From 6f0d9e5d5d2fdda28b79f43135704fb0e1286455 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Sat, 18 Feb 2017 07:55:40 +0100
Subject: [PATCH] move folders/documents propperly checks for access rights
 (Closes #309)

---
 op/op.Ajax.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/op/op.Ajax.php b/op/op.Ajax.php
index eb3bfe378..7bb728f34 100644
--- a/op/op.Ajax.php
+++ b/op/op.Ajax.php
@@ -232,7 +232,7 @@ switch($command) {
 			} else {
 				$mfolder = $dms->getFolder($_REQUEST['folderid']);
 				if($mfolder) {
-					if ($mfolder->getAccessMode($user) >= M_READ) {
+					if ($mfolder->getAccessMode($user) >= M_READWRITE) {
 						if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
 							if($folder->getAccessMode($user) >= M_READWRITE) {
 								if($mfolder->setParent($folder)) {
@@ -271,7 +271,7 @@ switch($command) {
 			} else {
 				$mdocument = $dms->getDocument($_REQUEST['docid']);
 				if($mdocument) {
-					if ($mdocument->getAccessMode($user) >= M_READ) {
+					if ($mdocument->getAccessMode($user) >= M_READWRITE) {
 						if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
 							if($folder->getAccessMode($user) >= M_READWRITE) {
 								if($mdocument->setFolder($folder)) {