Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

只有'创建目录或上传'权限,无'重命名' '移动' '复制' '删除'权限的账号可以上传同名文件覆盖原文件 #8018

Open
4 tasks done
liserjrqlxue opened this issue Feb 18, 2025 · 0 comments
Open
4 tasks done

只有'创建目录或上传'权限,无'重命名' '移动' '复制' '删除'权限的账号可以上传同名文件覆盖原文件 #8018

liserjrqlxue opened this issue Feb 18, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@liserjrqlxue
Copy link

Please make sure of the following things

  • I have read the documentation.
    我已经阅读了文档

  • I'm sure there are no duplicate issues or discussions.
    我确定没有重复的issue或讨论。

  • I'm sure it's due to AList and not something else(such as Network ,Dependencies or Operational).
    我确定是AList的问题,而不是其他原因(例如网络依赖操作)。

  • I'm sure this issue is not fixed in the latest version.
    我确定这个问题在最新版本中没有被修复。

AList Version / AList 版本

v3.42.0

Driver used / 使用的存储驱动

local

Describe the bug / 问题描述

只有'创建目录或上传'权限,无'重命名' '移动' '复制' '删除'权限的账号可以上传同名文件覆盖原文件。
我觉得这不符合仅开放上传而不开放修改权限的需求。

用GUEST账号也测试了,只要前端勾选“覆盖已有的”,就能上传覆盖

Reproduction / 复现链接

内网无法提供链接,不过我觉得这个应该是通用问题,可以简单复现:

  1. 配置用户或者GUEST只有'创建目录或上传'权限
  2. 使用该用户登录进入可写目录,上传任意文件
  3. 再重新上传该文件,勾选“覆盖已有的”可成功上传

Image
注:截图第二个没勾选“覆盖已有的”上传失败,第三个是勾选“覆盖已有的”上传成功的

Config / 配置

{
  "force": false,
  "site_url": "",
  "cdn": "",
  "jwt_secret": "cLuU0x4kT58BmJLj",
  "token_expires_in": 48,
  "database": {
    "type": "sqlite3",
    "host": "",
    "port": 0,
    "user": "",
    "password": "",
    "name": "",
    "db_file": "C:\\Users\\jrqlxue\\scoop\\apps\\alist\\current\\data\\data.db",
    "table_prefix": "x_",
    "ssl_mode": "",
    "dsn": ""
  },
  "meilisearch": {
    "host": "http://localhost:7700",
    "api_key": "",
    "index_prefix": ""
  },
  "scheme": {
    "address": "0.0.0.0",
    "http_port": 5244,
    "https_port": -1,
    "force_https": false,
    "cert_file": "",
    "key_file": "",
    "unix_file": "",
    "unix_file_perm": ""
  },
  "temp_dir": "C:\\Users\\jrqlxue\\scoop\\apps\\alist\\current\\data\\temp",
  "bleve_dir": "C:\\Users\\jrqlxue\\scoop\\apps\\alist\\current\\data\\bleve",
  "dist_dir": "",
  "log": {
    "enable": true,
    "name": "C:\\Users\\jrqlxue\\scoop\\apps\\alist\\current\\data\\log\\log.log",
    "max_size": 50,
    "max_backups": 30,
    "max_age": 28,
    "compress": false
  },
  "delayed_start": 0,
  "max_connections": 0,
  "max_concurrency": 64,
  "tls_insecure_skip_verify": true,
  "tasks": {
    "download": {
      "workers": 5,
      "max_retry": 1,
      "task_persistant": false
    },
    "transfer": {
      "workers": 5,
      "max_retry": 2,
      "task_persistant": false
    },
    "upload": {
      "workers": 5,
      "max_retry": 0,
      "task_persistant": false
    },
    "copy": {
      "workers": 5,
      "max_retry": 2,
      "task_persistant": false
    },
    "decompress": {
      "workers": 5,
      "max_retry": 2,
      "task_persistant": false
    },
    "decompress_upload": {
      "workers": 5,
      "max_retry": 2,
      "task_persistant": false
    },
    "allow_retry_canceled": false
  },
  "cors": {
    "allow_origins": [
      "*"
    ],
    "allow_methods": [
      "*"
    ],
    "allow_headers": [
      "*"
    ]
  },
  "s3": {
    "enable": false,
    "port": 5246,
    "ssl": false
  },
  "ftp": {
    "enable": false,
    "listen": ":5221",
    "find_pasv_port_attempts": 50,
    "active_transfer_port_non_20": false,
    "idle_timeout": 900,
    "connection_timeout": 30,
    "disable_active_mode": false,
    "default_transfer_binary": false,
    "enable_active_conn_ip_check": true,
    "enable_pasv_conn_ip_check": true
  },
  "sftp": {
    "enable": false,
    "listen": ":5222"
  },
  "last_launched_version": "v3.42.0"
}

Logs / 日志

[GIN] 2025/02/18 - 12:05:02 | 200 |            0s |                 | GET      "/"
[GIN] 2025/02/18 - 12:05:02 | 200 |            0s |                 | GET      "/api/public/settings"
[GIN] 2025/02/18 - 12:05:02 | 200 |       116.1µs |                 | GET      "/api/public/archive_extensions"
[GIN] 2025/02/18 - 12:05:02 | 200 |            0s |                 | GET      "/api/me"
[GIN] 2025/02/18 - 12:05:02 | 200 |            0s |                 | POST     "/api/fs/get"
[GIN] 2025/02/18 - 12:05:02 | 200 |       1.001ms |                 | GET      "/api/public/offline_download_tools"
[GIN] 2025/02/18 - 12:05:02 | 200 |            0s |                 | POST     "/api/fs/list"
[GIN] 2025/02/18 - 12:05:05 | 200 |      2.0256ms |                 | POST     "/api/fs/list"
[GIN] 2025/02/18 - 12:05:08 | 200 |         457µs |                 | POST     "/api/fs/list"
[GIN] 2025/02/18 - 12:05:15 | 200 |      1.7432ms |                 | PUT      "/api/fs/put"
[GIN] 2025/02/18 - 12:05:15 | 200 |            0s |                 | POST     "/api/fs/list"
[GIN] 2025/02/18 - 12:05:25 | 200 |      1.2097ms |                 | PUT      "/api/fs/put"
[GIN] 2025/02/18 - 12:05:25 | 200 |       847.2µs |                 | POST     "/api/fs/list"
[GIN] 2025/02/18 - 12:05:36 | 200 |      1.0395ms |                 | PUT      "/api/fs/put"
[GIN] 2025/02/18 - 12:05:36 | 200 |       769.9µs |                 | POST     "/api/fs/list"
@liserjrqlxue liserjrqlxue added the bug Something isn't working label Feb 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@liserjrqlxue