Change default permissions on sharebymail #8186
Milestone
Comments
Cybso
pushed a commit
to Cybso/server
that referenced
this issue
Feb 6, 2018
See issue nextcloud#8186 Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
|
There is another pull request with a more generic approach: #7363 |
|
Fixed by #7363 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please modify ShareByMailProvider.php to ignore 'permissions' for new shares but use PERMISSION_READ by default (method "createMailShare"), or add a configuration option to define a umask for new permissions.
The current behaviour is really unexpected (and possible dangerous) for users that are accustomed with other file sharing services like Dropbox or Google Drive. With this simple change the user would still be able to grant edit permission explicitly.
Steps to reproduce
Expected behaviour
The recipient can download the shared content, but is not able to modify it.
Actual behaviour
If the user doesn't pay attention the recipient is able to misuse the shared file or directory.
Server configuration
Doesn't matter.
The text was updated successfully, but these errors were encountered: