From: Roeland Jago Douma Date: Thu, 25 Feb 2016 19:22:35 +0000 (+0100) Subject: Do not allow sharing of the root folder X-Git-Tag: v9.0.0RC1~36^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=8213d5df4f40410f851da31082bbb1fb8d84dd1e;p=nextcloud-server.git Do not allow sharing of the root folder Sharing of the users root folder should not be allowed as it is very weird UX. Also many of our clients have no proper way of displaying this. Added unit test Also added intergration tests to make sure we won't allow it in the future. --- diff --git a/build/integration/features/sharing-v1.feature b/build/integration/features/sharing-v1.feature index e16de8b6b11..462915cf5ba 100644 --- a/build/integration/features/sharing-v1.feature +++ b/build/integration/features/sharing-v1.feature @@ -506,3 +506,11 @@ Feature: sharing And file "myfile.txt" of user "user0" is shared with user "user1" When User "user1" uploads file "data/textfile.txt" to "/myfile.txt" Then the HTTP status code should be "204" + + Scenario: Don't allow sharing of the root + Given user "user0" exists + And As an "user0" + When creating a share with + | path | / | + | shareType | 3 | + Then the OCS status code should be "403" \ No newline at end of file diff --git a/lib/private/share20/manager.php b/lib/private/share20/manager.php index 9b33e947557..9fe33757473 100644 --- a/lib/private/share20/manager.php +++ b/lib/private/share20/manager.php @@ -197,6 +197,11 @@ class Manager implements IManager { throw new \InvalidArgumentException('Path should be either a file or a folder'); } + // And you can't share your rootfolder + if ($this->rootFolder->getUserFolder($share->getSharedBy())->isSubNode($share->getNode()) === false) { + throw new \InvalidArgumentException('You can\'t share your root folder'); + } + // Check if we actually have share permissions if (!$share->getNode()->isShareable()) { $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]); diff --git a/tests/lib/share20/managertest.php b/tests/lib/share20/managertest.php index c41f0754396..df688f782c4 100644 --- a/tests/lib/share20/managertest.php +++ b/tests/lib/share20/managertest.php @@ -677,6 +677,9 @@ class ManagerTest extends \Test\TestCase { ['group0', true], ])); + $userFolder = $this->getMock('\OCP\Files\Folder'); + $this->rootFolder->method('getUserFolder')->willReturn($userFolder); + try { $this->invokePrivate($this->manager, 'generalCreateChecks', [$share]); $thrown = false; @@ -691,6 +694,32 @@ class ManagerTest extends \Test\TestCase { $this->assertSame($exception, $thrown); } + /** + * @expectedException \InvalidArgumentException + * @expectedExceptionMessage You can't share your root folder + */ + public function testGeneralCheckShareRoot() { + $thrown = null; + + $this->userManager->method('userExists')->will($this->returnValueMap([ + ['user0', true], + ['user1', true], + ])); + + $userFolder = $this->getMock('\OCP\Files\Folder'); + $userFolder->method('isSubNode')->with($userFolder)->willReturn(false); + $this->rootFolder->method('getUserFolder')->willReturn($userFolder); + + $share = $this->manager->newShare(); + + $share->setShareType(\OCP\Share::SHARE_TYPE_USER) + ->setSharedWith('user0') + ->setSharedBy('user1') + ->setNode($userFolder); + + $this->invokePrivate($this->manager, 'generalCreateChecks', [$share]); + } + /** * @expectedException \OCP\Share\Exceptions\GenericShareException * @expectedExceptionMessage Expiration date is in the past