From 4844aa1ce02fb8c5f51385212f40c08618076f10 Mon Sep 17 00:00:00 2001
From: Marcos Zuriaga <wolfi@wolfi.es>
Date: Mon, 3 Oct 2016 15:01:30 +0200
Subject: [PATCH] Remove files field from sharing response if user does not
 have permission to see files

---
 lib/Service/ShareService.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/Service/ShareService.php b/lib/Service/ShareService.php
index 44dd3ed2..43099908 100644
--- a/lib/Service/ShareService.php
+++ b/lib/Service/ShareService.php
@@ -103,6 +103,8 @@ class ShareService {
 
             $tmp = $entry->jsonSerialize();
             $tmp['credential_data'] = $this->credential->getCredentialById($entry->getItemId())->jsonSerialize();
+
+            if (!$entry->hasPermission(SharingACL::FILES)) unset($tmp['credential_data']['files']);
             unset($tmp['credential_data']['shared_key']);
             $return[] = $tmp;
         }