Enforcing permission during resharing

Signed-off-by: Carl Schwan <carl@carlschwan.eu>

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index c6fd5e74a39128c8a460e34be30fce02acd6f4ef..c72fd8ba8af728f01c887bac38dd11c9d92b20c0 100644 (file)
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -524,6 +524,15 @@ class ShareAPIController extends OCSController {
                        $permissions &= ~($permissions & ~$node->getPermissions());
                }
 
+               if ($share->getNode()->getStorage()->instanceOfStorage(SharedStorage::class)) {
+                       /** @var \OCA\Files_Sharing\SharedStorage $storage */
+                       $inheritedAttributes = $share->getNode()->getStorage()->getShare()->getAttributes();
+                       if ($inheritedAttributes !== null && $inheritedAttributes->getAttribute('permissions', 'download') === false) {
+                               $share->setHideDownload(true);
+                       }
+               }
+
+
                if ($shareType === IShare::TYPE_USER) {
                        // Valid user is required to share
                        if ($shareWith === null || !$this->userManager->userExists($shareWith)) {
@@ -550,14 +559,6 @@ class ShareAPIController extends OCSController {
                                throw new OCSNotFoundException($this->l->t('Public link sharing is disabled by the administrator'));
                        }
 
-                       if ($share->getNode()->getStorage()->instanceOfStorage(SharedStorage::class)) {
-                               /** @var \OCA\Files_Sharing\SharedStorage $storage */
-                               $inheritedAttributes = $share->getNode()->getStorage()->getShare()->getAttributes();
-                               if ($inheritedAttributes !== null && $inheritedAttributes->getAttribute('permissions', 'download') === false) {
-                                       $share->setHideDownload(true);
-                               }
-                       }
-
                        if ($publicUpload === 'true') {
                                // Check if public upload is allowed
                                if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {

diff --git a/apps/files_sharing/src/components/SharingEntryLink.vue b/apps/files_sharing/src/components/SharingEntryLink.vue
index 672b32c1cd1de4eaeae1468e84261a5efb23e6bf..0699cf2aea47b97955051c455ab9f57399cc047e 100644 (file)
--- a/apps/files_sharing/src/components/SharingEntryLink.vue
+++ b/apps/files_sharing/src/components/SharingEntryLink.vue
@@ -697,6 +697,7 @@ export default {
                                        shareType: ShareTypes.SHARE_TYPE_LINK,
                                        password: share.password,
                                        expireDate: share.expireDate,
+                                       attributes: JSON.stringify(this.fileInfo.shareAttributes),
                                        // we do not allow setting the publicUpload
                                        // before the share creation.
                                        // Todo: We also need to fix the createShare method in

diff --git a/apps/files_sharing/src/components/SharingInput.vue b/apps/files_sharing/src/components/SharingInput.vue
index 9cb40697636e5d22d02ec325ba5541ad17a12315..df987942552449ec74b9266b32af1657ddb8483c 100644 (file)
--- a/apps/files_sharing/src/components/SharingInput.vue
+++ b/apps/files_sharing/src/components/SharingInput.vue
@@ -478,6 +478,7 @@ export default {
                                        shareWith: value.shareWith,
                                        password,
                                        permissions: this.fileInfo.sharePermissions & OC.getCapabilities().files_sharing.default_permissions,
+                                       attributes: JSON.stringify(this.fileInfo.shareAttributes),
                                })
 
                                // If we had a password, we need to show it to the user as it was generated

diff --git a/apps/files_sharing/src/mixins/ShareRequests.js b/apps/files_sharing/src/mixins/ShareRequests.js
index e2668c15d65492f0766178ecb0e87d4b528270fd..9eaad8c4161e4bd83b226dbdf9ef66b9aa9a1d92 100644 (file)
--- a/apps/files_sharing/src/mixins/ShareRequests.js
+++ b/apps/files_sharing/src/mixins/ShareRequests.js
@@ -47,12 +47,13 @@ export default {
                 * @param {boolean} [data.sendPasswordByTalk=false] send the password via a talk conversation
                 * @param {string} [data.expireDate=''] expire the shareautomatically after
                 * @param {string} [data.label=''] custom label
+                * @param {string} [data.attributes=null] Share attributes encoded as json
                 * @return {Share} the new share
                 * @throws {Error}
                 */
-               async createShare({ path, permissions, shareType, shareWith, publicUpload, password, sendPasswordByTalk, expireDate, label }) {
+               async createShare({ path, permissions, shareType, shareWith, publicUpload, password, sendPasswordByTalk, expireDate, label, attributes }) {
                        try {
-                               const request = await axios.post(shareUrl, { path, permissions, shareType, shareWith, publicUpload, password, sendPasswordByTalk, expireDate, label })
+                               const request = await axios.post(shareUrl, { path, permissions, shareType, shareWith, publicUpload, password, sendPasswordByTalk, expireDate, label, attributes })
                                if (!request?.data?.ocs) {
                                        throw request
                                }