From ba0216d6cdcfd075dda3ae582b7ef84b7c449e03 Mon Sep 17 00:00:00 2001 From: nfebe Date: Mon, 2 Dec 2024 19:29:11 +0100 Subject: [PATCH] fix(share_api): Respect requested permissions or error out The share API currently always adds read permissions sent in share request with the argument that all shares must have read permissions. That this not true as link and email shares allowed not to. In addition to the above, there is a check that ensures any share which is not a link or email share must have read permissions. There is also protection for legacy integrations where if not permissions are sent at all default permissions are set. So it does not make sense to make any sort of additions to the permissions that a client has sent, as the response would be different from what they expect. Signed-off-by: nfebe --- .../lib/Controller/ShareAPIController.php | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index bfc462ec90171..2404fefe9ce29 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -645,9 +645,6 @@ public function createShare( throw new OCSNotFoundException($this->l->t('Invalid permissions')); } - // Shares always require read permissions - $permissions |= Constants::PERMISSION_READ; - if ($node instanceof \OCP\Files\File) { // Single file shares should never have delete or create permissions $permissions &= ~Constants::PERMISSION_DELETE; @@ -722,16 +719,6 @@ public function createShare( if ($node instanceof \OCP\Files\File) { throw new OCSNotFoundException($this->l->t('Public upload is only possible for publicly shared folders')); } - - $permissions = Constants::PERMISSION_READ | - Constants::PERMISSION_CREATE | - Constants::PERMISSION_UPDATE | - Constants::PERMISSION_DELETE; - } - - // TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones - if ($this->shareManager->outgoingServer2ServerSharesAllowed()) { - $permissions |= Constants::PERMISSION_SHARE; } $share->setPermissions($permissions);