Add ability to disallow LIST

bolcom · Jul 16, 2021 · 1538274 · 1538274
1 parent 4261ee4
commit 1538274
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/src/auth.rs b/src/auth.rs
@@ -66,6 +66,7 @@ bitflags! {
         const DEL    = 0b00010000;
         const RENAME = 0b00100000;
         const MD5    = 0b01000000;
+        const LIST   = 0b10000000;
 
         const WRITE_OPS = Self::MK_DIR.bits | Self::RM_DIR.bits | Self::PUT.bits | Self::DEL.bits | Self::RENAME.bits;
     }
@@ -165,13 +166,15 @@ impl UserDetailProvider for JsonUserProvider {
                         "-md5" => ops - VfsOperations::MD5,
                         "-get" => ops - VfsOperations::GET,
                         "-put" => ops - VfsOperations::PUT,
+                        "-list" => ops - VfsOperations::LIST,
                         "+mkdir" => ops | VfsOperations::MK_DIR,
                         "+rmdir" => ops | VfsOperations::RM_DIR,
                         "+del" => ops | VfsOperations::DEL,
                         "+ren" => ops | VfsOperations::RENAME,
                         "+md5" => ops | VfsOperations::MD5,
                         "+get" => ops | VfsOperations::GET,
                         "+put" => ops | VfsOperations::PUT,
+                        "+list" => ops | VfsOperations::LIST,
                         _ => ops,
                     })
                 }),

diff --git a/src/storage/restrict.rs b/src/storage/restrict.rs
@@ -1,5 +1,5 @@
 use std::fmt::Debug;
-use std::io::{Cursor, Error};
+use std::io::{Cursor, Error, ErrorKind};
 use std::path::{Path, PathBuf};
 
 use async_trait::async_trait;
@@ -56,23 +56,35 @@ impl StorageBackend<User> for RestrictingVfs {
     where
         <Self as StorageBackend<User>>::Metadata: Metadata,
     {
-        self.delegate.list(user, path).await
+        if user.as_ref().unwrap().vfs_permissions.contains(VfsOperations::LIST) {
+            self.delegate.list(user, path).await
+        } else {
+            Err(libunftp::storage::ErrorKind::PermissionDenied.into())
+        }
     }
 
     async fn list_fmt<P>(&self, user: &Option<User>, path: P) -> storage::Result<Cursor<Vec<u8>>>
     where
         P: AsRef<Path> + Send + Debug,
         Self::Metadata: Metadata + 'static,
     {
-        self.delegate.list_fmt(user, path).await
+        if user.as_ref().unwrap().vfs_permissions.contains(VfsOperations::LIST) {
+            self.delegate.list_fmt(user, path).await
+        } else {
+            Err(libunftp::storage::ErrorKind::PermissionDenied.into())
+        }
     }
 
     async fn nlst<P>(&self, user: &Option<User>, path: P) -> std::result::Result<Cursor<Vec<u8>>, Error>
     where
         P: AsRef<Path> + Send + Debug,
         Self::Metadata: Metadata + 'static,
     {
-        self.delegate.nlst(user, path).await
+        if user.as_ref().unwrap().vfs_permissions.contains(VfsOperations::LIST) {
+            self.delegate.nlst(user, path).await
+        } else {
+            Err(ErrorKind::PermissionDenied.into())
+        }
     }
 
     async fn get_into<'a, P, W: ?Sized>(