Skip to content

Commit

Permalink
[full-ci] fix an error when lock/unlock a file
Browse files Browse the repository at this point in the history
  • Loading branch information
2403905 committed Feb 15, 2024
1 parent cdf127f commit 28b921c
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
6 changes: 6 additions & 0 deletions changelog/unreleased/fix-public-link-lock.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
Bugfix: Fix an error when lock/unlock a file

We fixed a bug when anonymous user with viewer role in public link of a folder can lock/unlock a file inside it

https://github.com/cs3org/reva/pull/4518
https://github.com/owncloud/ocis/issues/7785
10 changes: 10 additions & 0 deletions internal/http/services/owncloud/ocdav/locks.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ import (
"github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/prop"
"github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/spacelookup"
"github.com/cs3org/reva/v2/pkg/appctx"
"github.com/cs3org/reva/v2/pkg/conversions"
ctxpkg "github.com/cs3org/reva/v2/pkg/ctx"
"github.com/cs3org/reva/v2/pkg/errtypes"
"github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool"
Expand Down Expand Up @@ -241,6 +242,10 @@ func (cls *cs3LS) Refresh(ctx context.Context, now time.Time, token string, dura
}
func (cls *cs3LS) Unlock(ctx context.Context, now time.Time, ref *provider.Reference, token string) error {
u := ctxpkg.ContextMustGetUser(ctx)
psr := utils.ReadPlainFromOpaque(u.Opaque, "public-share-role")
if psr != "" && psr != conversions.RoleEditor {
return errors.ErrForbidden
}

r := &provider.UnlockRequest{
Ref: ref,
Expand Down Expand Up @@ -453,6 +458,11 @@ func (s *svc) lockReference(ctx context.Context, w http.ResponseWriter, r *http.
}

u := ctxpkg.ContextMustGetUser(ctx)
psr := utils.ReadPlainFromOpaque(u.Opaque, "public-share-role")
if psr != "" && psr != conversions.RoleEditor {
return http.StatusForbidden, errors.ErrForbidden
}

token, now, created := "", time.Now(), false
ld := LockDetails{UserID: u.Id, Root: ref, Duration: duration, OwnerName: u.GetDisplayName(), Locktime: now}
if li == (lockInfo{}) {
Expand Down

0 comments on commit 28b921c

Please sign in to comment.