From b7df47b8526297cf096c3025dae4a118cad57fe0 Mon Sep 17 00:00:00 2001 From: Dinmukhammed Kambarov <52813950+din-mukhammed@users.noreply.github.com> Date: Mon, 28 Aug 2023 20:44:38 +0600 Subject: [PATCH] Fix forbid_rename option from denying uploads (#1214) * minor changes to chalk in zus overview * fix forbid_rename from denying uploads * fixed configs * remove redundant checks --------- Co-authored-by: Kishan Dhakan <42718091+Kishan-Dhakan@users.noreply.github.com> Co-authored-by: Harshit Mehndiratta <65766301+hm90121@users.noreply.github.com> Co-authored-by: dabasov --- .../handler/file_command_upload.go | 5 ----- .../handler/object_operation_handler.go | 20 ++++++++----------- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/code/go/0chain.net/blobbercore/handler/file_command_upload.go b/code/go/0chain.net/blobbercore/handler/file_command_upload.go index b639bc6c2..d83e6b010 100644 --- a/code/go/0chain.net/blobbercore/handler/file_command_upload.go +++ b/code/go/0chain.net/blobbercore/handler/file_command_upload.go @@ -78,11 +78,6 @@ func (cmd *UploadFileCommand) IsValidated(ctx context.Context, req *http.Request return common.NewError("duplicate_file", msg) } - if allocationObj.OwnerID != clientID && - allocationObj.RepairerID != clientID { - return common.NewError("invalid_operation", "Operation needs to be performed by the owner or the payer of the allocation") - } - _, thumbHeader, _ := req.FormFile(UploadThumbnailFile) if thumbHeader != nil { if thumbHeader.Size > MaxThumbnailSize { diff --git a/code/go/0chain.net/blobbercore/handler/object_operation_handler.go b/code/go/0chain.net/blobbercore/handler/object_operation_handler.go index 5eea26c2b..913530166 100644 --- a/code/go/0chain.net/blobbercore/handler/object_operation_handler.go +++ b/code/go/0chain.net/blobbercore/handler/object_operation_handler.go @@ -427,22 +427,22 @@ func (fsh *StorageHandler) CreateConnection(ctx context.Context, r *http.Request return nil, common.NewError("invalid_parameters", "Invalid allocation id passed."+err.Error()) } - if !allocationObj.CanRename() { - return nil, common.NewError("prohibited_allocation_file_options", "Cannot rename data in this allocation.") - } - clientID := ctx.Value(constants.ContextKeyClient).(string) _ = ctx.Value(constants.ContextKeyClientKey).(string) + if clientID == "" { + return nil, common.NewError("invalid_operation", "Invalid client") + } + + if allocationObj.OwnerID != clientID && allocationObj.RepairerID != clientID { + return nil, common.NewError("invalid_operation", "Operation needs to be performed by the owner or the payer of the allocation") + } + valid, err := verifySignatureFromRequest(allocationTx, r.Header.Get(common.ClientSignatureHeader), allocationObj.OwnerPublicKey) if !valid || err != nil { return nil, common.NewError("invalid_signature", "Invalid signature") } - if clientID == "" { - return nil, common.NewError("invalid_operation", "Invalid client") - } - connectionID := r.FormValue("connection_id") if connectionID == "" { return nil, common.NewError("invalid_parameters", "Invalid connection id passed") @@ -1199,10 +1199,6 @@ func (fsh *StorageHandler) WriteFile(ctx context.Context, r *http.Request) (*blo return nil, common.NewError("invalid_signature", "Invalid signature") } - if clientID == "" { - return nil, common.NewError("invalid_operation", "Operation needs to be performed by the owner or the payer of the allocation") - } - connectionID, ok := common.GetField(r, "connection_id") if !ok { return nil, common.NewError("invalid_parameters", "Invalid connection id passed")