Skip to content
Permalink
Browse files

Fix write-only workspace : wrong response header - do not show activi…

…ty log. Close #1367
  • Loading branch information...
cdujeu committed Dec 11, 2017
1 parent 64bd811 commit d269928f099471261dd548b1c8ebb8a584c4c27c
@@ -228,6 +228,7 @@ public static function run(ServerRequestInterface $request, &$actionNode = null)
&& $loggedUser->canWrite($ctx->getRepositoryId()."")){
// Special case of "write only" right : return empty listing, no auth error.
$response = new Response();
$response = $response->withHeader("Content-type", "text/xml");
$response->getBody()->write(XMLHelper::wrapDocument(""));
return $response;
}else{
@@ -279,14 +279,19 @@ public function loadUserFeed(\Psr\Http\Message\ServerRequestInterface $requestIn
$userGroup = $u->getGroupPath();
$authRepos = array();
$crtRepId = $ctx->getRepositoryId();
if (isSet($httpVars["repository_id"]) && $u->getMergedRole()->canRead($httpVars["repository_id"])) {
if (isSet($httpVars["repository_id"])) {
$authRepos[] = $httpVars["repository_id"];
} else if (isSet($httpVars["current_repository"]) && $httpVars['current_repository'] === 'true'){
$authRepos[] = $crtRepId;
} else {
$accessibleRepos = \Pydio\Core\Services\UsersService::getRepositoriesForUser($u, false);
$authRepos = array_keys($accessibleRepos);
}
foreach($authRepos as $key => $repoId){
if(!$u->getMergedRole()->canRead($repoId)){
unset($authRepos[$key]);
}
}
$offset = isSet($httpVars["offset"]) ? intval($httpVars["offset"]): 0;
$limit = isSet($httpVars["limit"]) ? intval($httpVars["limit"]): 15;
if(!isSet($httpVars["feed_type"]) || $httpVars["feed_type"] == "notif" || $httpVars["feed_type"] == "all"){
@@ -454,12 +459,15 @@ public function loadUserAlerts(ServerRequestInterface $requestInterface, Respons
$repositoryFilter = null;
$httpVars = $requestInterface->getParsedBody();
if (isSet($httpVars["repository_id"]) && $u->getMergedRole()->canRead($httpVars["repository_id"])) {
if (isSet($httpVars["repository_id"])) {
$repositoryFilter = $httpVars["repository_id"];
}
if ($repositoryFilter === null && isSet($httpVars['current_repository']) && $httpVars['current_repository'] === 'true') {
$repositoryFilter = $ctx->getRepositoryId();
}
if(!$u->getMergedRole()->canRead($repositoryFilter)){
return;
}
$res = $this->eventStore->loadAlerts($u, $repositoryFilter);
if(!count($res)) return;

0 comments on commit d269928

Please sign in to comment.
You can’t perform that action at this time.