Hacker-Software/minmal-file-cloud-email-pim-passmanager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Share-Links mit Berechtigungen (Lesen / Lesen+Schreiben)

Browse Source 
Share-Links haben jetzt ein permission-Feld (read/write):

- read (Standard): Nur Download erlaubt, kein Upload, kein Aendern
- write: Download + Upload in Ordner erlaubt

Backend-Absicherung:
- POST /share/<token>/upload prueft permission == 'write', gibt 403
  bei read-only Links zurueck
- GET /share/<token>/info gibt permission + upload_allowed zurueck
- ShareLink-Model hat neues permission-Feld (default: 'read')

Frontend Share-Dialog:
- Dropdown "Berechtigung" beim Erstellen von Links
  (Nur Lesen / Lesen+Hochladen)
- Bestehende Links zeigen Berechtigungslevel an

Frontend ShareView:
- Upload-Zone nur sichtbar wenn upload_allowed == true
- Bei read-only Links: kein Drag & Drop, kein Upload-Button

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Stefan Hacker
2026-04-11 18:39:38 +02:00
parent 6a17748552
commit 116c33a7dc
3 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/models/file.py
+1
View File
@@ -62,6 +62,7 @@ class ShareLink(db.Model):
id = db.Column(db.Integer, primary_key=True)
file_id = db.Column(db.Integer, db.ForeignKey('files.id'), nullable=False, index=True)
token = db.Column(db.String(64), unique=True, nullable=False, index=True)
permission = db.Column(db.String(20), default='read', nullable=False) # 'read' or 'write'
password_hash = db.Column(db.String(255), nullable=True)
expires_at = db.Column(db.DateTime, nullable=True)
created_by = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False)