fix: Ensure edit permissions are checked before template file token generation

printminion-co · printminion-co · commit 9222570cccfe · 2025-05-19T10:15:13.000+02:00
otherwise file created from template will be editable for user with readonly permissions

Signed-off-by: Misha M.-Kupriyanov &lt;kupriyanov@strato.de&gt;
diff --git a/lib/TokenManager.php b/lib/TokenManager.php
@@ -185,6 +185,8 @@ public function generateWopiTokenForTemplate(
 			$updatable = $updatable && $shareUpdatable;
 		}
 
+		$updatable = $updatable && $this->permissionManager->userCanEdit($editoruid);
+
 		$serverHost = $this->urlGenerator->getAbsoluteURL('/');
 
 		return $this->wopiMapper->generateFileToken(

Original file line number	Diff line number	Diff line change
`@@ -185,6 +185,8 @@ public function generateWopiTokenForTemplate(`
`185`	`185`	`$updatable = $updatable && $shareUpdatable;`
`186`	`186`	`}`
`187`	`187`
	`188`	`+ $updatable = $updatable && $this->permissionManager->userCanEdit($editoruid);`
	`189`	`+`
`188`	`190`	`$serverHost = $this->urlGenerator->getAbsoluteURL('/');`
`189`	`191`
`190`	`192`	`return $this->wopiMapper->generateFileToken(`