From 153827431f232228b72da49033442186aa206301 Mon Sep 17 00:00:00 2001
From: Hannes de Jager <hdejager@bol.com>
Date: Fri, 16 Jul 2021 14:32:26 +0200
Subject: [PATCH] Add ability to disallow LIST

---
 src/auth.rs             |  3 +++
 src/storage/restrict.rs | 20 ++++++++++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/auth.rs b/src/auth.rs
index ab51dd8..6bc7836 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -66,6 +66,7 @@ bitflags! {
         const DEL    = 0b00010000;
         const RENAME = 0b00100000;
         const MD5    = 0b01000000;
+        const LIST   = 0b10000000;
 
         const WRITE_OPS = Self::MK_DIR.bits | Self::RM_DIR.bits | Self::PUT.bits | Self::DEL.bits | Self::RENAME.bits;
     }
@@ -165,6 +166,7 @@ impl UserDetailProvider for JsonUserProvider {
                         "-md5" => ops - VfsOperations::MD5,
                         "-get" => ops - VfsOperations::GET,
                         "-put" => ops - VfsOperations::PUT,
+                        "-list" => ops - VfsOperations::LIST,
                         "+mkdir" => ops | VfsOperations::MK_DIR,
                         "+rmdir" => ops | VfsOperations::RM_DIR,
                         "+del" => ops | VfsOperations::DEL,
@@ -172,6 +174,7 @@ impl UserDetailProvider for JsonUserProvider {
                         "+md5" => ops | VfsOperations::MD5,
                         "+get" => ops | VfsOperations::GET,
                         "+put" => ops | VfsOperations::PUT,
+                        "+list" => ops | VfsOperations::LIST,
                         _ => ops,
                     })
                 }),
diff --git a/src/storage/restrict.rs b/src/storage/restrict.rs
index a178be0..6599d56 100644
--- a/src/storage/restrict.rs
+++ b/src/storage/restrict.rs
@@ -1,5 +1,5 @@
 use std::fmt::Debug;
-use std::io::{Cursor, Error};
+use std::io::{Cursor, Error, ErrorKind};
 use std::path::{Path, PathBuf};
 
 use async_trait::async_trait;
@@ -56,7 +56,11 @@ impl StorageBackend<User> for RestrictingVfs {
     where
         <Self as StorageBackend<User>>::Metadata: Metadata,
     {
-        self.delegate.list(user, path).await
+        if user.as_ref().unwrap().vfs_permissions.contains(VfsOperations::LIST) {
+            self.delegate.list(user, path).await
+        } else {
+            Err(libunftp::storage::ErrorKind::PermissionDenied.into())
+        }
     }
 
     async fn list_fmt<P>(&self, user: &Option<User>, path: P) -> storage::Result<Cursor<Vec<u8>>>
@@ -64,7 +68,11 @@ impl StorageBackend<User> for RestrictingVfs {
         P: AsRef<Path> + Send + Debug,
         Self::Metadata: Metadata + 'static,
     {
-        self.delegate.list_fmt(user, path).await
+        if user.as_ref().unwrap().vfs_permissions.contains(VfsOperations::LIST) {
+            self.delegate.list_fmt(user, path).await
+        } else {
+            Err(libunftp::storage::ErrorKind::PermissionDenied.into())
+        }
     }
 
     async fn nlst<P>(&self, user: &Option<User>, path: P) -> std::result::Result<Cursor<Vec<u8>>, Error>
@@ -72,7 +80,11 @@ impl StorageBackend<User> for RestrictingVfs {
         P: AsRef<Path> + Send + Debug,
         Self::Metadata: Metadata + 'static,
     {
-        self.delegate.nlst(user, path).await
+        if user.as_ref().unwrap().vfs_permissions.contains(VfsOperations::LIST) {
+            self.delegate.nlst(user, path).await
+        } else {
+            Err(ErrorKind::PermissionDenied.into())
+        }
     }
 
     async fn get_into<'a, P, W: ?Sized>(