MCPcopy
hub / github.com/filebrowser/filebrowser / TestPublicShareHandlerRules

Function TestPublicShareHandlerRules

http/public_test.go:151–255  ·  view source on GitHub ↗

TestPublicShareHandlerRules ensures that owner rules keep applying to paths below a shared directory, even though the share rebases the filesystem onto that directory. A deny rule relative to the owner's scope must not be bypassable by requesting the blocked path through the public share.

(t *testing.T)

Source from the content-addressed store, hash-verified

149// that directory. A deny rule relative to the owner's scope must not be
150// bypassable by requesting the blocked path through the public share.
151func TestPublicShareHandlerRules(t *testing.T) {
152 t.Parallel()
153
154 testCases := map[string]struct {
155 handler handleFunc
156 path string
157 expectedStatusCode int
158 }{
159 "blocked file via dl handler, 403": {
160 handler: publicDlHandler,
161 path: "h/private/secret.txt",
162 expectedStatusCode: 403,
163 },
164 "blocked dir listing via share handler, 403": {
165 handler: publicShareHandler,
166 path: "h/private/",
167 expectedStatusCode: 403,
168 },
169 "blocked dir download via dl handler, 403": {
170 handler: publicDlHandler,
171 path: "h/private/",
172 expectedStatusCode: 403,
173 },
174 "allowed file via dl handler, 200": {
175 handler: publicDlHandler,
176 path: "h/public/readme.txt",
177 expectedStatusCode: 200,
178 },
179 "allowed dir listing via share handler, 200": {
180 handler: publicShareHandler,
181 path: "h/public/",
182 expectedStatusCode: 200,
183 },
184 }
185
186 for name, tc := range testCases {
187 name, tc := name, tc
188 t.Run(name, func(t *testing.T) {
189 t.Parallel()
190
191 dbPath := filepath.Join(t.TempDir(), "db")
192 db, err := storm.Open(dbPath)
193 if err != nil {
194 t.Fatalf("failed to open db: %v", err)
195 }
196 t.Cleanup(func() {
197 if err := db.Close(); err != nil {
198 t.Errorf("failed to close db: %v", err)
199 }
200 })
201
202 storage, err := bolt.NewStorage(db)
203 if err != nil {
204 t.Fatalf("failed to get storage: %v", err)
205 }
206 if err := storage.Share.Save(&share.Link{Hash: "h", UserID: 1, Path: "/projects"}); err != nil {
207 t.Fatalf("failed to save share: %v", err)
208 }

Callers

nothing calls this directly

Calls 8

MkdirAllMethod · 0.95
NewStorageFunction · 0.92
NewScopedFsFunction · 0.92
newHTTPRequestFunction · 0.85
handleFunction · 0.85
CloseMethod · 0.65
SaveMethod · 0.65
OpenMethod · 0.45

Tested by

no test coverage detected