js: Oh yeah, administrators can delete core apps still.
Some checks failed
Build Tilde Friends / Build-All (push) Failing after 12m2s

This commit is contained in:
Cory McWilliams 2024-10-25 15:20:54 -04:00
parent fa00a41fe0
commit 02accabb4a

View File

@ -1106,8 +1106,9 @@ static void _httpd_endpoint_delete_work(tf_ssb_t* ssb, void* user_data)
{ {
size_t length = strlen(user_string); size_t length = strlen(user_string);
if (request->path && request->path[0] == '/' && request->path[1] == '~' && if (request->path && request->path[0] == '/' && request->path[1] == '~' &&
/* TODO: admin users used to be able to delete core apps */ (strncmp(request->path + 2, user_string, length) == 0 ||
strncmp(request->path + 2, user_string, length) == 0 && request->path[2 + length] == '/') (strncmp(request->path + 2, "core", strlen("core") == 0 && tf_ssb_db_user_has_permission(ssb, user_string, "administration")))) &&
request->path[2 + length] == '/')
{ {
char* app_name = tf_strdup(request->path + 2 + length + 1); char* app_name = tf_strdup(request->path + 2 + length + 1);
if (app_name) if (app_name)