Spaces:
Sleeping
Sleeping
Update main.py
Browse files
main.py
CHANGED
|
@@ -181,11 +181,15 @@ async def download_file(access_code: str):
|
|
| 181 |
raise HTTPException(status_code=500, detail=str(e))
|
| 182 |
|
| 183 |
@app.delete("/delete/{access_code}")
|
| 184 |
-
async def delete_file(access_code: str):
|
| 185 |
try:
|
| 186 |
if access_code not in file_codes:
|
| 187 |
raise HTTPException(status_code=404, detail="Invalid access code")
|
| 188 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 189 |
filename = file_codes[access_code]["filename"]
|
| 190 |
file_path = os.path.join(UPLOAD_DIR, filename)
|
| 191 |
|
|
|
|
| 181 |
raise HTTPException(status_code=500, detail=str(e))
|
| 182 |
|
| 183 |
@app.delete("/delete/{access_code}")
|
| 184 |
+
async def delete_file(access_code: str, user_id: str = None):
|
| 185 |
try:
|
| 186 |
if access_code not in file_codes:
|
| 187 |
raise HTTPException(status_code=404, detail="Invalid access code")
|
| 188 |
|
| 189 |
+
# Check if user owns the file
|
| 190 |
+
if user_id and file_codes[access_code]["user_id"] != user_id:
|
| 191 |
+
raise HTTPException(status_code=403, detail="You don't have permission to delete this file")
|
| 192 |
+
|
| 193 |
filename = file_codes[access_code]["filename"]
|
| 194 |
file_path = os.path.join(UPLOAD_DIR, filename)
|
| 195 |
|