Merge pull request #46646 from nextcloud/backport/46225/stable29

[stable29] fix(dav): Thrown forbidden error for authenticated user instead of no…
nextcloud · Jul 19, 2024 · 23c4bb1 · 23c4bb1
2 parents 63a4884 + 3c8106d
commit 23c4bb1
Showing 1 changed file with 14 additions and 7 deletions.
diff --git a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php
@@ -31,6 +31,7 @@
 use OCA\DAV\CalDAV\Calendar;
 use OCA\DAV\CardDAV\AddressBook;
 use Sabre\CalDAV\Principal\User;
+use Sabre\DAV\Exception\Forbidden;
 use Sabre\DAV\Exception\NotFound;
 use Sabre\DAV\INode;
 use Sabre\DAV\PropFind;
@@ -69,13 +70,19 @@ public function checkPrivileges($uri, $privileges, $recursion = self::R_PARENT,
 					$type = 'Node';
 					break;
 			}
-			throw new NotFound(
-				sprintf(
-					"%s with name '%s' could not be found",
-					$type,
-					$node->getName()
-				)
-			);
+
+			if ($this->getCurrentUserPrincipal() === $node->getOwner()) {
+				throw new Forbidden("Access denied");
+			} else {
+				throw new NotFound(
+					sprintf(
+						"%s with name '%s' could not be found",
+						$type,
+						$node->getName()
+					)
+				);
+			}
+
 		}
 
 		return $access;