From 20064747385cab83214a3313077b291840b57d07 Mon Sep 17 00:00:00 2001 From: provokateurin Date: Tue, 14 Jul 2026 15:01:37 +0200 Subject: [PATCH] fix(files_sharing): Allow access to shares by disabled users if hide_disabled_user_shares is enabled Signed-off-by: provokateurin --- .../files_sharing/lib/Controller/ShareController.php | 12 ------------ lib/private/Share20/Manager.php | 4 ++-- tests/lib/Share20/ManagerTest.php | 2 +- 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php index 33600b609aba2..7ae77a7351455 100644 --- a/apps/files_sharing/lib/Controller/ShareController.php +++ b/apps/files_sharing/lib/Controller/ShareController.php @@ -263,18 +263,6 @@ protected function emitShareAccessEvent(IShare $share, string $step = '', int $e * @return bool */ private function validateShare(\OCP\Share\IShare $share) { - // If the owner is disabled no access to the link is granted - $owner = $this->userManager->get($share->getShareOwner()); - if ($owner === null || !$owner->isEnabled()) { - return false; - } - - // If the initiator of the share is disabled no access is granted - $initiator = $this->userManager->get($share->getSharedBy()); - if ($initiator === null || !$initiator->isEnabled()) { - return false; - } - return $share->getNode()->isReadable() && $share->getNode()->isShareable(); } diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 0998e58e27085..86f82f172870f 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -1476,8 +1476,8 @@ protected function checkShare(IShare $share): void { $this->deleteShare($share); throw new ShareNotFound($this->l->t('The requested share does not exist anymore')); } - if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'no') === 'yes') { - $uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]); + if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'yes') === 'yes') { + $uids = array_unique([$share->getShareOwner(), $share->getSharedBy()]); foreach ($uids as $uid) { $user = $this->userManager->get($uid); if ($user?->isEnabled() === false) { diff --git a/tests/lib/Share20/ManagerTest.php b/tests/lib/Share20/ManagerTest.php index 561e7e52bcef0..960b7f076a4f4 100644 --- a/tests/lib/Share20/ManagerTest.php +++ b/tests/lib/Share20/ManagerTest.php @@ -3107,7 +3107,7 @@ public function testGetShareByTokenHideDisabledUser() { ->method('getAppValue') ->willReturnMap([ ['core', 'shareapi_allow_links', 'yes', 'yes'], - ['files_sharing', 'hide_disabled_user_shares', 'no', 'yes'], + ['files_sharing', 'hide_disabled_user_shares', 'yes', 'yes'], ]); $this->l->expects($this->once())