new \OC\Encryption\Util(
new \OC\Files\View(),
\OC::$server->getUserManager(),
+ \OC::$server->getGroupManager(),
\OC::$server->getConfig()),
\OC\Files\Filesystem::getMountManager(),
\OC::$server->getEncryptionManager(),
$filename = $this->util->stripPartialFileExtension($filename);
// in case of system wide mount points the keys are stored directly in the data directory
- if ($this->util->isSystemWideMountPoint($filename)) {
+ if ($this->util->isSystemWideMountPoint($filename, $owner)) {
$keyPath = $this->keys_base_dir . $filename . '/';
} else {
$keyPath = '/' . $owner . $this->keys_base_dir . $filename . '/';
list($owner, $source) = $this->util->getUidAndFilename($source);
list(, $target) = $this->util->getUidAndFilename($target);
- $systemWide = $this->util->isSystemWideMountPoint($target);
+ $systemWide = $this->util->isSystemWideMountPoint($target, $owner);
if ($systemWide) {
$sourcePath = $this->keys_base_dir . $source . '/';
list($owner, $source) = $this->util->getUidAndFilename($source);
list(, $target) = $this->util->getUidAndFilename($target);
- $systemWide = $this->util->isSystemWideMountPoint($target);
+ $systemWide = $this->util->isSystemWideMountPoint($target, $owner);
if ($systemWide) {
$sourcePath = $this->keys_base_dir . $source . '/';
if (!($storage instanceof Shared)) {
$manager = \OC::$server->getEncryptionManager();
$util = new Util(
- new View(), \OC::$server->getUserManager(), \OC::$server->getConfig());
+ new View(),
+ \OC::$server->getUserManager(),
+ \OC::$server->getGroupManager(),
+ \OC::$server->getConfig()
+ );
$user = \OC::$server->getUserSession()->getUser();
$logger = \OC::$server->getLogger();
$uid = $user ? $user->getUID() : null;
/** @var array paths excluded from encryption */
protected $excludedPaths;
+ /** @var \OC\Group\Manager $manager */
+ protected $groupManager;
+
/**
*
* @param \OC\Files\View $view
* @param \OC\User\Manager $userManager
+ * @param \OC\Group\Manager $groupManager
* @param IConfig $config
*/
public function __construct(
\OC\Files\View $view,
\OC\User\Manager $userManager,
+ \OC\Group\Manager $groupManager,
IConfig $config) {
$this->ocHeaderKeys = [
$this->view = $view;
$this->userManager = $userManager;
+ $this->groupManager = $groupManager;
$this->config = $config;
$this->excludedPaths[] = 'files_encryption';
/**
* check if the file is stored on a system wide mount point
* @param string $path relative to /data/user with leading '/'
+ * @param string $uid
* @return boolean
*/
- public function isSystemWideMountPoint($path) {
- $normalizedPath = ltrim($path, '/');
+ public function isSystemWideMountPoint($path, $uid) {
if (\OCP\App::isEnabled("files_external")) {
$mounts = \OC_Mount_Config::getSystemMountPoints();
foreach ($mounts as $mount) {
- if ($mount['mountpoint'] == substr($normalizedPath, 0, strlen($mount['mountpoint']))) {
- if ($this->isMountPointApplicableToUser($mount)) {
+ if (strpos($path, '/files/' . $mount['mountpoint']) === 0) {
+ if ($this->isMountPointApplicableToUser($mount, $uid)) {
return true;
}
}
return false;
}
+ /**
+ * check if mount point is applicable to user
+ *
+ * @param array $mount contains $mount['applicable']['users'], $mount['applicable']['groups']
+ * @param string $uid
+ * @return boolean
+ */
+ private function isMountPointApplicableToUser($mount, $uid) {
+ $acceptedUids = array('all', $uid);
+ // check if mount point is applicable for the user
+ $intersection = array_intersect($acceptedUids, $mount['applicable']['users']);
+ if (!empty($intersection)) {
+ return true;
+ }
+ // check if mount point is applicable for group where the user is a member
+ foreach ($mount['applicable']['groups'] as $gid) {
+ if ($this->groupManager->isInGroup($uid, $gid)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
/**
* check if it is a path which is excluded by ownCloud from encryption
*
});
$this->registerService('EncryptionFileHelper', function (Server $c) {
- $util = new \OC\Encryption\Util(new \OC\Files\View(), $c->getUserManager(), $c->getConfig());
+ $util = new \OC\Encryption\Util(
+ new \OC\Files\View(),
+ $c->getUserManager(),
+ $c->getGroupManager(),
+ $c->getConfig()
+ );
return new Encryption\File($util);
});
*/
function getEncryptionKeyStorage($encryptionModuleId) {
$view = new \OC\Files\View();
- $util = new \OC\Encryption\Util($view, \OC::$server->getUserManager(), \OC::$server->getConfig());
+ $util = new \OC\Encryption\Util(
+ $view,
+ \OC::$server->getUserManager(),
+ \OC::$server->getGroupManager(),
+ \OC::$server->getConfig()
+ );
return $this->query('EncryptionKeyStorageFactory')->get($encryptionModuleId, $view, $util);
}
/** @var \PHPUnit_Framework_MockObject_MockObject */
protected $userManager;
+ /** @var \PHPUnit_Framework_MockObject_MockObject */
+ protected $groupManager;
+
/** @var \PHPUnit_Framework_MockObject_MockObject */
private $config;
+ /** @var \OC\Encryption\Util */
+ private $util;
+
public function setUp() {
parent::setUp();
$this->view = $this->getMockBuilder('OC\Files\View')
->disableOriginalConstructor()
->getMock();
+ $this->groupManager = $this->getMockBuilder('OC\Group\Manager')
+ ->disableOriginalConstructor()
+ ->getMock();
+
$this->config = $this->getMockBuilder('OCP\IConfig')
->disableOriginalConstructor()
->getMock();
+ $this->util = new Util(
+ $this->view,
+ $this->userManager,
+ $this->groupManager,
+ $this->config
+ );
+
}
/**
* @dataProvider providesHeadersForEncryptionModule
*/
public function testGetEncryptionModuleId($expected, $header) {
- $u = new Util($this->view, $this->userManager, $this->config);
- $id = $u->getEncryptionModuleId($header);
+ $id = $this->util->getEncryptionModuleId($header);
$this->assertEquals($expected, $id);
}
*/
public function testReadHeader($header, $expected, $moduleId) {
$expected['oc_encryption_module'] = $moduleId;
- $u = new Util($this->view, $this->userManager, $this->config);
- $result = $u->readHeader($header);
+ $result = $this->util->readHeader($header);
$this->assertSameSize($expected, $result);
foreach ($expected as $key => $value) {
$this->assertArrayHasKey($key, $result);
$em = $this->getMock('\OCP\Encryption\IEncryptionModule');
$em->expects($this->any())->method('getId')->willReturn($moduleId);
- $u = new Util($this->view, $this->userManager, $this->config);
- $result = $u->createHeader($header, $em);
+ $result = $this->util->createHeader($header, $em);
$this->assertEquals($expected, $result);
}
$em = $this->getMock('\OCP\Encryption\IEncryptionModule');
$em->expects($this->any())->method('getId')->willReturn('moduleId');
- $u = new Util($this->view, $this->userManager, $this->config);
- $u->createHeader($header, $em);
+ $this->util->createHeader($header, $em);
}
/**
* @dataProvider providePathsForTestIsExcluded
*/
- public function testIsEcluded($path, $expected) {
+ public function testIsExcluded($path, $expected) {
$this->userManager
->expects($this->any())
->method('userExists')
->will($this->returnCallback(array($this, 'isExcludedCallback')));
- $u = new Util($this->view, $this->userManager, $this->config);
-
$this->assertSame($expected,
- $u->isExcluded($path)
+ $this->util->isExcluded($path)
);
}
$config = $this->getMockBuilder('\OCP\IConfig')
->disableOriginalConstructor()
->getMock();
+ $groupManager = $this->getMockBuilder('\OC\Group\Manager')
+ ->disableOriginalConstructor()
+ ->getMock();
- $util = $this->getMock('\OC\Encryption\Util', ['getUidAndFilename'], [new View(), new \OC\User\Manager(), $config]);
+ $util = $this->getMock('\OC\Encryption\Util', ['getUidAndFilename'], [new View(), new \OC\User\Manager(), $groupManager, $config]);
$util->expects($this->any())
->method('getUidAndFilename')
->willReturnCallback(function ($path) {
$config = $this->getMockBuilder('\OCP\IConfig')
->disableOriginalConstructor()
->getMock();
+ $groupManager = $this->getMockBuilder('\OC\Group\Manager')
+ ->disableOriginalConstructor()
+ ->getMock();
$file = $this->getMockBuilder('\OC\Encryption\File')
->disableOriginalConstructor()
->setMethods(['getAccessList'])
->getMock();
$file->expects($this->any())->method('getAccessList')->willReturn([]);
- $util = $this->getMock('\OC\Encryption\Util', ['getUidAndFilename'], [new View(), new \OC\User\Manager(), $config]);
+ $util = $this->getMock('\OC\Encryption\Util', ['getUidAndFilename'], [new View(), new \OC\User\Manager(), $groupManager, $config]);
$util->expects($this->any())
->method('getUidAndFilename')
->willReturn(['user1', $internalPath]);
projects / nextcloud-server.git / commitdiff