accessDisconUser = 22 // Toggles red user name in user list
accessCannotBeDiscon = 23
accessGetClientInfo = 24
- // accessUploadAnywhere = 25
+ accessUploadAnywhere = 25
// accessAnyName = 26
// accessNoAgreement = 27
// accessSetFileComment = 28
// accessSetFolderComment = 29
- // accessViewDropBoxes = 30
+ accessViewDropBoxes = 30
accessMakeAlias = 31
accessBroadcast = 32
accessNewsDeleteArt = 33
"encoding/binary"
"errors"
"path"
+ "strings"
)
const pathSeparator = "/" // File path separator TODO: make configurable to support Windows
}
const minFilePathLen = 2
+
func (fp *FilePath) UnmarshalBinary(b []byte) error {
if b == nil {
return nil
return nil
}
+func (fp *FilePath) IsDropbox() bool {
+ if fp.Len() == 0 {
+ return false
+ }
+
+ return strings.Contains(strings.ToLower(string(fp.Items[fp.Len()-1].Name)), "drop box")
+}
+
+func (fp *FilePath) IsUploadDir() bool {
+ if fp.Len() == 0 {
+ return false
+ }
+
+ return strings.Contains(strings.ToLower(string(fp.Items[fp.Len()-1].Name)), "uploads")
+}
+
func (fp *FilePath) Len() uint16 {
return binary.BigEndian.Uint16(fp.ItemCount[:])
}
delName := pathStrs[len(pathStrs)-1]
if len(pathStrs) > 1 {
- for _, path := range pathStrs[0 : len(pathStrs)-1] {
- cats = cats[path].SubCats
+ for _, fp := range pathStrs[0 : len(pathStrs)-1] {
+ cats = cats[fp].SubCats
}
}
transactionRef := cc.Server.NewTransactionRef()
data := binary.BigEndian.Uint32(transactionRef)
+ var fp FilePath
+ if t.GetField(fieldFilePath).Data != nil {
+ if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+ return res, err
+ }
+ }
+
+ // Handle special cases for Upload and Drop Box folders
+ if !authorize(cc.Account.Access, accessUploadAnywhere) {
+ if !fp.IsUploadDir() && !fp.IsDropbox() {
+ res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(fieldFileName).Data))))
+ return res, err
+ }
+ }
+
fileTransfer := &FileTransfer{
FileName: t.GetField(fieldFileName).Data,
FilePath: t.GetField(fieldFilePath).Data,
return res, err
}
+// HandleUploadFile
+// Special cases:
+// * If the target directory contains "uploads" (case insensitive)
func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
- // TODO: add permission handing for upload folders and drop boxes
if !authorize(cc.Account.Access, accessUploadFile) {
res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
return res, err
fileName := t.GetField(fieldFileName).Data
filePath := t.GetField(fieldFilePath).Data
+ var fp FilePath
+ if filePath != nil {
+ if err = fp.UnmarshalBinary(filePath); err != nil {
+ return res, err
+ }
+ }
+
+ // Handle special cases for Upload and Drop Box folders
+ if !authorize(cc.Account.Access, accessUploadAnywhere) {
+ if !fp.IsUploadDir() && !fp.IsDropbox() {
+ res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName))))
+ return res, err
+ }
+ }
+
transactionRef := cc.Server.NewTransactionRef()
data := binary.BigEndian.Uint32(transactionRef)
return res, err
}
+ var fp FilePath
+ if t.GetField(fieldFilePath).Data != nil {
+ if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+ return res, err
+ }
+ }
+
+ // Handle special case for drop box folders
+ if fp.IsDropbox() && !authorize(cc.Account.Access, accessViewDropBoxes) {
+ res = append(res, cc.NewReply(t))
+ return res, err
+ }
+
fileNames, err := getFileNameList(fullPath)
if err != nil {
return res, err
git.r.bdr.sh / rbdr / mobius / commitdiff