From bb37954abb8f2d497c48dd3195644e5bb068bcec Mon Sep 17 00:00:00 2001
From: skjnldsv <skjnldsv@protonmail.com>
Date: Thu, 22 Aug 2024 10:02:37 +0200
Subject: fix(files_sharing): adjust permissions from custom edit and delete
 check methods

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
---
 .../files_sharing/lib/Controller/ShareAPIController.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'apps/files_sharing/lib/Controller')

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index d40b3d862ee..9ca9774013c 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -158,6 +158,23 @@ class ShareAPIController extends OCSController {
 		if ($isOwnShare) {
 			$result['item_permissions'] = $node->getPermissions();
 		}
+		
+		// If we're on the recipient side, the node permissions
+		// are bound to the share permissions. So we need to
+		// adjust the permissions to the share permissions if necessary.
+		if (!$isOwnShare) {
+			$result['item_permissions'] = $share->getPermissions();
+
+			// For some reason, single files share are forbidden to have the delete permission
+			// since we have custom methods to check those, let's adjust straight away.
+			// DAV permissions does not have that issue though.
+			if ($this->canDeleteShare($share) || $this->canDeleteShareFromSelf($share)) {
+				$result['item_permissions'] |= Constants::PERMISSION_DELETE;
+			}
+			if ($this->canEditShare($share)) {
+				$result['item_permissions'] |= Constants::PERMISSION_UPDATE;
+			}
+		}
 
 		// See MOUNT_ROOT_PROPERTYNAME dav property
 		$result['is-mount-root'] = $node->getInternalPath() === '';
-- 
cgit v1.2.3