upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-12 02:00:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 33

Handle permission in update of share better

Browse source 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-11-20 19:38:46 +01:00
parent d268a97d21
commit 7b2a7f695f
No known key found for this signature in database
GPG key ID: F941078878347C0C
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apps/files_sharing/lib/Controller/ShareAPIController.php
View file

@ -695,6 +695,10 @@ class ShareAPIController extends OCSController {
throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist'));
}
if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) {
throw new OCSForbiddenException('You are not allowed to edit incomming shares');
}
if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) {
throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
}