Merge pull request #253 from nextcloud/fix-versions

check permissions before rollback

apps/files_versions/lib/Storage.php

@@ -77,7 +77,7 @@ class Storage {
 		//until the end one version per week
 		6 => array('intervalEndsAfter' => -1,      'step' => 604800),
 	);
-	
+
 	/** @var \OCA\Files_Versions\AppInfo\Application */
 	private static $application;
 
@@ -324,6 +324,13 @@ class Storage {
 			$files_view = new View('/'. User::getUser().'/files');
 			$versionCreated = false;
 
+			$fileInfo = $files_view->getFileInfo($file);
+
+			// check if user has the permissions to revert a version
+			if (!$fileInfo->isUpdateable()) {
+				return false;
+			}
+
 			//first create a new version
 			$version = 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename);
 			if (!$users_view->file_exists($version)) {
@@ -337,10 +344,9 @@ class Storage {
 			// This has to happen manually here since the file is manually copied below
 			$oldVersion = $users_view->getFileInfo($fileToRestore)->getEncryptedVersion();
 			$oldFileInfo = $users_view->getFileInfo($fileToRestore);
-			$newFileInfo = $files_view->getFileInfo($filename);
-			$cache = $newFileInfo->getStorage()->getCache();
+			$cache = $fileInfo->getStorage()->getCache();
 			$cache->update(
-				$newFileInfo->getId(), [
+				$fileInfo->getId(), [
 					'encrypted' => $oldVersion,
 					'encryptedVersion' => $oldVersion,
 					'size' => $oldFileInfo->getSize()
@@ -680,7 +686,7 @@ class Storage {
 	public static function expire($filename) {
 		$config = \OC::$server->getConfig();
 		$expiration = self::getExpiration();
-		
+
 		if($config->getSystemValue('files_versions', Storage::DEFAULTENABLED)=='true' && $expiration->isEnabled()) {
 
 			if (!Filesystem::file_exists($filename)) {