Browse Source

[Sharing 2.0] Move authentication to the OCS API

tags/v9.0beta1
Roeland Jago Douma 8 years ago
parent
commit
ab02b5c36e

+ 2
- 1
apps/files_sharing/api/ocssharewrapper.php View File

@@ -41,7 +41,8 @@ class OCSShareWrapper {
\OC::$server->getUserManager(),
\OC::$server->getRequest(),
\OC::$server->getUserFolder(),
\OC::$server->getURLGenerator());
\OC::$server->getURLGenerator(),
\OC::$server->getUserSession()->getUser());
}

public function getAllShares($params) {

+ 63
- 12
apps/files_sharing/api/share20ocs.php View File

@@ -22,35 +22,52 @@ namespace OCA\Files_Sharing\API;

use OC\Share20\IShare;

use OCP\IGroupManager;
use OCP\IUserManager;
use OCP\IRequest;
use OCP\Files\Folder;
use OCP\IURLGenerator;
use OCP\IUser;

class Share20OCS {

/** @var \OC\Share20\Manager */
private $shareManager;

/** @var \OCP\IGroupManager */
/** @var IGroupManager */
private $groupManager;

/** @var \OCP\IUserManager */
/** @var IUserManager */
private $userManager;

/** @var \OCP\IRequest */
/** @var IRequest */
private $request;

/** @var \OCP\Files\Folder */
/** @var Folder */
private $userFolder;

public function __construct(\OC\Share20\Manager $shareManager,
\OCP\IGroupManager $groupManager,
\OCP\IUserManager $userManager,
\OCP\IRequest $request,
\OCP\Files\Folder $userFolder,
\OCP\IURLGenerator $urlGenerator) {
/** @var IUrlGenerator */
private $urlGenerator;

/** @var IUser */
private $currentUser;

public function __construct(
\OC\Share20\Manager $shareManager,
\OCP\IGroupManager $groupManager,
\OCP\IUserManager $userManager,
\OCP\IRequest $request,
\OCP\Files\Folder $userFolder,
\OCP\IURLGenerator $urlGenerator,
\OCP\IUser $currentUser
) {
$this->shareManager = $shareManager;
$this->userManager = $userManager;
$this->groupManager = $groupManager;
$this->request = $request;
$this->userFolder = $userFolder;
$this->urlGenerator = $urlGenerator;
$this->currentUser = $currentUser;
}

/**
@@ -131,8 +148,12 @@ class Share20OCS {
return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.');
}

$share = $this->formatShare($share);
return new \OC_OCS_Result($share);
if ($this->canAccessShare($share)) {
$share = $this->formatShare($share);
return new \OC_OCS_Result($share);
} else {
return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.');
}
}

/**
@@ -156,6 +177,10 @@ class Share20OCS {
\OCA\Files_Sharing\API\Local::deleteShare(['id' => $id]);
}

if (!$this->canAccessShare($share)) {
return new \OC_OCS_Result(null, 404, 'could not delete share');
}

try {
$this->shareManager->deleteShare($share);
} catch (\OC\Share20\Exception\BackendError $e) {
@@ -164,4 +189,30 @@ class Share20OCS {

return new \OC_OCS_Result();
}

/**
* @param IShare $share
* @return bool
*/
protected function canAccessShare(IShare $share) {
// Owner of the file and the sharer of the file can always get share
if ($share->getShareOwner() === $this->currentUser ||
$share->getSharedBy() === $this->currentUser
) {
return true;
}

// If the share is shared with you (or a group you are a member of)
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER &&
$share->getSharedWith() === $this->currentUser) {
return true;
}

if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP &&
$share->getSharedWith()->inGroup($this->currentUser)) {
return true;
}

return false;
}
}

+ 82
- 49
apps/files_sharing/tests/api/share20ocstest.php View File

@@ -20,28 +20,38 @@
*/
namespace OCA\Files_Sharing\Tests\API;

use OC\Share20\IShare;
use OCA\Files_Sharing\API\Share20OCS;
use OCP\IGroupManager;
use OCP\IUserManager;
use OCP\IRequest;
use OCP\Files\Folder;
use OCP\IURLGenerator;
use OCP\IUser;

class Share20OCSTest extends \Test\TestCase {

/** @var \OC\Share20\Manager */
private $shareManager;

/** @var \OCP\IGroupManager */
/** @var IGroupManager */
private $groupManager;

/** @var \OCP\IUserManager */
/** @var IUserManager */
private $userManager;

/** @var \OCP\IRequest */
/** @var IRequest */
private $request;

/** @var \OCP\Files\Folder */
/** @var Folder */
private $userFolder;

/** @var \OCP\IURLGenerator */
/** @var IURLGenerator */
private $urlGenerator;

/** @var IUser */
private $currentUser;

/** @var Share20OCS */
private $ocs;

@@ -54,13 +64,17 @@ class Share20OCSTest extends \Test\TestCase {
$this->request = $this->getMock('OCP\IRequest');
$this->userFolder = $this->getMock('OCP\Files\Folder');
$this->urlGenerator = $this->getMock('OCP\IURLGenerator');

$this->ocs = new Share20OCS($this->shareManager,
$this->groupManager,
$this->userManager,
$this->request,
$this->userFolder,
$this->urlGenerator);
$this->currentUser = $this->getMock('OCP\IUser');

$this->ocs = new Share20OCS(
$this->shareManager,
$this->groupManager,
$this->userManager,
$this->request,
$this->userFolder,
$this->urlGenerator,
$this->currentUser
);
}

public function testDeleteShareShareNotFound() {
@@ -76,6 +90,7 @@ class Share20OCSTest extends \Test\TestCase {

public function testDeleteShareCouldNotDelete() {
$share = $this->getMock('OC\Share20\IShare');
$share->method('getShareOwner')->willReturn($this->currentUser);
$this->shareManager
->expects($this->once())
->method('getShareById')
@@ -94,6 +109,7 @@ class Share20OCSTest extends \Test\TestCase {

public function testDeleteShare() {
$share = $this->getMock('OC\Share20\IShare');
$share->method('getSharedBy')->willReturn($this->currentUser);
$this->shareManager
->expects($this->once())
->method('getShareById')
@@ -244,42 +260,6 @@ class Share20OCSTest extends \Test\TestCase {
];
$data[] = [$share, $expected];

// Folder shared with remote
$share = $this->createShare(101,
\OCP\Share::SHARE_TYPE_REMOTE,
'user@remote.com',
$owner,
$folder,
4,
5,
null,
6,
'target',
0);
$expected = [
'id' => 101,
'share_type' => \OCP\Share::SHARE_TYPE_REMOTE,
'share_with' => 'user@remote.com',
'share_with_displayname' => 'user@remote.com',
'uid_owner' => 'ownerId',
'displayname_owner' => 'ownerDisplay',
'item_type' => 'folder',
'item_source' => 2,
'file_source' => 2,
'file_target' => 'target',
'file_parent' => 3,
'token' => null,
'expiration' => null,
'permissions' => 4,
'stime' => 5,
'parent' => 6,
'storage_id' => 'STORAGE',
'path' => 'folder',
'storage' => null, // HACK around static function
'mail_send' => 0,
];
$data[] = [$share, $expected];

// File shared by link with Expire
$expire = \DateTime::createFromFormat('Y-m-d h:i:s', '2000-01-02 01:02:03');
$share = $this->createShare(101,
@@ -327,6 +307,20 @@ class Share20OCSTest extends \Test\TestCase {
* @dataProvider dataGetShare
*/
public function testGetShare(\OC\Share20\IShare $share, array $result) {
$ocs = $this->getMockBuilder('OCA\Files_Sharing\API\Share20OCS')
->setConstructorArgs([
$this->shareManager,
$this->groupManager,
$this->userManager,
$this->request,
$this->userFolder,
$this->urlGenerator,
$this->currentUser
])->setMethods(['canAccessShare'])
->getMock();

$ocs->method('canAccessShare')->willReturn(true);

$this->shareManager
->expects($this->once())
->method('getShareById')
@@ -342,5 +336,44 @@ class Share20OCSTest extends \Test\TestCase {
->willReturn('url');

$expected = new \OC_OCS_Result($result);
$this->assertEquals($expected->getData(), $this->ocs->getShare($share->getId())->getData()); }
$this->assertEquals($expected->getData(), $ocs->getShare($share->getId())->getData());
}

public function testCanAccessShare() {
$share = $this->getMock('OC\Share20\IShare');
$share->method('getShareOwner')->willReturn($this->currentUser);
$this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));

$share = $this->getMock('OC\Share20\IShare');
$share->method('getSharedBy')->willReturn($this->currentUser);
$this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));

$share = $this->getMock('OC\Share20\IShare');
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_USER);
$share->method('getSharedWith')->willReturn($this->currentUser);
$this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));

$share = $this->getMock('OC\Share20\IShare');
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_USER);
$share->method('getSharedWith')->willReturn($this->getMock('OCP\IUser'));
$this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));

$share = $this->getMock('OC\Share20\IShare');
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_GROUP);
$group = $this->getMock('OCP\IGroup');
$group->method('inGroup')->with($this->currentUser)->willReturn(true);
$share->method('getSharedWith')->willReturn($group);
$this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));

$share = $this->getMock('OC\Share20\IShare');
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_GROUP);
$group = $this->getMock('OCP\IGroup');
$group->method('inGroup')->with($this->currentUser)->willReturn(false);
$share->method('getSharedWith')->willReturn($group);
$this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));

$share = $this->getMock('OC\Share20\IShare');
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_LINK);
$this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));
}
}

Loading…
Cancel
Save