misc: fix asset deletion when CKEDITOR_RESTRICT_BY_USER is set (#8831)
This commit is contained in:
parent
1cb6e7cfcb
commit
da6a770a4a
|
@ -15,6 +15,7 @@
|
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import json
|
||||
import os
|
||||
|
||||
import ckeditor
|
||||
|
||||
|
@ -308,7 +309,7 @@ def asset_delete(request):
|
|||
raise PermissionDenied() # better safe than sorry
|
||||
base_path = settings.CKEDITOR_UPLOAD_PATH
|
||||
if getattr(settings, 'CKEDITOR_RESTRICT_BY_USER', False):
|
||||
base_path = os.path.join(base_path, user.username)
|
||||
base_path = os.path.join(base_path, request.user.username)
|
||||
if not img_orig.startswith(base_path):
|
||||
raise PermissionDenied()
|
||||
default_storage.delete(img_orig)
|
||||
|
|
Loading…
Reference in New Issue