mirror of
https://github.com/GNS3/gns3-server
synced 2024-11-28 11:18:11 +00:00
Prevent deleting a GNS3 project outside the project directory. Ref #1669
This commit is contained in:
parent
f3ad333a21
commit
5e9810d420
@ -816,9 +816,12 @@ class Project:
|
|||||||
await self.delete_on_computes()
|
await self.delete_on_computes()
|
||||||
await self.close()
|
await self.close()
|
||||||
try:
|
try:
|
||||||
|
project_directory = get_default_project_directory()
|
||||||
|
if not os.path.commonprefix([project_directory, self.path]) == project_directory:
|
||||||
|
raise aiohttp.web.HTTPConflict(text="Project '{}' cannot be deleted because it is not in the default project directory: '{}'".format(self._name, project_directory))
|
||||||
shutil.rmtree(self.path)
|
shutil.rmtree(self.path)
|
||||||
except OSError as e:
|
except OSError as e:
|
||||||
raise aiohttp.web.HTTPConflict(text="Can not delete project directory {}: {}".format(self.path, str(e)))
|
raise aiohttp.web.HTTPConflict(text="Cannot delete project directory {}: {}".format(self.path, str(e)))
|
||||||
|
|
||||||
async def delete_on_computes(self):
|
async def delete_on_computes(self):
|
||||||
"""
|
"""
|
||||||
|
@ -204,11 +204,12 @@ class ProjectHandler:
|
|||||||
|
|
||||||
controller = Controller.instance()
|
controller = Controller.instance()
|
||||||
config = Config.instance()
|
config = Config.instance()
|
||||||
|
dot_gns3_file = request.json.get("path")
|
||||||
if config.get_section_config("Server").getboolean("local", False) is False:
|
if config.get_section_config("Server").getboolean("local", False) is False:
|
||||||
log.error("Can't load the project the server is not started with --local")
|
log.error("Cannot load '{}' because the server has not been started with the '--local' parameter".format(dot_gns3_file))
|
||||||
response.set_status(403)
|
response.set_status(403)
|
||||||
return
|
return
|
||||||
project = await controller.load_project(request.json.get("path"),)
|
project = await controller.load_project(dot_gns3_file,)
|
||||||
response.set_status(201)
|
response.set_status(201)
|
||||||
response.json(project)
|
response.json(project)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user