Merge pull request #260 from nextcloud/fix-versions-stable9

[stable9] check permissions before rollback
2016-06-30 17:15:28 +02:00 · 2016-06-30 17:15:28 +02:00 · d52343fc4e
parent 912f07e2a9 1208953ba1
commit d52343fc4e
1 changed files with 11 additions and 5 deletions
--- a/apps/files_versions/lib/storage.php
+++ b/apps/files_versions/lib/storage.php
@ -325,6 +325,13 @@ class Storage {
 			$files_view = new View('/'. User::getUser().'/files');
 			$versionCreated = false;

+			$fileInfo = $files_view->getFileInfo($file);
+
+			// check if user has the permissions to revert a version
+			if (!$fileInfo->isUpdateable()) {
+				return false;
+			}
+
 			//first create a new version
 			$version = 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename);
 			if (!$users_view->file_exists($version)) {
@ -338,10 +345,9 @@ class Storage {
 			// This has to happen manually here since the file is manually copied below
 			$oldVersion = $users_view->getFileInfo($fileToRestore)->getEncryptedVersion();
 			$oldFileInfo = $users_view->getFileInfo($fileToRestore);
-			$newFileInfo = $files_view->getFileInfo($filename);
-			$cache = $newFileInfo->getStorage()->getCache();
+			$cache = $fileInfo->getStorage()->getCache();
 			$cache->update(
-				$newFileInfo->getId(), [
+				$fileInfo->getId(), [
 					'encrypted' => $oldVersion,
 					'encryptedVersion' => $oldVersion,
 					'size' => $oldFileInfo->getSize()