update comment regarding validation
This commit is contained in:
parent
b2b863f09f
commit
879320e23e
1 changed files with 12 additions and 2 deletions
|
@ -628,7 +628,12 @@ App::post('/v1/storage/buckets/:bucketId/files')
|
||||||
->setAttribute('metadata', $metadata)
|
->setAttribute('metadata', $metadata)
|
||||||
->setAttribute('chunksUploaded', $chunksUploaded);
|
->setAttribute('chunksUploaded', $chunksUploaded);
|
||||||
|
|
||||||
// Validate create permission
|
/**
|
||||||
|
* Validate create permission and skip authorization in updateDocument
|
||||||
|
* Without this, the file creation will fail when user doesn't have update permission
|
||||||
|
* However as with chunk upload even if we are updating, we are essentially creating a file
|
||||||
|
* adding it's new chunk so we validate create permission instead of update
|
||||||
|
*/
|
||||||
$validator = new Authorization(Database::PERMISSION_CREATE);
|
$validator = new Authorization(Database::PERMISSION_CREATE);
|
||||||
if (!$validator->isValid($bucket->getCreate())) {
|
if (!$validator->isValid($bucket->getCreate())) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
|
@ -670,7 +675,12 @@ App::post('/v1/storage/buckets/:bucketId/files')
|
||||||
->setAttribute('chunksUploaded', $chunksUploaded)
|
->setAttribute('chunksUploaded', $chunksUploaded)
|
||||||
->setAttribute('metadata', $metadata);
|
->setAttribute('metadata', $metadata);
|
||||||
|
|
||||||
// Validate create permission
|
/**
|
||||||
|
* Validate create permission and skip authorization in updateDocument
|
||||||
|
* Without this, the file creation will fail when user doesn't have update permission
|
||||||
|
* However as with chunk upload even if we are updating, we are essentially creating a file
|
||||||
|
* adding it's new chunk so we validate create permission instead of update
|
||||||
|
*/
|
||||||
$validator = new Authorization(Database::PERMISSION_CREATE);
|
$validator = new Authorization(Database::PERMISSION_CREATE);
|
||||||
if (!$validator->isValid($bucket->getCreate())) {
|
if (!$validator->isValid($bucket->getCreate())) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
|
|
Loading…
Reference in a new issue