wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Set proper public webdav permissions when public upload disabled

Browse source 
Fixes #23325

It can happen that a user shares a folder with public upload. And some
time later the admin disables public upload on the server.

To make sure this is handled correctly we need to check the config value
and reduce the permissions.

Fix is kept small to be easy backportable.
This commit is contained in:
Roeland Jago Douma 2016-03-17 11:35:31 +01:00
parent 828cb08d49
commit 533fdb4075
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
apps/dav/lib/connector/publicauth.php
View file

@ -61,6 +61,11 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
return false;
}
if ((int)$linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK &&
$this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') !== 'yes') {
$this->share['permissions'] &= ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
}
// check if the share is password protected
if (isset($linkItem['share_with'])) {
if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {