fix: Ensure edit permissions are checked before template file token generation

printminion-co · printminion-co · commit 46e2fa80e53c · 2025-04-25T12:29:31.000+02:00
otherwise file created from template will be editable for user with readonly permissions

Signed-off-by: Misha M.-Kupriyanov &lt;kupriyanov@strato.de&gt;
diff --git a/lib/TokenManager.php b/lib/TokenManager.php
@@ -193,6 +193,8 @@ public function generateWopiTokenForTemplate(
 			$updatable = $updatable && $shareUpdatable;
 		}
 
+		$updatable = $updatable && $this->permissionManager->userCanEdit($editoruid);
+
 		$serverHost = $this->urlGenerator->getAbsoluteURL('/');
 
 		return $this->wopiMapper->generateFileToken(

Original file line number	Diff line number	Diff line change
`@@ -193,6 +193,8 @@ public function generateWopiTokenForTemplate(`
`193`	`193`	`$updatable = $updatable && $shareUpdatable;`
`194`	`194`	`}`
`195`	`195`
	`196`	`+ $updatable = $updatable && $this->permissionManager->userCanEdit($editoruid);`
	`197`	`+`
`196`	`198`	`$serverHost = $this->urlGenerator->getAbsoluteURL('/');`
`197`	`199`
`198`	`200`	`return $this->wopiMapper->generateFileToken(`