Merge pull request #4292 from kobergj/403OnLock

Return 403 when user is not permitted to lock
cs3org · Oct 27, 2023 · fdeb764 · fdeb764
2 parents 2921b01 + 40f1a0b
commit fdeb764
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/changelog/unreleased/return-403-when-not-lock-permitted.md b/changelog/unreleased/return-403-when-not-lock-permitted.md
@@ -0,0 +1,5 @@
+Bugfix: Return 403 when user is not permitted to log
+
+When a user tries to lock a file, but doesn't have write access, the correct status code is `403` not `500` like we did until now
+
+https://github.com/cs3org/reva/pull/4292
diff --git a/internal/http/services/owncloud/ocdav/locks.go b/internal/http/services/owncloud/ocdav/locks.go
@@ -506,10 +506,15 @@ func (s *svc) lockReference(ctx context.Context, w http.ResponseWriter, r *http.
 		//      this actually is a name based lock ... ugh
 		token, err = s.LockSystem.Create(ctx, now, ld)
 		if err != nil {
-			if _, ok := err.(errtypes.Aborted); ok {
+			switch err.(type) {
+			case errtypes.Aborted:
 				return http.StatusLocked, err
+			case errtypes.PermissionDenied:
+				return http.StatusForbidden, err
+			default:
+				return http.StatusInternalServerError, err
+
 			}
-			return http.StatusInternalServerError, err
 		}
 
 		defer func() {