Mirrors/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2024-07-29 20:15:55 +02:00
Code Issues Actions 34 Packages Projects Releases Wiki Activity

block webdav access if share is not readable

Browse Source
This commit is contained in:
Bjoern Schiessle 2016-06-08 14:59:06 +02:00 committed by Lukas Reschke
parent bb54ab0db8
commit 66d853680c
No known key found for this signature in database
GPG Key ID: 9AB0ADB949B6898C
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/dav/appinfo/v1/publicwebdav.php
View File

@ -67,8 +67,13 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func
$share = $authBackend->getShare(); $share = $authBackend->getShare();
$owner = $share->getShareOwner(); $owner = $share->getShareOwner();
$isWritable = $share->getPermissions() & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE); $isWritable = $share->getPermissions() & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE);
$isReadable = $share->getPermissions() & \OCP\Constants::PERMISSION_READ;
$fileId = $share->getNodeId(); $fileId = $share->getNodeId();
if (!$isReadable) {
return false;
}
if (!$isWritable) { if (!$isWritable) {
\OC\Files\Filesystem::addStorageWrapper('readonly', function ($mountPoint, $storage) { \OC\Files\Filesystem::addStorageWrapper('readonly', function ($mountPoint, $storage) {
return new \OC\Files\Storage\Wrapper\PermissionsMask(array('storage' => $storage, 'mask' => \OCP\Constants::PERMISSION_READ + \OCP\Constants::PERMISSION_SHARE)); return new \OC\Files\Storage\Wrapper\PermissionsMask(array('storage' => $storage, 'mask' => \OCP\Constants::PERMISSION_READ + \OCP\Constants::PERMISSION_SHARE));