Skip to content

Commit

Permalink
fix: permission check in public share update
Browse files Browse the repository at this point in the history
  • Loading branch information
micbar committed Apr 10, 2024
1 parent ef59ba2 commit 484e469
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/fix-public-share-update.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Bugfix: Fix public share update

We fixed the permission check for updating public shares. When updating the permissions of a public share while not providing a password, the check must be against the new permissions to take into account that users can opt out only for view permissions.

https://github.com/cs3org/reva/pull/4622
10 changes: 10 additions & 0 deletions internal/grpc/services/publicshareprovider/publicshareprovider.go
Original file line number Diff line number Diff line change
Expand Up @@ -554,12 +554,22 @@ func (s *service) UpdatePublicShare(ctx context.Context, req *link.UpdatePublicS
}
updatePassword := req.GetUpdate().GetType() == link.UpdatePublicShareRequest_Update_TYPE_PASSWORD
setPassword := grant.GetPassword()
emptyPasswordInPermission := len(setPassword) == 0 && updatePermissions

// password is updated, we use the current permissions to check if the user can opt out
if updatePassword && !isInternalLink && enforcePassword(canOptOut, ps.GetPermissions().GetPermissions(), s.conf) && len(setPassword) == 0 {
return &link.UpdatePublicShareResponse{
Status: status.NewInvalidArg(ctx, "password protection is enforced"),
}, nil
}

// permissions are updated, we use the new permissions to check if the user can opt out
if emptyPasswordInPermission && !isInternalLink && enforcePassword(canOptOut, grant.GetPermissions().GetPermissions(), s.conf) && len(setPassword) == 0 {
return &link.UpdatePublicShareResponse{
Status: status.NewInvalidArg(ctx, "password protection is enforced"),
}, nil
}

// validate password policy
if updatePassword && len(setPassword) > 0 {
if err := s.passwordValidator.Validate(setPassword); err != nil {
Expand Down

0 comments on commit 484e469

Please sign in to comment.