diff options
author | Joas Schilling <coding@schilljs.com> | 2016-08-03 10:22:18 +0300 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2016-08-03 10:22:18 +0300 |
commit | a5471b4a3e3f30e99e4de39c97c0c3b3c2f1618f (patch) | |
tree | b06def724bd56fe727e36672f1a5d50775da0967 | |
parent | 37d12772521ac08ffdc35d25f9b110074dbf6141 (diff) |
Do not allow to delete/update group shares as a group member
-rw-r--r-- | apps/files_sharing/api/share20ocs.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/apps/files_sharing/api/share20ocs.php b/apps/files_sharing/api/share20ocs.php index 01cb15a8ac8..6a5a1546c32 100644 --- a/apps/files_sharing/api/share20ocs.php +++ b/apps/files_sharing/api/share20ocs.php @@ -240,7 +240,7 @@ class Share20OCS { } } - if (!$this->canAccessShare($share)) { + if (!$this->canAccessShare($share, false)) { return new \OC_OCS_Result(null, 404, 'could not delete share'); } @@ -564,7 +564,7 @@ class Share20OCS { } } - if (!$this->canAccessShare($share)) { + if (!$this->canAccessShare($share, false)) { return new \OC_OCS_Result(null, 404, 'wrong share Id, share doesn\'t exist.'); } @@ -669,9 +669,10 @@ class Share20OCS { /** * @param \OCP\Share\IShare $share + * @param bool $checkGroups * @return bool */ - protected function canAccessShare(\OCP\Share\IShare $share) { + protected function canAccessShare(\OCP\Share\IShare $share, $checkGroups = true) { // A file with permissions 0 can't be accessed by us. So Don't show it if ($share->getPermissions() === 0) { return false; @@ -690,7 +691,7 @@ class Share20OCS { return true; } - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { + if ($checkGroups && $share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { $sharedWith = $this->groupManager->get($share->getSharedWith()); if ($sharedWith->inGroup($this->currentUser)) { return true; |