Review fixes
This commit is contained in:
parent
8307b2148f
commit
593c62116c
1 changed files with 11 additions and 11 deletions
|
@ -751,7 +751,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId')
|
||||||
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
|
if ($file->isEmpty()) {
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -830,7 +830,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/preview')
|
||||||
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
|
if ($file->isEmpty()) {
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -964,7 +964,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/download')
|
||||||
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
|
if ($file->isEmpty()) {
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1095,7 +1095,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/view')
|
||||||
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
|
if ($file->isEmpty()) {
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1237,7 +1237,7 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
|
||||||
// Read permission should not be required for update
|
// Read permission should not be required for update
|
||||||
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
||||||
|
|
||||||
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
|
if ($file->isEmpty()) {
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1248,13 +1248,9 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
|
||||||
Database::PERMISSION_DELETE,
|
Database::PERMISSION_DELETE,
|
||||||
]);
|
]);
|
||||||
|
|
||||||
if (\is_null($permissions)) {
|
|
||||||
$permissions = $file->getPermissions() ?? [];
|
|
||||||
}
|
|
||||||
|
|
||||||
// Users can only manage their own roles, API keys and Admin users can manage any
|
// Users can only manage their own roles, API keys and Admin users can manage any
|
||||||
$roles = Authorization::getRoles();
|
$roles = Authorization::getRoles();
|
||||||
if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles)) {
|
if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles) && !\is_null($permissions)) {
|
||||||
foreach (Database::PERMISSIONS as $type) {
|
foreach (Database::PERMISSIONS as $type) {
|
||||||
foreach ($permissions as $permission) {
|
foreach ($permissions as $permission) {
|
||||||
$permission = Permission::parse($permission);
|
$permission = Permission::parse($permission);
|
||||||
|
@ -1273,6 +1269,10 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (\is_null($permissions)) {
|
||||||
|
$permissions = $file->getPermissions() ?? [];
|
||||||
|
}
|
||||||
|
|
||||||
$file->setAttribute('$permissions', $permissions);
|
$file->setAttribute('$permissions', $permissions);
|
||||||
|
|
||||||
if ($fileSecurity && !$valid) {
|
if ($fileSecurity && !$valid) {
|
||||||
|
@ -1334,7 +1334,7 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId')
|
||||||
// Read permission should not be required for delete
|
// Read permission should not be required for delete
|
||||||
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
|
||||||
|
|
||||||
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
|
if ($file->isEmpty()) {
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue