Merge pull request #46810 from nextcloud/refactor/files_sharing/security-attributes

author: Kate <26026535+provokateurin@users.noreply.github.com> 2024-08-01 09:55:55 +0200
committer: GitHub <noreply@github.com> 2024-08-01 09:55:55 +0200
commit: 553224b0a22756cb6b32ed967aa6385f0fe07202 (patch)
tree: a796bc3c95cd135efd0ac9d632621f27e3a18dbc /apps/files_sharing
parent: 5bfe8dfbb0138819655d7f61a5659022fcb1e987 (diff)
parent: 9128a23af11e42c8f77a7e156576b85a14d9f56d (diff)
download: nextcloud-server-553224b0a22756cb6b32ed967aa6385f0fe07202.tar.gz
nextcloud-server-553224b0a22756cb6b32ed967aa6385f0fe07202.zip
10 files changed, 57 insertions, 75 deletions
diff --git a/apps/files_sharing/lib/Controller/AcceptController.php b/apps/files_sharing/lib/Controller/AcceptController.php
index a7fb3c95a97..cdd10235a69 100644
--- a/apps/files_sharing/lib/Controller/AcceptController.php
+++ b/apps/files_sharing/lib/Controller/AcceptController.php
@@ -10,6 +10,8 @@ namespace OCA\Files_Sharing\Controller;
 
 use OCA\Files_Sharing\AppInfo\Application;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
 use OCP\AppFramework\Http\NotFoundResponse;
 use OCP\AppFramework\Http\RedirectResponse;
@@ -40,10 +42,8 @@ class AcceptController extends Controller {
 		$this->urlGenerator = $urlGenerator;
 	}
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 */
+	#[NoAdminRequired]
+	#[NoCSRFRequired]
 	public function accept(string $shareId): Response {
 		try {
 			$share = $this->shareManager->getShareById($shareId);
diff --git a/apps/files_sharing/lib/Controller/DeletedShareAPIController.php b/apps/files_sharing/lib/Controller/DeletedShareAPIController.php
index d1094b41a4d..b61f9995c02 100644
--- a/apps/files_sharing/lib/Controller/DeletedShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/DeletedShareAPIController.php
@@ -11,6 +11,7 @@ namespace OCA\Files_Sharing\Controller;
 use OCA\Files_Sharing\ResponseDefinitions;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
@@ -158,14 +159,13 @@ class DeletedShareAPIController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get a list of all deleted shares
 	 *
 	 * @return DataResponse<Http::STATUS_OK, Files_SharingDeletedShare[], array{}>
 	 *
 	 * 200: Deleted shares returned
 	 */
+	#[NoAdminRequired]
 	public function index(): DataResponse {
 		$groupShares = $this->shareManager->getDeletedSharedWith($this->userId, IShare::TYPE_GROUP, null, -1, 0);
 		$roomShares = $this->shareManager->getDeletedSharedWith($this->userId, IShare::TYPE_ROOM, null, -1, 0);
@@ -182,8 +182,6 @@ class DeletedShareAPIController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Undelete a deleted share
 	 *
 	 * @param string $id ID of the share
@@ -193,6 +191,7 @@ class DeletedShareAPIController extends OCSController {
 	 *
 	 * 200: Share undeleted successfully
 	 */
+	#[NoAdminRequired]
 	public function undelete(string $id): DataResponse {
 		try {
 			$share = $this->shareManager->getShareById($id, $this->userId);
diff --git a/apps/files_sharing/lib/Controller/ExternalSharesController.php b/apps/files_sharing/lib/Controller/ExternalSharesController.php
index f15f4196450..70e9eb5c465 100644
--- a/apps/files_sharing/lib/Controller/ExternalSharesController.php
+++ b/apps/files_sharing/lib/Controller/ExternalSharesController.php
@@ -7,6 +7,8 @@
 namespace OCA\Files_Sharing\Controller;
 
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\Http\Client\IClientService;
@@ -30,34 +32,34 @@ class ExternalSharesController extends Controller {
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @NoOutgoingFederatedSharingRequired
 	 *
 	 * @return JSONResponse
 	 */
+	#[NoAdminRequired]
 	public function index() {
 		return new JSONResponse($this->externalManager->getOpenShares());
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @NoOutgoingFederatedSharingRequired
 	 *
 	 * @param int $id
 	 * @return JSONResponse
 	 */
+	#[NoAdminRequired]
 	public function create($id) {
 		$this->externalManager->acceptShare($id);
 		return new JSONResponse();
 	}
 
 	/**
-	 * @NoAdminRequired
 	 * @NoOutgoingFederatedSharingRequired
 	 *
 	 * @param integer $id
 	 * @return JSONResponse
 	 */
+	#[NoAdminRequired]
 	public function destroy($id) {
 		$this->externalManager->declineShare($id);
 		return new JSONResponse();
@@ -93,13 +95,13 @@ class ExternalSharesController extends Controller {
 	}
 
 	/**
-	 * @PublicPage
 	 * @NoOutgoingFederatedSharingRequired
 	 * @NoIncomingFederatedSharingRequired
 	 *
 	 * @param string $remote
 	 * @return DataResponse
 	 */
+	#[PublicPage]
 	public function testRemote($remote) {
 		if (str_contains($remote, '#') || str_contains($remote, '?') || str_contains($remote, ';')) {
 			return new DataResponse(false);
diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php
index 3799cc9bf97..4dc3989f866 100644
--- a/apps/files_sharing/lib/Controller/PublicPreviewController.php
+++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php
@@ -6,6 +6,8 @@
 namespace OCA\Files_Sharing\Controller;
 
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\FileDisplayResponse;
 use OCP\AppFramework\PublicShareController;
@@ -60,9 +62,6 @@ class PublicPreviewController extends PublicShareController {
 
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
 	 * Get a preview for a shared file
 	 *
 	 * @param string $token Token of the share
@@ -77,6 +76,8 @@ class PublicPreviewController extends PublicShareController {
 	 * 403: Getting preview is not allowed
 	 * 404: Share or preview not found
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function getPreview(
 		string $token,
 		string $file = '',
@@ -123,8 +124,6 @@ class PublicPreviewController extends PublicShareController {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
 	 * @NoSameSiteCookieRequired
 	 *
 	 * Get a direct link preview for a shared file
@@ -137,6 +136,8 @@ class PublicPreviewController extends PublicShareController {
 	 * 403: Getting preview is not allowed
 	 * 404: Share or preview not found
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function directLink(string $token) {
 		// No token no image
 		if ($token === '') {
diff --git a/apps/files_sharing/lib/Controller/RemoteController.php b/apps/files_sharing/lib/Controller/RemoteController.php
index 890210e9225..fd3bdf15613 100644
--- a/apps/files_sharing/lib/Controller/RemoteController.php
+++ b/apps/files_sharing/lib/Controller/RemoteController.php
@@ -9,6 +9,7 @@ namespace OCA\Files_Sharing\Controller;
 use OCA\Files_Sharing\External\Manager;
 use OCA\Files_Sharing\ResponseDefinitions;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSForbiddenException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
@@ -21,8 +22,6 @@ use Psr\Log\LoggerInterface;
  */
 class RemoteController extends OCSController {
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Remote constructor.
 	 *
 	 * @param string $appName
@@ -39,21 +38,18 @@ class RemoteController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get list of pending remote shares
 	 *
 	 * @return DataResponse<Http::STATUS_OK, Files_SharingRemoteShare[], array{}>
 	 *
 	 * 200: Pending remote shares returned
 	 */
+	#[NoAdminRequired]
 	public function getOpenShares() {
 		return new DataResponse($this->externalManager->getOpenShares());
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Accept a remote share
 	 *
 	 * @param int $id ID of the share
@@ -62,6 +58,7 @@ class RemoteController extends OCSController {
 	 *
 	 * 200: Share accepted successfully
 	 */
+	#[NoAdminRequired]
 	public function acceptShare($id) {
 		if ($this->externalManager->acceptShare($id)) {
 			return new DataResponse();
@@ -74,8 +71,6 @@ class RemoteController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Decline a remote share
 	 *
 	 * @param int $id ID of the share
@@ -84,6 +79,7 @@ class RemoteController extends OCSController {
 	 *
 	 * 200: Share declined successfully
 	 */
+	#[NoAdminRequired]
 	public function declineShare($id) {
 		if ($this->externalManager->declineShare($id)) {
 			return new DataResponse();
@@ -117,14 +113,13 @@ class RemoteController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get a list of accepted remote shares
 	 *
 	 * @return DataResponse<Http::STATUS_OK, Files_SharingRemoteShare[], array{}>
 	 *
 	 * 200: Accepted remote shares returned
 	 */
+	#[NoAdminRequired]
 	public function getShares() {
 		$shares = $this->externalManager->getAcceptedShares();
 		$shares = array_map('self::extendShareInfo', $shares);
@@ -133,8 +128,6 @@ class RemoteController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get info of a remote share
 	 *
 	 * @param int $id ID of the share
@@ -143,6 +136,7 @@ class RemoteController extends OCSController {
 	 *
 	 * 200: Share returned
 	 */
+	#[NoAdminRequired]
 	public function getShare($id) {
 		$shareInfo = $this->externalManager->getShare($id);
 
@@ -155,8 +149,6 @@ class RemoteController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Unshare a remote share
 	 *
 	 * @param int $id ID of the share
@@ -166,6 +158,7 @@ class RemoteController extends OCSController {
 	 *
 	 * 200: Share unshared successfully
 	 */
+	#[NoAdminRequired]
 	public function unshare($id) {
 		$shareInfo = $this->externalManager->getShare($id);
 
diff --git a/apps/files_sharing/lib/Controller/SettingsController.php b/apps/files_sharing/lib/Controller/SettingsController.php
index 53e3e64b8c1..df0ca4f8472 100644
--- a/apps/files_sharing/lib/Controller/SettingsController.php
+++ b/apps/files_sharing/lib/Controller/SettingsController.php
@@ -10,6 +10,7 @@ namespace OCA\Files_Sharing\Controller;
 
 use OCA\Files_Sharing\AppInfo\Application;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\IConfig;
 use OCP\IRequest;
@@ -31,25 +32,19 @@ class SettingsController extends Controller {
 		$this->userId = $userId;
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
+	#[NoAdminRequired]
 	public function setDefaultAccept(bool $accept): JSONResponse {
 		$this->config->setUserValue($this->userId, Application::APP_ID, 'default_accept', $accept ? 'yes' : 'no');
 		return new JSONResponse();
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
+	#[NoAdminRequired]
 	public function setUserShareFolder(string $shareFolder): JSONResponse {
 		$this->config->setUserValue($this->userId, Application::APP_ID, 'share_folder', $shareFolder);
 		return new JSONResponse();
 	}
 
-	/**
-	 * @NoAdminRequired
-	 */
+	#[NoAdminRequired]
 	public function resetUserShareFolder(): JSONResponse {
 		$this->config->deleteUserValue($this->userId, Application::APP_ID, 'share_folder');
 		return new JSONResponse();
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 1e6750a5bce..d71e07c0d4d 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -424,8 +424,6 @@ class ShareAPIController extends OCSController {
 
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get a specific share by id
 	 *
 	 * @param string $id ID of the share
@@ -435,6 +433,7 @@ class ShareAPIController extends OCSController {
 	 *
 	 * 200: Share returned
 	 */
+	#[NoAdminRequired]
 	public function getShare(string $id, bool $include_tags = false): DataResponse {
 		try {
 			$share = $this->getShareById($id);
@@ -462,8 +461,6 @@ class ShareAPIController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Delete a share
 	 *
 	 * @param string $id ID of the share
@@ -473,6 +470,7 @@ class ShareAPIController extends OCSController {
 	 *
 	 * 200: Share deleted successfully
 	 */
+	#[NoAdminRequired]
 	public function deleteShare(string $id): DataResponse {
 		try {
 			$share = $this->getShareById($id);
@@ -508,8 +506,6 @@ class ShareAPIController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Create a share
 	 *
 	 * @param string|null $path Path of the share
@@ -535,6 +531,7 @@ class ShareAPIController extends OCSController {
 	 *
 	 * 200: Share created
 	 */
+	#[NoAdminRequired]
 	public function createShare(
 		?string $path = null,
 		?int $permissions = null,
@@ -893,8 +890,6 @@ class ShareAPIController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get shares of the current user
 	 *
 	 * @param string $shared_with_me Only get shares with the current user
@@ -908,6 +903,7 @@ class ShareAPIController extends OCSController {
 	 *
 	 * 200: Shares returned
 	 */
+	#[NoAdminRequired]
 	public function getShares(
 		string $shared_with_me = 'false',
 		string $reshares = 'false',
@@ -1030,8 +1026,6 @@ class ShareAPIController extends OCSController {
 
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get all shares relative to a file, including parent folders shares rights
 	 *
 	 * @param string $path Path all shares will be relative to
@@ -1044,6 +1038,7 @@ class ShareAPIController extends OCSController {
 	 *
 	 * 200: Shares returned
 	 */
+	#[NoAdminRequired]
 	public function getInheritedShares(string $path): DataResponse {
 		// get Node from (string) path.
 		$userFolder = $this->rootFolder->getUserFolder($this->currentUser);
@@ -1122,8 +1117,6 @@ class ShareAPIController extends OCSController {
 
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Update a share
 	 *
 	 * @param string $id ID of the share
@@ -1147,6 +1140,7 @@ class ShareAPIController extends OCSController {
 	 *
 	 * 200: Share updated successfully
 	 */
+	#[NoAdminRequired]
 	public function updateShare(
 		string $id,
 		?int $permissions = null,
@@ -1339,14 +1333,13 @@ class ShareAPIController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get all shares that are still pending
 	 *
 	 * @return DataResponse<Http::STATUS_OK, Files_SharingShare[], array{}>
 	 *
 	 * 200: Pending shares returned
 	 */
+	#[NoAdminRequired]
 	public function pendingShares(): DataResponse {
 		$pendingShares = [];
 
@@ -1392,8 +1385,6 @@ class ShareAPIController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Accept a share
 	 *
 	 * @param string $id ID of the share
@@ -1404,6 +1395,7 @@ class ShareAPIController extends OCSController {
 	 *
 	 * 200: Share accepted successfully
 	 */
+	#[NoAdminRequired]
 	public function acceptShare(string $id): DataResponse {
 		try {
 			$share = $this->getShareById($id);
@@ -2078,7 +2070,7 @@ class ShareAPIController extends OCSController {
 			if (!$this->canAccessShare($share, false)) {
 				throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
 			}
-	
+
 			if (!$this->canEditShare($share)) {
 				throw new OCSForbiddenException($this->l->t('You are not allowed to send mail notifications'));
 			}
@@ -2117,7 +2109,7 @@ class ShareAPIController extends OCSController {
 			} catch (Exception $e) {
 				throw new OCSException($this->l->t('Error while sending mail notification'));
 			}
-			
+
 		} catch (ShareNotFound $e) {
 			throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
 		}
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php
index 8a2e093849b..eef2f5f32bc 100644
--- a/apps/files_sharing/lib/Controller/ShareController.php
+++ b/apps/files_sharing/lib/Controller/ShareController.php
@@ -16,7 +16,9 @@ use OCA\Files_Sharing\Event\BeforeTemplateRenderedEvent;
 use OCA\Files_Sharing\Event\ShareLinkAccessedEvent;
 use OCP\Accounts\IAccountManager;
 use OCP\AppFramework\AuthPublicShareController;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\NotFoundResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\Defaults;
@@ -73,12 +75,11 @@ class ShareController extends AuthPublicShareController {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
 	 * Show the authentication page
 	 * The form has to submit to the authenticate method route
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function showAuthenticate(): TemplateResponse {
 		$templateParameters = ['share' => $this->share];
 
@@ -277,15 +278,13 @@ class ShareController extends AuthPublicShareController {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
-	 *
 	 * @param string $path
 	 * @return TemplateResponse
 	 * @throws NotFoundException
 	 * @throws \Exception
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function showShare($path = ''): TemplateResponse {
 		\OC_User::setIncognitoMode(true);
 
@@ -334,8 +333,6 @@ class ShareController extends AuthPublicShareController {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
 	 * @NoSameSiteCookieRequired
 	 *
 	 * @param string $token
@@ -345,6 +342,8 @@ class ShareController extends AuthPublicShareController {
 	 * @return void|\OCP\AppFramework\Http\Response
 	 * @throws NotFoundException
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
 		\OC_User::setIncognitoMode(true);
 
diff --git a/apps/files_sharing/lib/Controller/ShareInfoController.php b/apps/files_sharing/lib/Controller/ShareInfoController.php
index efec331c540..df93b485e11 100644
--- a/apps/files_sharing/lib/Controller/ShareInfoController.php
+++ b/apps/files_sharing/lib/Controller/ShareInfoController.php
@@ -9,6 +9,9 @@ use OCA\Files_External\NotFoundException;
 use OCA\Files_Sharing\ResponseDefinitions;
 use OCP\AppFramework\ApiController;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\BruteForceProtection;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
+use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\Constants;
 use OCP\Files\File;
@@ -42,10 +45,6 @@ class ShareInfoController extends ApiController {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 * @BruteForceProtection(action=shareinfo)
-	 *
 	 * Get the info about a share
 	 *
 	 * @param string $t Token of the share
@@ -58,6 +57,9 @@ class ShareInfoController extends ApiController {
 	 * 403: Getting share info is not allowed
 	 * 404: Share not found
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
+	#[BruteForceProtection(action: 'shareinfo')]
 	public function info(string $t, ?string $password = null, ?string $dir = null, int $depth = -1): JSONResponse {
 		try {
 			$share = $this->shareManager->getShareByToken($t);
diff --git a/apps/files_sharing/lib/Controller/ShareesAPIController.php b/apps/files_sharing/lib/Controller/ShareesAPIController.php
index 248487acce1..ec4192e94c1 100644
--- a/apps/files_sharing/lib/Controller/ShareesAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareesAPIController.php
@@ -12,6 +12,7 @@ use Generator;
 use OC\Collaboration\Collaborators\SearchResult;
 use OCA\Files_Sharing\ResponseDefinitions;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
 use OCP\AppFramework\OCSController;
@@ -86,8 +87,6 @@ class ShareesAPIController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Search for sharees
 	 *
 	 * @param string $search Text to search for
@@ -101,6 +100,7 @@ class ShareesAPIController extends OCSController {
 	 *
 	 * 200: Sharees search result returned
 	 */
+	#[NoAdminRequired]
 	public function search(string $search = '', ?string $itemType = null, int $page = 1, int $perPage = 200, $shareType = null, bool $lookup = false): DataResponse {
 
 		// only search for string larger than a given threshold
@@ -296,8 +296,6 @@ class ShareesAPIController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Find recommended sharees
 	 *
 	 * @param string $itemType Limit to specific item types
@@ -306,6 +304,7 @@ class ShareesAPIController extends OCSController {
 	 *
 	 * 200: Recommended sharees returned
 	 */
+	#[NoAdminRequired]
 	public function findRecommended(string $itemType, $shareType = null): DataResponse {
 		$shareTypes = [
 			IShare::TYPE_USER,
author	Kate <26026535+provokateurin@users.noreply.github.com>	2024-08-01 09:55:55 +0200
committer	GitHub <noreply@github.com>	2024-08-01 09:55:55 +0200
commit	553224b0a22756cb6b32ed967aa6385f0fe07202 (patch)
tree	a796bc3c95cd135efd0ac9d632621f27e3a18dbc /apps/files_sharing
parent	5bfe8dfbb0138819655d7f61a5659022fcb1e987 (diff)
parent	9128a23af11e42c8f77a7e156576b85a14d9f56d (diff)
download	nextcloud-server-553224b0a22756cb6b32ed967aa6385f0fe07202.tar.gz nextcloud-server-553224b0a22756cb6b32ed967aa6385f0fe07202.zip