Hack for user specific locks and api access

pydio · Dec 11, 2017 · e61b5eb · e61b5eb
1 parent d269928
commit e61b5eb
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/core/src/plugins/core.conf/AbstractUser.php b/core/src/plugins/core.conf/AbstractUser.php
@@ -22,6 +22,7 @@
 
 use Pydio\Core\Model\RepositoryInterface;
 use Pydio\Core\Model\UserInterface;
+use Pydio\Core\Services\ApplicationState;
 use Pydio\Core\Services\ConfService;
 use Pydio\Core\Services\RepositoryService;
 use Pydio\Core\Services\RolesService;
@@ -345,7 +346,12 @@ public function getParent()
      */
     public function canRead($repositoryId)
     {
-        if($this->getLock() != false) return false;
+        if($this->getLock() != false) {
+            if(ApplicationState::getSapiRestBase() !== null && !$this->hasLockByName("logout")){
+                return $this->mergedRole->canRead($repositoryId);
+            }
+            return false;
+        }
         return $this->mergedRole->canRead($repositoryId);
     }
 
@@ -355,7 +361,12 @@ public function canRead($repositoryId)
      */
     public function canWrite($repositoryId)
     {
-        if($this->getLock() != false) return false;
+        if($this->getLock() != false) {
+            if(ApplicationState::getSapiRestBase() !== null && !$this->hasLockByName("logout")){
+                return $this->mergedRole->canWrite($repositoryId);
+            }
+            return false;
+        }
         return $this->mergedRole->canWrite($repositoryId);
     }