diff --git a/core/src/plugins/action.share/class.ShareCenter.php b/core/src/plugins/action.share/class.ShareCenter.php index daa9faa50c..ebc7f15766 100644 --- a/core/src/plugins/action.share/class.ShareCenter.php +++ b/core/src/plugins/action.share/class.ShareCenter.php @@ -1570,6 +1570,9 @@ public function createSharedMinisite($httpVars, $repository, $accessDriver) $this->initPublicFolder($downloadFolder); if(isset($existingData)){ + $repo = ConfService::getRepositoryById($existingData["REPOSITORY"]); + if($repo == null) throw new Exception("Oups, something went wrong"); + $this->shareStore->testUserCanEditShare($repo->getOwner()); $data = $existingData; }else{ $data = array( @@ -1825,6 +1828,7 @@ public function createSharedRepository($httpVars, $repository, $accessDriver, $u $options["PLUGINS_DATA"] = $customData; } if (isSet($editingRepo)) { + $this->shareStore->testUserCanEditShare($editingRepo->getOwner()); $newRepo = $editingRepo; $replace = false; if ($editingRepo->getDisplay() != $label) { diff --git a/core/src/plugins/action.share/class.ShareStore.php b/core/src/plugins/action.share/class.ShareStore.php index 065580c018..46fa866df8 100644 --- a/core/src/plugins/action.share/class.ShareStore.php +++ b/core/src/plugins/action.share/class.ShareStore.php @@ -278,7 +278,7 @@ public function listShares($limitToUser = '', $parentRepository = '', $cursor = return $dbLets; } - protected function testUserCanEditShare($userId){ + public function testUserCanEditShare($userId){ if(empty($userId)){ $mess = ConfService::getMessages(); @@ -432,7 +432,12 @@ public function incrementDownloadCounter($hash){ public function resetDownloadCounter($hash, $userId){ $data = $this->loadShare($hash); - // TODO We must check that the user has the right to do that! + $repoId = $data["REPOSITORY"]; + $repo = ConfService::getRepositoryById($repoId); + if ($repo == null) { + throw new Exception("Cannot find associated share"); + } + $this->testUserCanEditShare($repo->getOwner()); PublicletCounter::reset($hash); }