From 475112814efb5cbcf78626835ef51700f52308f5 Mon Sep 17 00:00:00 2001
From: Carl Schwan <carl@carlschwan.eu>
Date: Wed, 10 Nov 2021 14:34:24 +0100
Subject: Don't allow to permanantly delete files if the user can't delete
 files

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
---
 lib/Trash/TrashBackend.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/Trash/TrashBackend.php b/lib/Trash/TrashBackend.php
index 257c46ac..668c1317 100644
--- a/lib/Trash/TrashBackend.php
+++ b/lib/Trash/TrashBackend.php
@@ -154,7 +154,7 @@ class TrashBackend implements ITrashBackend {
 
 	public function removeItem(ITrashItem $item) {
 		$user = $item->getUser();
-		list(, $folderId) = explode('/', $item->getTrashPath());
+		[, $folderId] = explode('/', $item->getTrashPath());
 		$node = $this->getNodeForTrashItem($user, $item);
 		if ($node === null) {
 			throw new NotFoundException();
@@ -162,6 +162,10 @@ class TrashBackend implements ITrashBackend {
 		if ($node->getStorage()->unlink($node->getInternalPath()) === false) {
 			throw new \Exception('Failed to remove item from trashbin');
 		}
+		if (!$this->userHasAccessToPath($item->getUser(), $folderId . '/' . $item->getOriginalLocation(), Constants::PERMISSION_DELETE)) {
+			throw new NotPermittedException();
+		}
+
 		$node->getStorage()->getCache()->remove($node->getInternalPath());
 		if ($item->isRootItem()) {
 			$this->trashManager->removeItem($folderId, $item->getName(), $item->getDeletedTime());
-- 
cgit v1.2.3