', \memory_get_peak_usage())
;
->addHeader('X-Peak', \memory_get_peak_usage());
$size = $file->getAttribute('sizeOriginal', 0);