Fix reshare permission issue

The actual share permissions sent to the server on reshare are now based
on possiblePermissions + permissions inherited from parent share

diff --git a/core/js/share.js b/core/js/share.js
index 2692ff60b5c84697374069e9f3b4f632b423c2bf..877ef4856a33f987e55037b779c20c1e0ffccd1c 100644 (file)
--- a/core/js/share.js
+++ b/core/js/share.js
@@ -360,6 +360,8 @@ OC.Share={
                                html += '<span class="reshare">'+t('core', 'Shared with you by {owner}', {owner: data.reshare.displayname_owner})+'</span>';
                        }
                        html += '<br />';
+                       // reduce possible permissions to what the original share allowed
+                       possiblePermissions = possiblePermissions & data.reshare.permissions;
                }
 
                if (possiblePermissions & OC.PERMISSION_SHARE) {

diff --git a/core/js/tests/specs/shareSpec.js b/core/js/tests/specs/shareSpec.js
index 4859ba782d2cb8df21b5e7f400c7f02957928b8a..f45008954648d8f0646863edd99cfe69e0ff3b2e 100644 (file)
--- a/core/js/tests/specs/shareSpec.js
+++ b/core/js/tests/specs/shareSpec.js
@@ -61,6 +61,7 @@ describe('OC.Share tests', function() {
                        loadItemStub.restore();
 
                        autocompleteStub.restore();
+                       $('#dropdown').remove();
                });
                it('calls loadItem with the correct arguments', function() {
                        OC.Share.showDropDown(
@@ -502,6 +503,161 @@ describe('OC.Share tests', function() {
                                expect(shares[OC.Share.SHARE_TYPE_GROUP]).not.toBeDefined();
                        });
                });
+               describe('share permissions', function() {
+                       beforeEach(function() {
+                               oc_appconfig.core.resharingAllowed = true;
+                       });
+
+                       /**
+                        * Tests sharing with the given possible permissions
+                        *
+                        * @param {int} possiblePermissions
+                        * @return {int} permissions sent to the server
+                        */
+                       function testWithPermissions(possiblePermissions) {
+                               OC.Share.showDropDown(
+                                       'file',
+                                       123,
+                                       $container,
+                                       true,
+                                       possiblePermissions,
+                                       'shared_file_name.txt'
+                               );
+                               var autocompleteOptions = autocompleteStub.getCall(0).args[0];
+                               // simulate autocomplete selection
+                               autocompleteOptions.select(new $.Event('select'), {
+                                       item: {
+                                               label: 'User Two',
+                                               value: {
+                                                       shareType: OC.Share.SHARE_TYPE_USER,
+                                                       shareWith: 'user2'
+                                               }
+                                       }
+                               });
+                               autocompleteStub.reset();
+                               var requestBody = OC.parseQueryString(_.last(fakeServer.requests).requestBody);
+                               return parseInt(requestBody.permissions, 10);
+                       }
+
+                       describe('regular sharing', function() {
+                               it('shares with given permissions with default config', function() {
+                                       loadItemStub.returns({
+                                               reshare: [],
+                                               shares: []
+                                       });
+                                       expect(
+                                               testWithPermissions(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE)
+                                       ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE);
+                                       expect(
+                                               testWithPermissions(OC.PERMISSION_READ | OC.PERMISSION_SHARE)
+                                       ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_SHARE);
+                               });
+                               it('removes share permission when not allowed', function() {
+                                       oc_appconfig.core.resharingAllowed = false;
+                                       loadItemStub.returns({
+                                               reshare: [],
+                                               shares: []
+                                       });
+                                       expect(
+                                               testWithPermissions(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE)
+                                       ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_UPDATE);
+                               });
+                               it('automatically adds READ permission even when not specified', function() {
+                                       oc_appconfig.core.resharingAllowed = false;
+                                       loadItemStub.returns({
+                                               reshare: [],
+                                               shares: []
+                                       });
+                                       expect(
+                                               testWithPermissions(OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE)
+                                       ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_UPDATE);
+                               });
+                               it('does not show sharing options when sharing not allowed', function() {
+                                       loadItemStub.returns({
+                                               reshare: [],
+                                               shares: []
+                                       });
+                                       OC.Share.showDropDown(
+                                               'file',
+                                               123,
+                                               $container,
+                                               true,
+                                               OC.PERMISSION_READ,
+                                               'shared_file_name.txt'
+                                       );
+                                       expect($('#dropdown #shareWithList').length).toEqual(0);
+                               });
+                       });
+                       describe('resharing', function() {
+                               it('shares with given permissions when original share had all permissions', function() {
+                                       loadItemStub.returns({
+                                               reshare: {
+                                                       permissions: OC.PERMISSION_ALL
+                                               },
+                                               shares: []
+                                       });
+                                       expect(
+                                               testWithPermissions(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE)
+                                       ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE);
+                               });
+                               it('reduces reshare permissions to the ones from the original share', function() {
+                                       loadItemStub.returns({
+                                               reshare: {
+                                                       permissions: OC.PERMISSION_READ,
+                                                       uid_owner: 'user1'
+                                               },
+                                               shares: []
+                                       });
+                                       OC.Share.showDropDown(
+                                               'file',
+                                               123,
+                                               $container,
+                                               true,
+                                               OC.PERMISSION_ALL,
+                                               'shared_file_name.txt'
+                                       );
+                                       // no resharing allowed
+                                       expect($('#dropdown #shareWithList').length).toEqual(0);
+                               });
+                               it('reduces reshare permissions to possible permissions', function() {
+                                       loadItemStub.returns({
+                                               reshare: {
+                                                       permissions: OC.PERMISSION_ALL,
+                                                       uid_owner: 'user1'
+                                               },
+                                               shares: []
+                                       });
+                                       OC.Share.showDropDown(
+                                               'file',
+                                               123,
+                                               $container,
+                                               true,
+                                               OC.PERMISSION_READ,
+                                               'shared_file_name.txt'
+                                       );
+                                       // no resharing allowed
+                                       expect($('#dropdown #shareWithList').length).toEqual(0);
+                               });
+                               it('does not show sharing options when resharing not allowed', function() {
+                                       loadItemStub.returns({
+                                               reshare: {
+                                                       permissions: OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_DELETE,
+                                                       uid_owner: 'user1'
+                                               },
+                                               shares: []
+                                       });
+                                       OC.Share.showDropDown(
+                                               'file',
+                                               123,
+                                               $container,
+                                               true,
+                                               OC.PERMISSION_ALL,
+                                               'shared_file_name.txt'
+                                       );
+                                       expect($('#dropdown #shareWithList').length).toEqual(0);
+                               });
+                       });
+               });
        });
        describe('markFileAsShared', function() {
                var $file;