nextcloud
/
bookmarks
mirror of https://github.com/nextcloud/bookmarks
0
0
Fork 0
Code Issues Releases Wiki Activity

Fix auth for newBookmark endpoint

This commit is contained in:
Marcel Klehr 2020-05-03 22:31:12 +02:00
parent ad63e61512
commit eb1bedb47e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Controller/BookmarkController.php
View File

@ -398,11 +398,11 @@ class BookmarkController extends ApiController {
* @PublicPage
*/
public function newBookmark($url = '', $title = null, $description = '', $tags = [], $folders = []): JSONResponse {
$permissions = $this->authorizer->getPermissionsForFolder($this->_getRootFolderId(), $this->request);
$permissions = Authorizer::PERM_ALL;
foreach ($folders as $folder) {
$permissions &= $this->authorizer->getPermissionsForFolder($folder, $this->request);
}
if (!Authorizer::hasPermission(Authorizer::PERM_EDIT, $permissions)) {
if (!Authorizer::hasPermission(Authorizer::PERM_EDIT, $permissions) || $this->authorizer->getUserId() === null) {
return new JSONResponse(['status' => 'error', 'data' => 'Insufficient permissions'], Http::STATUS_BAD_REQUEST);
}