Correctly check share permissions when updating a re-sub-share

Before this change the node you shared was checked for permissions.
This works when you reshare the folder that was shared with you.
However when you reshared a subfolder (e.g. as public link),
you could afterwards update the permissions and grant
create+update permissions although the share you receive was read-only.

Signed-off-by: Joas Schilling <coding@schilljs.com>

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 2bd535e319f4cc52345c53651b7d732b16922c05..188c863788192b51c567b14e9f6d2b9489a4e1d9 100644 (file)
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -955,10 +955,19 @@ class ShareAPIController extends OCSController {
                }
 
                if ($permissions !== null && $share->getShareOwner() !== $this->currentUser) {
-                       /* Check if this is an incomming share */
-                       $incomingShares = $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_USER, $share->getNode(), -1, 0);
-                       $incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0));
-                       $incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_ROOM, $share->getNode(), -1, 0));
+                       // Get the root mount point for the user and check the share permissions there
+                       $userFolder = $this->rootFolder->getUserFolder($this->currentUser);
+                       $userNodes = $userFolder->getById($share->getNodeId());
+                       $userNode = array_shift($userNodes);
+
+                       $userMountPointId = $userNode->getMountPoint()->getStorageRootId();
+                       $userMountPoints = $userFolder->getById($userMountPointId);
+                       $userMountPoint = array_shift($userMountPoints);
+
+                       /* Check if this is an incoming share */
+                       $incomingShares = $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_USER, $userMountPoint, -1, 0);
+                       $incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_GROUP, $userMountPoint, -1, 0));
+                       $incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_ROOM, $userMountPoint, -1, 0));
 
                        /** @var \OCP\Share\IShare[] $incomingShares */
                        if (!empty($incomingShares)) {