Share files via API without delete permissions

gabriel.espejo · May 29, 2024, 8:55am

How can I use the OwnCloud API or occ command to share a directory with an user, granting them read and write permissions, but restricting their ability to delete files they have uploaded?

I’m using a shell script with the following command:

curl -k -u "${ADMIN}:${ADMIN_PASS}" -X POST ${OWNCLOUD_URL}/ocs/v2.php/apps/files_sharing/api/v1/shares" -d path="/${username}/share_dir"
    -d shareType=0
    -d shareWith="${username}"
    -d permissions=15

I’ve noticed in the documentation that the permissions are as follows:

1 = read (default for public link shares);
2 = update;
4 = create;
8 = delete;
15 = read/write;
16 = share;
31 = All permissions.

However, when I try combinations without including permission 8, it doesn’t work. If I give permission 4, for example, the user can’t see the directory. And the combination 14 is interpreted as permission 1. The combination 15 gives permissions to delete as well.

Documentation: OCS Share API

jnweiger · May 29, 2024, 9:07am

These permissions seem to be bit patterns.
Giving 4 = delete alone, does not include 1=read. That observation is plausible (although a strange usecase: “he who cannot see what he is doing, is allowed to destroy things”)
14 should be effectively 2=update + 4=create + 8=delete, but not 1 = read. If you really observe, that 14 is the same as 1, then this is odd. (Maybe some undcumented sanity check automatically adds a read permission in some cases?)
15 is the sum of 1+2+4+8, so yes, delete should added to its description.

Share a directory with an user, granting them read and write permissions, but restricting their ability to delete files should be 7 or if you want to include re-sharing, 23.

jnweiger · June 5, 2024, 12:05pm

OCS Share API is updated to hopefully clarify the meaning of these bits a bit.