Merge pull request #61067 from nextcloud/fix-public-link-mask-ext

fix: use correct permissions mask for non-home storage public links
2026-06-10 09:13:19 -04:00 · 2026-06-09 17:25:07 +02:00 · 2026-06-09 17:25:07 +02:00 · 50d07d6256
commit 50d07d6256
parent 354e26d151 3ee547354f
3 changed files with 50 additions and 6 deletions
--- a/apps/dav/appinfo/v2/publicremote.php
+++ b/apps/dav/appinfo/v2/publicremote.php
@ -7,6 +7,7 @@
 */
 use OC\Files\Filesystem;
 use OC\Files\Storage\Wrapper\DirPermissionsMask;
+use OC\Files\Storage\Wrapper\PermissionsMask;
 use OC\Files\View;
 use OCA\DAV\Connector\Sabre\PublicAuth;
 use OCA\DAV\Connector\Sabre\ServerFactory;
@ -21,6 +22,7 @@ use OCP\App\IAppManager;
 use OCP\BeforeSabrePubliclyLoadedEvent;
 use OCP\Constants;
 use OCP\EventDispatcher\IEventDispatcher;
+use OCP\Files\IHomeStorage;
 use OCP\Files\IRootFolder;
 use OCP\Files\Mount\IMountManager;
 use OCP\ICacheFactory;
@ -115,11 +117,15 @@ $server = $serverFactory->createServer(true, $baseuri, $requestUri, $authPlugin,
 			$mask |= Constants::PERMISSION_READ | Constants::PERMISSION_DELETE;
 		}

-		return new DirPermissionsMask([
-			'storage' => $storage,
-			'mask' => $mask,
-			'path' => 'files',
-		]);
+		if ($storage instanceof IHomeStorage) {
+			return new DirPermissionsMask([
+				'storage' => $storage,
+				'mask' => $mask,
+				'path' => 'files',
+			]);
+		} else {
+			return new PermissionsMask(['storage' => $storage, 'mask' => $mask]);
+		}
 	});

 	/** @psalm-suppress MissingClosureParamType */
--- a/build/integration/features/bootstrap/WebDav.php
+++ b/build/integration/features/bootstrap/WebDav.php
@ -334,6 +334,23 @@ trait WebDav {
 		}
 	}

+	/**
+	 * @When Uploading public file :filename with content :content
+	 */
+	public function uploadingPublicFile(string $filename, string $content) {
+		$token = $this->lastShareData->data->token;
+		$fullUrl = substr($this->baseUrl, 0, -4) . "public.php/dav/files/$token/$filename";
+
+		$client = new GClient();
+		try {
+			$this->response = $client->request('PUT', $fullUrl, [
+				'body' => $content
+			]);
+		} catch (\GuzzleHttp\Exception\ClientException $e) {
+			$this->response = $e->getResponse();
+		}
+	}
+
 	/**
 	 * @Then /^as "([^"]*)" gets properties of (file|folder|entry) "([^"]*)" with$/
 	 * @param string $user
--- a/build/integration/sharing_features/sharing-v1.feature
+++ b/build/integration/sharing_features/sharing-v1.feature
@ -556,7 +556,28 @@ Feature: sharing
    And Share fields of last share match with
      | expiration | +3 days |

-  Scenario: getting all shares of a user using that user
+Scenario: Writing to a read-only link share of an external storage
+	Given user "user0" exists
+	Then As an "user0"
+	When creating a share with
+		| path | local_storage |
+		| shareType | 3 |
+	And the OCS status code should be "100"
+	And the HTTP status code should be "200"
+	Then Uploading public file "foo.txt" with content "bar"
+	And the HTTP status code should be "403"
+
+Scenario: Writing to a read-write link share of an external storage
+	Given user "user0" exists
+	Then As an "user0"
+	When creating a share with
+		| path | local_storage |
+		| shareType | 3 |
+		| permissions | 7 |
+	Then Uploading public file "foo.txt" with content "bar"
+	And the HTTP status code should be "201"
+
+Scenario: getting all shares of a user using that user
    Given user "user0" exists
    And user "user1" exists
    When User "user1" deletes file "/textfile0.txt"