Check permissions when labeling a version

author Louis Chemineau <louis@chmn.me>

Wed, 21 Feb 2024 13:34:12 +0000 (14:34 +0100)

committer Louis Chemineau <louis@chmn.me>

Wed, 21 Feb 2024 14:09:33 +0000 (15:09 +0100)
author Louis Chemineau <louis@chmn.me>
Wed, 21 Feb 2024 13:34:12 +0000 (14:34 +0100)
committer Louis Chemineau <louis@chmn.me>
Wed, 21 Feb 2024 14:09:33 +0000 (15:09 +0100)
diff --git a/apps/files_versions/lib/Versions/LegacyVersionsBackend.php b/apps/files_versions/lib/Versions/LegacyVersionsBackend.php

index a591c2ae61ffeff1ffc106ff61ef4abe1e7fd144..a6bf6c2cb1a894650d91c135cfd2e9963cd23d27 100644 (file)
--- a/apps/files_versions/lib/Versions/LegacyVersionsBackend.php
+++ b/apps/files_versions/lib/Versions/LegacyVersionsBackend.php
@@ -228,6 +228,10 @@ class LegacyVersionsBackend implements IVersionBackend, INameableVersionBackend,
         }
  
         public function setVersionLabel(IVersion $version, string $label): void {
+               if (!$this->currentUserHasPermissions($version, \OCP\Constants::PERMISSION_UPDATE)) {
+                       throw new Forbidden('You cannot label this version because you do not have update permissions on the source file.');
+               }
+
                 $versionEntity = $this->versionsMapper->findVersionForFileId(
                         $version->getSourceFile()->getId(),
                         $version->getTimestamp(),
author	Louis Chemineau <louis@chmn.me>
	Wed, 21 Feb 2024 13:34:12 +0000 (14:34 +0100)
committer	Louis Chemineau <louis@chmn.me>
	Wed, 21 Feb 2024 14:09:33 +0000 (15:09 +0100)