Commit 30264d9a authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Minor permission fix to DeleteImage().

parent 53f97906
......@@ -3901,11 +3901,14 @@ sub DeleteImage($)
"No project for image");
if (! ((defined($creator_urn) && $creator_urn eq $user->urn()) ||
GeniHRN::SameDomain($project->nonlocal_id(), $authority->urn()))) {
if (! ((defined($creator_urn) &&
($creator_urn eq $user->urn() ||
$creator_urn eq $ENV{'REALGENIURN'})) ||
GeniHRN::SameDomain($project->nonlocalurn(), $authority->urn()))) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"Not enough permission to delete image; wrong SA or user");
# If not the creator, then require override to prevent
# accidental removal of images not belonging to current user.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment