make sure that we don't find the wrong shares if a user and a group have the same ID

2 files changed, 51 insertions, 6 deletions

diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index b7b05dab8ef..f9d1de1febf 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -1308,14 +1308,18 @@ class Share extends \OC\Share\Constants {
 		if (isset($shareType)) {
 			// Include all user and group items
 			if ($shareType == self::$shareTypeUserAndGroups && isset($shareWith)) {
-				$where .= ' AND `share_type` IN (?,?,?)';
+				$where .= ' AND ((`share_type` in (?, ?) AND `share_with` = ?) ';
 				$queryArgs[] = self::SHARE_TYPE_USER;
-				$queryArgs[] = self::SHARE_TYPE_GROUP;
 				$queryArgs[] = self::$shareTypeGroupUserUnique;
-				$userAndGroups = array_merge(array($shareWith), \OC_Group::getUserGroups($shareWith));
-				$placeholders = join(',', array_fill(0, count($userAndGroups), '?'));
-				$where .= ' AND `share_with` IN ('.$placeholders.')';
-				$queryArgs = array_merge($queryArgs, $userAndGroups);
+				$queryArgs[] = $shareWith;
+				$groups = \OC_Group::getUserGroups($shareWith);
+				if (!empty($groups)) {
+					$placeholders = join(',', array_fill(0, count($groups), '?'));
+					$where .= ' OR (`share_type` = ? AND `share_with` IN ('.$placeholders.')) ';
+					$queryArgs[] = self::SHARE_TYPE_GROUP;
+					$queryArgs = array_merge($queryArgs, $groups);
+				}
+				$where .= ')';
 				// Don't include own group shares
 				$where .= ' AND `uid_owner` != ?';
 				$queryArgs[] = $shareWith;
diff --git a/tests/lib/share/share.php b/tests/lib/share/share.php
index 3d99883f2de..fb243a41ddb 100644
--- a/tests/lib/share/share.php
+++ b/tests/lib/share/share.php
@@ -27,6 +27,7 @@ class Test_Share extends PHPUnit_Framework_TestCase {
 	protected $user2;
 	protected $user3;
 	protected $user4;
+	protected $groupAndUser;
 	protected $groupBackend;
 	protected $group1;
 	protected $group2;
@@ -41,10 +42,12 @@ class Test_Share extends PHPUnit_Framework_TestCase {
 		$this->user2 = uniqid('user2_');
 		$this->user3 = uniqid('user3_');
 		$this->user4 = uniqid('user4_');
+		$this->groupAndUser = uniqid('groupAndUser_');
 		OC_User::createUser($this->user1, 'pass');
 		OC_User::createUser($this->user2, 'pass');
 		OC_User::createUser($this->user3, 'pass');
 		OC_User::createUser($this->user4, 'pass');
+		OC_User::createUser($this->groupAndUser, 'pass');
 		OC_User::setUserId($this->user1);
 		OC_Group::clearBackends();
 		OC_Group::useBackend(new OC_Group_Dummy);
@@ -52,11 +55,14 @@ class Test_Share extends PHPUnit_Framework_TestCase {
 		$this->group2 = uniqid('group2_');
 		OC_Group::createGroup($this->group1);
 		OC_Group::createGroup($this->group2);
+		OC_Group::createGroup($this->groupAndUser);
 		OC_Group::addToGroup($this->user1, $this->group1);
 		OC_Group::addToGroup($this->user2, $this->group1);
 		OC_Group::addToGroup($this->user3, $this->group1);
 		OC_Group::addToGroup($this->user2, $this->group2);
 		OC_Group::addToGroup($this->user4, $this->group2);
+		OC_Group::addToGroup($this->user2, $this->groupAndUser);
+		OC_Group::addToGroup($this->user3, $this->groupAndUser);
 		OCP\Share::registerBackend('test', 'Test_Share_Backend');
 		OC_Hook::clear('OCP\\Share');
 		OC::registerShareHooks();
@@ -600,6 +606,41 @@ class Test_Share extends PHPUnit_Framework_TestCase {
 		$this->assertEquals(array(), OCP\Share::getItemsShared('test'));
 	}
 
+
+	public function testShareWithGroupAndUserBothHaveTheSameId() {
+
+		$this->shareUserTestFileWithUser($this->user1, $this->groupAndUser);
+
+		OC_User::setUserId($this->groupAndUser);
+
+		$this->assertEquals(array('test.txt'), OCP\Share::getItemSharedWith('test', 'test.txt', Test_Share_Backend::FORMAT_SOURCE),
+				'"groupAndUser"-User does not see the file but it was shared with him');
+
+		OC_User::setUserId($this->user2);
+		$this->assertEquals(array(), OCP\Share::getItemSharedWith('test', 'test.txt', Test_Share_Backend::FORMAT_SOURCE),
+				'User2 sees test.txt but it was only shared with the user "groupAndUser" and not with group');
+
+		OC_User::setUserId($this->user1);
+		$this->assertTrue(OCP\Share::unshareAll('test', 'test.txt'));
+
+		$this->assertTrue(
+				OCP\Share::shareItem('test', 'test.txt', OCP\Share::SHARE_TYPE_GROUP, $this->groupAndUser, OCP\PERMISSION_READ),
+				'Failed asserting that user 1 successfully shared text.txt with group 1.'
+		);
+
+		OC_User::setUserId($this->groupAndUser);
+		$this->assertEquals(array(), OCP\Share::getItemSharedWith('test', 'test.txt', Test_Share_Backend::FORMAT_SOURCE),
+				'"groupAndUser"-User sees test.txt but it was only shared with the group "groupAndUser" and not with the user');
+
+		OC_User::setUserId($this->user2);
+		$this->assertEquals(array('test.txt'), OCP\Share::getItemSharedWith('test', 'test.txt', Test_Share_Backend::FORMAT_SOURCE),
+				'User2 does not see test.txt but it was shared with the group "groupAndUser"');
+
+		OC_User::setUserId($this->user1);
+		$this->assertTrue(OCP\Share::unshareAll('test', 'test.txt'));
+
+	}
+
 	/**
 	 * @param boolean|string $token
 	 */