From: Louis <louis@chmn.me>
Date: Thu, 23 Nov 2023 11:29:17 +0000 (+0100)
Subject: Ensure share has download permissions in F2V
X-Git-Tag: v29.0.0beta1~789^2~1
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=f56866cc8208f36b4a0e2ee35d8e278c1b7db067;p=nextcloud-server.git

Ensure share has download permissions in F2V

Signed-off-by: Louis <louis@chmn.me>
---

diff --git a/apps/files/src/actions/downloadAction.ts b/apps/files/src/actions/downloadAction.ts
index 0b1c88fa985..c7b07d7af80 100644
--- a/apps/files/src/actions/downloadAction.ts
+++ b/apps/files/src/actions/downloadAction.ts
@@ -41,6 +41,21 @@ const downloadNodes = function(dir: string, nodes: Node[]) {
 	triggerDownload(url)
 }
 
+// If the mount type is a share, ensure it got download permissions.
+const isDownloadable = function(node: Node) {
+	if (node.attributes['mount-type'] !== 'shared') {
+		return true
+	}
+
+	const downloadAttribute = JSON.parse(node.attributes['share-attributes']).find(attribute => attribute.scope === 'permissions' && attribute.key === 'download')
+
+	if (downloadAttribute === undefined) {
+		return true
+	}
+
+	return downloadAttribute.enable
+}
+
 export const action = new FileAction({
 	id: 'download',
 	displayName: () => t('files', 'Download'),
@@ -60,8 +75,7 @@ export const action = new FileAction({
 		}
 
 		return nodes
-			.map(node => node.permissions)
-			.every(permission => (permission & Permission.READ) !== 0)
+			.every(node => ((node.permissions & Permission.READ) !== 0) && isDownloadable(node))
 	},
 
 	async exec(node: Node, view: View, dir: string) {