From bf71bd1305cff875d79f92d473746670423de150 Mon Sep 17 00:00:00 2001 From: Maxence Lange Date: Wed, 20 Mar 2024 00:30:00 -0100 Subject: [PATCH] fix(share): use share owner to confirm reshare Signed-off-by: Maxence Lange --- lib/private/Share20/Manager.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 9b54592dd1e74..af124ca8bc919 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -210,7 +210,7 @@ protected function verifyPassword($password) { * * @suppress PhanUndeclaredClassMethod */ - protected function generalCreateChecks(IShare $share) { + protected function generalCreateChecks(IShare $share, bool $isUpdate = false) { if ($share->getShareType() === IShare::TYPE_USER) { // We expect a valid user as sharedWith for user shares if (!$this->userManager->userExists($share->getSharedWith())) { @@ -296,8 +296,14 @@ protected function generalCreateChecks(IShare $share) { $isFederatedShare = $share->getNode()->getStorage()->instanceOfStorage('\OCA\Files_Sharing\External\Storage'); $permissions = 0; + + $isReshare = $share->getNode()->getOwner() && $share->getNode()->getOwner()->getUID() !== $share->getSharedBy(); + if (!$isReshare && $isUpdate) { + // in case of update on owner-less filesystem, we use share owner to improve reshare detection + $isReshare = $share->getShareOwner() !== $share->getSharedBy(); + } - if (!$isFederatedShare && $share->getNode()->getOwner() && $share->getNode()->getOwner()->getUID() !== $share->getSharedBy()) { + if (!$isFederatedShare && $isReshare) { $userMounts = array_filter($userFolder->getById($share->getNode()->getId()), function ($mount) { // We need to filter since there might be other mountpoints that contain the file // e.g. if the user has access to the same external storage that the file is originating from @@ -999,7 +1005,7 @@ public function updateShare(IShare $share) { throw new \InvalidArgumentException('Cannot share with the share owner'); } - $this->generalCreateChecks($share); + $this->generalCreateChecks($share, true); if ($share->getShareType() === IShare::TYPE_USER) { $this->userCreateChecks($share);