Merge pull request #12561 from nextcloud/backport/12544/stable14

[14] Handle permission in update of share better
This commit is contained in:
Roeland Jago Douma 2018-11-21 08:58:02 +01:00 committed by GitHub
commit 4044ac3b71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions

View File

@ -773,6 +773,10 @@ class ShareAPIController extends OCSController {
throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist'));
}
if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) {
throw new OCSForbiddenException('You are not allowed to edit incomming shares');
}
if ($permissions === null && $password === null && $sendPasswordByTalk === null && $publicUpload === null && $expireDate === null && $note === null) {
throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
}