look for correct OCM permissions

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

apps/dav/lib/Connector/Sabre/FilesPlugin.php

@@ -33,6 +33,7 @@
 namespace OCA\DAV\Connector\Sabre;
 
 use OC\AppFramework\Http\Request;
+use OCP\Constants;
 use OCP\Files\ForbiddenException;
 use OCP\IPreview;
 use Sabre\DAV\Exception\Forbidden;
@@ -57,6 +58,7 @@ class FilesPlugin extends ServerPlugin {
 	const INTERNAL_FILEID_PROPERTYNAME = '{http://owncloud.org/ns}fileid';
 	const PERMISSIONS_PROPERTYNAME = '{http://owncloud.org/ns}permissions';
 	const SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-collaboration-services.org/ns}share-permissions';
+	const OCM_SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-cloud-mesh.org/ns}share-permissions';
 	const DOWNLOADURL_PROPERTYNAME = '{http://owncloud.org/ns}downloadURL';
 	const SIZE_PROPERTYNAME = '{http://owncloud.org/ns}size';
 	const GETETAG_PROPERTYNAME = '{DAV:}getetag';
@@ -149,6 +151,7 @@ class FilesPlugin extends ServerPlugin {
 		$server->protectedProperties[] = self::INTERNAL_FILEID_PROPERTYNAME;
 		$server->protectedProperties[] = self::PERMISSIONS_PROPERTYNAME;
 		$server->protectedProperties[] = self::SHARE_PERMISSIONS_PROPERTYNAME;
+		$server->protectedProperties[] = self::OCM_SHARE_PERMISSIONS_PROPERTYNAME;
 		$server->protectedProperties[] = self::SIZE_PROPERTYNAME;
 		$server->protectedProperties[] = self::DOWNLOADURL_PROPERTYNAME;
 		$server->protectedProperties[] = self::OWNER_ID_PROPERTYNAME;
@@ -318,6 +321,14 @@ class FilesPlugin extends ServerPlugin {
 				);
 			});
 
+			$propFind->handle(self::OCM_SHARE_PERMISSIONS_PROPERTYNAME, function() use ($node, $httpRequest) {
+				$ncPermissions = $node->getSharePermissions(
+					$httpRequest->getRawServerValue('PHP_AUTH_USER')
+				);
+				$ocmPermissions = $this->ncPermissions2ocmPermissions($ncPermissions);
+				return json_encode($ocmPermissions);
+			});
+
 			$propFind->handle(self::GETETAG_PROPERTYNAME, function() use ($node) {
 				return $node->getETag();
 			});
@@ -394,6 +405,33 @@ class FilesPlugin extends ServerPlugin {
 		}
 	}
 
+	/**
+	 * translate Nextcloud permissions to OCM Permissions
+	 *
+	 * @param $ncPermissions
+	 * @return array
+	 */
+	protected function ncPermissions2ocmPermissions($ncPermissions) {
+
+		$ocmPermissions = [];
+
+		if ($ncPermissions & Constants::PERMISSION_SHARE) {
+			$ocmPermissions[] = 'share';
+		}
+
+		if ($ncPermissions & Constants::PERMISSION_READ) {
+			$ocmPermissions[] = 'read';
+		}
+
+		if (($ncPermissions & Constants::PERMISSION_CREATE) ||
+			($ncPermissions & Constants::PERMISSION_UPDATE)) {
+			$ocmPermissions[] = 'write';
+		}
+
+		return $ocmPermissions;
+
+	}
+
 	/**
 	 * Update ownCloud-specific properties
 	 *

apps/files_sharing/lib/External/Storage.php

@@ -36,6 +36,7 @@ use OC\Files\Storage\DAV;
 use OC\ForbiddenException;
 use OCA\Files_Sharing\ISharedStorage;
 use OCP\AppFramework\Http;
+use OCP\Constants;
 use OCP\Federation\ICloudId;
 use OCP\Files\NotFoundException;
 use OCP\Files\StorageInvalidException;
@@ -347,20 +348,20 @@ class Storage extends DAV implements ISharedStorage {
 		if (\OCP\Util::isSharingDisabledForUser() || !\OC\Share\Share::isResharingAllowed()) {
 			return false;
 		}
-		return ($this->getPermissions($path) & \OCP\Constants::PERMISSION_SHARE);
+		return ($this->getPermissions($path) & Constants::PERMISSION_SHARE);
 	}
 
 	public function getPermissions($path) {
 		$response = $this->propfind($path);
+		// old federated sharing permissions
 		if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) {
 			$permissions = $response['{http://open-collaboration-services.org/ns}share-permissions'];
+		} else if (isset($response['{http://open-cloud-mesh.org/ns}share-permissions'])) {
+			// permissions provided by the OCM API
+			$permissions = $this->ocmPermissions2ncPermissions($response['{http://open-collaboration-services.org/ns}share-permissions']);
 		} else {
 			// use default permission if remote server doesn't provide the share permissions
-			if ($this->is_dir($path)) {
-				$permissions = \OCP\Constants::PERMISSION_ALL;
-			} else {
-				$permissions = \OCP\Constants::PERMISSION_ALL & ~\OCP\Constants::PERMISSION_CREATE;
-			}
+			$permissions = $this->getDefaultPermissions($path);
 		}
 
 		return $permissions;
@@ -369,4 +370,53 @@ class Storage extends DAV implements ISharedStorage {
 	public function needsPartFile() {
 		return false;
 	}
+
+	/**
+	 * translate OCM Permissions to Nextcloud permissions
+	 *
+	 * @param string $ocmPermissions json encoded OCM permissions
+	 * @param string $path path to file
+	 * @return int
+	 */
+	protected function ocmPermissions2ncPermissions($ocmPermissions, $path) {
+		try {
+			$ocmPermissions = json_decode($ocmPermissions);
+			$ncPermissions = 0;
+			foreach($ocmPermissions as $permission) {
+				switch (strtolower($permission)) {
+					case 'read':
+						$ncPermissions += Constants::PERMISSION_READ;
+						break;
+					case 'write':
+						$ncPermissions += Constants::PERMISSION_CREATE + Constants::PERMISSION_UPDATE;
+						break;
+					case 'share':
+						$ncPermissions += Constants::PERMISSION_SHARE;
+						break;
+					default:
+						throw new \Exception();
+				}
+			}
+		} catch (\Exception $e) {
+			$ncPermissions = $this->getDefaultPermissions($path);
+		}
+
+		return $ncPermissions;
+	}
+
+	/**
+	 * calculate default permissions in case no permissions are provided
+	 *
+	 * @param $path
+	 * @return int
+	 */
+	protected function getDefaultPermissions($path) {
+		if ($this->is_dir($path)) {
+			$permissions = Constants::PERMISSION_ALL;
+		} else {
+			$permissions = Constants::PERMISSION_ALL & ~Constants::PERMISSION_CREATE;
+		}
+
+		return $permissions;
+	}
 }

lib/private/Federation/CloudFederationShare.php

@@ -78,7 +78,7 @@ class CloudFederationShare implements ICloudFederationShare {
 			'name' => 'webdav',
 			'options' => [
 				'sharedSecret' => $sharedSecret,
-				'permissions' => '{http://open-collaboration-services.org/ns}share-permissions'
+				'permissions' => '{http://open-cloud-mesh.org/ns}share-permissions'
 			]
 		]);
 		$this->setShareType($shareType);