NativeFileObject.hasDeletePermission() not working as expected.
----------------------------------------------------------------
Key: FTPSERVER-152
URL: https://issues.apache.org/jira/browse/FTPSERVER-152
Project: FtpServer
Issue Type: Bug
Affects Versions: 1.0-M2, 1.0-M3
Reporter: David Latorre
Fix For: 1.0-M2
In the current implementation, "hasDeletePermission" in NativeFileObject
delegates to hasWritePermission in order to check whether a file can be deleted
or not. But, in most environments, a file can be deleted when it is parent
directory is writable, no matter if the file is writable itself or not. I
attach a fix which attempts to preserve both options: it will check FTPServer's
write permission for the actual file and if its parent directory is writable.
public boolean hasDeletePermission() {
// root cannot be deleted
if ("/".equals(fileName)) {
return false;
}
/* Added 12/08/2008: in the case that the permission is not explicitly
denied for this file
* we will check if the parent file has write permission as most
systems consider that a file can
* be deleted when their parent directory is writable.
*/
String fullName=getFullName();
// we check FTPServer's write permission for this file.
if (user.authorize(new WriteRequest(fullName)) == null) {
return false;
}
// In order to mantain consistency, when possible we delete the last
'/' character in the String
int indexOfSlash=fullName.lastIndexOf('/');
String parentFullName;
if (indexOfSlash==0){
parentFullName="/";
}
else{
parentFullName=fullName.substring(0,indexOfSlash);
}
// we check if the parent FileObject is writable.
NativeFileObject parentObject=new
NativeFileObject(parentFullName,file.getAbsoluteFile().getParentFile(),user);
return parentObject.hasWritePermission();
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
