From a56b9d716217f30da97b9e79739090d9f254801e Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Sun, 31 Dec 2023 17:16:21 +0100
Subject: [PATCH] fix overwriting shared files field without permission

---
 lib/Controller/CredentialController.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/Controller/CredentialController.php b/lib/Controller/CredentialController.php
index 9cfefa8a..75f442e5 100644
--- a/lib/Controller/CredentialController.php
+++ b/lib/Controller/CredentialController.php
@@ -155,6 +155,11 @@ class CredentialController extends ApiController {
 			if (!$this->settings->isEnabled('user_sharing_enabled')) {
 				return new DataResponse(['msg' => 'Not authorized'], Http::STATUS_UNAUTHORIZED);
 			}
+
+			if (!$acl->hasPermission(SharingACL::FILES)) {
+				// what ever the client transmitted, if it has no files permission, the previous files content will be preserved
+				$credential['files'] = $storedCredential->getFiles();
+			}
 		}