Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>tags/v15.0.0RC1
@@ -808,6 +808,10 @@ class ShareAPIController extends OCSController { | |||
throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist')); | |||
} | |||
if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) { | |||
throw new OCSForbiddenException('You are not allowed to edit incomming shares'); | |||
} | |||
if ($permissions === null && | |||
$password === null && | |||
$sendPasswordByTalk === null && |