diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-06-23 15:43:21 +0200 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2016-06-24 09:48:48 +0200 |
| commit | 955635c7aaaf932c698069a08ff8f218f0ea990c (patch) | |
| tree | 3c7d63791490f9311044c7370f234388baba9fff /apps/files_sharing/lib/API | |
| parent | dc78d26f2abec23e68b5dd3011f698d7b9f6e6a3 (diff) | |
| download | nextcloud-server-955635c7aaaf932c698069a08ff8f218f0ea990c.tar.gz nextcloud-server-955635c7aaaf932c698069a08ff8f218f0ea990c.zip | |
Add explicit delete permission to link shares
Link shares always allowed deletion, however internally the permissions
were stored as 7 which lacked delete permissions. This created an
inconsistency in the Webdav permissions.
This fix makes sure we include delete permissions in the share
permissions, which now become 15.
In case a client is still passing 7 for legacy reasons, it gets
converted automatically to 15.
Diffstat (limited to 'apps/files_sharing/lib/API')
| -rw-r--r-- | apps/files_sharing/lib/API/Share20OCS.php | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/apps/files_sharing/lib/API/Share20OCS.php b/apps/files_sharing/lib/API/Share20OCS.php index 53b27aae0b8..436b8d15ac8 100644 --- a/apps/files_sharing/lib/API/Share20OCS.php +++ b/apps/files_sharing/lib/API/Share20OCS.php @@ -354,7 +354,8 @@ class Share20OCS { $share->setPermissions( \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | - \OCP\Constants::PERMISSION_UPDATE + \OCP\Constants::PERMISSION_UPDATE | + \OCP\Constants::PERMISSION_DELETE ); } else { $share->setPermissions(\OCP\Constants::PERMISSION_READ); @@ -591,7 +592,7 @@ class Share20OCS { $newPermissions = null; if ($publicUpload === 'true') { - $newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE; + $newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE; } else if ($publicUpload === 'false') { $newPermissions = \OCP\Constants::PERMISSION_READ; } @@ -602,12 +603,21 @@ class Share20OCS { if ($newPermissions !== null && $newPermissions !== \OCP\Constants::PERMISSION_READ && - $newPermissions !== (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) { + // legacy + $newPermissions !== (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) && + // correct + $newPermissions !== (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE) + ) { $share->getNode()->unlock(ILockingProvider::LOCK_SHARED); return new \OC_OCS_Result(null, 400, $this->l->t('Can\'t change permissions for public share links')); } - if ($newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) { + if ( + // legacy + $newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) || + // correct + $newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE) + ) { if (!$this->shareManager->shareApiLinkAllowPublicUpload()) { $share->getNode()->unlock(ILockingProvider::LOCK_SHARED); return new \OC_OCS_Result(null, 403, $this->l->t('Public upload disabled by the administrator')); @@ -617,6 +627,9 @@ class Share20OCS { $share->getNode()->unlock(ILockingProvider::LOCK_SHARED); return new \OC_OCS_Result(null, 400, $this->l->t('Public upload is only possible for publicly shared folders')); } + + // normalize to correct public upload permissions + $newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE; } if ($newPermissions !== null) { |