diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2015-07-16 14:06:31 +0200 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2015-07-16 14:06:31 +0200 |
| commit | 558f1ec1ec8f901f47f0c44158661aa94ece2f50 (patch) | |
| tree | ef93be0c46671d6198217d180161d68e606ed39d /lib | |
| parent | f13ff381ae5a88099373f2c50b2406297b622567 (diff) | |
| parent | 4cbf10f392bcc31d8b24ebb0d3685dd2d6a992ea (diff) | |
| download | nextcloud-server-558f1ec1ec8f901f47f0c44158661aa94ece2f50.tar.gz nextcloud-server-558f1ec1ec8f901f47f0c44158661aa94ece2f50.zip | |
Merge pull request #17158 from owncloud/backport-15772-no-permission-restriction-for-owner
[stable8] Backport 15772 no permission restriction for owner
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/share/share.php | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 7e693380057..8d2a1d022d7 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -318,15 +318,15 @@ class Share extends \OC\Share\Constants { $shares = array(); $fileDependent = false; + $where = 'WHERE'; + $fileDependentWhere = ''; if ($itemType === 'file' || $itemType === 'folder') { $fileDependent = true; $column = 'file_source'; - $where = 'INNER JOIN `*PREFIX*filecache` ON `file_source` = `*PREFIX*filecache`.`fileid` '; - $where .= 'INNER JOIN `*PREFIX*storages` ON `numeric_id` = `*PREFIX*filecache`.`storage` '; - $where .= ' WHERE'; + $fileDependentWhere = 'INNER JOIN `*PREFIX*filecache` ON `file_source` = `*PREFIX*filecache`.`fileid` '; + $fileDependentWhere .= 'INNER JOIN `*PREFIX*storages` ON `numeric_id` = `*PREFIX*filecache`.`storage` '; } else { $column = 'item_source'; - $where = 'WHERE'; } $select = self::createSelectStatement(self::FORMAT_NONE, $fileDependent); @@ -349,7 +349,7 @@ class Share extends \OC\Share\Constants { $arguments[] = $owner; } - $query = \OC_DB::prepare('SELECT ' . $select . ' FROM `*PREFIX*share` '. $where); + $query = \OC_DB::prepare('SELECT ' . $select . ' FROM `*PREFIX*share` '. $fileDependentWhere . $where); $result = \OC_DB::executeAudited($query, $arguments); @@ -365,7 +365,7 @@ class Share extends \OC\Share\Constants { $groups = \OC_Group::getUserGroups($user); if (!empty($groups)) { - $where = 'WHERE `' . $column . '` = ? AND `item_type` = ? AND `share_with` in (?)'; + $where = $fileDependentWhere . ' WHERE `' . $column . '` = ? AND `item_type` = ? AND `share_with` in (?)'; $arguments = array($itemSource, $itemType, $groups); $types = array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY); @@ -379,7 +379,7 @@ class Share extends \OC\Share\Constants { // class isn't static anymore... $conn = \OC_DB::getConnection(); $result = $conn->executeQuery( - 'SELECT * FROM `*PREFIX*share` ' . $where, + 'SELECT ' . $select . ' FROM `*PREFIX*share` ' . $where, $arguments, $types ); @@ -2071,7 +2071,9 @@ class Share extends \OC\Share\Constants { \OC_Log::write('OCP\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR); throw new \Exception($message_t); } + } + if ($checkReshare && $checkReshare['uid_owner'] !== \OC_User::getUser()) { // Check if share permissions is granted if (self::isResharingAllowed() && (int)$checkReshare['permissions'] & \OCP\Constants::PERMISSION_SHARE) { if (~(int)$checkReshare['permissions'] & $permissions) { |