- User A shares a file/folder to user B with re-sharing permission, but readonly
- User B shares this file/folder to User C (Needs the shareapi_default_permissions set to 1 (all checkmarks off in admin panel))
- User B can add write permissions for the share to User C (User C may also be anonymous using a link)
- User C gets write access and can edit existing files
Impact
User can get write permission on read-only shared files/folders.