Fixed PutRelative return codes when the user has no permission

cs3org · Nov 4, 2022 · 69d82c2 · 69d82c2
1 parent efa0935
commit 69d82c2
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/src/core/wopi.py b/src/core/wopi.py
@@ -394,6 +394,9 @@ def putRelative(fileid, reqheaders, acctok):
         newstat = st.statx(acctok['endpoint'], targetName, acctok['userid'])
         _, newfileid = common.decodeinode(newstat['inode'])
     except IOError as e:
+        if str(e) == common.ACCESS_ERROR:
+            # BAD_REQUEST may seem better but the WOPI validator tests explicitly expect NOT_IMPLEMENTED
+            return 'Unauthorized to perform PutRelative', http.client.NOT_IMPLEMENTED
         utils.storeForRecovery(flask.request.get_data(), acctok['username'], targetName,
                                flask.request.args['access_token'][-20:], e)
         return IO_ERROR, http.client.INTERNAL_SERVER_ERROR

diff --git a/src/core/xrootiface.py b/src/core/xrootiface.py
@@ -415,6 +415,9 @@ def writefile(endpoint, filepath, userid, content, lockmd, islock=False):
         if 'file has a valid extended attribute lock' in rc.message:
             log.warning('msg="Lock mismatch when writing file" filepath="%s"' % filepath)
             raise IOError(common.LOCK_MISMATCH_ERROR)
+        if common.ACCESS_ERROR in rc.message:
+            log.warning('msg="Access denied when writing file" filepath="%s"' % filepath)
+            raise IOError(common.ACCESS_ERROR)
         # any other failure is reported as is
         log.error('msg="Error opening the file for write" filepath="%s" elapsedTimems="%.1f" error="%s"' %
                   (filepath, (tend-tstart)*1000, rc.message.strip('\n')))