From cabc03652d6de039b549d78c57a9f866cfc2c058 Mon Sep 17 00:00:00 2001
From: provokateurin <kate@provokateurin.de>
Date: Thu, 26 Sep 2024 16:34:45 +0200
Subject: [PATCH] fix(TrashBackend): Fix delete checks

Signed-off-by: provokateurin <kate@provokateurin.de>
---
 lib/Trash/TrashBackend.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/Trash/TrashBackend.php b/lib/Trash/TrashBackend.php
index 6c98c73e..44f45259 100644
--- a/lib/Trash/TrashBackend.php
+++ b/lib/Trash/TrashBackend.php
@@ -196,13 +196,20 @@ public function removeItem(ITrashItem $item) {
 		if ($node === null) {
 			throw new NotFoundException();
 		}
-		if ($node->getStorage()->unlink($node->getInternalPath()) === false) {
-			throw new \Exception('Failed to remove item from trashbin');
-		}
+
 		if (!$this->userHasAccessToPath($item->getUser(), $item->getPath(), Constants::PERMISSION_DELETE)) {
 			throw new NotPermittedException();
 		}
 
+		$folderPermissions = $this->folderManager->getFolderPermissionsForUser($item->getUser(), (int)$folderId);
+		if (($folderPermissions & Constants::PERMISSION_DELETE) !== Constants::PERMISSION_DELETE) {
+			throw new NotPermittedException();
+		}
+
+		if ($node->getStorage()->unlink($node->getInternalPath()) === false) {
+			throw new \Exception('Failed to remove item from trashbin');
+		}
+
 		$node->getStorage()->getCache()->remove($node->getInternalPath());
 		if ($item->isRootItem()) {
 			$this->trashManager->removeItem((int)$folderId, $item->getName(), $item->getDeletedTime());