From 6f933fde60f58afd4bfa0c9b1e121671e7775705 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Thomas=20M=C3=BCller?= Date: Mon, 1 Feb 2016 11:47:41 +0100 Subject: [PATCH] Disallow to share with the owner of the resource --- apps/dav/lib/dav/sharing/backend.php | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/apps/dav/lib/dav/sharing/backend.php b/apps/dav/lib/dav/sharing/backend.php index 2d810a43f9d..a68e484902c 100644 --- a/apps/dav/lib/dav/sharing/backend.php +++ b/apps/dav/lib/dav/sharing/backend.php @@ -58,7 +58,7 @@ class Backend { $this->shareWith($shareable, $element); } foreach($remove as $element) { - $this->unshare($shareable->getResourceId(), $element); + $this->unshare($shareable, $element); } } @@ -73,8 +73,13 @@ class Backend { return; } + // don't share with owner + if ($shareable->getOwner() === $parts[1]) { + return; + } + // remove the share if it already exists - $this->unshare($shareable->getResourceId(), $element['href']); + $this->unshare($shareable, $element['href']); $access = self::ACCESS_READ; if (isset($element['readOnly'])) { $access = $element['readOnly'] ? self::ACCESS_READ : self::ACCESS_READ_WRITE; @@ -92,18 +97,23 @@ class Backend { } /** - * @param int $resourceId + * @param IShareable $shareable * @param string $element */ - private function unshare($resourceId, $element) { + private function unshare($shareable, $element) { $parts = explode(':', $element, 2); if ($parts[0] !== 'principal') { return; } + // don't share with owner + if ($shareable->getOwner() === $parts[1]) { + return; + } + $query = $this->db->getQueryBuilder(); $query->delete('dav_shares') - ->where($query->expr()->eq('resourceid', $query->createNamedParameter($resourceId))) + ->where($query->expr()->eq('resourceid', $query->createNamedParameter($shareable->getResourceId()))) ->andWhere($query->expr()->eq('type', $query->createNamedParameter($this->resourceType))) ->andWhere($query->expr()->eq('principaluri', $query->createNamedParameter($parts[1]))) ; -- 2.39.5