Browse Source
Merge pull request #19764 from nextcloud/fix/transfer-ownerhip-owner-check
Do not allow transfer ownership when the user isn't the owner
pull/19002/head
Roeland Jago Douma
6 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with
12 additions and
4 deletions
-
apps/files/js/dist/personal-settings.js
-
apps/files/js/dist/personal-settings.js.map
-
apps/files/lib/Controller/TransferOwnershipController.php
-
apps/files/src/components/TransferOwnershipDialogue.vue
|
|
|
@ -96,6 +96,10 @@ class TransferOwnershipController extends OCSController { |
|
|
|
return new DataResponse([], Http::STATUS_BAD_REQUEST); |
|
|
|
} |
|
|
|
|
|
|
|
if ($node->getOwner()->getUID() !== $this->userId) { |
|
|
|
return new DataResponse([], Http::STATUS_FORBIDDEN); |
|
|
|
} |
|
|
|
|
|
|
|
$transferOwnership = new TransferOwnershipEntity(); |
|
|
|
$transferOwnership->setSourceUser($this->userId); |
|
|
|
$transferOwnership->setTargetUser($recipient); |
|
|
|
|
|
|
|
@ -215,7 +215,11 @@ export default { |
|
|
|
.catch(error => { |
|
|
|
logger.error('Could not send ownership transfer request', { error }) |
|
|
|
|
|
|
|
this.submitError = error.message || t('files', 'Unknown error') |
|
|
|
if (error?.response?.status === 403) { |
|
|
|
this.submitError = t('files', 'Cannot transfter ownership of a file or folder you don\'t own') |
|
|
|
} else { |
|
|
|
this.submitError = error.message || t('files', 'Unknown error') |
|
|
|
} |
|
|
|
}) |
|
|
|
}, |
|
|
|
}, |
|
|
|
|
