mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #12563 from nextcloud/backport/12544/stable12 

[12] Handle permission in update of share better
This commit is contained in:
Roeland Jago Douma 2018-11-21 08:57:50 +01:00 committed by GitHub
parent a54c7fda54 68d3ffd16c
commit 1be7c88446
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/files_sharing/lib/Controller/ShareAPIController.php
View File

@ -680,6 +680,10 @@ class ShareAPIController extends OCSController {
throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist')); throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist'));
} }
if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) {
throw new OCSForbiddenException('You are not allowed to edit incomming shares');
}
if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) { if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) {
throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given')); throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
} }