From 67c4394c2d7ced6cc90a95943e5d67cbea30c134 Mon Sep 17 00:00:00 2001 From: "Gan, Jimmy" Date: Sat, 11 Apr 2026 14:06:15 +0800 Subject: [PATCH] fix: handle permission errors when browsing directories --- dashboard/backend/routers/files.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/dashboard/backend/routers/files.py b/dashboard/backend/routers/files.py index dcbe15f..24dac13 100644 --- a/dashboard/backend/routers/files.py +++ b/dashboard/backend/routers/files.py @@ -66,8 +66,18 @@ def browse(path: str = ""): target = _safe_path(path) except ValueError: raise HTTPException(status_code=403, detail="Access denied") + + # Check if we have permission to read the directory + try: + items = list(target.iterdir()) + except PermissionError: + raise HTTPException(status_code=403, detail="Permission denied") + except OSError as e: + logger.error(f"Error reading directory {target}: {e}") + raise HTTPException(status_code=500, detail="Error reading directory") + entries = [] - for item in sorted(target.iterdir()): + for item in sorted(items): try: if not _is_safe_symlink(item): continue