ProjectHentai/alist
6
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add hide check to canAccess (close #2532)

Browse Source
This commit is contained in:
Noah Hsu
2022-11-30 22:01:33 +08:00
parent b5bf5f4325
commit 4980b71ba3
3 changed files with 21 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
server/common/check.go
View File

@ -1,6 +1,9 @@
package common
import (
"regexp"
"strings"
"github.com/alist-org/alist/v3/internal/model"
"github.com/alist-org/alist/v3/pkg/utils"
)
@ -12,8 +15,17 @@ func CanWrite(meta *model.Meta, path string) bool {
return meta.WSub || meta.Path == path
}
func CanAccess(user *model.User, meta *model.Meta, path string, password string) bool {
// if is not guest, can access
func CanAccess(user *model.User, meta *model.Meta, reqPath string, password string) bool {
// if the reqPath is in hide (only can check the nearest meta) and user can't see hides, can't access
if meta != nil && !user.CanSeeHides() {
for _, hide := range strings.Split(meta.Hide, "\n") {
re := regexp.MustCompile(hide)
if re.MatchString(reqPath[len(meta.Path):]) {
return false
}
}
}
// if is not guest and can access without password
if user.CanAccessWithoutPassword() {
return true
}
@ -22,7 +34,7 @@ func CanAccess(user *model.User, meta *model.Meta, path string, password string)
return true
}
// if meta doesn't apply to sub_folder, can access
if !utils.PathEqual(meta.Path, path) && !meta.PSub {
if !utils.PathEqual(meta.Path, reqPath) && !meta.PSub {
return true
}
// validate password