webserver: comparison src/server/webdav/operation.c

-:a4e2ce073c0f
+:6afaebf003ea
 WebdavResource *resource = op->response->addresource(op->response, href);
 if(!resource) {
 return REQ_ABORTED;
 }
+// check ACL
+if(acl_evaluate(op->sn, op->rq, ACL_WRITE_XATTR)) {
+// ACL check failed, either unauthorized or forbidden
+// acl_evaluate() sets the http status code and may add
+// response headers for authentication
+if(op->rq->status_num == PROTOCOL_UNAUTHORIZED) {
+return REQ_ABORTED; // return here to send an authenticate response
+}
+// send multistatus response with status code 403 for each property
+log_ereport(LOG_VERBOSE, "webdav-proppatch: access forbidden");
+int ret = REQ_PROCEED;
+WebdavPList *plist = op->proppatch->set;
+for(int i=0;i<2;i++) {
+while(plist) {
+if(resource->addproperty(resource, plist->property, PROTOCOL_FORBIDDEN)) {
+ret = REQ_ABORTED;
+break; // OOM
+}
+plist = plist->next;
+}
+plist = op->proppatch->remove;
+}
+if(resource->close(resource)) {
+ret = REQ_ABORTED; // OOM
+}
+return ret;
+}
 VFSContext *ctx = NULL;
 VFSFile *file = NULL;
 // requests for each backends
 WebdavProppatchRequest **requests = pool_calloc(

Mercurial > hg > webserver / file comparison