From 29edbec8a7de6323ac3ff03e0efa81be7f95f042 Mon Sep 17 00:00:00 2001
From: Paul Schneider <paul@pschneider.fr>
Date: Sun, 18 Oct 2020 10:15:08 +0100
Subject: [PATCH] allow anonymous on user files root

---
 src/Yavsc/Services/FileSystemAuthManager.cs | 13 ++++++-------
 src/Yavsc/Startup/Startup.FileServer.cs     |  2 +-
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/Yavsc/Services/FileSystemAuthManager.cs b/src/Yavsc/Services/FileSystemAuthManager.cs
index a2cd59d2..1572ef2a 100644
--- a/src/Yavsc/Services/FileSystemAuthManager.cs
+++ b/src/Yavsc/Services/FileSystemAuthManager.cs
@@ -55,16 +55,15 @@ namespace Yavsc.Services
             var parts = file.PhysicalPath.Split(Path.DirectorySeparatorChar);
             var cwd = Environment.CurrentDirectory.Split(Path.DirectorySeparatorChar).Length;
 
-            // below 4 parts behind cwd, no file name.
-            if (parts.Length < cwd + 4) return FileAccessRight.None;
+            
+            // below 3 parts behind cwd, no file name.
+            if (parts.Length < cwd + 3) return FileAccessRight.None;
 
             var fileDir = string.Join("/", parts.Take(parts.Length - 1));
             var fileName = parts[parts.Length - 1];
 
             var cusername = user.GetUserName();
 
-            if (string.IsNullOrEmpty(cusername)) return FileAccessRight.None;
-
             var funame = parts[cwd+1];
             if (funame == cusername)
             {
@@ -78,7 +77,9 @@ namespace Yavsc.Services
             var cuserid = user.GetUserId();
 
             var fuserid = _dbContext.Users.SingleOrDefault(u => u.UserName == funame).Id;
+
             if (string.IsNullOrEmpty(fuserid)) return FileAccessRight.None;
+
             var circles = _dbContext.Circle.Include(mb => mb.Members).Where(c => c.OwnerId == fuserid).ToArray();
             foreach (var circle in circles)
             {
@@ -90,20 +91,18 @@ namespace Yavsc.Services
             for (int dirlevel = parts.Length - 1; dirlevel > cwd + 1; dirlevel--)
             {
                 fileDir = string.Join(Path.DirectorySeparatorChar.ToString(), parts.Take(dirlevel));
-
-               
                 var aclfin = Path.Combine(fileDir, aclfileName);
                 var aclfi = new FileInfo(aclfin);
                 if (!aclfi.Exists) continue;
                 ruleSetParser.ParseFile(aclfi.FullName);
             }
-            // TODO default user scoped file access policy
 
             if (ruleSetParser.Rules.Allow(cusername))
             {
                 return FileAccessRight.Read;
             }
             return  FileAccessRight.None;
+            // TODO default user scoped file access policy
 
         }
 
diff --git a/src/Yavsc/Startup/Startup.FileServer.cs b/src/Yavsc/Startup/Startup.FileServer.cs
index aec4ef57..c0ea62d8 100644
--- a/src/Yavsc/Startup/Startup.FileServer.cs
+++ b/src/Yavsc/Startup/Startup.FileServer.cs
@@ -130,7 +130,7 @@ namespace Yavsc
                 _logger.LogInformation("403");
                 // TODO prettier
                 context.Context.Response.StatusCode = 403;
-                context.Context.Response.Redirect("/Home/Status/403");
+                context.Context.Response.Redirect("/Home/Status/403", false);
             }
         }