Skip to content

Commit

Permalink
only allow empty permissions for links
Browse files Browse the repository at this point in the history
Signed-off-by: jkoberg <jkoberg@owncloud.com>
  • Loading branch information
kobergj committed Jul 15, 2022
1 parent ccc7fe1 commit cfa5757
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package conversions

import (
"errors"
"fmt"
"strconv"
)
Expand Down Expand Up @@ -50,13 +51,15 @@ const (
var (
// ErrPermissionNotInRange defines a permission specific error.
ErrPermissionNotInRange = fmt.Errorf("The provided permission is not between %d and %d", PermissionMinInput, PermissionMaxInput)
// ErrZeroPermission defines a permission specific error
ErrZeroPermission = errors.New("permission is zero")
)

// NewPermissions creates a new Permissions instance.
// The value must be in the valid range.
func NewPermissions(val int) (Permissions, error) {
if val == int(PermissionInvalid) {
return PermissionInvalid, nil
return PermissionInvalid, ErrZeroPermission
} else if val < int(PermissionInvalid) || int(PermissionMaxInput) < val {
return PermissionInvalid, ErrPermissionNotInRange
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -529,7 +529,7 @@ func ocPublicPermToCs3(permKey int, h *Handler) (*provider.ResourcePermissions,
}

perm, err := conversions.NewPermissions(permKey)
if err != nil {
if err != nil && err != conversions.ErrZeroPermission { // we allow empty permissions for public links
return nil, err
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@ func (h *Handler) CreateShare(w http.ResponseWriter, r *http.Request) {
case int(conversions.ShareTypePublicLink):
// public links default to read only
_, _, ocsErr := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole())
if ocsErr != nil {
if ocsErr != nil && ocsErr.Error != conversions.ErrZeroPermission {
response.WriteOCSError(w, r, http.StatusNotFound, "No share permission", nil)
return
}
Expand Down

0 comments on commit cfa5757

Please sign in to comment.