diff options
| author | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-03-28 21:18:17 -0400 |
|---|---|---|
| committer | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-03-28 21:18:17 -0400 |
| commit | 5fef9dfc22eba8d62e5db412632927a523ebf7d5 (patch) | |
| tree | 7010360d7ec7972680285607b8a2a6f3485bcc35 /apps/files_sharing/lib_share.php | |
| parent | 60ba5508a4bfaf0581301a6240011060a7432997 (diff) | |
| download | nextcloud-server-5fef9dfc22eba8d62e5db412632927a523ebf7d5.tar.gz nextcloud-server-5fef9dfc22eba8d62e5db412632927a523ebf7d5.zip | |
Make users only able to share with users in groups they belong to
Diffstat (limited to 'apps/files_sharing/lib_share.php')
| -rw-r--r-- | apps/files_sharing/lib_share.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/apps/files_sharing/lib_share.php b/apps/files_sharing/lib_share.php index 42739bdfba9..673984f393b 100644 --- a/apps/files_sharing/lib_share.php +++ b/apps/files_sharing/lib_share.php @@ -52,8 +52,18 @@ class OC_Share { // Remove the owner from the list of users in the group $uid_shared_with = array_diff($uid_shared_with, array($uid_owner)); } else if (OC_User::userExists($uid_shared_with)) { - $gid = null; - $uid_shared_with = array($uid_shared_with); + $userGroups = OC_Group::getUserGroups($uid_owner); + // Check if the user is in one of the owner's groups + foreach ($userGroups as $group) { + if ($inGroup = OC_Group::inGroup($uid_shared_with, $group)) { + $gid = null; + $uid_shared_with = array($uid_shared_with); + break; + } + } + if (!$inGroup) { + throw new Exception("You can't share with ".$uid_shared_with); + } } else { throw new Exception($uid_shared_with." is not a user"); } |