diff options
Diffstat (limited to 'core/Controller/PreviewController.php')
| -rw-r--r-- | core/Controller/PreviewController.php | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/core/Controller/PreviewController.php b/core/Controller/PreviewController.php index ea90be31078..aac49c06d57 100644 --- a/core/Controller/PreviewController.php +++ b/core/Controller/PreviewController.php @@ -152,15 +152,12 @@ class PreviewController extends Controller { // Is this header is set it means our UI is doing a preview for no-download shares // we check a header so we at least prevent people from using the link directly (obfuscation) - $isNextcloudPreview = $this->request->getHeader('X-NC-Preview') === 'true'; + $isNextcloudPreview = $this->request->getHeader('x-nc-preview') === 'true'; $storage = $node->getStorage(); if ($isNextcloudPreview === false && $storage->instanceOfStorage(ISharedStorage::class)) { /** @var ISharedStorage $storage */ $share = $storage->getShare(); - $attributes = $share->getAttributes(); - // No "allow preview" header set, so we must check if - // the share has not explicitly disabled download permissions - if ($attributes?->getAttribute('permissions', 'download') === false) { + if (!$share->canSeeContent()) { return new DataResponse([], Http::STATUS_FORBIDDEN); } } |