Block shares that dont have the correct source permissions

2 files changed, 21 insertions, 8 deletions

diff --git a/apps/files_sharing/lib/sharedstorage.php b/apps/files_sharing/lib/sharedstorage.php
index 3ae5749ea87..101503a03fb 100644
--- a/apps/files_sharing/lib/sharedstorage.php
+++ b/apps/files_sharing/lib/sharedstorage.php
@@ -32,6 +32,7 @@ namespace OC\Files\Storage;
 
 use OC\Files\Filesystem;
 use OCA\Files_Sharing\ISharedStorage;
+use OCP\Constants;
 use OCP\Files\Cache\ICacheEntry;
 use OCP\Files\Storage\IStorage;
 use OCP\Lock\ILockingProvider;
@@ -83,6 +84,10 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage {
 		$this->sourceRootInfo = $this->sourceStorage->getCache()->get($sourceInternalPath);
 	}
 
+	private function isValid() {
+		return ($this->sourceRootInfo->getPermissions() & Constants::PERMISSION_SHARE) === Constants::PERMISSION_SHARE;
+	}
+
 	/**
 	 * get id of the mount point
 	 *
@@ -133,6 +138,9 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage {
 	 * @return string|false source file path or false if not found
 	 */
 	public function getSourcePath($target) {
+		if (!$this->isValid()){
+			return false;
+		}
 		$source = $this->getFile($target);
 		if ($source) {
 			if (!isset($source['fullPath'])) {
@@ -157,6 +165,9 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage {
 	 * @return int CRUDS permissions granted
 	 */
 	public function getPermissions($target = '') {
+		if (!$this->isValid()) {
+			return 0;
+		}
 		$permissions = $this->share['permissions'];
 		// part files and the mount point always have delete permissions
 		if ($target === '' || pathinfo($target, PATHINFO_EXTENSION) === 'part') {
@@ -253,13 +264,14 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage {
 	}
 
 	public function isReadable($path) {
-		$isReadable = false;
-		if ($source = $this->getSourcePath($path)) {
-			list($storage, $internalPath) = \OC\Files\Filesystem::resolvePath($source);
-			$isReadable = $storage->isReadable($internalPath);
+		if (!$this->isValid()) {
+			return false;
 		}
-
-		return $isReadable && $this->file_exists($path);
+		if (!$this->file_exists($path)) {
+			return false;
+		}
+		list($storage, $internalPath) = $this->resolvePath($path);
+		return $storage->isReadable($internalPath);
 	}
 
 	public function isUpdatable($path) {
diff --git a/lib/private/files/view.php b/lib/private/files/view.php
index d4cc24ae0f5..2656e34cddf 100644
--- a/lib/private/files/view.php
+++ b/lib/private/files/view.php
@@ -46,6 +46,7 @@ use Icewind\Streams\CallbackWrapper;
 use OC\Files\Mount\MoveableMount;
 use OC\Files\Storage\Storage;
 use OC\User\User;
+use OCP\Constants;
 use OCP\Files\Cache\ICacheEntry;
 use OCP\Files\FileNameTooLongException;
 use OCP\Files\InvalidCharacterInPathException;
@@ -1335,7 +1336,7 @@ class View {
 
 			$data = $this->getCacheEntry($storage, $internalPath, $directory);
 
-			if (!$data instanceof ICacheEntry || !isset($data['fileid'])) {
+			if (!$data instanceof ICacheEntry || !isset($data['fileid']) || !($data->getPermissions() && Constants::PERMISSION_READ)) {
 				return [];
 			}
 
@@ -1385,7 +1386,7 @@ class View {
 						$rootEntry = $subCache->get('');
 					}
 
-					if ($rootEntry) {
+					if ($rootEntry && ($rootEntry->getPermissions() && Constants::PERMISSION_READ)) {
 						$relativePath = trim(substr($mountPoint, $dirLength), '/');
 						if ($pos = strpos($relativePath, '/')) {
 							//mountpoint inside subfolder add size to the correct folder