Check if we have permissions to create files.

2 files changed, 16 insertions, 1 deletions

diff --git a/src/errors.rs b/src/errors.rs
index f42cc02..1eaa7c7 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -16,6 +16,9 @@ pub enum FileUploadErrorKind {
     /// This error may occur when trying to write incoming file to disk
     #[fail(display = "Failed to create or write to file")]
     IOError(std::io::Error),
+    /// This error will occur when we he have insuffictent permissions to create new file
+    #[fail(display = "Insuffitient permissions to create file")]
+    InsufficientPermissions,
 }
 
 /// Kinds of errors which might happen during the generation of an archive
diff --git a/src/file_upload.rs b/src/file_upload.rs
index 02478c6..bc4efb1 100644
--- a/src/file_upload.rs
+++ b/src/file_upload.rs
@@ -7,6 +7,7 @@ use actix_web::{
 use futures::{future, Future, Stream};
 use serde::Deserialize;
 use std::{
+    fs,
     io::Write,
     path::{Component, PathBuf},
 };
@@ -67,12 +68,23 @@ fn handle_multipart(
                         .ok_or(FileUploadErrorKind::ParseError)
                         .map(|cd| String::from(cd))
                 });
+            let err = |e: FileUploadErrorKind| Box::new(future::err(e).into_stream());
             match filename {
                 Ok(f) => {
+                    match fs::metadata(&file_path) {
+                        Ok(metadata) => {
+                            if !metadata.is_dir() || metadata.permissions().readonly() {
+                                return err(FileUploadErrorKind::InsufficientPermissions);
+                            }
+                        }
+                        Err(_) => {
+                            return err(FileUploadErrorKind::InsufficientPermissions);
+                        }
+                    }
                     file_path = file_path.join(f);
                     Box::new(save_file(field, file_path, override_files).into_stream())
                 }
-                Err(e) => Box::new(future::err(e).into_stream()),
+                Err(e) => err(e),
             }
         }
         multipart::MultipartItem::Nested(mp) => Box::new(