From 6db1752359607db0cb78abb5cad94019f3a82679 Mon Sep 17 00:00:00 2001
From: Varun Patil <varunpatil@ucla.edu>
Date: Fri, 2 Dec 2022 20:12:21 -0800
Subject: [PATCH] apibase: check share readable

---
 lib/Controller/ApiBase.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/Controller/ApiBase.php b/lib/Controller/ApiBase.php
index faa3a210..20ffb26a 100644
--- a/lib/Controller/ApiBase.php
+++ b/lib/Controller/ApiBase.php
@@ -106,7 +106,7 @@ class ApiBase extends Controller
         // Public shared folder
         if ($token = $this->getShareToken()) {
             $share = $this->shareManager->getShareByToken($token)->getNode(); // throws exception if not found
-            if (!$share instanceof Folder) {
+            if (!$share instanceof Folder || !$share->isReadable() || !$share->isShareable()) {
                 throw new \Exception('Share not found or invalid');
             }
 
@@ -207,7 +207,7 @@ class ApiBase extends Controller
 
         try {
             $share = $this->shareManager->getShareByToken($token)->getNode(); // throws exception if not found
-            if (!$share instanceof Folder) {
+            if (!$share instanceof Folder || !$share->isReadable() || !$share->isShareable()) {
                 return null;
             }
         } catch (\Exception $e) {