upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-25 02:34:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Merge pull request #59020 from nextcloud/backport/59008/stable31
Some checks are pending
Integration sqlite / changes (push) Waiting to run
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, --tags ~@large files_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, capabilities_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, collaboration_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, comments_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, dav_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, federation_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, file_conversions) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, files_reminders) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, filesdrop_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, ldap_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, openldap_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, openldap_numerical_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, remoteapi_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, setup_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, sharees_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, sharing_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, theming_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite (stable31, 8.1, stable31, videoverification_features) (push) Blocked by required conditions
Details
Integration sqlite / integration-sqlite-summary (push) Blocked by required conditions
Details
Psalm static code analysis / static-code-analysis (push) Waiting to run
Details
Psalm static code analysis / static-code-analysis-security (push) Waiting to run
Details
Psalm static code analysis / static-code-analysis-ocp (push) Waiting to run
Details
Psalm static code analysis / static-code-analysis-ncu (push) Waiting to run
Details

Browse source 
[stable31] fix: provide `canDownload` helper for shares and use it where appropriate
This commit is contained in:
Arthur Schiwon 2026-03-18 12:01:18 +01:00 committed by GitHub
commit 0e1824f43c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 24 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php
View file

@ -17,7 +17,6 @@ use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\JSONResponse;
use OCP\Constants;
use OCP\Federation\ICloudIdManager;
use OCP\HintException;
use OCP\Http\Client\IClientService;
@ -107,9 +106,9 @@ class MountPublicLinkController extends Controller {
return $response;
}
if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {
if (!$share->canDownload()) {
$response = new JSONResponse(
['message' => 'Mounting file drop not supported'],
['message' => 'Mounting download restricted share is not allowed'],
Http::STATUS_BAD_REQUEST
);
$response->throttle();

2
apps/files_sharing/lib/DefaultPublicShareTemplateProvider.php
View file

@ -155,7 +155,7 @@ class DefaultPublicShareTemplateProvider implements IPublicShareTemplateProvider
// Create the header action menu
$headerActions = [];
if ($view !== 'public-file-drop' && !$share->getHideDownload()) {
if ($share->canDownload() && !$share->getHideDownload()) {
// The download URL is used for the "download" header action as well as in some cases for the direct link
$downloadUrl = $this->urlGenerator->getAbsoluteURL('/public.php/dav/files/' . $token . '/?accept=zip');

14
lib/private/Share20/Share.php
View file

@ -7,6 +7,7 @@
*/
namespace OC\Share20;
use OCP\Constants;
use OCP\Files\Cache\ICacheEntry;
use OCP\Files\File;
use OCP\Files\FileInfo;
@ -622,4 +623,17 @@ class Share implements IShare {
public function getReminderSent(): bool {
return $this->reminderSent;
}
public function canDownload(): bool {
if (($this->getPermissions() & Constants::PERMISSION_READ) === 0) {
return false;
}
$attributes = $this->getAttributes();
if ($attributes?->getAttribute('permissions', 'download') === false) {
return false;
}
return true;
}
}

7
lib/public/Share/IShare.php
View file

@ -633,4 +633,11 @@ interface IShare {
* @since 31.0.0
*/
public function getReminderSent(): bool;
/**
* Check if it is allowed to download this share.
*
* @since 31.0.15
*/
public function canDownload(): bool;
}