Harden direct editing permission check
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma
Родитель
ff0b775daa
Коммит
7136806736
|
|
@ -157,11 +157,22 @@ class TokenManager {
|
||||||
// this is required during WopiPutRelativeFile
|
// this is required during WopiPutRelativeFile
|
||||||
if (is_null($editoruid)) {
|
if (is_null($editoruid)) {
|
||||||
\OC::$server->getLogger()->warning('Generating token for SaveAs without editoruid');
|
\OC::$server->getLogger()->warning('Generating token for SaveAs without editoruid');
|
||||||
|
$updatable = true;
|
||||||
} else {
|
} else {
|
||||||
// Make sure we use the user folder if available since fetching all files by id from the root might be expensive
|
// Make sure we use the user folder if available since fetching all files by id from the root might be expensive
|
||||||
$rootFolder = $this->rootFolder->getUserFolder($editoruid);
|
$rootFolder = $this->rootFolder->getUserFolder($editoruid);
|
||||||
}
|
|
||||||
|
$updatable = false;
|
||||||
|
$files = $rootFolder->getById($fileId);
|
||||||
|
|
||||||
|
foreach ($files as $file) {
|
||||||
|
if ($file->isUpdateable()) {
|
||||||
$updatable = true;
|
$updatable = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
/** @var File $file */
|
/** @var File $file */
|
||||||
$file = $rootFolder->getById($fileId)[0];
|
$file = $rootFolder->getById($fileId)[0];
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче