Skip to content

Do not allow to delete/update group shares as a group member #637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MorrisJobke merged 2 commits into from
Aug 2, 2016
Merged

Do not allow to delete/update group shares as a group member #637

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4e5fb74
Do not allow to delete/update group shares as a group member
nickvergessen Jul 28, 2016
1088870
Add intergration test
rullzer Aug 2, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Do not allow to delete/update group shares as a group member
  • Loading branch information
@nickvergessen @rullzer
nickvergessen authored and rullzer committed Aug 2, 2016
commit 4e5fb74773ef83ef1256f68be9a6a054b10a9cc2
8 changes: 4 additions & 4 deletions apps/files_sharing/lib/API/Share20OCS.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ public function deleteShare($id) {
return new \OC_OCS_Result(null, 404, 'could not delete share');
}

if (!$this->canAccessShare($share)) {
if (!$this->canAccessShare($share, false)) {
$share->getNode()->unlock(ILockingProvider::LOCK_SHARED);
return new \OC_OCS_Result(null, 404, $this->l->t('Could not delete share'));
}
Expand Down Expand Up @@ -573,7 +573,7 @@ public function updateShare($id) {

$share->getNode()->lock(\OCP\Lock\ILockingProvider::LOCK_SHARED);

if (!$this->canAccessShare($share)) {
if (!$this->canAccessShare($share, false)) {
$share->getNode()->unlock(ILockingProvider::LOCK_SHARED);
return new \OC_OCS_Result(null, 404, $this->l->t('Wrong share ID, share doesn\'t exist'));
}
Expand Down Expand Up @@ -703,7 +703,7 @@ public function updateShare($id) {
* @param \OCP\Share\IShare $share
* @return bool
*/
protected function canAccessShare(\OCP\Share\IShare $share) {
protected function canAccessShare(\OCP\Share\IShare $share, $checkGroups = true) {
// A file with permissions 0 can't be accessed by us. So Don't show it
if ($share->getPermissions() === 0) {
return false;
Expand All @@ -722,7 +722,7 @@ protected function canAccessShare(\OCP\Share\IShare $share) {
return true;
}

if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) {
if ($checkGroups && $share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) {
$sharedWith = $this->groupManager->get($share->getSharedWith());
if ($sharedWith->inGroup($this->currentUser)) {
return true;
Expand Down