diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2019-07-03 20:07:05 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-03 20:07:05 +0200 |
| commit | c5c14d09b190d3e8e1fe5e8e6aff7e95b0ac6f20 (patch) | |
| tree | fa85a64fb55855ef4f825fe611e4e333df7a51a0 /lib | |
| parent | a528942c2473ce25f0252b70bcf6a613e17195a6 (diff) | |
| parent | 87836472d377bacbb0194134173855e0d255ee75 (diff) | |
| download | nextcloud-server-c5c14d09b190d3e8e1fe5e8e6aff7e95b0ac6f20.tar.gz nextcloud-server-c5c14d09b190d3e8e1fe5e8e6aff7e95b0ac6f20.zip | |
Merge pull request #16186 from nextcloud/bugfix/noid/also-check-permissions-when-creating-a-share
Better check reshare permissions part2
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Share20/Manager.php | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index df9a06e3a96..bd174069778 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -269,11 +269,13 @@ class Manager implements IManager { // And you can't share your rootfolder if ($this->userManager->userExists($share->getSharedBy())) { - $sharedPath = $this->rootFolder->getUserFolder($share->getSharedBy())->getPath(); + $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy()); + $userFolderPath = $userFolder->getPath(); } else { - $sharedPath = $this->rootFolder->getUserFolder($share->getShareOwner())->getPath(); + $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner()); + $userFolderPath = $userFolder->getPath(); } - if ($sharedPath === $share->getNode()->getPath()) { + if ($userFolderPath === $share->getNode()->getPath()) { throw new \InvalidArgumentException('You can’t share your root folder'); } @@ -288,15 +290,35 @@ class Manager implements IManager { throw new \InvalidArgumentException('A share requires permissions'); } - /* - * Quick fix for #23536 - * Non moveable mount points do not have update and delete permissions - * while we 'most likely' do have that on the storage. - */ - $permissions = $share->getNode()->getPermissions(); $mount = $share->getNode()->getMountPoint(); - if (!($mount instanceof MoveableMount)) { - $permissions |= \OCP\Constants::PERMISSION_DELETE | \OCP\Constants::PERMISSION_UPDATE; + if ($share->getNode()->getOwner()->getUID() !== $share->getSharedBy()) { + // When it's a reshare use the parent share permissions as maximum + $userMountPointId = $mount->getStorageRootId(); + $userMountPoints = $userFolder->getById($userMountPointId); + $userMountPoint = array_shift($userMountPoints); + + /* Check if this is an incoming share */ + $incomingShares = $this->getSharedWith($share->getSharedBy(), Share::SHARE_TYPE_USER, $userMountPoint, -1, 0); + $incomingShares = array_merge($incomingShares, $this->getSharedWith($share->getSharedBy(), Share::SHARE_TYPE_GROUP, $userMountPoint, -1, 0)); + $incomingShares = array_merge($incomingShares, $this->getSharedWith($share->getSharedBy(), Share::SHARE_TYPE_ROOM, $userMountPoint, -1, 0)); + + /** @var \OCP\Share\IShare[] $incomingShares */ + if (!empty($incomingShares)) { + $permissions = 0; + foreach ($incomingShares as $incomingShare) { + $permissions |= $incomingShare->getPermissions(); + } + } + } else { + /* + * Quick fix for #23536 + * Non moveable mount points do not have update and delete permissions + * while we 'most likely' do have that on the storage. + */ + $permissions = $share->getNode()->getPermissions(); + if (!($mount instanceof MoveableMount)) { + $permissions |= \OCP\Constants::PERMISSION_DELETE | \OCP\Constants::PERMISSION_UPDATE; + } } // Check that we do not share with more permissions than we have |