Make logic for testing delete permissions less confusing

rubensworks · rubensworks · commit 22de319e070b · 2018-12-07T08:57:56.000+01:00
diff --git a/lib/handlers/allow.js b/lib/handlers/allow.js
@@ -8,7 +8,7 @@ const fs = require('fs')
 const { promisify } = require('util')
 const HTTPError = require('../http-error')
 
-function allow (mode, relativePath = '') {
+function allow (mode, testDirectory) {
   return async function allowHandler (req, res, next) {
     const ldp = req.app.locals.ldp || {}
     if (!ldp.webid) {
@@ -25,8 +25,8 @@ function allow (mode, relativePath = '') {
       : req.path
 
     // If a relativePath has been provided, check permissions based on that
-    if (relativePath) {
-      reqPath = path.join(reqPath, relativePath)
+    if (testDirectory) {
+      reqPath = path.dirname(reqPath)
     }
 
     // Check whether the resource exists
diff --git a/lib/ldp-middleware.js b/lib/ldp-middleware.js
@@ -26,7 +26,7 @@ function LdpMiddleware (corsSettings) {
   router.post('/*', allow('Append'), post)
   router.patch('/*', allow('Append'), patch)
   router.put('/*', allow('Write'), put)
-  router.delete('/*', allow('Write', '..'), del)
+  router.delete('/*', allow('Write', true), del)
 
   return router
 }

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ function LdpMiddleware (corsSettings) {`
`26`	`26`	`router.post('/*', allow('Append'), post)`
`27`	`27`	`router.patch('/*', allow('Append'), patch)`
`28`	`28`	`router.put('/*', allow('Write'), put)`
`29`		`- router.delete('/*', allow('Write', '..'), del)`
	`29`	`+ router.delete('/*', allow('Write', true), del)`
`30`	`30`
`31`	`31`	`return router`
`32`	`32`	`}`