summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2016-02-02 10:26:06 +0100
committerThomas Müller <thomas.mueller@tmit.eu>2016-02-02 10:26:06 +0100
commite60b217156aa0f2e037a3f9e23c8314e05cfbbd1 (patch)
tree94b05af345c3b847bb2222f8a2efbb7ad3ee23ed /apps
parent9861a7f6ccde73ad551a1d75b36baed3f9edf530 (diff)
parente3b5639fc19067e19191f21e9773eb9c1affc35d (diff)
downloadnextcloud-server-e60b217156aa0f2e037a3f9e23c8314e05cfbbd1.tar.gz
nextcloud-server-e60b217156aa0f2e037a3f9e23c8314e05cfbbd1.zip
Merge pull request #22015 from owncloud/share-no-permissions
Block shares that dont have the correct source permissions
Diffstat (limited to 'apps')
-rw-r--r--apps/files_sharing/lib/sharedstorage.php24
1 files changed, 18 insertions, 6 deletions
diff --git a/apps/files_sharing/lib/sharedstorage.php b/apps/files_sharing/lib/sharedstorage.php
index 3ae5749ea87..101503a03fb 100644
--- a/apps/files_sharing/lib/sharedstorage.php
+++ b/apps/files_sharing/lib/sharedstorage.php
@@ -32,6 +32,7 @@ namespace OC\Files\Storage;
use OC\Files\Filesystem;
use OCA\Files_Sharing\ISharedStorage;
+use OCP\Constants;
use OCP\Files\Cache\ICacheEntry;
use OCP\Files\Storage\IStorage;
use OCP\Lock\ILockingProvider;
@@ -83,6 +84,10 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage {
$this->sourceRootInfo = $this->sourceStorage->getCache()->get($sourceInternalPath);
}
+ private function isValid() {
+ return ($this->sourceRootInfo->getPermissions() & Constants::PERMISSION_SHARE) === Constants::PERMISSION_SHARE;
+ }
+
/**
* get id of the mount point
*
@@ -133,6 +138,9 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage {
* @return string|false source file path or false if not found
*/
public function getSourcePath($target) {
+ if (!$this->isValid()){
+ return false;
+ }
$source = $this->getFile($target);
if ($source) {
if (!isset($source['fullPath'])) {
@@ -157,6 +165,9 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage {
* @return int CRUDS permissions granted
*/
public function getPermissions($target = '') {
+ if (!$this->isValid()) {
+ return 0;
+ }
$permissions = $this->share['permissions'];
// part files and the mount point always have delete permissions
if ($target === '' || pathinfo($target, PATHINFO_EXTENSION) === 'part') {
@@ -253,13 +264,14 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage {
}
public function isReadable($path) {
- $isReadable = false;
- if ($source = $this->getSourcePath($path)) {
- list($storage, $internalPath) = \OC\Files\Filesystem::resolvePath($source);
- $isReadable = $storage->isReadable($internalPath);
+ if (!$this->isValid()) {
+ return false;
}
-
- return $isReadable && $this->file_exists($path);
+ if (!$this->file_exists($path)) {
+ return false;
+ }
+ list($storage, $internalPath) = $this->resolvePath($path);
+ return $storage->isReadable($internalPath);
}
public function isUpdatable($path) {