Handle permission in update of share better
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
a7ea73c95a
commit
68d3ffd16c
|
@ -680,6 +680,10 @@ class ShareAPIController extends OCSController {
|
||||||
throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist'));
|
throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) {
|
||||||
|
throw new OCSForbiddenException('You are not allowed to edit incomming shares');
|
||||||
|
}
|
||||||
|
|
||||||
if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) {
|
if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) {
|
||||||
throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
|
throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue