diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index c2dd39479..8e96714f8 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -69,7 +69,7 @@ App::post('/v1/storage/buckets') ->inject('response') ->inject('dbForProject') ->inject('events') - ->action(function (string $bucketId, string $name, ?array $permissions, string $fileSecurity, bool $enabled, int $maximumFileSize, array $allowedFileExtensions, bool $encryption, bool $antivirus, Response $response, Database $dbForProject, Event $events) { + ->action(function (string $bucketId, string $name, ?array $permissions, bool $fileSecurity, bool $enabled, int $maximumFileSize, array $allowedFileExtensions, bool $encryption, bool $antivirus, Response $response, Database $dbForProject, Event $events) { $bucketId = $bucketId === 'unique()' ? ID::unique() : $bucketId; @@ -238,7 +238,7 @@ App::put('/v1/storage/buckets/:bucketId') ->inject('response') ->inject('dbForProject') ->inject('events') - ->action(function (string $bucketId, string $name, ?array $permissions, string $fileSecurity, bool $enabled, ?int $maximumFileSize, array $allowedFileExtensions, bool $encryption, bool $antivirus, Response $response, Database $dbForProject, Event $events) { + ->action(function (string $bucketId, string $name, ?array $permissions, bool $fileSecurity, bool $enabled, ?int $maximumFileSize, array $allowedFileExtensions, bool $encryption, bool $antivirus, Response $response, Database $dbForProject, Event $events) { $bucket = $dbForProject->getDocument('buckets', $bucketId); if ($bucket->isEmpty()) { @@ -741,7 +741,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId') $fileSecurity = $bucket->getAttribute('fileSecurity', false); $validator = new Authorization(Database::PERMISSION_READ); $valid = $validator->isValid($bucket->getRead()); - if (!$valid && !$fileSecurity) { + if (!$fileSecurity && !$valid) { throw new Exception(Exception::USER_UNAUTHORIZED); }