diff options
| author | Louis Chemineau <louis@chmn.me> | 2022-02-02 18:10:52 +0300 |
|---|---|---|
| committer | Louis Chemineau <louis@chmn.me> | 2022-02-15 13:54:17 +0300 |
| commit | da435b1e67930e85fc30fd1b94c6214caa086f4f (patch) | |
| tree | 53eab82dc4e89e8da2e94185588e45a1f21687f7 /apps/files_sharing/lib | |
| parent | acba237ec56a8987e246d1046bd8f5b763db1336 (diff) | |
Support CRUD share permissions
Signed-off-by: Louis Chemineau <louis@chmn.me>
Diffstat (limited to 'apps/files_sharing/lib')
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareAPIController.php | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index ff134f61e17..fef71a868d5 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -1003,6 +1003,13 @@ class ShareAPIController extends OCSController { return new DataResponse(array_values($shares)); } + /** + * Check whether a set of permissions contains the permissions to check. + */ + private function hasPermission(int $permissionsSet, int $permissionsToCheck): bool { + return ($permissionsSet & $permissionsToCheck) === $permissionsToCheck; + } + /** * @NoAdminRequired @@ -1104,16 +1111,16 @@ class ShareAPIController extends OCSController { $newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE; } - if ($newPermissions !== null && - !in_array($newPermissions, [ - Constants::PERMISSION_READ, - Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE, // legacy - Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE, // correct - Constants::PERMISSION_CREATE, // hidden file list - Constants::PERMISSION_READ | Constants::PERMISSION_UPDATE, // allow to edit single files - ], true) - ) { - throw new OCSBadRequestException($this->l->t('Cannot change permissions for public share links')); + if ($newPermissions !== null) { + if (!$this->hasPermission($newPermissions, Constants::PERMISSION_READ) && !$this->hasPermission($newPermissions, Constants::PERMISSION_CREATE)) { + throw new OCSBadRequestException($this->l->t('Share must at least have READ or CREATE permissions')); + } + + if (!$this->hasPermission($newPermissions, Constants::PERMISSION_READ) && ( + $this->hasPermission($newPermissions, Constants::PERMISSION_UPDATE) || $this->hasPermission($newPermissions, Constants::PERMISSION_DELETE) + )) { + throw new OCSBadRequestException($this->l->t('Share must have READ permission if UPDATE or DELETE permission is set.')); + } } if ( |