From: Louis Chemineau Date: Wed, 21 Feb 2024 13:34:12 +0000 (+0100) Subject: Check permissions when labeling a version X-Git-Tag: v29.0.0beta1~168^2~1 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=046b8f320f2ce1c37f658130ec84071218262deb;p=nextcloud-server.git Check permissions when labeling a version Signed-off-by: Louis Chemineau --- diff --git a/apps/files_versions/lib/Versions/LegacyVersionsBackend.php b/apps/files_versions/lib/Versions/LegacyVersionsBackend.php index a591c2ae61f..a6bf6c2cb1a 100644 --- a/apps/files_versions/lib/Versions/LegacyVersionsBackend.php +++ b/apps/files_versions/lib/Versions/LegacyVersionsBackend.php @@ -228,6 +228,10 @@ class LegacyVersionsBackend implements IVersionBackend, INameableVersionBackend, } public function setVersionLabel(IVersion $version, string $label): void { + if (!$this->currentUserHasPermissions($version, \OCP\Constants::PERMISSION_UPDATE)) { + throw new Forbidden('You cannot label this version because you do not have update permissions on the source file.'); + } + $versionEntity = $this->versionsMapper->findVersionForFileId( $version->getSourceFile()->getId(), $version->getTimestamp(),