From be396db4605c083113af7209954b6d24130cefc7 Mon Sep 17 00:00:00 2001
From: Lukas Schaefer <lukas@lschaefer.xyz>
Date: Mon, 16 Mar 2026 12:09:54 -0400
Subject: [PATCH] Improve testing

Signed-off-by: Lukas Schaefer <lukas@lschaefer.xyz>

[skip ci]
---
 lib/Service/ApprovalService.php            |  4 +++
 tests/unit/Service/ApprovalServiceTest.php | 39 ++++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/lib/Service/ApprovalService.php b/lib/Service/ApprovalService.php
index 5337cff8..37c45bf3 100644
--- a/lib/Service/ApprovalService.php
+++ b/lib/Service/ApprovalService.php
@@ -446,6 +446,10 @@ public function request(int $fileId, int $ruleId, ?string $userId, bool $createS
 			return ['error' => $this->l10n->t('You do not have access to this file')];
 		}
 
+		if ($createShares && !$this->utilsService->userCanShareFile($fileId, $userId)) {
+			return ['error' => $this->l10n->t('You can not share this file')];
+		}
+
 		$rule = $this->ruleService->getRule($ruleId);
 		if (is_null($rule)) {
 			return ['error' => $this->l10n->t('Rule does not exist')];
diff --git a/tests/unit/Service/ApprovalServiceTest.php b/tests/unit/Service/ApprovalServiceTest.php
index 001bffc4..7c20e11d 100644
--- a/tests/unit/Service/ApprovalServiceTest.php
+++ b/tests/unit/Service/ApprovalServiceTest.php
@@ -22,6 +22,8 @@
 
 use OCP\Share\IManager as IShareManager;
 
+use OCP\Share\IShare;
+
 use OCP\SystemTag\ISystemTagManager;
 use OCP\SystemTag\ISystemTagObjectMapper;
 
@@ -412,4 +414,41 @@ public function testApproval() {
 		$stateForUser1 = $this->approvalService->getApprovalState($fileToReject->getId(), 'user1');
 		$this->assertEquals(Application::STATE_REJECTED, $stateForUser1['state']);
 	}
+
+	public function testRequestWithCreateSharesWhenUserCannotShareReturnsError(): void {
+		// Share a file from user1 to user2 with read-only (no share permission).
+		// user2 has access but cannot share -> request with createShares true must return error.
+		$uf1 = $this->root->getUserFolder('user1');
+		$file = $uf1->newFile('file_no_share.txt', 'content');
+		$shared = $this->utilsService->createShare(
+			$file,
+			IShare::TYPE_USER,
+			'user2',
+			'user1',
+			'label'
+		);
+		$this->assertTrue($shared);
+
+		// Add some tags
+		$r = $this->utilsService->createTag('pending4');
+		$idTagPending4 = $r['id'];
+		$r = $this->utilsService->createTag('approved4');
+		$idTagApproved4 = $r['id'];
+		$r = $this->utilsService->createTag('rejected4');
+		$idTagRejected4 = $r['id'];
+
+		$r = $this->ruleService->createRule(
+			$idTagPending4, $idTagApproved4, $idTagRejected4,
+			[['entityId' => 'user3', 'type' => 'user']],
+			[['entityId' => 'user2', 'type' => 'user']],
+			'user 2 request, 3 approves',
+			false
+		);
+		$ruleId = $r['id'];
+
+		$result = $this->approvalService->request($file->getId(), $ruleId, 'user2', true);
+		$this->assertArrayHasKey('error', $result);
+
+		$this->ruleService->deleteRule($ruleId);
+	}
 }