Fix files service auth (#71)

2026-01-12 03:05:14 +00:00 · 2021-02-22 09:49:35 +00:00
parent e677c40840
commit a453566c26
1 changed files with 2 additions and 1 deletions
--- a/files/handler/files.go
+++ b/files/handler/files.go
@@ -46,7 +46,8 @@ func (e *Files) Save(ctx context.Context, req *files.SaveRequest, rsp *files.Sav
 		if err != nil && err != model.ErrorNotFound {
 			return err
 		}
-		if f.Owner != acc.ID {
+		// if file exists check ownership
+		if f.Id != "" && f.Owner != acc.ID {
 			return errors.New("Not authorized")
 		}
 		err = e.db.Create(file)