fix(sharing): Allow public share access for everyone

nfebe · nfebe · commit 7a9c04a27a05 · 2025-10-16T15:53:58.000+02:00
When a logged-in user accesses a public share link in the same browser,
the system was incorrectly checking if that user's groups were excluded
from creating link shares. This caused share not found errors for users
in excluded groups, even though public shares should be accessible to anyone
with the link.

The group exclusion setting (`shareapi_allow_links_exclude_groups`) is
intended to restrict share creation, not share access. Public shares
are meant to be anonymous and accessible regardless of the viewer identity
or group membership.

Signed-off-by: nfebe &lt;fenn25.fn@gmail.com&gt;
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
@@ -1413,7 +1413,7 @@ public function getShareByToken($token) {
 		}
 		$share = null;
 		try {
-			if ($this->shareApiAllowLinks()) {
+			if ($this->shareApiAllowLinks(checkGroupExclusion: false)) {
 				$provider = $this->factory->getProviderForType(IShare::TYPE_LINK);
 				$share = $provider->getShareByToken($token);
 			}
@@ -1742,19 +1742,22 @@ public function shareApiEnabled() {
 	/**
 	 * Is public link sharing enabled
 	 *
+	 * @param bool $checkGroupExclusion Whether to check the current user's group exclusions
 	 * @return bool
 	 */
-	public function shareApiAllowLinks() {
+	public function shareApiAllowLinks(bool $checkGroupExclusion = true) {
 		if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
 			return false;
 		}
 
-		$user = $this->userSession->getUser();
-		if ($user) {
-			$excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]'));
-			if ($excludedGroups) {
-				$userGroups = $this->groupManager->getUserGroupIds($user);
-				return !(bool)array_intersect($excludedGroups, $userGroups);
+		if ($checkGroupExclusion) {
+			$user = $this->userSession->getUser();
+			if ($user) {
+				$excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]'));
+				if ($excludedGroups) {
+					$userGroups = $this->groupManager->getUserGroupIds($user);
+					return !(bool)array_intersect($excludedGroups, $userGroups);
+				}
 			}
 		}
 
