Do not retrieve shares through group if user has no group

1 files changed, 22 insertions, 20 deletions

diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index e5f350a24fb..c9f9654203e 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -337,27 +337,29 @@ class Share extends \OC\Share\Constants {
 		if(empty($shares) && $user !== null) {
 			$groups = \OC_Group::getUserGroups($user);
 
-			$where = 'WHERE `' . $column . '` = ? AND `item_type` = ? AND `share_with` in (?)';
-			$arguments = array($itemSource, $itemType, $groups);
-			$types = array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY);
-
-			if ($owner !== null) {
-				$where .= ' AND `uid_owner` = ?';
-				$arguments[] = $owner;
-				$types[] = null;
-			}
-
-			// TODO: inject connection, hopefully one day in the future when this
-			// class isn't static anymore...
-			$conn = \OC_DB::getConnection();
-			$result = $conn->executeQuery(
-				'SELECT * FROM `*PREFIX*share` ' . $where,
-				$arguments,
-				$types
-			);
+			if (!empty($groups)) {
+				$where = 'WHERE `' . $column . '` = ? AND `item_type` = ? AND `share_with` in (?)';
+				$arguments = array($itemSource, $itemType, $groups);
+				$types = array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY);
+
+				if ($owner !== null) {
+					$where .= ' AND `uid_owner` = ?';
+					$arguments[] = $owner;
+					$types[] = null;
+				}
 
-			while ($row = $result->fetch()) {
-				$shares[] = $row;
+				// TODO: inject connection, hopefully one day in the future when this
+				// class isn't static anymore...
+				$conn = \OC_DB::getConnection();
+				$result = $conn->executeQuery(
+					'SELECT * FROM `*PREFIX*share` ' . $where,
+					$arguments,
+					$types
+				);
+
+				while ($row = $result->fetch()) {
+					$shares[] = $row;
+				}
 			}
 		}