diff options
author | Carl Schwan <carl@carlschwan.eu> | 2021-11-10 18:46:08 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-10 18:46:08 +0300 |
commit | 5169cf753d13a2e7f7447e74598782feed7a5964 (patch) | |
tree | 3664cf3f0a810ec83547a3a44f6d6887771e97f1 | |
parent | e3027bc9c2073212015c2ef6bc7a1527e8d967b4 (diff) | |
parent | 475112814efb5cbcf78626835ef51700f52308f5 (diff) |
Merge pull request #1742 from nextcloud/backport/1739/stable20
[stable20] Don't allow to permanantly delete files if the user can't delete files
-rw-r--r-- | lib/Trash/TrashBackend.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/Trash/TrashBackend.php b/lib/Trash/TrashBackend.php index 257c46ac..668c1317 100644 --- a/lib/Trash/TrashBackend.php +++ b/lib/Trash/TrashBackend.php @@ -154,7 +154,7 @@ class TrashBackend implements ITrashBackend { public function removeItem(ITrashItem $item) { $user = $item->getUser(); - list(, $folderId) = explode('/', $item->getTrashPath()); + [, $folderId] = explode('/', $item->getTrashPath()); $node = $this->getNodeForTrashItem($user, $item); if ($node === null) { throw new NotFoundException(); @@ -162,6 +162,10 @@ class TrashBackend implements ITrashBackend { if ($node->getStorage()->unlink($node->getInternalPath()) === false) { throw new \Exception('Failed to remove item from trashbin'); } + if (!$this->userHasAccessToPath($item->getUser(), $folderId . '/' . $item->getOriginalLocation(), Constants::PERMISSION_DELETE)) { + throw new NotPermittedException(); + } + $node->getStorage()->getCache()->remove($node->getInternalPath()); if ($item->isRootItem()) { $this->trashManager->removeItem($folderId, $item->getName(), $item->getDeletedTime()); |