diff --git a/pkg/integrations/link_sharing_test.go b/pkg/integrations/link_sharing_test.go
index d3e9af95a2..5d5aa28516 100644
--- a/pkg/integrations/link_sharing_test.go
+++ b/pkg/integrations/link_sharing_test.go
@@ -54,6 +54,84 @@ func TestLinkSharing(t *testing.T) {
 		SharedByID:  1,
 	}
 
+	t.Run("New Link Share", func(t *testing.T) {
+		testHandler := webHandlerTest{
+			user: &testuser1,
+			strFunc: func() handler.CObject {
+				return &models.LinkSharing{}
+			},
+			t: t,
+		}
+		t.Run("Forbidden", func(t *testing.T) {
+			t.Run("read only", func(t *testing.T) {
+				_, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "20"}, `{"right":0}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
+			})
+			t.Run("write", func(t *testing.T) {
+				_, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "20"}, `{"right":1}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
+			})
+			t.Run("admin", func(t *testing.T) {
+				_, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "20"}, `{"right":2}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
+			})
+		})
+		t.Run("Read only access", func(t *testing.T) {
+			t.Run("read only", func(t *testing.T) {
+				_, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "9"}, `{"right":0}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
+			})
+			t.Run("write", func(t *testing.T) {
+				_, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "9"}, `{"right":1}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
+			})
+			t.Run("admin", func(t *testing.T) {
+				_, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "9"}, `{"right":2}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
+			})
+		})
+		t.Run("Write access", func(t *testing.T) {
+			t.Run("read only", func(t *testing.T) {
+				req, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "10"}, `{"right":0}`)
+				assert.NoError(t, err)
+				assert.Contains(t, req.Body.String(), `"hash":`)
+			})
+			t.Run("write", func(t *testing.T) {
+				req, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "10"}, `{"right":1}`)
+				assert.NoError(t, err)
+				assert.Contains(t, req.Body.String(), `"hash":`)
+			})
+			t.Run("admin", func(t *testing.T) {
+				_, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "10"}, `{"right":2}`)
+				assert.Error(t, err)
+				assert.Contains(t, err.(*echo.HTTPError).Message, `Forbidden`)
+			})
+		})
+		t.Run("Admin access", func(t *testing.T) {
+			t.Run("read only", func(t *testing.T) {
+				req, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "11"}, `{"right":0}`)
+				assert.NoError(t, err)
+				assert.Contains(t, req.Body.String(), `"hash":`)
+			})
+			t.Run("write", func(t *testing.T) {
+				req, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "11"}, `{"right":1}`)
+				assert.NoError(t, err)
+				assert.Contains(t, req.Body.String(), `"hash":`)
+			})
+			t.Run("admin", func(t *testing.T) {
+				req, err := testHandler.testCreateWithUser(nil, map[string]string{"list": "11"}, `{"right":2}`)
+				assert.NoError(t, err)
+				assert.Contains(t, req.Body.String(), `"hash":`)
+			})
+		})
+	})
+
 	t.Run("Lists", func(t *testing.T) {
 		testHandlerListReadOnly := webHandlerTest{
 			linkShare: linkshareRead,
diff --git a/pkg/models/link_sharing.go b/pkg/models/link_sharing.go
index 0f5da6a025..2631fc1c59 100644
--- a/pkg/models/link_sharing.go
+++ b/pkg/models/link_sharing.go
@@ -99,10 +99,16 @@ func GetLinkShareFromClaims(claims jwt.MapClaims) (share *LinkSharing, err error
 // @Failure 500 {object} models.Message "Internal error"
 // @Router /lists/{list}/shares [put]
 func (share *LinkSharing) Create(a web.Auth) (err error) {
+
+	err = share.Right.isValid()
+	if err != nil {
+		return
+	}
+
 	share.SharedByID = a.GetID()
 	share.Hash = utils.MakeRandomString(40)
 	_, err = x.Insert(share)
-	share.SharedBy, _ = a.(*user.User)
+	share.SharedBy, _ = user.GetFromAuth(a)
 	return
 }
 
diff --git a/pkg/models/link_sharing_rights.go b/pkg/models/link_sharing_rights.go
index f6990b10c9..790ef3e05c 100644
--- a/pkg/models/link_sharing_rights.go
+++ b/pkg/models/link_sharing_rights.go
@@ -53,9 +53,16 @@ func (share *LinkSharing) canDoLinkShare(a web.Auth) (bool, error) {
 		return false, nil
 	}
 
-	l, err := GetListSimplByTaskID(share.ListID)
+	l := &List{ID: share.ListID}
+	err := l.GetSimpleByID()
 	if err != nil {
 		return false, err
 	}
+
+	// Check if the user is admin when the link right is admin
+	if share.Right == RightAdmin {
+		return l.IsAdmin(a)
+	}
+
 	return l.CanWrite(a)
 }