mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1000 Wiki Activity
Browse Source

Handle permission in update of share better 

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
tags/v15.0.0RC1
Roeland Jago Douma 5 years ago
parent
c9af398644
commit
a343a60a68
No account linked to committer's email address
1 changed files with 4 additions and 0 deletions
Split View Show Diff Stats
  1. 4
    0
      apps/files_sharing/lib/Controller/ShareAPIController.php

+ 4
- 0
apps/files_sharing/lib/Controller/ShareAPIController.php View File

@@ -808,6 +808,10 @@ class ShareAPIController extends OCSController {
throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist'));
}

if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) {
throw new OCSForbiddenException('You are not allowed to edit incomming shares');
}

if ($permissions === null &&
$password === null &&
$sendPasswordByTalk === null &&

Write Preview
Loading…
Cancel
Save