diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-05-11 14:11:12 +0200 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2016-05-20 17:56:02 +0200 |
| commit | bede872dbc0deb10abc719e6e8ebf662d09949b3 (patch) | |
| tree | f9ef0536214e30a397da4e066cc37fe6d60dd666 /apps/dav | |
| parent | b5eb3d9e5a7edf61bfc3f4243533de9ca4afa8d4 (diff) | |
| download | nextcloud-server-bede872dbc0deb10abc719e6e8ebf662d09949b3.tar.gz nextcloud-server-bede872dbc0deb10abc719e6e8ebf662d09949b3.zip | |
Bring back admin permissions to change system tag permissions
Diffstat (limited to 'apps/dav')
| -rw-r--r-- | apps/dav/lib/SystemTag/SystemTagNode.php | 26 | ||||
| -rw-r--r-- | apps/dav/lib/SystemTag/SystemTagsByIdCollection.php | 2 |
2 files changed, 19 insertions, 9 deletions
diff --git a/apps/dav/lib/SystemTag/SystemTagNode.php b/apps/dav/lib/SystemTag/SystemTagNode.php index c8fe5f35239..f139a3335c8 100644 --- a/apps/dav/lib/SystemTag/SystemTagNode.php +++ b/apps/dav/lib/SystemTag/SystemTagNode.php @@ -57,15 +57,24 @@ class SystemTagNode implements \Sabre\DAV\INode { protected $user; /** + * Whether to allow permissions for admins + * + * @var bool + */ + protected $isAdmin; + + /** * Sets up the node, expects a full path name * * @param ISystemTag $tag system tag * @param IUser $user user + * @param bool $isAdmin whether to allow operations for admins * @param ISystemTagManager $tagManager tag manager */ - public function __construct(ISystemTag $tag, IUser $user, ISystemTagManager $tagManager) { + public function __construct(ISystemTag $tag, IUser $user, $isAdmin, ISystemTagManager $tagManager) { $this->tag = $tag; $this->user = $user; + $this->isAdmin = $isAdmin; $this->tagManager = $tagManager; } @@ -117,13 +126,14 @@ class SystemTagNode implements \Sabre\DAV\INode { throw new Forbidden('No permission to update tag ' . $this->tag->getId()); } - // FIXME: admin should be able to change permissions still - - // only renaming is allowed for regular users - if ($userVisible !== $this->tag->isUserVisible() - || $userAssignable !== $this->tag->isUserAssignable() - ) { - throw new Forbidden('No permission to update permissions for tag ' . $this->tag->getId()); + // only admin is able to change permissions, regular users can only rename + if (!$this->isAdmin) { + // only renaming is allowed for regular users + if ($userVisible !== $this->tag->isUserVisible() + || $userAssignable !== $this->tag->isUserAssignable() + ) { + throw new Forbidden('No permission to update permissions for tag ' . $this->tag->getId()); + } } $this->tagManager->updateTag($this->tag->getId(), $name, $userVisible, $userAssignable); diff --git a/apps/dav/lib/SystemTag/SystemTagsByIdCollection.php b/apps/dav/lib/SystemTag/SystemTagsByIdCollection.php index deaa154d46f..2b24bce9f35 100644 --- a/apps/dav/lib/SystemTag/SystemTagsByIdCollection.php +++ b/apps/dav/lib/SystemTag/SystemTagsByIdCollection.php @@ -174,6 +174,6 @@ class SystemTagsByIdCollection implements ICollection { * @return SystemTagNode */ private function makeNode(ISystemTag $tag) { - return new SystemTagNode($tag, $this->userSession->getUser(), $this->tagManager); + return new SystemTagNode($tag, $this->userSession->getUser(), $this->isAdmin(), $this->tagManager); } } |