diff options
Diffstat (limited to 'apps/files_sharing/lib')
| -rw-r--r-- | apps/files_sharing/lib/API/Share20OCS.php | 1 | ||||
| -rw-r--r-- | apps/files_sharing/lib/Controllers/ShareController.php | 14 |
2 files changed, 13 insertions, 2 deletions
diff --git a/apps/files_sharing/lib/API/Share20OCS.php b/apps/files_sharing/lib/API/Share20OCS.php index 90e1f19130c..b10c51ce2c9 100644 --- a/apps/files_sharing/lib/API/Share20OCS.php +++ b/apps/files_sharing/lib/API/Share20OCS.php @@ -602,6 +602,7 @@ class Share20OCS { if ($newPermissions !== null && $newPermissions !== \OCP\Constants::PERMISSION_READ && + $newPermissions !== (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) && $newPermissions !== (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) { $share->getNode()->unlock(ILockingProvider::LOCK_SHARED); return new \OC_OCS_Result(null, 400, $this->l->t('Can\'t change permissions for public share links')); diff --git a/apps/files_sharing/lib/Controllers/ShareController.php b/apps/files_sharing/lib/Controllers/ShareController.php index 96c0a0ca556..56f94b91c80 100644 --- a/apps/files_sharing/lib/Controllers/ShareController.php +++ b/apps/files_sharing/lib/Controllers/ShareController.php @@ -49,7 +49,6 @@ use OCP\ILogger; use OCP\IUserManager; use OCP\ISession; use OCP\IPreview; -use OCA\Files_Sharing\Helper; use OCP\Util; use OCA\Files_Sharing\Activity; use \OCP\Files\NotFoundException; @@ -253,6 +252,7 @@ class ShareController extends Controller { * @param string $path * @return TemplateResponse|RedirectResponse * @throws NotFoundException + * @throws \Exception */ public function showShare($token, $path = '') { \OC_User::setIncognitoMode(true); @@ -314,6 +314,7 @@ class ShareController extends Controller { $shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize()); // Show file list + $hideFileList = false; if ($share->getNode() instanceof \OCP\Files\Folder) { $shareTmpl['dir'] = $rootFolder->getRelativePath($path->getPath()); @@ -329,12 +330,14 @@ class ShareController extends Controller { $uploadLimit = Util::uploadLimit(); $maxUploadFilesize = min($freeSpace, $uploadLimit); + $hideFileList = $share->getPermissions() & \OCP\Constants::PERMISSION_READ ? false : true; $folder = new Template('files', 'list', ''); $folder->assign('dir', $rootFolder->getRelativePath($path->getPath())); $folder->assign('dirToken', $token); $folder->assign('permissions', \OCP\Constants::PERMISSION_READ); $folder->assign('isPublic', true); + $folder->assign('hideFileList', $hideFileList); $folder->assign('publicUploadEnabled', 'no'); $folder->assign('uploadMaxFilesize', $maxUploadFilesize); $folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize)); @@ -345,6 +348,8 @@ class ShareController extends Controller { $shareTmpl['folder'] = $folder->fetchPage(); } + $shareTmpl['hideFileList'] = $hideFileList; + $shareTmpl['shareOwner'] = $this->userManager->get($share->getShareOwner())->getDisplayName(); $shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', array('token' => $token)); $shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10); $shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true); @@ -369,13 +374,18 @@ class ShareController extends Controller { * @param string $files * @param string $path * @param string $downloadStartSecret - * @return void|RedirectResponse + * @return void|OCP\AppFramework\Http\Response + * @throws NotFoundException */ public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') { \OC_User::setIncognitoMode(true); $share = $this->shareManager->getShareByToken($token); + if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) { + return new OCP\AppFramework\Http\DataResponse('Share is read-only'); + } + // Share is password protected - check whether the user is permitted to access the share if ($share->getPassword() !== null && !$this->linkShareAuth($share)) { return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', |