From 2be421785ff93169aea56f4ddc2760df1d380bf3 Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <opensource@fthiessen.de>
Date: Fri, 15 Mar 2024 15:51:15 +0100
Subject: fix(files_sharing): ShareesAPI - Return empty response when user is
 not allowed to share

Resolves: https://github.com/nextcloud/server/issues/20950

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
---
 .../lib/Controller/ShareesAPIController.php        | 33 ++++++----------------
 1 file changed, 9 insertions(+), 24 deletions(-)

(limited to 'apps/files_sharing/lib/Controller')

diff --git a/apps/files_sharing/lib/Controller/ShareesAPIController.php b/apps/files_sharing/lib/Controller/ShareesAPIController.php
index 00bc85e4a96..de601607f2c 100644
--- a/apps/files_sharing/lib/Controller/ShareesAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareesAPIController.php
@@ -64,18 +64,6 @@ use function usort;
  */
 class ShareesAPIController extends OCSController {
 
-	/** @var string */
-	protected $userId;
-
-	/** @var IConfig */
-	protected $config;
-
-	/** @var IURLGenerator */
-	protected $urlGenerator;
-
-	/** @var IManager */
-	protected $shareManager;
-
 	/** @var int */
 	protected $offset = 0;
 
@@ -105,8 +93,6 @@ class ShareesAPIController extends OCSController {
 	];
 
 	protected $reachedEndFor = [];
-	/** @var ISearch */
-	private $collaboratorSearch;
 
 	/**
 	 * @param string $UserId
@@ -118,20 +104,15 @@ class ShareesAPIController extends OCSController {
 	 * @param ISearch $collaboratorSearch
 	 */
 	public function __construct(
-		$UserId,
 		string $appName,
 		IRequest $request,
-		IConfig $config,
-		IURLGenerator $urlGenerator,
-		IManager $shareManager,
-		ISearch $collaboratorSearch
+		protected string $userId,
+		protected IConfig $config,
+		protected IURLGenerator $urlGenerator,
+		protected IManager $shareManager,
+		protected ISearch $collaboratorSearch,
 	) {
 		parent::__construct($appName, $request);
-		$this->userId = $UserId;
-		$this->config = $config;
-		$this->urlGenerator = $urlGenerator;
-		$this->shareManager = $shareManager;
-		$this->collaboratorSearch = $collaboratorSearch;
 	}
 
 	/**
@@ -158,6 +139,10 @@ class ShareesAPIController extends OCSController {
 			return new DataResponse($this->result);
 		}
 
+		if ($this->shareManager->sharingDisabledForUser($this->userId)) {
+			return new DataResponse($this->result);
+		}
+
 		// never return more than the max. number of results configured in the config.php
 		$maxResults = $this->config->getSystemValueInt('sharing.maxAutocompleteResults', Constants::SHARING_MAX_AUTOCOMPLETE_RESULTS_DEFAULT);
 		if ($maxResults > 0) {
-- 
cgit v1.2.3