Do not allow sharing of the root folder

Sharing of the users root folder should not be allowed as it is very
weird UX. Also many of our clients have no proper way of displaying
this.

Added unit test

Also added intergration tests to make sure we won't allow it in the
future.

diff --git a/build/integration/features/sharing-v1.feature b/build/integration/features/sharing-v1.feature
index e16de8b6b11d8cf92b307adecfb3a1a992471481..462915cf5ba0dcffb832e1c366530dc5cbcdddfd 100644 (file)
--- a/build/integration/features/sharing-v1.feature
+++ b/build/integration/features/sharing-v1.feature
@@ -506,3 +506,11 @@ Feature: sharing
     And file "myfile.txt" of user "user0" is shared with user "user1"
     When User "user1" uploads file "data/textfile.txt" to "/myfile.txt"
     Then the HTTP status code should be "204"
+
+  Scenario: Don't allow sharing of the root
+    Given user "user0" exists
+    And As an "user0"
+    When creating a share with
+      | path | / |
+      | shareType | 3 |
+    Then the OCS status code should be "403"
\ No newline at end of file

diff --git a/lib/private/share20/manager.php b/lib/private/share20/manager.php
index 9b33e9475573e6306c03a0a92fa14558663718ef..9fe337574736bc94529dba2185e33ad32bfebb92 100644 (file)
--- a/lib/private/share20/manager.php
+++ b/lib/private/share20/manager.php
@@ -197,6 +197,11 @@ class Manager implements IManager {
                        throw new \InvalidArgumentException('Path should be either a file or a folder');
                }
 
+               // And you can't share your rootfolder
+               if ($this->rootFolder->getUserFolder($share->getSharedBy())->isSubNode($share->getNode()) === false) {
+                       throw new \InvalidArgumentException('You can\'t share your root folder');
+               }
+
                // Check if we actually have share permissions
                if (!$share->getNode()->isShareable()) {
                        $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]);

diff --git a/tests/lib/share20/managertest.php b/tests/lib/share20/managertest.php
index c41f0754396dd4788ea9b65a484cfd064e957b92..df688f782c4422387f5b5a413a3985f3412c5f2c 100644 (file)
--- a/tests/lib/share20/managertest.php
+++ b/tests/lib/share20/managertest.php
@@ -677,6 +677,9 @@ class ManagerTest extends \Test\TestCase {
                        ['group0', true],
                ]));
 
+               $userFolder = $this->getMock('\OCP\Files\Folder');
+               $this->rootFolder->method('getUserFolder')->willReturn($userFolder);
+
                try {
                        $this->invokePrivate($this->manager, 'generalCreateChecks', [$share]);
                        $thrown = false;
@@ -691,6 +694,32 @@ class ManagerTest extends \Test\TestCase {
                $this->assertSame($exception, $thrown);
        }
 
+       /**
+        * @expectedException \InvalidArgumentException
+        * @expectedExceptionMessage You can't share your root folder
+        */
+       public function testGeneralCheckShareRoot() {
+               $thrown = null;
+
+               $this->userManager->method('userExists')->will($this->returnValueMap([
+                       ['user0', true],
+                       ['user1', true],
+               ]));
+
+               $userFolder = $this->getMock('\OCP\Files\Folder');
+               $userFolder->method('isSubNode')->with($userFolder)->willReturn(false);
+               $this->rootFolder->method('getUserFolder')->willReturn($userFolder);
+
+               $share = $this->manager->newShare();
+
+               $share->setShareType(\OCP\Share::SHARE_TYPE_USER)
+                       ->setSharedWith('user0')
+                       ->setSharedBy('user1')
+                       ->setNode($userFolder);
+
+               $this->invokePrivate($this->manager, 'generalCreateChecks', [$share]);
+       }
+
        /**
         * @expectedException \OCP\Share\Exceptions\GenericShareException
         * @expectedExceptionMessage Expiration date is in the past