diff options
| author | Maxence Lange <maxence@artificial-owl.com> | 2018-11-01 15:01:01 +0100 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2018-11-02 12:10:49 +0100 |
| commit | 0fc8a0f58eebc9bdac5544c114517f397838b38e (patch) | |
| tree | 37ec7b8af2dd2890cecedd97f15e26e39a9f2734 | |
| parent | 236a293f6a8b983ee832151c592a4e469ed0621e (diff) | |
| download | nextcloud-server-0fc8a0f58eebc9bdac5544c114517f397838b38e.tar.gz nextcloud-server-0fc8a0f58eebc9bdac5544c114517f397838b38e.zip | |
user can have his resharing rights revoked, yet seeing created shares
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareAPIController.php | 19 | ||||
| -rw-r--r-- | apps/files_sharing/tests/ApiTest.php | 10 |
2 files changed, 19 insertions, 10 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index b5c833a6f96..04c72b459b4 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -721,12 +721,18 @@ class ShareAPIController extends OCSController { $shares = array_merge($shares, $federatedShares); } - $formatted = []; + $formatted = $miniFormatted = []; $resharingRight = false; foreach ($shares as $share) { + /** @var IShare $share */ try { - $formatted[] = $this->formatShare($share, $path); - if ($path !== null && !$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) { + $format = $this->formatShare($share, $path); + $formatted[] = $format; + if ($share->getSharedBy() === $this->currentUser) { + $miniFormatted[] = $format; + } + + if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) { $resharingRight = true; } } catch (\Exception $e) { @@ -735,7 +741,7 @@ class ShareAPIController extends OCSController { } if (!$resharingRight) { - $formatted = []; + $formatted = $miniFormatted; } if ($include_tags) { @@ -1126,13 +1132,14 @@ class ShareAPIController extends OCSController { * @throws NotFoundException * @throws \OCP\Files\InvalidPathException */ - private function shareProviderResharingRights(string $userId, IShare $share, Node $node): bool { + private function shareProviderResharingRights(string $userId, IShare $share, $node): bool { + if ($share->getShareOwner() === $userId) { return true; } // we check that current user have parent resharing rights on the current file - if (($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) { + if ($node !== null && ($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) { return true; } diff --git a/apps/files_sharing/tests/ApiTest.php b/apps/files_sharing/tests/ApiTest.php index 0616daed62d..e3d0b2dbcdb 100644 --- a/apps/files_sharing/tests/ApiTest.php +++ b/apps/files_sharing/tests/ApiTest.php @@ -811,9 +811,10 @@ class ApiTest extends TestCase { $result1 = $ocs->getShares('false','false','false', $this->subfolder); $ocs->cleanup(); - // test should return one share within $this->folder +// // test should return 2 shares within $this->folder, as the viewer have resharing rights: +// // one from the owner, the second from the reshare $data1 = $result1->getData(); - $this->assertCount(1, $data1); + $this->assertCount(2, $data1); $s1 = reset($data1); //$request = $this->createRequest(['path' => $this->folder.$this->subfolder]); @@ -821,9 +822,10 @@ class ApiTest extends TestCase { $result2 = $ocs->getShares('false', 'false', 'false', $this->folder . $this->subfolder); $ocs->cleanup(); - // test should return one share within $this->folder +// // test should return 2 shares within $this->folder, as the viewer have resharing rights: +// // one from the owner, the second from the reshare $data2 = $result2->getData(); - $this->assertCount(1, $data2); + $this->assertCount(2, $data2); $s2 = reset($data2); $this->assertEquals($this->subfolder, $s1['path']); |