diff --git a/build/integration/features/sharing-v1-part2.feature b/build/integration/features/sharing-v1-part2.feature
index e90d44d1a6..f6532ea564 100644
--- a/build/integration/features/sharing-v1-part2.feature
+++ b/build/integration/features/sharing-v1-part2.feature
@@ -417,6 +417,28 @@ Feature: sharing
       | permissions | 31 |
     Then the OCS status code should be "404"
 
+  Scenario: Do not allow sub reshare to exceed permissions
+    Given user "user0" exists
+    And user "user1" exists
+    And user "user2" exists
+    And user "user0" created a folder "/TMP"
+    And user "user0" created a folder "/TMP/SUB"
+    And As an "user0"
+    And creating a share with
+      | path | /TMP |
+      | shareType | 0 |
+      | shareWith | user1 |
+      | permissions | 21 |
+    And As an "user1"
+    And creating a share with
+      | path | /TMP/SUB |
+      | shareType | 0 |
+      | shareWith | user2 |
+      | permissions | 21 |
+    When Updating last share with
+      | permissions | 31 |
+    Then the OCS status code should be "404"
+
   Scenario: Only allow 1 link share per file/folder
     Given user "user0" exists
     And As an "user0"
diff --git a/build/integration/features/sharing-v1-part3.feature b/build/integration/features/sharing-v1-part3.feature
index 9ef5768253..db31107964 100644
--- a/build/integration/features/sharing-v1-part3.feature
+++ b/build/integration/features/sharing-v1-part3.feature
@@ -357,6 +357,27 @@ Feature: sharing
     Then the OCS status code should be "404"
     And the HTTP status code should be "200"
 
+  Scenario: do not allow to increase link share permissions on sub reshare
+    Given As an "admin"
+    And user "user0" exists
+    And user "user1" exists
+    And user "user0" created a folder "/TMP"
+    And user "user0" created a folder "/TMP/SUB"
+    And As an "user0"
+    And creating a share with
+      | path | TMP |
+      | shareType | 0 |
+      | shareWith | user1 |
+      | permissions | 17  |
+    When As an "user1"
+    And creating a share with
+      | path | TMP/SUB |
+      | shareType | 3 |
+    And Updating last share with
+      | publicUpload | true |
+    Then the OCS status code should be "404"
+    And the HTTP status code should be "200"
+
   Scenario: deleting file out of a share as recipient creates a backup for the owner
     Given As an "admin"
     And user "user0" exists