fix(files_sharing): Prevent create/delete permissions on file shares

File shares can't support create or delete permissions. This change ensures those permissions are stripped or ignored when the shared item is not a folder. Signed-off-by: nfebe <fenn25.fn@gmail.com>
7 months ago · 99ae04d9ce
2 changed files with 34 additions and 3 deletions
--- a/apps/files_sharing/src/mixins/ShareDetails.js
+++ b/apps/files_sharing/src/mixins/ShareDetails.js
@ -5,6 +5,8 @@

 import Share from '../models/Share.ts'
 import Config from '../services/ConfigService.ts'
+import { ATOMIC_PERMISSIONS } from '../lib/SharePermissionsToolBox.js'
+import logger from '../services/logger.ts'

 export default {
 	methods: {
@ -26,6 +28,18 @@ export default {
 				share = this.mapShareRequestToShareObject(shareRequestObject)
 			}

+			if (this.fileInfo.type !== 'dir') {
+				const originalPermissions = share.permissions
+				const strippedPermissions = originalPermissions
+					& ~ATOMIC_PERMISSIONS.CREATE
+					& ~ATOMIC_PERMISSIONS.DELETE
+
+				if (originalPermissions !== strippedPermissions) {
+					logger.debug('Removed create/delete permissions from file share (only valid for folders)')
+					share.permissions = strippedPermissions
+				}
+			}
+
 			const shareDetails = {
 				fileInfo: this.fileInfo,
 				share,
--- a/apps/files_sharing/src/views/SharingDetailsTab.vue
+++ b/apps/files_sharing/src/views/SharingDetailsTab.vue
@ -38,7 +38,7 @@
 					<NcCheckboxRadioSwitch :button-variant="true"
 						data-cy-files-sharing-share-permissions-bundle="upload-edit"
 						:checked.sync="sharingPermission"
-						:value="bundledPermissions.ALL.toString()"
+						:value="allPermissions"
 						name="sharing_permission_radio"
 						type="radio"
 						button-variant-grouped="vertical"
@ -400,6 +400,9 @@ export default {
 			}
 			}
 		},
+		allPermissions() {
+			return this.isFolder ? this.bundledPermissions.ALL.toString() : this.bundledPermissions.ALL_FILE.toString()
+		},
 		/**
 		 * Can the sharee edit the shared file ?
 		 */
@ -712,8 +715,15 @@ export default {
 				[ATOMIC_PERMISSIONS.DELETE]: this.t('files_sharing', 'Delete'),
 			}

-			return [ATOMIC_PERMISSIONS.READ, ATOMIC_PERMISSIONS.CREATE, ATOMIC_PERMISSIONS.UPDATE, ...(this.resharingIsPossible ? [ATOMIC_PERMISSIONS.SHARE] : []), ATOMIC_PERMISSIONS.DELETE]
-				.filter((permission) => hasPermissions(this.share.permissions, permission))
+			const permissionsList = [
+				ATOMIC_PERMISSIONS.READ,
+				...(this.isFolder ? [ATOMIC_PERMISSIONS.CREATE] : []),
+				ATOMIC_PERMISSIONS.UPDATE,
+				...(this.resharingIsPossible ? [ATOMIC_PERMISSIONS.SHARE] : []),
+				...(this.isFolder ? [ATOMIC_PERMISSIONS.DELETE] : []),
+			]
+
+			return permissionsList.filter((permission) => hasPermissions(this.share.permissions, permission))
 				.map((permission, index) => index === 0
 					? translatedPermissions[permission]
 					: translatedPermissions[permission].toLocaleLowerCase(getLanguage()))
@ -831,6 +841,13 @@ export default {
 			isReshareChecked = this.canReshare,
 		} = {}) {
 			// calc permissions if checked
+
+			if (!this.isFolder && (isCreateChecked || isDeleteChecked)) {
+				logger.debug('Ignoring create/delete permissions for file share — only available for folders')
+				isCreateChecked = false
+				isDeleteChecked = false
+			}
+
 			const permissions = 0
 				| (isReadChecked ? ATOMIC_PERMISSIONS.READ : 0)
 				| (isCreateChecked ? ATOMIC_PERMISSIONS.CREATE : 0)