fix og-specific issue with single-file volumes;

if a textfile was shared with permission r below/inside a more restrictive volume, then: * if the parent volume had either permission g or h, then the files in the parent folder could be accessed * if the parent volume had anything stricter than g or h, then filenames in the parent volume could be seen, but not accessed
2025-11-02 13:03:18 +00:00 · 2025-10-25 14:23:55 +00:00
parent db87ea5ce1
commit 36ab77e0bf
1 changed files with 7 additions and 0 deletions
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -2652,6 +2652,13 @@ class AuthSrv(object):
                    self.log(t.format(vol.vpath, mtp), 1)
                    errors = True

+        for vol in vfs.all_nodes.values():
+            if not vol.flags.get("is_file"):
+                continue
+            zs = "og opds xlink"
+            for zs in zs.split():
+                vol.flags.pop(zs, None)
+
        for vol in vfs.all_nodes.values():
            if not vol.realpath or vol.flags.get("is_file"):
                continue