From 8fcff71449cbf2addd198fb8b7be87ba73af0712 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 4 Feb 2021 18:12:27 +0100
Subject: [PATCH] check folder permissions when restoring a trashbin item

not just the acl permissions

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 lib/Folder/FolderManager.php       | 19 ++++++++++++++++++
 lib/Trash/TrashBackend.php         |  8 ++++++--
 tests/Folder/FolderManagerTest.php | 32 ++++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/lib/Folder/FolderManager.php b/lib/Folder/FolderManager.php
index 4d4094a62..aee7b1db3 100644
--- a/lib/Folder/FolderManager.php
+++ b/lib/Folder/FolderManager.php
@@ -565,4 +565,23 @@ public function getFoldersForUser(IUser $user, $rootStorageId = 0) {
 
 		return array_values($mergedFolders);
 	}
+
+	/**
+	 * @param IUser $user
+	 * @param int $folderId
+	 * @return int
+	 */
+	public function getFolderPermissionsForUser(IUser $user, int $folderId): int {
+		$groups = $this->groupManager->getUserGroupIds($user);
+		$folders = $this->getFoldersForGroups($groups);
+
+		$permissions = 0;
+		foreach ($folders as $folder) {
+			if ($folderId === (int)$folder['folder_id']) {
+				$permissions |= $folder['permissions'];
+			}
+		}
+
+		return $permissions;
+	}
 }
diff --git a/lib/Trash/TrashBackend.php b/lib/Trash/TrashBackend.php
index 956a31d21..1b9b3f847 100644
--- a/lib/Trash/TrashBackend.php
+++ b/lib/Trash/TrashBackend.php
@@ -96,12 +96,16 @@ public function listTrashFolder(ITrashItem $trashItem): array {
 
 	public function restoreItem(ITrashItem $item) {
 		$user = $item->getUser();
-		list(, $folderId) = explode('/', $item->getTrashPath());
+		[, $folderId] = explode('/', $item->getTrashPath());
 		$node = $this->getNodeForTrashItem($user, $item);
 		if ($node === null) {
 			throw new NotFoundException();
 		}
-		if (!$this->userHasAccessToPath($item->getUser(), $folderId . '/' . $item->getOriginalLocation(), Constants::PERMISSION_UPDATE)) {
+		if (!$this->userHasACLAccessToPath($item->getUser(), $folderId . '/' . $item->getOriginalLocation(), Constants::PERMISSION_UPDATE)) {
+			throw new NotPermittedException();
+		}
+		$folderPermissions = $this->folderManager->getFolderPermissionsForUser($item->getUser(), (int)$folderId);
+		if (($folderPermissions & Constants::PERMISSION_UPDATE) !== Constants::PERMISSION_UPDATE) {
 			throw new NotPermittedException();
 		}
 
diff --git a/tests/Folder/FolderManagerTest.php b/tests/Folder/FolderManagerTest.php
index 380e2ef10..7d46a8061 100644
--- a/tests/Folder/FolderManagerTest.php
+++ b/tests/Folder/FolderManagerTest.php
@@ -291,4 +291,36 @@ public function testGetFoldersForUserMerge() {
 			]
 		], $folders);
 	}
+
+	public function testGetFolderPermissionsForUserMerge() {
+		$db = $this->createMock(IDBConnection::class);
+		/** @var FolderManager|\PHPUnit_Framework_MockObject_MockObject $manager */
+		$manager = $this->getMockBuilder(FolderManager::class)
+			->setConstructorArgs([$db, $this->groupManager, $this->mimeLoader])
+			->setMethods(['getFoldersForGroups'])
+			->getMock();
+
+		$folder1 = [
+			'folder_id' => 1,
+			'mount_point' => 'foo',
+			'permissions' => 3,
+			'quota' => 1000
+		];
+		$folder2 = [
+			'folder_id' => 1,
+			'mount_point' => 'foo',
+			'permissions' => 8,
+			'quota' => 1000
+		];
+
+		$manager->expects($this->any())
+			->method('getFoldersForGroups')
+			->willReturn([$folder1, $folder2]);
+
+		$permissions = $manager->getFolderPermissionsForUser($this->getUser(['g1', 'g2', 'g3']), 1);
+		$this->assertEquals(11, $permissions);
+
+		$permissions = $manager->getFolderPermissionsForUser($this->getUser(['g1', 'g2', 'g3']), 2);
+		$this->assertEquals(0, $permissions);
+	}
 }