HPCC-29246 Check read permission only for read action

Signed-off-by: wangkx <[email protected]>

dali/dfu/dfurun.cpp

@@ -595,7 +595,7 @@ class CDFUengine: public CInterface, implements IDFUengine
             auditflags |= DALI_LDAP_WRITE_WANTED;
         SecAccessFlags perm = queryDistributedFileDirectory().getFDescPermissions(fd,user,auditflags);
         IDFS_Exception *e = NULL;
-        if (!HASREADPERMISSION(perm))
+        if (!write&&!HASREADPERMISSION(perm))
             throw MakeStringException(DFSERR_LookupAccessDenied,"Lookup permission denied for physical file(s)");
         if (write&&!HASWRITEPERMISSION(perm))
             throw MakeStringException(DFSERR_CreateAccessDenied,"Create permission denied for physical file(s)");
@@ -637,10 +637,10 @@ class CDFUengine: public CInterface, implements IDFUengine
                 throw makeStringExceptionV(-1, "Invalid DropZone directory %s.", dir);
 
             perm = queryDistributedFileDirectory().getDropZoneScopePermissions(planeName,relativePath.str(),user,auditflags);
-            if ((!HASREADPERMISSION(perm) || (write&&!HASWRITEPERMISSION(perm))) && checkLegacyPhysicalPerms)
+            if ((!write&&!HASREADPERMISSION(perm) || (write&&!HASWRITEPERMISSION(perm))) && checkLegacyPhysicalPerms)
                 perm = queryDistributedFileDirectory().getFDescPermissions(fd,user,auditflags);
         }
-        if (!HASREADPERMISSION(perm))
+        if (!write&&!HASREADPERMISSION(perm))
             throw makeStringException(DFSERR_LookupAccessDenied,"Lookup permission denied for physical file(s)");
         if (write&&!HASWRITEPERMISSION(perm))
             throw makeStringException(DFSERR_CreateAccessDenied,"Create permission denied for physical file(s)");