Skip to content

Commit

Permalink
Merge pull request #46225 from nextcloud/fix/issue-11633
Browse files Browse the repository at this point in the history
fix(dav): Thrown forbidden error for authenticated user instead of no…
  • Loading branch information
AndyScherzinger authored Jul 19, 2024
2 parents bc531be + f5fcfb4 commit 2e273e4
Showing 1 changed file with 14 additions and 7 deletions.
21 changes: 14 additions & 7 deletions apps/dav/lib/Connector/Sabre/DavAclPlugin.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
use OCA\DAV\CalDAV\Calendar;
use OCA\DAV\CardDAV\AddressBook;
use Sabre\CalDAV\Principal\User;
use Sabre\DAV\Exception\Forbidden;
use Sabre\DAV\Exception\NotFound;
use Sabre\DAV\INode;
use Sabre\DAV\PropFind;
Expand Down Expand Up @@ -49,13 +50,19 @@ public function checkPrivileges($uri, $privileges, $recursion = self::R_PARENT,
$type = 'Node';
break;
}
throw new NotFound(
sprintf(
"%s with name '%s' could not be found",
$type,
$node->getName()
)
);

if ($this->getCurrentUserPrincipal() === $node->getOwner()) {
throw new Forbidden("Access denied");
} else {
throw new NotFound(
sprintf(
"%s with name '%s' could not be found",
$type,
$node->getName()
)
);
}

}

return $access;
Expand Down

0 comments on commit 2e273e4

Please sign in to comment.