Check resharing setting

diff --git a/lib/public/share.php b/lib/public/share.php
index 37cf0838ed1288e9af440f0ee3d1e465f73bdb24..8146a23f360fc3c9f8bcf13c4e05008734c1a4d5 100644 (file)
--- a/lib/public/share.php
+++ b/lib/public/share.php
@@ -61,6 +61,7 @@ class Share {
        private static $shareTypeGroupUserUnique = 2;
        private static $backends = array();
        private static $backendTypes = array();
+       private static $isResharingAllowed;
 
        /**
        * @brief Register a sharing backend class that implements OCP\Share_Backend for an item type
@@ -567,6 +568,24 @@ class Share {
                throw new \Exception($message);
        }
 
+       /**
+       * @brief Check if resharing is allowed
+       * @return Returns true if allowed or false
+       *
+       * Resharing is allowed by default if not configured
+       *
+       */
+       private static function isResharingAllowed() {
+               if (!isset(self::$isResharingAllowed)) {
+                       if (\OC_Appconfig::getValue('core', 'shareapi_allow_resharing', 'yes') == 'yes') {
+                               self::$isResharingAllowed = true;
+                       } else {
+                               self::$isResharingAllowed = false;
+                       }
+               }
+               return self::$isResharingAllowed;
+       }
+
        /**
        * @brief Get a list of collection item types for the specified item type
        * @param string Item type
@@ -840,7 +859,10 @@ class Share {
                                        continue;
                                }
                        }
-
+                       // Check if resharing is allowed, if not remove share permission
+                       if (isset($row['permissions']) && !self::isResharingAllowed()) {
+                               $row['permissions'] &= ~PERMISSION_SHARE;
+                       }
                        // Add display names to result
                        if ( isset($row['share_with']) && $row['share_with'] != '') {
                                $row['share_with_displayname'] = \OCP\User::getDisplayName($row['share_with']);
@@ -978,7 +1000,7 @@ class Share {
                                throw new \Exception($message);
                        }
                        // Check if share permissions is granted
-                       if ((int)$checkReshare['permissions'] & PERMISSION_SHARE) {
+                       if (self::isResharingAllowed() && (int)$checkReshare['permissions'] & PERMISSION_SHARE) {
                                if (~(int)$checkReshare['permissions'] & $permissions) {
                                        $message = 'Sharing '.$itemSource
                                                .' failed, because the permissions exceed permissions granted to '.$uidOwner;

diff --git a/tests/lib/share/share.php b/tests/lib/share/share.php
index ab43e47726b9977515213669a58f2db5cc5a17a6..e7d441a7e780db7ff1c8d20a0a498c8d4a8863a3 100644 (file)
--- a/tests/lib/share/share.php
+++ b/tests/lib/share/share.php
@@ -28,7 +28,7 @@ class Test_Share extends PHPUnit_Framework_TestCase {
        protected $groupBackend;
        protected $group1;
        protected $group2;
-
+       protected $resharing;
 
        public function setUp() {
                OC_User::clearBackends();
@@ -56,11 +56,14 @@ class Test_Share extends PHPUnit_Framework_TestCase {
                OCP\Share::registerBackend('test', 'Test_Share_Backend');
                OC_Hook::clear('OCP\\Share');
                OC::registerShareHooks();
+               $this->resharing = OC_Appconfig::getValue('core', 'shareapi_allow_resharing', 'yes');
+               OC_Appconfig::setValue('core', 'shareapi_allow_resharing', 'yes');
        }
 
        public function tearDown() {
                $query = OC_DB::prepare('DELETE FROM `*PREFIX*share` WHERE `item_type` = ?');
                $query->execute(array('test'));
+               OC_Appconfig::setValue('core', 'shareapi_allow_resharing', $this->resharing);
        }
 
        public function testShareInvalidShareType() {