Commit 30264d9a authored by Leigh Stoller's avatar Leigh Stoller

Minor permission fix to DeleteImage().

parent 53f97906
......@@ -3901,11 +3901,14 @@ sub DeleteImage($)
"No project for image");
}
if (! ((defined($creator_urn) && $creator_urn eq $user->urn()) ||
GeniHRN::SameDomain($project->nonlocal_id(), $authority->urn()))) {
if (! ((defined($creator_urn) &&
($creator_urn eq $user->urn() ||
$creator_urn eq $ENV{'REALGENIURN'})) ||
GeniHRN::SameDomain($project->nonlocalurn(), $authority->urn()))) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"Not enough permission to delete image; wrong SA or user");
}
#
# If not the creator, then require override to prevent
# accidental removal of images not belonging to current user.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment