Skip to content

Commit

Permalink
fix(share_api): Respect requested permissions or error out
Browse files Browse the repository at this point in the history
The share API currently always adds read permissions sent in share request with the argument that
all shares must have read permissions. That this not true as link and email shares allowed not to.

In addition to the above, there is a check that ensures any share which is not a link or email share
must have read permissions. There is also protection for legacy integrations where if not permissions are sent
at all default permissions are set.

So it does not make sense to make any sort of additions to the permissions that a client has sent, as the
response would be different from what they expect.

Signed-off-by: nfebe <fenn25.fn@gmail.com>
  • Loading branch information
nfebe committed Dec 2, 2024
1 parent fbfe307 commit ba0216d
Showing 1 changed file with 0 additions and 13 deletions.
13 changes: 0 additions & 13 deletions apps/files_sharing/lib/Controller/ShareAPIController.php
Original file line number Diff line number Diff line change
Expand Up @@ -645,9 +645,6 @@ public function createShare(
throw new OCSNotFoundException($this->l->t('Invalid permissions'));
}

// Shares always require read permissions
$permissions |= Constants::PERMISSION_READ;

if ($node instanceof \OCP\Files\File) {
// Single file shares should never have delete or create permissions
$permissions &= ~Constants::PERMISSION_DELETE;
Expand Down Expand Up @@ -722,16 +719,6 @@ public function createShare(
if ($node instanceof \OCP\Files\File) {
throw new OCSNotFoundException($this->l->t('Public upload is only possible for publicly shared folders'));
}

$permissions = Constants::PERMISSION_READ |
Constants::PERMISSION_CREATE |
Constants::PERMISSION_UPDATE |
Constants::PERMISSION_DELETE;
}

// TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones
if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
$permissions |= Constants::PERMISSION_SHARE;
}

$share->setPermissions($permissions);
Expand Down

0 comments on commit ba0216d

Please sign in to comment.