diff options
Diffstat (limited to 'lib/Controller/OCSController.php')
-rw-r--r-- | lib/Controller/OCSController.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/Controller/OCSController.php b/lib/Controller/OCSController.php index 20927f4f..dfe8a16f 100644 --- a/lib/Controller/OCSController.php +++ b/lib/Controller/OCSController.php @@ -32,6 +32,7 @@ use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCS\OCSNotFoundException; +use OCP\Constants; use OCP\Files\File; use OCP\Files\Folder; use OCP\Files\IRootFolder; @@ -169,6 +170,10 @@ class OCSController extends \OCP\AppFramework\OCSController { throw new OCSForbiddenException(); } + if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) { + throw new OCSForbiddenException(); + } + $node = $share->getNode(); if ($node instanceof Folder) { $node = $node->get($path); @@ -214,6 +219,10 @@ class OCSController extends \OCP\AppFramework\OCSController { $node = $node->get($path); } + if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) { + return new DataResponse([], Http::STATUS_FORBIDDEN); + } + $direct = $this->directMapper->newDirect(null, $node->getId(), null, $shareToken, $initiatorServer, $initiatorToken); return new DataResponse([ |