From 11d8b336e2fdf5ce3893c66059c2cd2d11a81d13 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Fri, 4 Dec 2015 12:10:08 +0100 Subject: [PATCH] [Sharing] Properly check if a group already has access The old code check was to liberal resulting in wrong matches if a user with the same name as the group already had access. Fixes 20892 --- lib/private/share/share.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 70f9a6e8920..8899df25636 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -745,10 +745,8 @@ class Share extends Constants { // The check for each user in the group is done inside the put() function if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_GROUP, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) { - // Only allow the same share to occur again if it is the same - // owner and is not a group share, this use case is for increasing - // permissions for a specific user - if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) { + + if ($checkExists['share_with'] === $shareWith && $checkExists['share_type'] === \OCP\Share::SHARE_TYPE_GROUP) { $message = 'Sharing %s failed, because this item is already shared with %s'; $message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith)); \OCP\Util::writeLog('OCP\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);