From 02accabb4ac66557491101fd5276252e5369b3e5 Mon Sep 17 00:00:00 2001 From: Cory McWilliams Date: Fri, 25 Oct 2024 15:20:54 -0400 Subject: [PATCH] js: Oh yeah, administrators can delete core apps still. --- src/httpd.js.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/httpd.js.c b/src/httpd.js.c index 33be5d83..2b5b448c 100644 --- a/src/httpd.js.c +++ b/src/httpd.js.c @@ -1106,8 +1106,9 @@ static void _httpd_endpoint_delete_work(tf_ssb_t* ssb, void* user_data) { size_t length = strlen(user_string); if (request->path && request->path[0] == '/' && request->path[1] == '~' && - /* TODO: admin users used to be able to delete core apps */ - strncmp(request->path + 2, user_string, length) == 0 && request->path[2 + length] == '/') + (strncmp(request->path + 2, user_string, length) == 0 || + (strncmp(request->path + 2, "core", strlen("core") == 0 && tf_ssb_db_user_has_permission(ssb, user_string, "administration")))) && + request->path[2 + length] == '/') { char* app_name = tf_strdup(request->path + 2 + length + 1); if (app_name)