Skip to content

Use same settings for mail share as link shares#16629

Merged
skjnldsv merged 2 commits intomasterfrom
fix/shareapi/mail-default-permissions
Oct 4, 2019
Merged

Use same settings for mail share as link shares#16629
skjnldsv merged 2 commits intomasterfrom
fix/shareapi/mail-default-permissions

Conversation

@skjnldsv
Copy link
Member

@skjnldsv skjnldsv commented Aug 1, 2019
edited
Loading

We should not allow the creation of mail shares if link shares are disabled (because it will fail when accessing the share afterwards anyway)

Also we should have the same checks and permissions.
Currently if you create a mail share on a folder without specifying anything default perms are applied (31) but the max perms for a link share is OC.PERMISSION_READ | OC.PERMISSION_CREATE | OC.PERMISSION_UPDATE | OC.PERMISSION_DELETE = 15

Not sure we should backport as the ui might needs fixes. But for 18 ui will fit those changes.

We do not allow editing link shares that the current user doesn't own. This is confusing and lead to errors when someone else edit a password or expiration date without the share owner knowing about it.
We only allow deletion

@skjnldsv skjnldsv added this to the Nextcloud 18 milestone Aug 1, 2019
@skjnldsv skjnldsv self-assigned this Aug 1, 2019
@skjnldsv

This comment has been minimized.

Sign in to view
rullzer
rullzer approved these changes Oct 3, 2019
View reviewed changes
Copy link
Member

@rullzer rullzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense

@skjnldsv skjnldsv added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Oct 3, 2019
@danxuliu danxuliu force-pushed the fix/shareapi/mail-default-permissions branch from 81a028b to 6f42131 Compare October 3, 2019 21:56
@danxuliu
Copy link
Member

danxuliu commented Oct 3, 2019

Rebased on master to trigger CI again.

@skjnldsv
Use same settings for mail share as link shares
c8d5053 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
@skjnldsv
Prevent non owners to update others link shares
c49469c 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
@skjnldsv skjnldsv force-pushed the fix/shareapi/mail-default-permissions branch from 6f42131 to c49469c Compare October 4, 2019 06:19
@skjnldsv skjnldsv merged commit 9fb56e2 into master Oct 4, 2019
@skjnldsv skjnldsv deleted the fix/shareapi/mail-default-permissions branch October 4, 2019 07:55
@ChristophWurst ChristophWurst mentioned this pull request Nov 1, 2019
Closed
@skjnldsv skjnldsv mentioned this pull request Nov 1, 2019
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rullzer rullzer rullzer approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@MorrisJobke MorrisJobke Awaiting requested review from MorrisJobke

@schiessle schiessle Awaiting requested review from schiessle

@danxuliu danxuliu Awaiting requested review from danxuliu

Assignees

@skjnldsv skjnldsv

Labels

4. to release Ready to be released and/or waiting for tests to finish bug feature: sharing security

Projects

None yet

Milestone

Nextcloud 18.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@skjnldsv @danxuliu @rullzer @ChristophWurst