nextcloud · icewind1991 · Jan 6, 2026 · Jan 6, 2026 · Jan 20, 2026 · susnux
@@ -206,10 +206,19 @@ public function checkMove(string $source, string $target): void {
 		// First check copyable (move only needs additional delete permission)
 		$this->checkCopy($source, $target);
 
-		// The source needs to be deletable for moving
-		$sourceNodeFileInfo = $sourceNode->getFileInfo();
-		if (!$sourceNodeFileInfo->isDeletable()) {
-			throw new Forbidden($source . ' cannot be deleted');
+		[$sourceDir] = \Sabre\Uri\split($source);
+		[$destinationDir, ] = \Sabre\Uri\split($target);
+
+		if ($sourceDir === $destinationDir) {
+			if (!$sourceNode->canRename()) {
+				throw new Forbidden($source . ' cannot be renamed');
+			}
+		} else {
+			// The source needs to be deletable for moving
+			$sourceNodeFileInfo = $sourceNode->getFileInfo();
+			if (!$sourceNodeFileInfo->isDeletable()) {
+				throw new Forbidden($source . ' cannot be deleted');
+			}
 		}
 
 		// The source is not allowed to be the parent of the target

@@ -103,6 +103,34 @@
 		return $this->path;
 	}
 
+	/**
+	 * Check if this node can be renamed
+	 */
+	public function canRename(): bool {
+		// the root of a movable mountpoint can be renamed regardless of the file permissions
+		if ($this->info->getMountPoint() instanceof MoveableMount && $this->info->getInternalPath() === '') {
+			return true;
+		}
+
+		// we allow renaming the file if either the file has update permissions
+		if ($this->info->isUpdateable()) {
+			return true;
+		}
+		// or the file can be deleted and the parent has create permissions
+		[$parentPath,] = \Sabre\Uri\split($this->path);
+		if ($parentPath === null) {
+			// can't rename the users home
+			return false;
+		}
+		/** @@psalm-suppress InternalMethod */
+		$parent = $this->fileView->getFileInfo($parentPath);
+		if ($this->info->isDeletable() && $parent->isCreatable()) {
+			return true;
+		}
+
+		return false;
+	}
+
 	/**
 	 * Renames the node
 	 *
@@ -111,10 +139,8 @@
 	 * @throws \Sabre\DAV\Exception\Forbidden
 	 */
 	public function setName($name) {
-		// rename is only allowed if the delete privilege is granted
-		// (basically rename is a copy with delete of the original node)
-		if (!($this->info->isDeletable() || ($this->info->getMountPoint() instanceof MoveableMount && $this->info->getInternalPath() === ''))) {
-			throw new \Sabre\DAV\Exception\Forbidden();
+		if (!$this->canRename()) {
+			throw new \Sabre\DAV\Exception\Forbidden('');
 		}
 
 		[$parentPath,] = \Sabre\Uri\split($this->path);

@@ -34,10 +34,15 @@ export const action = new FileAction({
 			: filesStore.getNode(dirname(node.source))
 		const parentPermissions = parentNode?.permissions || Permission.NONE
 
-		// Only enable if the node have the delete permission
-		// and if the parent folder allows creating files
-		return Boolean(node.permissions & Permission.DELETE)
-			&& Boolean(parentPermissions & Permission.CREATE)
+		// Enable if the node has update permissions or the node
+		// has delete permission and the parent folder allows creating files
+		return (
+			(
+				Boolean(node.permissions & Permission.DELETE)
+				&& Boolean(parentPermissions & Permission.CREATE)
+			)
+			|| Boolean(node.permissions & Permission.UPDATE)
+		)
 	},
 
 	async exec({ nodes }) {