fix(info): make sure that requested username/alias matches owner

Author: AVVS

package.json

@@ -31,7 +31,7 @@
     "md5": "^2.1.0",
     "ms-amqp-conf": "^0.2.0",
     "ms-amqp-transport": "^1.3.0",
-    "ms-files-gce": "^0.6.1",
+    "ms-files-gce": "^0.6.3",
     "ms-validation": "^1.0.1",
     "mservice": "^1.6.0",
     "redis-filtered-sort": "^1.1.1"

src/actions/info.js

@@ -2,7 +2,7 @@ const Promise = require('bluebird');
 const fetchData = require('../utils/fetchData.js');
 
 const { NotImplementedError, HttpStatusError } = require('common-errors');
-const { FILES_DATA, FILES_OWNER_FIELD, FILES_PUBLIC_FIELD } = require('../constant.js');
+const { FILES_DATA, FILES_OWNER_FIELD } = require('../constant.js');
 
 /**
  * File information
@@ -32,8 +32,9 @@ module.exports = function getFileInfo(opts) {
       // ref file
       const info = data.file;
 
-      // check access permissions
-      if (info[FILES_OWNER_FIELD] !== data.username && !info[FILES_PUBLIC_FIELD]) {
+      // check that owner is a match
+      // even in-case with public we want the user to specify username
+      if (info[FILES_OWNER_FIELD] !== data.username) {
         throw new HttpStatusError(404, 'file not found');
       }