From 563c759060909103d7b839293aa63855b2dcb2a6 Mon Sep 17 00:00:00 2001 From: provokateurin Date: Tue, 14 Jul 2026 15:01:37 +0200 Subject: [PATCH] fix(files_sharing): Allow access to shares by disabled users if hide_disabled_user_shares is enabled Signed-off-by: provokateurin --- .../files_sharing/lib/Controller/ShareController.php | 12 ------------ lib/private/Share20/Manager.php | 4 ++-- tests/lib/Share20/ManagerTest.php | 2 +- 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php index 6f5693a26d25c..aef5aa36b47db 100644 --- a/apps/files_sharing/lib/Controller/ShareController.php +++ b/apps/files_sharing/lib/Controller/ShareController.php @@ -249,18 +249,6 @@ protected function emitShareAccessEvent(IShare $share, string $step = '', int $e * @return bool */ private function validateShare(IShare $share) { - // If the owner is disabled no access to the link is granted - $owner = $this->userManager->get($share->getShareOwner()); - if ($owner === null || !$owner->isEnabled()) { - return false; - } - - // If the initiator of the share is disabled no access is granted - $initiator = $this->userManager->get($share->getSharedBy()); - if ($initiator === null || !$initiator->isEnabled()) { - return false; - } - return $share->getNode()->isReadable() && $share->getNode()->isShareable(); } diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index edff92583eb39..126987db91333 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -1489,8 +1489,8 @@ private function checkShare(IShare $share, int &$added = 1): void { $added--; throw new ShareNotFound($this->l->t('The requested share does not exist anymore')); } - if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'no') === 'yes') { - $uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]); + if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'yes') === 'yes') { + $uids = array_unique([$share->getShareOwner(), $share->getSharedBy()]); foreach ($uids as $uid) { $user = $this->userManager->get($uid); if ($user?->isEnabled() === false) { diff --git a/tests/lib/Share20/ManagerTest.php b/tests/lib/Share20/ManagerTest.php index 81216aaecd1f5..f8c88cacfefaf 100644 --- a/tests/lib/Share20/ManagerTest.php +++ b/tests/lib/Share20/ManagerTest.php @@ -3311,7 +3311,7 @@ public function testGetShareByTokenHideDisabledUser(): void { ->method('getAppValue') ->willReturnMap([ ['core', 'shareapi_allow_links', 'yes', 'yes'], - ['files_sharing', 'hide_disabled_user_shares', 'no', 'yes'], + ['files_sharing', 'hide_disabled_user_shares', 'yes', 'yes'], ]); $this->l->expects($this->once())