Skip to content

[stabel 14] Better check reshare permissions #16143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rullzer merged 4 commits into from
Jun 28, 2019
Merged

[stabel 14] Better check reshare permissions #16143

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d4f423d
Correctly check share permissions when updating a re-sub-share
nickvergessen Jun 21, 2019
8fb7247
Do not create folders with admin user
danxuliu Jun 21, 2019
61a9ff5
Add integration test for increasing sub reshare permissions
danxuliu Jun 21, 2019
be9d3fe
Update tests
rullzer Jun 28, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Correctly check share permissions when updating a re-sub-share 
Before this change the node you shared was checked for permissions.
This works when you reshare the folder that was shared with you.
However when you reshared a subfolder (e.g. as public link),
you could afterwards update the permissions and grant
create+update permissions although the share you receive was read-only.

Signed-off-by: Joas Schilling <[email protected]>
  • Loading branch information
@nickvergessen @rullzer
nickvergessen authored and rullzer committed Jun 28, 2019
commit d4f423d20b240b13ed36beacacb40dbe38763343
17 changes: 13 additions & 4 deletions apps/files_sharing/lib/Controller/ShareAPIController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -895,10 +895,19 @@ public function updateShare(
}

if ($permissions !== null && $share->getShareOwner() !== $this->currentUser) {
/* Check if this is an incomming share */
$incomingShares = $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_USER, $share->getNode(), -1, 0);
$incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0));
$incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_ROOM, $share->getNode(), -1, 0));
// Get the root mount point for the user and check the share permissions there
$userFolder = $this->rootFolder->getUserFolder($this->currentUser);
$userNodes = $userFolder->getById($share->getNodeId());
$userNode = array_shift($userNodes);

$userMountPointId = $userNode->getMountPoint()->getStorageRootId();
$userMountPoints = $userFolder->getById($userMountPointId);
$userMountPoint = array_shift($userMountPoints);

/* Check if this is an incoming share */
$incomingShares = $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_USER, $userMountPoint, -1, 0);
$incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_GROUP, $userMountPoint, -1, 0));
$incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_ROOM, $userMountPoint, -1, 0));

/** @var \OCP\Share\IShare[] $incomingShares */
if (!empty($incomingShares)) {
Expand Down