upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 54

Merge pull request #57369 from nextcloud/backport/57284/stable31

Browse source 
[stable31] fix: allow moving from of non-resharable to other share if the user has delete permissions
This commit is contained in:
Andy Scherzinger 2026-01-06 22:10:15 +01:00 committed by GitHub
commit c09c530fe5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 37 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
apps/dav/lib/Connector/Sabre/SharesPlugin.php
View file

@ -250,6 +250,14 @@ class SharesPlugin extends \Sabre\DAV\ServerPlugin {
return true;
}
}
// if the share recipient is allow to delete from the share, they are allowed to move the file out of the share
// the user moving the file out of the share to their home storage would give them share permissions and allow moving into the share
//
// since the 2-step move is allowed, we also allow both steps at once
if ($sourceNode->isDeletable()) {
return true;
}
}
throw new Forbidden('You cannot move a non-shareable node into a share');

32
build/integration/sharing_features/sharing-v1-part4.feature
View file

@ -193,7 +193,7 @@ Scenario: Cannot copy files from share without share permission into other share
| path | share |
| shareType | 0 |
| shareWith | user1 |
| permissions | 15 |
| permissions | 7 |
Then the HTTP status code should be "200"
And the OCS status code should be "100"
And User "user0" uploads file with content "test" to "/share/test.txt"
@ -219,7 +219,7 @@ Scenario: Cannot move files from share without share permission into other share
| path | share |
| shareType | 0 |
| shareWith | user1 |
| permissions | 15 |
| permissions | 7 |
Then the HTTP status code should be "200"
And the OCS status code should be "100"
And User "user0" uploads file with content "test" to "/share/test.txt"
@ -235,6 +235,32 @@ Scenario: Cannot move files from share without share permission into other share
When User "user1" moves file "/share/test.txt" to "/re-share/movetest.txt"
Then the HTTP status code should be "403"
Scenario: Can move files from share without share permission but with delete permissions into other share
Given user "user0" exists
Given user "user1" exists
Given user "user2" exists
And As an "user0"
And user "user0" created a folder "/share"
When creating a share with
| path | share |
| shareType | 0 |
| shareWith | user1 |
| permissions | 15 |
Then the HTTP status code should be "200"
And the OCS status code should be "100"
And User "user0" uploads file with content "test" to "/share/test.txt"
And As an "user1"
And user "user1" created a folder "/re-share"
When creating a share with
| path | re-share |
| shareType | 0 |
| shareWith | user2 |
| permissions | 31 |
Then the HTTP status code should be "200"
And the OCS status code should be "100"
When User "user1" moves file "/share/test.txt" to "/re-share/movetest.txt"
Then the HTTP status code should be "201"
Scenario: Cannot move folder containing share without share permission into other share
Given user "user0" exists
Given user "user1" exists
@ -245,7 +271,7 @@ Scenario: Cannot move folder containing share without share permission into othe
| path | share |
| shareType | 0 |
| shareWith | user1 |
| permissions | 15 |
| permissions | 7 |
Then the HTTP status code should be "200"
And the OCS status code should be "100"
And User "user0" uploads file with content "test" to "/share/test.txt"