Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Share permissions can be updated to any value #2173

Closed
dpakach opened this issue Jun 14, 2021 · 1 comment · Fixed by #3842
Closed

Share permissions can be updated to any value #2173

dpakach opened this issue Jun 14, 2021 · 1 comment · Fixed by #3842
Labels
Type:Bug

Comments

@dpakach
Copy link
Contributor

dpakach commented Jun 14, 2021

Describe the bug

Share permissions can be updated to any value. some permissions such as only delete (8) should not be possible but can be updated

Steps to reproduce

Steps to reproduce the behavior:

  1. As admin upload file space.jpg
  2. As admin share file space.jpg to einstein
  3. Try to update the share with invalid permission values such as 8 (delete only)
❯ curl -k -X PUT https://localhost:9200/ocs/v2.php/apps/files_sharing/api/v1/shares/2aa20598-d776-46fd-9dd9-efc00960c53b -u admin:admin -d permissions=8 | xmllint --format -

Expected behavior

Fail the request with 400 status code

Actual behavior

Request is successful and share is updated

<?xml version="1.0" encoding="UTF-8"?>
<ocs>
  <meta>
    <status>ok</status>
    <statuscode>200</statuscode>
    <message>OK</message>
  </meta>
  <data>
    <id>2aa20598-d776-46fd-9dd9-efc00960c53b</id>
    <share_type>0</share_type>
    <uid_owner>admin</uid_owner>
    <displayname_owner>Admin</displayname_owner>
    <additional_info_owner>[email protected]</additional_info_owner>
    <permissions>8</permissions>
    <stime>1623653295</stime>
    <parent/>
    <expiration/>
    <token/>
    <uid_file_owner>admin</uid_file_owner>
    <displayname_file_owner>Admin</displayname_file_owner>
    <additional_info_file_owner>[email protected]</additional_info_file_owner>
    <state>0</state>
    <path>/space.jpg</path>
    <item_type>file</item_type>
    <mimetype>image/jpeg</mimetype>
    <storage_id>1284d238-aa92-42ce-bdc4-0b0000009157</storage_id>
    <storage>0</storage>
    <item_source>MTI4NGQyMzgtYWE5Mi00MmNlLWJkYzQtMGIwMDAwMDA5MTU3OjUyNmFlZWFjLTYxZTItNGZkNC05Y2ZjLTk3YzE2ZTgxOWZhNQ==</item_source>
    <file_source>MTI4NGQyMzgtYWE5Mi00MmNlLWJkYzQtMGIwMDAwMDA5MTU3OjUyNmFlZWFjLTYxZTItNGZkNC05Y2ZjLTk3YzE2ZTgxOWZhNQ==</file_source>
    <file_parent/>
    <file_target>/space.jpg</file_target>
    <share_with>einstein</share_with>
    <share_with_displayname>Albert Einstein</share_with_displayname>
    <share_with_additional_info>[email protected]</share_with_additional_info>
    <mail_send>0</mail_send>
    <name/>
  </data>
</ocs>

Setup

Please describe how you started the server and provide a list of relevant environment variables.

OCIS_VERSION=git
BRANCH=master
STORAGE_FRONTEND_UPLOAD_DISABLE_TUS=false

Additional context

Add any other context about the problem here.
@kiranparajuli589 kiranparajuli589 mentioned this issue Jun 24, 2021
Closed
@ScharfViktor
Copy link
Contributor

Re-tested with local server oCIS version 1.11.0
I can confirm that this is happening. "permission values" takes values from 1 to 31 and get 200 status

@butonic butonic mentioned this issue May 20, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type:Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update reva to v2.3.2-0.20220519173447-80f88dfbc02d owncloud/ocis
2 participants
@dpakach @ScharfViktor