diff --git a/lib/server/v2/commands/Proppatch.js b/lib/server/v2/commands/Proppatch.js index 2565d7d4..6ae72838 100644 --- a/lib/server/v2/commands/Proppatch.js +++ b/lib/server/v2/commands/Proppatch.js @@ -85,63 +85,75 @@ var default_1 = (function () { .done(function (_) { return finalize_1(); }); }); }; - r.fs.isLocked(ctx, r.path, function (e, locked) { - if (e || locked) { + r.fs.checkPrivilege(ctx, r.path, 'canWriteProperties', function (e, can) { + console.log(e, can); + if (e || !can) { if (e) { if (!ctx.setCodeFromError(e)) ctx.setCode(WebDAVRequest_1.HTTPCodes.InternalServerError); } - else if (locked) - ctx.setCode(WebDAVRequest_1.HTTPCodes.Locked); + else if (!can) + ctx.setCodeFromError(Errors_1.Errors.NotEnoughPrivilege); return callback(); } - r.propertyManager(function (e, pm) { - if (e) { - if (!ctx.setCodeFromError(e)) - ctx.setCode(WebDAVRequest_1.HTTPCodes.InternalServerError); + r.fs.isLocked(ctx, r.path, function (e, locked) { + if (e || locked) { + if (e) { + if (!ctx.setCodeFromError(e)) + ctx.setCode(WebDAVRequest_1.HTTPCodes.InternalServerError); + } + else if (locked) + ctx.setCode(WebDAVRequest_1.HTTPCodes.Locked); return callback(); } - pm.getProperties(function (e, props) { + r.propertyManager(function (e, pm) { if (e) { if (!ctx.setCodeFromError(e)) ctx.setCode(WebDAVRequest_1.HTTPCodes.InternalServerError); return callback(); } - var properties = JSON.parse(JSON.stringify(props)); - var pushSetReverseAction = function (el) { - var prop = properties[el.name]; - if (prop) - reverse_1.push(function (cb) { return pm.setProperty(el.name, prop.value, prop.attributes, cb); }); - else - reverse_1.push(function (cb) { return pm.removeProperty(el.name, cb); }); - }; - var pushRemoveReverseAction = function (el) { - var prop = properties[el.name]; - reverse_1.push(function (cb) { return pm.setProperty(el.name, prop.value, prop.attributes, cb); }); - }; - execute_1('DAV:set', 'setProperty', function (el, callback) { - if (el.name.indexOf('DAV:') === 0) { - pushSetReverseAction(el); - return callback(Errors_1.Errors.Forbidden); + pm.getProperties(function (e, props) { + if (e) { + if (!ctx.setCodeFromError(e)) + ctx.setCode(WebDAVRequest_1.HTTPCodes.InternalServerError); + return callback(); } - pm.setProperty(el.name, el.elements, el.attributes, function (e) { - if (!e) + var properties = JSON.parse(JSON.stringify(props)); + var pushSetReverseAction = function (el) { + var prop = properties[el.name]; + if (prop) + reverse_1.push(function (cb) { return pm.setProperty(el.name, prop.value, prop.attributes, cb); }); + else + reverse_1.push(function (cb) { return pm.removeProperty(el.name, cb); }); + }; + var pushRemoveReverseAction = function (el) { + var prop = properties[el.name]; + reverse_1.push(function (cb) { return pm.setProperty(el.name, prop.value, prop.attributes, cb); }); + }; + execute_1('DAV:set', 'setProperty', function (el, callback) { + if (el.name.indexOf('DAV:') === 0) { pushSetReverseAction(el); - callback(e); + return callback(Errors_1.Errors.Forbidden); + } + pm.setProperty(el.name, el.elements, el.attributes, function (e) { + if (!e) + pushSetReverseAction(el); + callback(e); + }); }); - }); - execute_1('DAV:remove', 'removeProperty', function (el, callback) { - if (el.name.indexOf('DAV:') === 0) { - pushRemoveReverseAction(el); - return callback(Errors_1.Errors.Forbidden); - } - pm.removeProperty(el.name, function (e) { - if (!e) + execute_1('DAV:remove', 'removeProperty', function (el, callback) { + if (el.name.indexOf('DAV:') === 0) { pushRemoveReverseAction(el); - callback(e); + return callback(Errors_1.Errors.Forbidden); + } + pm.removeProperty(el.name, function (e) { + if (!e) + pushRemoveReverseAction(el); + callback(e); + }); }); - }); - }, false); + }, false); + }); }); }); } diff --git a/src/server/v2/commands/Proppatch.ts b/src/server/v2/commands/Proppatch.ts index a67953e6..d7b0a296 100644 --- a/src/server/v2/commands/Proppatch.ts +++ b/src/server/v2/commands/Proppatch.ts @@ -102,29 +102,35 @@ export default class implements HTTPMethod .done((_) => finalize()) }) } - - r.fs.isLocked(ctx, r.path, (e, locked) => { - if(e || locked) + + r.fs.checkPrivilege(ctx, r.path, 'canWriteProperties', (e, can) => { + console.log(e, can); + if(e || !can) { if(e) { if(!ctx.setCodeFromError(e)) ctx.setCode(HTTPCodes.InternalServerError) } - else if(locked) - ctx.setCode(HTTPCodes.Locked); + else if(!can) + ctx.setCodeFromError(Errors.NotEnoughPrivilege); return callback(); } - - r.propertyManager((e, pm) => { - if(e) + + r.fs.isLocked(ctx, r.path, (e, locked) => { + if(e || locked) { - if(!ctx.setCodeFromError(e)) - ctx.setCode(HTTPCodes.InternalServerError) + if(e) + { + if(!ctx.setCodeFromError(e)) + ctx.setCode(HTTPCodes.InternalServerError) + } + else if(locked) + ctx.setCode(HTTPCodes.Locked); return callback(); } - - pm.getProperties((e, props) => { + + r.propertyManager((e, pm) => { if(e) { if(!ctx.setCodeFromError(e)) @@ -132,46 +138,55 @@ export default class implements HTTPMethod return callback(); } - const properties = JSON.parse(JSON.stringify(props)); - - const pushSetReverseAction = (el : XMLElement) => { - const prop = properties[el.name]; - if(prop) - reverse.push((cb) => pm.setProperty(el.name, prop.value, prop.attributes, cb)); - else - reverse.push((cb) => pm.removeProperty(el.name, cb)); - } - const pushRemoveReverseAction = (el : XMLElement) => { - const prop = properties[el.name]; - reverse.push((cb) => pm.setProperty(el.name, prop.value, prop.attributes, cb)); - } - execute('DAV:set', 'setProperty', (el : XMLElement, callback) => { - if(el.name.indexOf('DAV:') === 0) + pm.getProperties((e, props) => { + if(e) { - pushSetReverseAction(el); - return callback(Errors.Forbidden); + if(!ctx.setCodeFromError(e)) + ctx.setCode(HTTPCodes.InternalServerError) + return callback(); } - pm.setProperty(el.name, el.elements, el.attributes, (e) => { - if(!e) - pushSetReverseAction(el); - callback(e); - }) - }) - execute('DAV:remove', 'removeProperty', (el : XMLElement, callback) => { - if(el.name.indexOf('DAV:') === 0) - { - pushRemoveReverseAction(el); - return callback(Errors.Forbidden); + const properties = JSON.parse(JSON.stringify(props)); + + const pushSetReverseAction = (el : XMLElement) => { + const prop = properties[el.name]; + if(prop) + reverse.push((cb) => pm.setProperty(el.name, prop.value, prop.attributes, cb)); + else + reverse.push((cb) => pm.removeProperty(el.name, cb)); + } + const pushRemoveReverseAction = (el : XMLElement) => { + const prop = properties[el.name]; + reverse.push((cb) => pm.setProperty(el.name, prop.value, prop.attributes, cb)); } + execute('DAV:set', 'setProperty', (el : XMLElement, callback) => { + if(el.name.indexOf('DAV:') === 0) + { + pushSetReverseAction(el); + return callback(Errors.Forbidden); + } - pm.removeProperty(el.name, (e) => { - if(!e) + pm.setProperty(el.name, el.elements, el.attributes, (e) => { + if(!e) + pushSetReverseAction(el); + callback(e); + }) + }) + execute('DAV:remove', 'removeProperty', (el : XMLElement, callback) => { + if(el.name.indexOf('DAV:') === 0) + { pushRemoveReverseAction(el); - callback(e); + return callback(Errors.Forbidden); + } + + pm.removeProperty(el.name, (e) => { + if(!e) + pushRemoveReverseAction(el); + callback(e); + }) }) - }) - }, false) + }, false) + }) }) }) }