All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 30264d9a authored by Leigh B Stoller's avatar Leigh B Stoller

Minor permission fix to DeleteImage().

parent 53f97906
......@@ -3901,11 +3901,14 @@ sub DeleteImage($)
"No project for image");
}
if (! ((defined($creator_urn) && $creator_urn eq $user->urn()) ||
GeniHRN::SameDomain($project->nonlocal_id(), $authority->urn()))) {
if (! ((defined($creator_urn) &&
($creator_urn eq $user->urn() ||
$creator_urn eq $ENV{'REALGENIURN'})) ||
GeniHRN::SameDomain($project->nonlocalurn(), $authority->urn()))) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"Not enough permission to delete image; wrong SA or user");
}
#
# If not the creator, then require override to prevent
# accidental removal of images not belonging to current user.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment