Restricted download paths

- Updated ImageCommand class
- Updated ImageStorage class

src/main/java/io/josemmo/bukkit/plugin/commands/ImageCommand.java

@@ -96,7 +96,8 @@ public static void listImages(@NotNull CommandSender sender, int page) {
 
     public static void downloadImage(@NotNull CommandSender sender, @NotNull String rawUrl, @NotNull String filename) {
         YamipaPlugin plugin = YamipaPlugin.getInstance();
-        Path basePath = plugin.getStorage().getBasePath();
+        ImageStorage storage = plugin.getStorage();
+        Path basePath = storage.getBasePath();
 
         // Resolve destination path
         Path destPath;
@@ -112,6 +113,10 @@ public static void downloadImage(@NotNull CommandSender sender, @NotNull String
             sender.sendMessage(ChatColor.RED + "Not a valid destination filename");
             return;
         }
+        if (!storage.isPathAllowed(destPath, sender)) {
+            sender.sendMessage(ChatColor.RED + "Not allowed to download a file here");
+            return;
+        }
         if (destPath.toFile().exists()) {
             sender.sendMessage(ChatColor.RED + "There's already a file with that name");
             return;

src/main/java/io/josemmo/bukkit/plugin/storage/ImageStorage.java

@@ -133,6 +133,16 @@ public synchronized int size() {
         return response;
     }
 
+    /**
+     * Is path allowed
+     * @param  path   Path instance
+     * @param  sender Sender instance
+     * @return        Whether sender is allowed to access path
+     */
+    public boolean isPathAllowed(@NotNull Path path, @NotNull CommandSender sender) {
+        return isPathAllowed(getFilename(path), sender);
+    }
+
     /**
      * Is path allowed
      * @param  path   Path relative to {@link ImageStorage#basePath}