add back-end flags to #19

2024-06-07 23:00:43 +00:00 · 2016-08-21 19:21:09 +01:00 · 2016-08-21 19:21:09 +01:00 · 87de0ae1be
commit 87de0ae1be
parent c1290b149a
4 changed files with 34 additions and 23 deletions
--- a/config/config.go
+++ b/config/config.go
@ -21,6 +21,7 @@ type Config struct {
 	Token       string // Anti CSRF token
 	HugoEnabled bool   // Enables the Hugo plugin for File Manager
 	Users       map[string]*UserConfig
+	CurrentUser *UserConfig
 }

 // UserConfig contains the configuration for each user
--- a/directory/file.go
+++ b/directory/file.go
@ -170,17 +170,6 @@ func (i *Info) serveSingleFile(w http.ResponseWriter, r *http.Request, c *config
 		},
 	}

-	// Set the current User
-	user, _, ok := r.BasicAuth()
-
-	if !ok {
-		page.Info.User = c.UserConfig
-	}
-
-	if _, ok := c.Users[user]; ok {
-		page.Info.User = c.Users[user]
-	}
-
 	if CanBeEdited(i.Name) {
 		editor, err := i.GetEditor()

@ -261,17 +250,6 @@ func (i *Info) serveListing(w http.ResponseWriter, r *http.Request, c *config.Co
 		},
 	}

-	// Set the current User
-	user, _, ok := r.BasicAuth()
-
-	if !ok {
-		page.Info.User = c.UserConfig
-	}
-
-	if _, ok := c.Users[user]; ok {
-		page.Info.User = c.Users[user]
-	}
-
 	if r.Header.Get("Minimal") == "true" {
 		page.Minimal = true
 	}
--- a/filemanager.go
+++ b/filemanager.go
@ -41,8 +41,20 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
 		code        int
 		err         error
 		serveAssets bool
+		user        *config.UserConfig
 	)

+	// Set the current User
+	username, _, ok := r.BasicAuth()
+
+	if !ok {
+		user = c.UserConfig
+	}
+
+	if _, ok := c.Users[username]; ok {
+		user = c.Users[username]
+	}
+
 	for i := range f.Configs {
 		if httpserver.Path(r.URL.Path).Matches(f.Configs[i].BaseURL) {
 			c = &f.Configs[i]
@ -102,11 +114,20 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
 				if fi.IsDir {
 					return http.StatusNotAcceptable, nil
 				}
+
+				if !user.AllowEdit {
+					return http.StatusUnauthorized, nil
+				}
+
 				// Update a file
 				return fi.Update(w, r, c)
 			case http.MethodPost:
 				// Upload a new file
 				if r.Header.Get("Upload") == "true" {
+					if !user.AllowNew {
+						return http.StatusUnauthorized, nil
+					}
+
 					return upload(w, r, c)
 				}
 				// Search and git commands
@ -115,14 +136,26 @@ func (f FileManager) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, err
 				}
 				// VCS commands
 				if r.Header.Get("Command") != "" {
+					if !user.AllowCommands {
+						return http.StatusUnauthorized, nil
+					}
+
 					return vcsCommand(w, r, c)
 				}
 				// Creates a new folder
 				return newDirectory(w, r, c)
 			case http.MethodDelete:
+				if !user.AllowEdit {
+					return http.StatusUnauthorized, nil
+				}
+
 				// Delete a file or a directory
 				return fi.Delete()
 			case http.MethodPatch:
+				if !user.AllowEdit {
+					return http.StatusUnauthorized, nil
+				}
+
 				// Rename a file or directory
 				return fi.Rename(w, r)
 			default:
--- a/page/page.go
+++ b/page/page.go
@ -25,7 +25,6 @@ type Info struct {
 	Path   string
 	IsDir  bool
 	Config *config.Config
-	User   *config.UserConfig
 	Data   interface{}
 }