Skip to content
This repository has been archived by the owner on Jan 18, 2021. It is now read-only.

Public link upload-only permissions should prevent download #285

Closed
PVince81 opened this issue Jun 18, 2020 · 3 comments
Closed

Public link upload-only permissions should prevent download #285

PVince81 opened this issue Jun 18, 2020 · 3 comments
Labels
bug Something isn't working security

Comments

@PVince81
Copy link
Contributor

Test case in apiSharePublicLink1/createPublicLinkShare.feature scenario "try to download from a public share that has upload only permissions"

The file content is returned instead of 404.

This was tested against the public link branch: cs3org/reva#822

@micbar @refs FYI
@PVince81 PVince81 added bug Something isn't working security labels Jun 18, 2020
@refs
Copy link
Member

refs commented Jun 18, 2020
edited
Loading

Permissions were left out of the main implementation bulk in purpose. But we have to address it while we have this fresh 👍 thanks for opening an issue

@PVince81 PVince81 mentioned this issue Jun 18, 2020
Merged
3 tasks
@PVince81
Copy link
Contributor Author

also for delete operations it returns 500 instead of 403. let's handle those in the context of this ticket as well

@PVince81
Copy link
Contributor Author

superseded by more general ticket https://github.com/owncloud/ocis-reva/issues/292

@PVince81 PVince81 mentioned this issue Jan 18, 2021
Closed
3 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PVince81 @refs