search

wiremod / advduplicator

Garry's Mod add-on that allows a player to save and load contraptions
http://www.wiremod.com
Apache License 2.0
67 stars 43 forks source link

Able to delete other people's dupes from the public folder #54

Closed guillaume-dorczynski closed 10 years ago

guillaume-dorczynski commented 10 years ago

Hi,

It is possible to delete other people's work by simply clicking Open server folder management, then selecting a file from the public folder and then press the Delete button... It shouldn't be allowed, or am I missing something?

Nebual commented 10 years ago

I believe that is the point of the public folder - that everyone has write access. Allowing write but preventing delete would mean trolls could spam your folder and you'd be powerless to clean it.

If you want control, that's what your private folder is for. On Feb 3, 2014 10:45 AM, "arduinium" notifications@github.com wrote:

Hi,

It is possible to delete other people's work by simply clicking Open server folder management, then selecting a file from the public folder and then press the Delete button... It shouldn't be allowed, or am I missing something?

Reply to this email directly or view it on GitHubhttps://github.com/wiremod/advduplicator/issues/54 .

guillaume-dorczynski commented 10 years ago

I think only admins should have the right to delete these files. I'm surprised this wasn't abused already in the few servers I play on!

What could be useful is, instead of the Delete button for the files that we didn't upload ourselves, there would be a Report button, that could inform admins that a file is prone to crash, lag, etc and should be deleted. What do you think?

TomyLobo commented 10 years ago

if you dont have backups of stuff you put into the public folder - your fault

AbigailBuccaneer commented 10 years ago

According to #55, we do provide admin mods with the ability to deny permissions - the only sensible thing for Adv. Duplicator to do, then, is default to everybody being allowed to do anything in the public folder, so that a server can then restrict it based on whatever policies it wants.

All your server needs to do is override AdvDupe.CheckPerms.

There's the beginnings of an implementation of something called dupeshare.UsePWSys, which would let you access files based on a password. But that could all be implemented in a CheckPerms implementation.

I think the default behaviour makes sense, as it essentially matches GMod's default prop protection - by default anybody can fiddle with anything, but it provides the tools for server owners to override this.