aboutsummaryrefslogtreecommitdiffstats
path: root/apps/files_sharing/api/share20ocs.php
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@owncloud.com>2016-02-29 19:12:19 +0100
committerRoeland Jago Douma <rullzer@owncloud.com>2016-02-29 19:30:14 +0100
commit8924b0a0dca9b23c77d0d5ae915c58705d2dfcaf (patch)
treef26d4b13ac151c414bc5daf389364c5e60f16e75 /apps/files_sharing/api/share20ocs.php
parenta38e8b6436ccfe173b4d368d094753c71bdbd69f (diff)
downloadnextcloud-server-8924b0a0dca9b23c77d0d5ae915c58705d2dfcaf.tar.gz
nextcloud-server-8924b0a0dca9b23c77d0d5ae915c58705d2dfcaf.zip
Check correct permissions when resharing
Fixes #22675 Since we only get a share id we do not know the path for the sharer. Now if we edit a share we start searching for shares for that user of that node. And deduce the permissions that way. * Intergration test added * Fix unit tests
Diffstat (limited to 'apps/files_sharing/api/share20ocs.php')
-rw-r--r--apps/files_sharing/api/share20ocs.php16
1 files changed, 16 insertions, 0 deletions
diff --git a/apps/files_sharing/api/share20ocs.php b/apps/files_sharing/api/share20ocs.php
index 588538fbb6c..f5834fb2831 100644
--- a/apps/files_sharing/api/share20ocs.php
+++ b/apps/files_sharing/api/share20ocs.php
@@ -594,6 +594,22 @@ class Share20OCS {
}
}
+ if ($permissions !== null) {
+ /* Check if this is an incomming share */
+ $incomingShares = $this->shareManager->getSharedWith($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_USER, $share->getNode(), -1, 0);
+ $incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0));
+
+ if (!empty($incomingShares)) {
+ $maxPermissions = 0;
+ foreach ($incomingShares as $incomingShare) {
+ $maxPermissions |= $incomingShare->getPermissions();
+ }
+
+ if ($share->getPermissions() & ~$maxPermissions) {
+ return new \OC_OCS_Result(null, 404, 'Cannot increase permissions');
+ }
+ }
+ }
try {