From 3cfdbeafacccfca779b3bf4f0fe762943927c9de Mon Sep 17 00:00:00 2001
From: Adrien Castex <adrien.castex@gmail.com>
Date: Mon, 22 May 2017 12:18:42 +0200
Subject: [PATCH] Added missing privilege check

---
 lib/server/commands/Get.js | 32 +++++++++++++++++---------------
 src/server/commands/Get.ts | 36 +++++++++++++++++++-----------------
 2 files changed, 36 insertions(+), 32 deletions(-)

diff --git a/lib/server/commands/Get.js b/lib/server/commands/Get.js
index de2be3e0..c80512a4 100644
--- a/lib/server/commands/Get.js
+++ b/lib/server/commands/Get.js
@@ -8,21 +8,23 @@ function default_1(arg, callback) {
             callback();
             return;
         }
-        r.read(function (e, c) {
-            if (e)
-                arg.setCode(WebDAVRequest_1.HTTPCodes.MethodNotAllowed);
-            else {
-                arg.setCode(WebDAVRequest_1.HTTPCodes.OK);
-                var content = c;
-                if (c === undefined || c === null)
-                    content = new Buffer(0);
-                else if (c.constructor === Boolean || c.constructor === Number)
-                    content = c.toString();
-                else
-                    content = c;
-                arg.response.write(content);
-            }
-            callback();
+        arg.requirePrivilege(['canRead'], r, function () {
+            r.read(function (e, c) {
+                if (e)
+                    arg.setCode(WebDAVRequest_1.HTTPCodes.MethodNotAllowed);
+                else {
+                    arg.setCode(WebDAVRequest_1.HTTPCodes.OK);
+                    var content = c;
+                    if (c === undefined || c === null)
+                        content = new Buffer(0);
+                    else if (c.constructor === Boolean || c.constructor === Number)
+                        content = c.toString();
+                    else
+                        content = c;
+                    arg.response.write(content);
+                }
+                callback();
+            });
         });
     });
 }
diff --git a/src/server/commands/Get.ts b/src/server/commands/Get.ts
index 430c3b9a..7d97a4a3 100644
--- a/src/server/commands/Get.ts
+++ b/src/server/commands/Get.ts
@@ -11,24 +11,26 @@ export default function(arg : MethodCallArgs, callback)
             return;
         }
 
-        r.read((e, c) => {
-            if(e)
-                arg.setCode(HTTPCodes.MethodNotAllowed)
-            else
-            {
-                arg.setCode(HTTPCodes.OK);
-
-                let content : any = c;
-                if(c === undefined || c === null)
-                    content = new Buffer(0);
-                else if(c.constructor === Boolean || c.constructor === Number)
-                    content = c.toString()
+        arg.requirePrivilege([ 'canRead' ], r, () => {
+            r.read((e, c) => {
+                if(e)
+                    arg.setCode(HTTPCodes.MethodNotAllowed);
                 else
-                    content = c;
-                
-                arg.response.write(content);
-            }
-            callback();
+                {
+                    arg.setCode(HTTPCodes.OK);
+
+                    let content : any = c;
+                    if(c === undefined || c === null)
+                        content = new Buffer(0);
+                    else if(c.constructor === Boolean || c.constructor === Number)
+                        content = c.toString()
+                    else
+                        content = c;
+                    
+                    arg.response.write(content);
+                }
+                callback();
+            })
         })
     })
 }