feat(acl): granular per-folder permissions + stricter gates; WebDAV & UI aligned

2025-10-22 21:36:04 -04:00
parent 0ad7034a7d
commit ee717af750
15 changed files with 1332 additions and 825 deletions
--- a/src/controllers/UploadController.php
+++ b/src/controllers/UploadController.php
@@ -57,7 +57,7 @@ class UploadController {
        $targetFolder  = ACL::normalizeFolder($folderParam);
    
        // Admins bypass folder canWrite checks
-        if (!$isAdmin && !ACL::canWrite($username, $userPerms, $targetFolder)) {
+        if (!$isAdmin && !ACL::canUpload($username, $userPerms, $targetFolder)) {
            http_response_code(403);
            echo json_encode(['error' => 'Forbidden: no write access to folder "'.$targetFolder.'".']);
            return;