Check if resharing is allowed by the admin, fixes issue #341

lib/public/share.php

@@ -58,6 +58,7 @@ class Share {
 	private static $shareTypeGroupUserUnique = 2;
 	private static $backends = array();
 	private static $backendTypes = array();
+	private static $isResharingAllowed;
 
 	/**
 	* @brief Register a sharing backend class that implements OCP\Share_Backend for an item type
@@ -482,6 +483,24 @@ class Share {
 		throw new \Exception($message);
 	}
 
+	/**
+	* @brief Check if resharing is allowed
+	* @return Returns true if allowed or false
+	*
+	* Resharing is allowed by default if not configured
+	*
+	*/
+	private static function isResharingAllowed() {
+		if (!isset(self::$isResharingAllowed)) {
+			if (\OC_Appconfig::getValue('core', 'shareapi_allow_resharing', 'yes') == 'yes') {
+				self::$isResharingAllowed = true;
+			} else {
+				self::$isResharingAllowed = false;
+			}
+		}
+		return self::$isResharingAllowed;
+	}
+
 	/**
 	* @brief Get a list of collection item types for the specified item type
 	* @param string Item type
@@ -726,6 +745,10 @@ class Share {
 					continue;
 				}
 			}
+			// Check if resharing is allowed, if not remove share permission
+			if (isset($row['permissions']) && !self::isResharingAllowed()) {
+				$row['permissions'] &= ~self::PERMISSION_SHARE;
+			}
 			$items[$row['id']] = $row;
 		}
 		if (!empty($items)) {
@@ -844,7 +867,7 @@ class Share {
 				throw new \Exception($message);
 			}
 			// Check if share permissions is granted
-			if ((int)$checkReshare['permissions'] & self::PERMISSION_SHARE) {
+			if (self::isResharingAllowed() && (int)$checkReshare['permissions'] & self::PERMISSION_SHARE) {
 				if (~(int)$checkReshare['permissions'] & $permissions) {
 					$message = 'Sharing '.$itemSource.' failed, because the permissions exceed permissions granted to '.$uidOwner;
 					\OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);