Fix permission checks in Sabre connector

This fixes moving files in and out of shared folders with some exotic
permission combinations.

diff --git a/lib/private/connector/sabre/objecttree.php b/lib/private/connector/sabre/objecttree.php
index 3705aa8058604f15d5c514fa79f560c917121253..1de0ee73ec6ec4167cdb9cc9bdfc80790ca56ce2 100644 (file)
--- a/lib/private/connector/sabre/objecttree.php
+++ b/lib/private/connector/sabre/objecttree.php
@@ -158,8 +158,9 @@ class ObjectTree extends \Sabre\DAV\Tree {
                        throw new \Sabre\DAV\Exception\ServiceUnavailable('filesystem not setup');
                }
 
+               $targetNodeExists = $this->nodeExists($destinationPath);
                $sourceNode = $this->getNodeForPath($sourcePath);
-               if ($sourceNode instanceof \Sabre\DAV\ICollection and $this->nodeExists($destinationPath)) {
+               if ($sourceNode instanceof \Sabre\DAV\ICollection && $targetNodeExists) {
                        throw new \Sabre\DAV\Exception\Forbidden('Could not copy directory ' . $sourceNode . ', target exists');
                }
                list($sourceDir,) = \Sabre\HTTP\URLUtil::splitPath($sourcePath);
@@ -173,14 +174,22 @@ class ObjectTree extends \Sabre\DAV\Tree {
                }
 
                try {
-                       // check update privileges
-                       if (!$this->fileView->isUpdatable($sourcePath) && !$isMovableMount) {
-                               throw new \Sabre\DAV\Exception\Forbidden();
-                       }
-                       if ($sourceDir !== $destinationDir) {
+                       $sameFolder = ($sourceDir === $destinationDir);
+                       // if we're overwriting or same folder
+                       if ($targetNodeExists || $sameFolder) {
+                               // note that renaming a share mount point is always allowed
+                               if (!$this->fileView->isUpdatable($destinationDir) && !$isMovableMount) {
+                                       throw new \Sabre\DAV\Exception\Forbidden();
+                               }
+                       } else {
                                if (!$this->fileView->isCreatable($destinationDir)) {
                                        throw new \Sabre\DAV\Exception\Forbidden();
                                }
+                       }
+
+                       if (!$sameFolder) {
+                               // moving to a different folder, source will be gone, like a deletion
+                               // note that moving a share mount point is always allowed
                                if (!$this->fileView->isDeletable($sourcePath) && !$isMovableMount) {
                                        throw new \Sabre\DAV\Exception\Forbidden();
                                }