Browse Source
Do not allow transfer ownership when the user isn't the owner
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
pull/19764/head
Christoph Wurst
6 years ago
No known key found for this signature in database
GPG Key ID: CC42AC2A7F0E56D8
4 changed files with
12 additions and
4 deletions
-
apps/files/js/dist/personal-settings.js
-
apps/files/js/dist/personal-settings.js.map
-
apps/files/lib/Controller/TransferOwnershipController.php
-
apps/files/src/components/TransferOwnershipDialogue.vue
|
|
|
@ -96,6 +96,10 @@ class TransferOwnershipController extends OCSController { |
|
|
|
return new DataResponse([], Http::STATUS_BAD_REQUEST); |
|
|
|
} |
|
|
|
|
|
|
|
if ($node->getOwner()->getUID() !== $this->userId) { |
|
|
|
return new DataResponse([], Http::STATUS_FORBIDDEN); |
|
|
|
} |
|
|
|
|
|
|
|
$transferOwnership = new TransferOwnershipEntity(); |
|
|
|
$transferOwnership->setSourceUser($this->userId); |
|
|
|
$transferOwnership->setTargetUser($recipient); |
|
|
|
|
|
|
|
@ -215,7 +215,11 @@ export default { |
|
|
|
.catch(error => { |
|
|
|
logger.error('Could not send ownership transfer request', { error }) |
|
|
|
|
|
|
|
this.submitError = error.message || t('files', 'Unknown error') |
|
|
|
if (error?.response?.status === 403) { |
|
|
|
this.submitError = t('files', 'Cannot transfter ownership of a file or folder you don\'t own') |
|
|
|
} else { |
|
|
|
this.submitError = error.message || t('files', 'Unknown error') |
|
|
|
} |
|
|
|
}) |
|
|
|
}, |
|
|
|
}, |
|
|
|
|
