diff options
| author | skjnldsv <skjnldsv@protonmail.com> | 2024-08-22 10:02:37 +0200 |
|---|---|---|
| committer | skjnldsv <skjnldsv@protonmail.com> | 2024-09-11 13:55:06 +0200 |
| commit | b9ef97260d9c904f6ed835c889092f1e9b7c8b05 (patch) | |
| tree | c7486edce1fac276645c2a0a9dd11d136a0aa082 | |
| parent | c80dd9dfecbf5dc6cf8a827ef62f9c27eea7a776 (diff) | |
| download | nextcloud-server-b9ef97260d9c904f6ed835c889092f1e9b7c8b05.tar.gz nextcloud-server-b9ef97260d9c904f6ed835c889092f1e9b7c8b05.zip | |
fix(files_sharing): adjust permissions from custom edit and delete check methodsbackport/47339/stable29
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
3 files changed, 142 insertions, 0 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index 1c642dcd952..50889c13ce3 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -188,6 +188,23 @@ class ShareAPIController extends OCSController { if ($isOwnShare) { $result['item_permissions'] = $node->getPermissions(); } + + // If we're on the recipient side, the node permissions + // are bound to the share permissions. So we need to + // adjust the permissions to the share permissions if necessary. + if (!$isOwnShare) { + $result['item_permissions'] = $share->getPermissions(); + + // For some reason, single files share are forbidden to have the delete permission + // since we have custom methods to check those, let's adjust straight away. + // DAV permissions does not have that issue though. + if ($this->canDeleteShare($share) || $this->canDeleteShareFromSelf($share)) { + $result['item_permissions'] |= Constants::PERMISSION_DELETE; + } + if ($this->canEditShare($share)) { + $result['item_permissions'] |= Constants::PERMISSION_UPDATE; + } + } // See MOUNT_ROOT_PROPERTYNAME dav property $result['is-mount-root'] = $node->getInternalPath() === ''; diff --git a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php index b9b3e6fdecf..426626372fd 100644 --- a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php +++ b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php @@ -3775,6 +3775,12 @@ class ShareAPIControllerTest extends TestCase { $folder->method('getStorage')->willReturn($storage); $fileWithPreview->method('getStorage')->willReturn($storage); + + $mountPoint = $this->getMockBuilder(IMountPoint::class)->getMock(); + $mountPoint->method('getMountType')->willReturn(''); + $file->method('getMountPoint')->willReturn($mountPoint); + $folder->method('getMountPoint')->willReturn($mountPoint); + $owner = $this->getMockBuilder(IUser::class)->getMock(); $owner->method('getDisplayName')->willReturn('ownerDN'); $initiator = $this->getMockBuilder(IUser::class)->getMock(); @@ -3929,6 +3935,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -3980,6 +3988,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => true, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4032,6 +4042,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4081,6 +4093,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4137,6 +4151,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4193,6 +4209,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4243,6 +4261,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4293,6 +4313,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4346,6 +4368,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4396,6 +4420,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4446,6 +4472,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4513,6 +4541,8 @@ class ShareAPIControllerTest extends TestCase { 'password_expiration_time' => null, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4566,6 +4596,8 @@ class ShareAPIControllerTest extends TestCase { 'password_expiration_time' => null, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4617,6 +4649,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => true, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, [], false ]; @@ -4720,6 +4754,10 @@ class ShareAPIControllerTest extends TestCase { $file->method('getSize')->willReturn(123456); $file->method('getMTime')->willReturn(1234567890); + $mountPoint = $this->getMockBuilder(IMountPoint::class)->getMock(); + $mountPoint->method('getMountType')->willReturn(''); + $file->method('getMountPoint')->willReturn($mountPoint); + $cache = $this->getMockBuilder('OCP\Files\Cache\ICache')->getMock(); $cache->method('getNumericStorageId')->willReturn(100); $storage = $this->createMock(Storage::class); @@ -4775,6 +4813,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, false, [] ]; @@ -4824,6 +4864,8 @@ class ShareAPIControllerTest extends TestCase { 'can_delete' => false, 'item_size' => 123456, 'item_mtime' => 1234567890, + 'is-mount-root' => false, + 'mount-type' => '', 'attributes' => null, ], $share, true, [ 'share_with_displayname' => 'recipientRoomName' diff --git a/build/integration/sharing_features/sharing-v1-part4.feature b/build/integration/sharing_features/sharing-v1-part4.feature index ae4e69f2622..b180ad08072 100644 --- a/build/integration/sharing_features/sharing-v1-part4.feature +++ b/build/integration/sharing_features/sharing-v1-part4.feature @@ -39,3 +39,86 @@ Scenario: Creating a new share of a file you own shows the file permissions And the HTTP status code should be "200" And Share fields of last share match with | item_permissions | 27 | + +Scenario: Receiving a share of a file gives no create permission + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "31" + And file "welcome.txt" of user "user0" is shared with user "user1" + And sending "GET" to "/apps/files_sharing/api/v1/shares" + And share 0 is returned with + | path | /welcome.txt | + | permissions | 19 | + | item_permissions | 27 | + When As an "user1" + And user "user1" accepts last share + And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the list of returned shares has 1 shares + And share 0 is returned with + | path | /welcome (2).txt | + | permissions | 19 | + | item_permissions | 27 | + +Scenario: Receiving a share of a folder gives create permission + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "31" + And file "PARENT/CHILD" of user "user0" is shared with user "user1" + And sending "GET" to "/apps/files_sharing/api/v1/shares" + And share 0 is returned with + | path | /PARENT/CHILD | + | permissions | 31 | + | item_permissions | 31 | + When As an "user1" + And user "user1" accepts last share + And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the list of returned shares has 1 shares + And share 0 is returned with + | path | /CHILD | + | permissions | 31 | + | item_permissions | 31 | + +# User can remove itself from a share +Scenario: Receiving a share of a file without delete permission gives delete permission anyway + Given user "user0" exists + And user "user1" exists + And As an "user0" + And parameter "shareapi_default_permissions" of app "core" is set to "23" + And file "welcome.txt" of user "user0" is shared with user "user1" + And sending "GET" to "/apps/files_sharing/api/v1/shares" + And share 0 is returned with + | path | /welcome.txt | + | permissions | 19 | + | item_permissions | 27 | + When As an "user1" + And user "user1" accepts last share + And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the list of returned shares has 1 shares + And share 0 is returned with + | path | /welcome (2).txt | + | permissions | 19 | + | item_permissions | 27 | + +Scenario: Receiving a share of a file without delete permission gives delete permission anyway + Given user "user0" exists + And user "user1" exists + And As an "user0" + And group "group1" exists + And user "user1" belongs to group "group1" + And parameter "shareapi_default_permissions" of app "core" is set to "23" + And file "welcome.txt" of user "user0" is shared with group "group1" + And sending "GET" to "/apps/files_sharing/api/v1/shares" + And share 0 is returned with + | path | /welcome.txt | + | permissions | 19 | + | item_permissions | 27 | + When As an "user1" + And user "user1" accepts last share + And sending "GET" to "/apps/files_sharing/api/v1/shares?shared_with_me=true" + Then the list of returned shares has 1 shares + And share 0 is returned with + | path | /welcome (2).txt | + | permissions | 19 | + | item_permissions | 27 | |