diff --git a/seahub/share/views.py b/seahub/share/views.py
index 60f1e461a2..2639848967 100644
--- a/seahub/share/views.py
+++ b/seahub/share/views.py
@@ -35,7 +35,7 @@ from seahub.base.decorators import user_mods_check
 from seahub.contacts.models import Contact
 from seahub.contacts.signals import mail_sended
 from seahub.signals import share_file_to_user_successful
-from seahub.views import is_registered_user
+from seahub.views import is_registered_user, check_repo_access_permission
 from seahub.utils import render_permission_error, string2list, render_error, \
     gen_token, gen_shared_link, gen_shared_upload_link, gen_dir_share_link, \
     gen_file_share_link, IS_EMAIL_CONFIGURED, check_filename_with_rename, \
@@ -1082,21 +1082,33 @@ def get_shared_upload_link(request):
     else:
         if path[-1] != '/': # append '/' at end of path
             path += '/'
-    l = UploadLinkShare.objects.filter(repo_id=repo_id).filter(
-        username=request.user.username).filter(path=path)
-    if len(l) > 0:
-        upload_link = l[0]
-        token = upload_link.token
+
+    repo = seaserv.get_repo(repo_id)
+    user_perm = check_repo_access_permission(repo.id, request.user)
+
+    if user_perm == 'r':
+        messages.error(request, _(u'Permission denied'))
+        return HttpResponse(status=403, content_type=content_type)
+    elif user_perm == 'rw':
+        l = UploadLinkShare.objects.filter(repo_id=repo_id).filter(
+            username=request.user.username).filter(path=path)
+        if len(l) > 0:
+            upload_link = l[0]
+            token = upload_link.token
+        else:
+            username = request.user.username
+            uls = UploadLinkShare.objects.create_upload_link_share(
+                username, repo_id, path, passwd)
+            token = uls.token
+
+        shared_upload_link = gen_shared_upload_link(token)
+
+        data = json.dumps({'token': token, 'shared_upload_link': shared_upload_link})
+        return HttpResponse(data, status=200, content_type=content_type)
     else:
-        username = request.user.username
-        uls = UploadLinkShare.objects.create_upload_link_share(
-            username, repo_id, path, passwd)
-        token = uls.token
+        messages.error(request, _(u'Operation failed'))
+        return HttpResponse(json.dumps(), status=500, content_type=content_type)
 
-    shared_upload_link = gen_shared_upload_link(token)
-
-    data = json.dumps({'token': token, 'shared_upload_link': shared_upload_link})
-    return HttpResponse(data, status=200, content_type=content_type)
 
 @login_required_ajax
 def send_shared_upload_link(request):
diff --git a/seahub/templates/snippets/file_share_popup.html b/seahub/templates/snippets/file_share_popup.html
index bcc7e91864..632b341ea9 100644
--- a/seahub/templates/snippets/file_share_popup.html
+++ b/seahub/templates/snippets/file_share_popup.html
@@ -4,7 +4,9 @@
         <div id="file-share-tabs" class="tab-popup-tabs">
             <ul class="tab-popup-tabs-nav">
                 <li class="tab"><a href="#link-share" class="a">{% trans "Download Link" %}</a></li>
+                {% if user_perm == 'rw' %}
                 <li class="tab" id="upload-link-share-tab"><a href="#upload-link-share" class="a">{% trans "Upload Link" %}</a></li>{# for dir #}
+                {% endif %}
                 {% if is_repo_owner %}
                 <li class="tab" id="private-share-tab"><a href="#private-share" class="a">{% trans "Private Share" %}</a></li> {# for file #}
                 {% endif %}
@@ -62,6 +64,7 @@
                 </div>
             </div>
 
+            {% if user_perm == 'rw' %}
             <div id="upload-link-share">
                 <p class="tip">{% trans "You can share the generated link to others and then they can upload files to this directory via the link." %}</p>
                 <div id="upload-link-options">
@@ -96,6 +99,7 @@
                     </form>
                 </div>
             </div>
+            {% endif %}
 
             {% if ENABLE_SUB_LIBRARY and not repo.is_virtual and is_repo_owner %}
             <div id="syncable-share">
diff --git a/seahub/templates/snippets/shared_link_js.html b/seahub/templates/snippets/shared_link_js.html
index b4e3c86a45..a2bc1052b2 100644
--- a/seahub/templates/snippets/shared_link_js.html
+++ b/seahub/templates/snippets/shared_link_js.html
@@ -92,6 +92,7 @@ function showSharePopup(op, name, aj_urls, type, cur_path) {
     $('input[name="file_shared_name"]').val(name);
     $('input[name="file_shared_type"]').val(type);
 
+    {% if user_perm == 'rw' %}
     // share upload link
     $('#upload-link-share-tab .a').click(function() {
         if (op.data('upload-link')) {
@@ -109,6 +110,7 @@ function showSharePopup(op, name, aj_urls, type, cur_path) {
         $('#gen-upload-link-btn').data('url', aj_urls['upload-link']).data('obj', op);
         $('#rm-shared-upload-link').data('obj', op);
     });
+    {% endif %}
 
     // 'private share' for file
     $('#private-share-tab a').click(function() {
@@ -309,6 +311,7 @@ $('#rm-shared-link').click(function() {
     });
 });
 
+{% if user_perm == 'rw' %}
 $('#shared-upload-link-text').click(function() {
     $(this).select();
 });
@@ -438,11 +441,7 @@ $('#gen-upload-link-btn').click(function() {
             obj.data('upload-link', upload_link).data('upload-token', data['token']);
         },
         error: function(xhr, textStatus, errorThrown) {
-            if (xhr.responseText) {
-                feedback(jQuery.parseJSON(xhr.responseText).error, 'error');
-            } else {
-                feedback("{% trans "Failed. Please check the network." %}", 'error');
-            }
+            location.reload(true);
         }
     });
     return false;
@@ -484,6 +483,7 @@ $('#upload-link-passwd-switch').click(function () {
         pwd_input.attr('disabled', true).addClass('input-disabled');
     }
 });
+{% endif %}
 
 $('#link-passwd-switch').click(function () {
     var form = $('#link-options'),