Extract check for whether a user with access to a share can edit it

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2026-03-27 04:43:20 -04:00 · 2019-08-26 13:11:09 +02:00 · 2019-08-26 13:11:09 +02:00 · f02cff1304
commit f02cff1304
parent 6d4f4c1c70
1 changed files with 28 additions and 1 deletions
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@ -823,7 +823,7 @@ class ShareAPIController extends OCSController {
 			throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist'));
 		}

-		if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) {
+		if (!$this->canEditShare($share)) {
 			throw new OCSForbiddenException('You are not allowed to edit incoming shares');
 		}

@ -1025,6 +1025,33 @@ class ShareAPIController extends OCSController {
 		return false;
 	}

+	/**
+	 * Does the user have edit permission on the share
+	 *
+	 * @param \OCP\Share\IShare $share the share to check
+	 * @return boolean
+	 */
+	protected function canEditShare(\OCP\Share\IShare $share): bool {
+		// A file with permissions 0 can't be accessed by us. So Don't show it
+		if ($share->getPermissions() === 0) {
+			return false;
+		}
+
+		// The owner of the file and the creator of the share
+		// can always edit the share
+		if ($share->getShareOwner() === $this->currentUser ||
+			$share->getSharedBy() === $this->currentUser
+		) {
+			return true;
+		}
+
+		//! we do NOT support some kind of `admin` in groups.
+		//! You cannot edit shares shared to a group you're
+		//! a member of if you're not the share owner or the file owner!
+
+		return false;
+	}
+
 	/**
 	 * Make sure that the passed date is valid ISO 8601
 	 * So YYYY-MM-DD