@@ -87,15 +87,27 @@ class ACLChecker {
8787 }
8888 let accessDenied = aclCheck . accessDenied ( acl . graph , resource , directory , aclFile , agent , modes , agentOrigin , trustedOrigins , originTrustedModes )
8989
90+ function accessDeniedForAccessTo ( mode ) {
91+ const accessDeniedAccessTo = aclCheck . accessDenied ( acl . graph , directory , null , aclFile , agent , [ ACL ( mode ) ] , agentOrigin , trustedOrigins , originTrustedModes )
92+ const accessResult = ! accessDenied && ! accessDeniedAccessTo
93+ accessDenied = accessResult ? false : accessDenied || accessDeniedAccessTo
94+ // debugCache('accessDenied result ' + accessDenied)
95+ }
9096 // For create and update HTTP methods
9197 if ( ( method === 'PUT' || method === 'PATCH' || method === 'COPY' ) && directory ) {
9298 // if resource and acl have same parent container,
9399 // and resource does not exist, then accessTo Append from parent is required
94100 if ( directory . value === dirname ( aclFile . value ) + '/' && ! resourceExists ) {
95- const accessDeniedAccessTo = aclCheck . accessDenied ( acl . graph , directory , null , aclFile , agent , [ ACL ( 'Append' ) ] , agentOrigin , trustedOrigins , originTrustedModes )
96- const accessResult = ! accessDenied && ! accessDeniedAccessTo
97- accessDenied = accessResult ? false : accessDenied || accessDeniedAccessTo
98- // debugCache('accessDenied result ' + accessDenied)
101+ accessDeniedForAccessTo ( 'Append' )
102+ }
103+ }
104+
105+ // For delete HTTP method
106+ if ( ( method === 'DELETE' ) && directory ) {
107+ // if resource and acl have same parent container,
108+ // then accessTo Write from parent is required
109+ if ( directory . value === dirname ( aclFile . value ) + '/' ) {
110+ accessDeniedForAccessTo ( 'Write' )
99111 }
100112 }
101113 if ( accessDenied && user ) {
0 commit comments