From 67392e4108655fde3f0323496cce532227b0f75f Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Tue, 17 Mar 2026 17:01:58 +0100 Subject: [PATCH 1/2] feat(share): provide `canDownload` getter on the share Signed-off-by: Ferdinand Thiessen --- lib/private/Share20/Share.php | 14 ++++++++++++++ lib/public/Share/IShare.php | 7 +++++++ 2 files changed, 21 insertions(+) diff --git a/lib/private/Share20/Share.php b/lib/private/Share20/Share.php index 466817efc9a25..bf49ba5122d9f 100644 --- a/lib/private/Share20/Share.php +++ b/lib/private/Share20/Share.php @@ -7,6 +7,7 @@ */ namespace OC\Share20; +use OCP\Constants; use OCP\Files\Cache\ICacheEntry; use OCP\Files\File; use OCP\Files\FileInfo; @@ -622,4 +623,17 @@ public function setReminderSent(bool $reminderSent): IShare { public function getReminderSent(): bool { return $this->reminderSent; } + + public function canDownload(): bool { + if (($this->getPermissions() & Constants::PERMISSION_READ) === 0) { + return false; + } + + $attributes = $this->getAttributes(); + if ($attributes?->getAttribute('permissions', 'download') === false) { + return false; + } + + return true; + } } diff --git a/lib/public/Share/IShare.php b/lib/public/Share/IShare.php index 337210e3b910f..64d0894fba13d 100644 --- a/lib/public/Share/IShare.php +++ b/lib/public/Share/IShare.php @@ -633,4 +633,11 @@ public function setReminderSent(bool $reminderSent): IShare; * @since 31.0.0 */ public function getReminderSent(): bool; + + /** + * Check if it is allowed to download this share. + * + * @since 31.0.15 + */ + public function canDownload(): bool; } From bd562614cf41b29c55a40dddad06d2c941fb5047 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Tue, 17 Mar 2026 17:02:21 +0100 Subject: [PATCH 2/2] fix: use `canDownload` for permissions on federated shares Signed-off-by: Ferdinand Thiessen --- .../lib/Controller/MountPublicLinkController.php | 5 ++--- .../files_sharing/lib/DefaultPublicShareTemplateProvider.php | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php b/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php index 80def826a1c9d..1a6d217fdffb1 100644 --- a/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php +++ b/apps/federatedfilesharing/lib/Controller/MountPublicLinkController.php @@ -17,7 +17,6 @@ use OCP\AppFramework\Http\Attribute\OpenAPI; use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\JSONResponse; -use OCP\Constants; use OCP\Federation\ICloudIdManager; use OCP\HintException; use OCP\Http\Client\IClientService; @@ -107,9 +106,9 @@ public function createFederatedShare($shareWith, $token, $password = '') { return $response; } - if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) { + if (!$share->canDownload()) { $response = new JSONResponse( - ['message' => 'Mounting file drop not supported'], + ['message' => 'Mounting download restricted share is not allowed'], Http::STATUS_BAD_REQUEST ); $response->throttle(); diff --git a/apps/files_sharing/lib/DefaultPublicShareTemplateProvider.php b/apps/files_sharing/lib/DefaultPublicShareTemplateProvider.php index b6644f181848d..ae4785e973f75 100644 --- a/apps/files_sharing/lib/DefaultPublicShareTemplateProvider.php +++ b/apps/files_sharing/lib/DefaultPublicShareTemplateProvider.php @@ -155,7 +155,7 @@ public function renderPage(IShare $share, string $token, string $path): Template // Create the header action menu $headerActions = []; - if ($view !== 'public-file-drop' && !$share->getHideDownload()) { + if ($share->canDownload() && !$share->getHideDownload()) { // The download URL is used for the "download" header action as well as in some cases for the direct link $downloadUrl = $this->urlGenerator->getAbsoluteURL('/public.php/dav/files/' . $token . '/?accept=zip');