diff --git a/tests/Unit/Controller/ShareApiControllerTest.php b/tests/Unit/Controller/ShareApiControllerTest.php
index caf7c7b59..662c0929b 100644
--- a/tests/Unit/Controller/ShareApiControllerTest.php
+++ b/tests/Unit/Controller/ShareApiControllerTest.php
@@ -24,6 +24,7 @@
  */
 namespace OCA\Forms\Tests\Unit\Controller;
 
+use OCA\Forms\Constants;
 use OCA\Forms\Controller\ShareApiController;
 
 use OCA\Forms\Db\Form;
@@ -124,22 +125,26 @@ public function dataValidNewShare() {
 			'newUserShare' => [
 				'shareType' => IShare::TYPE_USER,
 				'shareWith' => 'user1',
+				'permissions' => [Constants::PERMISSION_SUBMIT],
 				'expected' => [
 					'id' => 13,
 					'formId' => 5,
 					'shareType' => 0,
 					'shareWith' => 'user1',
+					'permissions' => [Constants::PERMISSION_SUBMIT],
 					'displayName' => 'user1 DisplayName'
 				]
 			],
 			'newGroupShare' => [
 				'shareType' => IShare::TYPE_GROUP,
 				'shareWith' => 'group1',
+				'permissions' => [Constants::PERMISSION_RESULTS, Constants::PERMISSION_SUBMIT],
 				'expected' => [
 					'id' => 13,
 					'formId' => 5,
 					'shareType' => 1,
 					'shareWith' => 'group1',
+					'permissions' => [Constants::PERMISSION_RESULTS, Constants::PERMISSION_SUBMIT],
 					'displayName' => 'group1 DisplayName'
 				]
 			],
@@ -153,7 +158,7 @@ public function dataValidNewShare() {
 	 * @param string $shareWith
 	 * @param array $expected
 	 */
-	public function testValidNewShare(int $shareType, string $shareWith, array $expected) {
+	public function testValidNewShare(int $shareType, string $shareWith, array $permissions, array $expected) {
 		$form = new Form();
 		$form->setId('5');
 		$form->setOwnerId('currentUser');
@@ -174,9 +179,10 @@ public function testValidNewShare(int $shareType, string $shareWith, array $expe
 			->willReturn($this->createMock(IGroup::class));
 
 		$share = new Share();
-		$share->setformId('5');
+		$share->setFormId(5);
 		$share->setShareType($shareType);
 		$share->setShareWith($shareWith);
+		$share->setPermissions($permissions);
 		$shareWithId = clone $share;
 		$shareWithId->setId(13);
 		$this->shareMapper->expects($this->once())
@@ -191,7 +197,7 @@ public function testValidNewShare(int $shareType, string $shareWith, array $expe
 
 		// Share Form '5' to 'user1' of share-type 'user=0'
 		$expectedResponse = new DataResponse($expected);
-		$this->assertEquals($expectedResponse, $this->shareApiController->newShare(5, $shareType, $shareWith));
+		$this->assertEquals($expectedResponse, $this->shareApiController->newShare(5, $shareType, $shareWith, $permissions));
 	}
 
 	public function dataNewLinkShare() {
@@ -199,13 +205,25 @@ public function dataNewLinkShare() {
 			'newLinkShare' => [
 				'shareType' => IShare::TYPE_LINK,
 				'shareWith' => '',
+				'permissions' => [Constants::PERMISSION_SUBMIT],
+				'exception' => null,
 				'expected' => [
 					'id' => 13,
 					'formId' => 5,
 					'shareType' => 3,
 					'shareWith' => 'abcdefgh',
+					'permissions' => [Constants::PERMISSION_SUBMIT],
 					'displayName' => ''
-				]],
+				]
+			],
+			'invalid-permissions' => [
+				'shareType' => IShare::TYPE_LINK,
+				'shareWith' => '',
+				// Creating a new share must fail as PERMISSION_RESULTS is not allowed for link shares
+				'permissions' => [Constants::PERMISSION_SUBMIT, Constants::PERMISSION_RESULTS],
+				'exception' => '\OCP\AppFramework\OCS\OCSBadRequestException',
+				'expected' => []
+			]
 		];
 	}
 	/**
@@ -216,7 +234,7 @@ public function dataNewLinkShare() {
 	 * @param string $shareWith
 	 * @param array $expected
 	 */
-	public function testNewLinkShare(int $shareType, string $shareWith, array $expected) {
+	public function testNewLinkShare(int $shareType, string $shareWith, array $permissions, ?string $exception, array $expected) {
 		$form = new Form();
 		$form->setId('5');
 		$form->setOwnerId('currentUser');
@@ -231,7 +249,8 @@ public function testNewLinkShare(int $shareType, string $shareWith, array $expec
 			->willReturn('abcdefgh');
 
 		$share = new Share();
-		$share->setformId('5');
+		$share->setFormId(5);
+		$share->setPermissions([Constants::PERMISSION_SUBMIT]);
 		$share->setShareType($shareType);
 		if ($shareWith === '') {
 			$share->setShareWith('abcdefgh');
@@ -240,27 +259,32 @@ public function testNewLinkShare(int $shareType, string $shareWith, array $expec
 		}
 		$shareWithId = clone $share;
 		$shareWithId->setId(13);
-		$this->shareMapper->expects($this->once())
+		$this->shareMapper->expects($exception === null ? $this->once() : $this->any())
 			->method('insert')
 			->with($share)
 			->willReturn($shareWithId);
 
-		$this->configService->expects($this->once())
+		$this->configService->expects($exception === null ? $this->once() : $this->any())
 			->method('getAllowPublicLink')
 			->willReturn(true);
 
-		$this->formsService->expects($this->once())
+		$this->formsService->expects($exception === null ? $this->once() : $this->any())
 			->method('getShareDisplayName')
 			->with($shareWithId->read())
 			->willReturn('');
 
-		$this->shareMapper->expects($this->once())
+		$this->shareMapper->expects($exception === null ? $this->once() : $this->any())
 			->method('findPublicShareByHash')
 			->will($this->throwException(new DoesNotExistException('Not found.')));
 
-		// Share the form.
-		$expectedResponse = new DataResponse($expected);
-		$this->assertEquals($expectedResponse, $this->shareApiController->newShare(5, $shareType, $shareWith));
+		if ($exception === null) {
+			// Share the form.
+			$expectedResponse = new DataResponse($expected);
+			$this->assertEquals($expectedResponse, $this->shareApiController->newShare(5, $shareType, $shareWith, $permissions));
+		} else {
+			$this->expectException($exception);
+			$this->shareApiController->newShare(5, $shareType, $shareWith, $permissions);
+		}
 	}
 
 	/**
@@ -469,4 +493,121 @@ public function testDeleteForeignShare() {
 		$this->expectException(OCSForbiddenException::class);
 		$this->shareApiController->deleteShare(8);
 	}
+
+	public function dataUpdateShare() {
+		return [
+			'valid-permissions' => [
+				'share' => [
+					'id' => 1,
+					'formId' => 5,
+					'shareType' => 0,
+					'shareWith' => 'user1',
+					'permissions' => [Constants::PERMISSION_SUBMIT]
+				],
+				'permissions' => [Constants::PERMISSION_RESULTS, Constants::PERMISSION_SUBMIT],
+				'expected' => [
+					'id' => 1,
+					'formId' => 5,
+					'shareType' => 0,
+					'shareWith' => 'user1',
+					'permissions' => [Constants::PERMISSION_RESULTS, Constants::PERMISSION_SUBMIT],
+					'displayName' => 'DisplayName'
+				],
+				'exception' => null
+			],
+			'no-permission' => [
+				'share' => [
+					'id' => 1,
+					'formId' => 5,
+					'shareType' => 0,
+					'shareWith' => 'user1',
+					'permissions' => [Constants::PERMISSION_SUBMIT]
+				],
+				'permissions' => [],
+				'expected' => [
+					'id' => 1,
+					'formId' => 5,
+					'shareType' => 0,
+					'shareWith' => 'user1',
+					'permissions' => [Constants::PERMISSION_SUBMIT],
+					'displayName' => 'DisplayName'
+				],
+				'exception' => null
+			],
+			'invalid-permission' => [
+				'share' => [
+					'id' => 1,
+					'formId' => 5,
+					'shareType' => 0,
+					'shareWith' => 'user1',
+					'permissions' => [Constants::PERMISSION_SUBMIT]
+				],
+				'permissions' => ['invalid'],
+				'expected' => [],
+				'exception' => '\OCP\AppFramework\OCS\OCSBadRequestException'
+			],
+			'invalid-share-type-permission' => [
+				'share' => [
+					'id' => 1,
+					'formId' => 5,
+					'shareType' => IShare::TYPE_LINK,
+					'shareWith' => 'somehash',
+					'permissions' => [Constants::PERMISSION_SUBMIT]
+				],
+				// PERMISSION_RESULTS is not allowed for TYPE_LINK
+				'permissions' => [Constants::PERMISSION_SUBMIT, Constants::PERMISSION_RESULTS],
+				'expected' => [],
+				'exception' => '\OCP\AppFramework\OCS\OCSBadRequestException'
+			],
+		];
+	}
+	/**
+	 * Test update a share
+	 * @dataProvider dataUpdateShare
+	 */
+	public function testUpdateShare(array $share, array $permissions, array $expected, ?string $exception) {
+		$form = new Form();
+		$form->setId($share['formId']);
+		$form->setOwnerId('currentUser');
+
+		$this->formMapper->expects($this->once())
+			->method('findById')
+			->with($share['formId'])
+			->willReturn($form);
+
+		$this->userManager->expects($this->any())
+			->method('get')
+			->with('otherUser')
+			->willReturn($this->createMock(IUser::class));
+
+		$shareEntity = new Share();
+		$shareEntity->setId($share['id']);
+		$shareEntity->setFormId($share['formId']);
+		$shareEntity->setShareType($share['shareType']);
+		$shareEntity->setShareWith($share['shareWith']);
+		$shareEntity->setPermissions($share['permissions']);
+		$this->shareMapper->expects($this->once())
+			->method('findById')
+			->with($share['id'])
+			->willReturn($shareEntity);
+
+		$this->shareMapper->expects($exception === null ? $this->once() : $this->any())
+			->method('update')
+			->with($shareEntity)
+			->willReturnCallback(function ($arg) {
+				return $arg;
+			});
+
+		$this->formsService->expects($exception === null ? $this->once() : $this->any())
+			->method('getShareDisplayName')
+			->willReturn('DisplayName');
+
+		if ($exception === null) {
+			$expectedResponse = new DataResponse($expected);
+			$this->assertEquals($expectedResponse, $this->shareApiController->updateShare($share['id'], $permissions));
+		} else {
+			$this->expectException($exception);
+			$this->shareApiController->updateShare($share['id'], $permissions);
+		}
+	}
 }
diff --git a/tests/Unit/Service/FormsServiceTest.php b/tests/Unit/Service/FormsServiceTest.php
index 4a48c3597..393aec61c 100644
--- a/tests/Unit/Service/FormsServiceTest.php
+++ b/tests/Unit/Service/FormsServiceTest.php
@@ -27,6 +27,7 @@
 use OCA\Forms\Service\FormsService;
 
 use OCA\Forms\Activity\ActivityManager;
+use OCA\Forms\Constants;
 use OCA\Forms\Db\Form;
 use OCA\Forms\Db\FormMapper;
 use OCA\Forms\Db\Option;
@@ -199,6 +200,7 @@ public function dataGetForm() {
 						'formId' => 42,
 						'shareType' => 0,
 						'shareWith' => 'someUser',
+						'permissions' => [Constants::PERMISSION_SUBMIT],
 						'displayName' => 'Some User'
 					]
 				],
@@ -294,6 +296,7 @@ public function testGetForm(array $expected) {
 		$share->setFormId(42);
 		$share->setShareType(0);
 		$share->setShareWith('someUser');
+		$share->setPermissions([Constants::PERMISSION_SUBMIT]);
 
 		$this->shareMapper->expects($this->any())
 			->method('findByForm')
@@ -349,6 +352,58 @@ public function testGetPartialForm(array $expected) {
 		$this->assertEquals($expected, $this->formsService->getPartialFormArray(42));
 	}
 
+	public function dataGetPartialFormShared() {
+		return [
+			'onePartialOwnedForm' => [[
+				'id' => 42,
+				'hash' => 'abcdefg',
+				'title' => 'Form 1',
+				'expires' => 0,
+				'permissions' => ['results', 'submit'],
+				'submissionCount' => 123,
+				'partial' => true
+			]]
+		];
+	}
+	/**
+	 * Make sure shared users with results permission also receive the submission count
+	 * @dataProvider dataGetPartialFormShared
+	 *
+	 * @param array $expected
+	 */
+	public function testGetPartialFormShared(array $expected) {
+		$form = new Form();
+		$form->setId(42);
+		$form->setHash('abcdefg');
+		$form->setTitle('Form 1');
+		$form->setOwnerId('otherUser');
+		$form->setExpires(0);
+
+		$share = new Share();
+		$share->setFormId(42);
+		$share->setPermissions([Constants::PERMISSION_RESULTS, Constants::PERMISSION_SUBMIT]);
+		$share->setShareType(IShare::TYPE_USER);
+		$share->setShareWith('currentUser');
+
+		$this->shareMapper->expects($this->any())
+			->method('findByForm')
+			->with(42)
+			->willReturn([$share]);
+
+		$this->formMapper->expects($this->exactly(2))
+			->method('findById')
+			->with(42)
+			->willReturn($form);
+
+		$this->submissionMapper->expects($this->once())
+			->method('countSubmissions')
+			->with(42)
+			->willReturn(123);
+
+		// Run the test
+		$this->assertEquals($expected, $this->formsService->getPartialFormArray(42));
+	}
+
 	public function dataGetPublicForm() {
 		return [
 			// Bare form without questions, checking removed access & ownerId