diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-11-20 09:42:01 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-11-20 09:42:01 +0100 |
| commit | a343a60a6886162c3556e5cff5a12d6218804a58 (patch) | |
| tree | f65e72e617da0090df9ca1a0aa356a26524b2108 /apps | |
| parent | c9af398644389b954c0974f816fa9aa6033922c3 (diff) | |
| download | nextcloud-server-a343a60a6886162c3556e5cff5a12d6218804a58.tar.gz nextcloud-server-a343a60a6886162c3556e5cff5a12d6218804a58.zip | |
Handle permission in update of share better
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareAPIController.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index e33f93e8ce6..2bd535e319f 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -808,6 +808,10 @@ class ShareAPIController extends OCSController { throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist')); } + if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) { + throw new OCSForbiddenException('You are not allowed to edit incomming shares'); + } + if ($permissions === null && $password === null && $sendPasswordByTalk === null && |