fix: Check for update permissions when creating a new file

Signed-off-by: Julius Härtl <[email protected]>

lib/Controller/DocumentAPIController.php

@@ -72,6 +72,12 @@ public function create(string $mimeType, string $fileName, string $directoryPath
 		try {
 			if ($shareToken !== null) {
 				$share = $this->shareManager->getShareByToken($shareToken);
+				if (!($share->getPermissions() & \OCP\Constants::PERMISSION_CREATE)) {
+					return new JSONResponse([
+						'status' => 'error',
+						'message' => $this->l10n->t('Not allowed to create document')
+					], Http::STATUS_FORBIDDEN);
+				}
 			}
 
 			$rootFolder = $shareToken !== null ? $share->getNode() : $this->rootFolder->getUserFolder($this->userId);