mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1000 Wiki Activity
Browse Source

user can have his resharing rights revoked, yet seeing created shares 

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
tags/v15.0.0beta1
Maxence Lange 5 years ago
parent
236a293f6a
commit
0fc8a0f58e
No account linked to committer's email address
2 changed files with 19 additions and 10 deletions
Split View Show Diff Stats
  1. 13
    6
      apps/files_sharing/lib/Controller/ShareAPIController.php
  2. 6
    4
      apps/files_sharing/tests/ApiTest.php

+ 13
- 6
apps/files_sharing/lib/Controller/ShareAPIController.php View File

@@ -721,12 +721,18 @@ class ShareAPIController extends OCSController {
$shares = array_merge($shares, $federatedShares);
}

$formatted = [];
$formatted = $miniFormatted = [];
$resharingRight = false;
foreach ($shares as $share) {
/** @var IShare $share */
try {
$formatted[] = $this->formatShare($share, $path);
if ($path !== null && !$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) {
$format = $this->formatShare($share, $path);
$formatted[] = $format;
if ($share->getSharedBy() === $this->currentUser) {
$miniFormatted[] = $format;
}

if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) {
$resharingRight = true;
}
} catch (\Exception $e) {
@@ -735,7 +741,7 @@ class ShareAPIController extends OCSController {
}

if (!$resharingRight) {
$formatted = [];
$formatted = $miniFormatted;
}

if ($include_tags) {
@@ -1126,13 +1132,14 @@ class ShareAPIController extends OCSController {
* @throws NotFoundException
* @throws \OCP\Files\InvalidPathException
*/
private function shareProviderResharingRights(string $userId, IShare $share, Node $node): bool {
private function shareProviderResharingRights(string $userId, IShare $share, $node): bool {

if ($share->getShareOwner() === $userId) {
return true;
}

// we check that current user have parent resharing rights on the current file
if (($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) {
if ($node !== null && ($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) {
return true;
}


+ 6
- 4
apps/files_sharing/tests/ApiTest.php View File

@@ -811,9 +811,10 @@ class ApiTest extends TestCase {
$result1 = $ocs->getShares('false','false','false', $this->subfolder);
$ocs->cleanup();

// test should return one share within $this->folder
// // test should return 2 shares within $this->folder, as the viewer have resharing rights:
// // one from the owner, the second from the reshare
$data1 = $result1->getData();
$this->assertCount(1, $data1);
$this->assertCount(2, $data1);
$s1 = reset($data1);

//$request = $this->createRequest(['path' => $this->folder.$this->subfolder]);
@@ -821,9 +822,10 @@ class ApiTest extends TestCase {
$result2 = $ocs->getShares('false', 'false', 'false', $this->folder . $this->subfolder);
$ocs->cleanup();

// test should return one share within $this->folder
// // test should return 2 shares within $this->folder, as the viewer have resharing rights:
// // one from the owner, the second from the reshare
$data2 = $result2->getData();
$this->assertCount(1, $data2);
$this->assertCount(2, $data2);
$s2 = reset($data2);

$this->assertEquals($this->subfolder, $s1['path']);

Write Preview
Loading…
Cancel
Save