Describe the bug
When using the permissions endpoint, link share of Shares drive with Internal role can be created. THis should not be possible.
NOTE: with root endpoint, this is not possible.
Steps to reproduce
- Create a link share of
Shares drive with Internal role - (❗should not be possible)
API: https://owncloud.dev/libre-graph-api/#/drives.permissions/CreateLink
curl -XPOST 'https://localhost:9200/graph/v1beta1/drives/<shares-drive-id>/items/a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668!a0ca6a90-a365-4782-871e-d44447bbc668/createLink' \
-d'{"type":"internal","@libre.graph.quickLink":false,"displayName":null,"expirationDateTime":null,"password":null}' \
-uadmin:admin -vk | jq< HTTP/1.1 200 OK
{
"createdDateTime": "2025-06-09T08:35:05.027007478Z",
"hasPassword": false,
"id": "RzoSVlBEeUVYUVu",
"link": {
"@libre.graph.displayName": "",
"@libre.graph.quickLink": false,
"preventsDownload": false,
"type": "internal",
"webUrl": "https://localhost:9200/s/xqvNlmOGVYpjjUJ"
}
}
- try to access the link
webUrl - link doesn't work
Expected behavior
400 with error:
{
"error": {
"code": "invalidRequest",
"innererror": {
"date": "2025-06-09T08:37:41Z",
"request-id": "sawjan-optiplex/390j8jTAqD-001876"
},
"message": "cannot create link on shares space root"
}
}Actual behavior
200 with link
Describe the bug
When using the permissions endpoint, link share of
Sharesdrive withInternalrole can be created. THis should not be possible.NOTE: with root endpoint, this is not possible.
Steps to reproduce
Sharesdrive withInternalrole - (❗should not be possible)API: https://owncloud.dev/libre-graph-api/#/drives.permissions/CreateLink
webUrl- link doesn't workExpected behavior
400 with error:
{ "error": { "code": "invalidRequest", "innererror": { "date": "2025-06-09T08:37:41Z", "request-id": "sawjan-optiplex/390j8jTAqD-001876" }, "message": "cannot create link on shares space root" } }Actual behavior
200 with link