From bf5e9357fc5dacc0bc951e7c60fe7105533a56fb Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Tue, 27 May 2014 11:05:31 +0200
Subject: don't allow to share single files with delete permissions, user
 should only be possible to unshare a single file but never to delete it

---
 apps/files_sharing/lib/sharedstorage.php | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

(limited to 'apps/files_sharing/lib')

diff --git a/apps/files_sharing/lib/sharedstorage.php b/apps/files_sharing/lib/sharedstorage.php
index 2418b830cbc..c5b5060893a 100644
--- a/apps/files_sharing/lib/sharedstorage.php
+++ b/apps/files_sharing/lib/sharedstorage.php
@@ -128,7 +128,18 @@ class Shared extends \OC\Files\Storage\Common {
 		return false;
 	}
 
+	/**
+	 * Delete the directory if DELETE permission is granted
+	 * @param string $path
+	 * @return boolean
+	 */
 	public function rmdir($path) {
+
+		// never delete a share mount point
+		if(empty($path)) {
+			return false;
+		}
+
 		if (($source = $this->getSourcePath($path)) && $this->isDeletable($path)) {
 			list($storage, $internalPath) = \OC\Files\Filesystem::resolvePath($source);
 			return $storage->rmdir($internalPath);
@@ -256,9 +267,17 @@ class Shared extends \OC\Files\Storage\Common {
 		return false;
 	}
 
+	/**
+	 * Delete the file if DELETE permission is granted
+	 * @param string $path
+	 * @return boolean
+	 */
 	public function unlink($path) {
-		// Delete the file if DELETE permission is granted
-		$path = ($path === false) ? '' : $path;
+
+		// never delete a share mount point
+		if (empty($path)) {
+			return false;
+		}
 		if ($source = $this->getSourcePath($path)) {
 			if ($this->isDeletable($path)) {
 				list($storage, $internalPath) = \OC\Files\Filesystem::resolvePath($source);
-- 
cgit v1.2.3