more share permission logic to storage wrapper

this way we only have to determine the share permissions once

Signed-off-by: Robin Appelman <robin@icewind.nl>

6 files changed, 32 insertions, 10 deletions

diff --git a/apps/files_sharing/tests/ApiTest.php b/apps/files_sharing/tests/ApiTest.php
index d7661297e9e..3484bb29d94 100644
--- a/apps/files_sharing/tests/ApiTest.php
+++ b/apps/files_sharing/tests/ApiTest.php
@@ -36,6 +36,8 @@
 namespace OCA\Files_Sharing\Tests;
 
 use OC\Files\Cache\Scanner;
+use OC\Files\Filesystem;
+use OC\Files\SetupManager;
 use OCA\Files_Sharing\Controller\ShareAPIController;
 use OCP\App\IAppManager;
 use OCP\AppFramework\OCS\OCSBadRequestException;
@@ -74,6 +76,8 @@ class ApiTest extends TestCase {
 		\OC::$server->getConfig()->setAppValue('core', 'shareapi_exclude_groups', 'no');
 		\OC::$server->getConfig()->setAppValue('core', 'shareapi_expire_after_n_days', '7');
 
+		Filesystem::getLoader()->removeStorageWrapper('sharing_mask');
+
 		$this->folder = self::TEST_FOLDER_NAME;
 		$this->subfolder = '/subfolder_share_api_test';
 		$this->subsubfolder = '/subsubfolder_share_api_test';
diff --git a/lib/private/Files/FileInfo.php b/lib/private/Files/FileInfo.php
index 2b6b83a2546..b3c4629e2b2 100644
--- a/lib/private/Files/FileInfo.php
+++ b/lib/private/Files/FileInfo.php
@@ -231,7 +231,7 @@ class FileInfo implements \OCP\Files\FileInfo, \ArrayAccess {
 	}
 
 	/**
-	 * Return the currently version used for the HMAC in the encryption app
+	 * Return the current version used for the HMAC in the encryption app
 	 */
 	public function getEncryptedVersion(): int {
 		return isset($this->data['encryptedVersion']) ? (int) $this->data['encryptedVersion'] : 1;
@@ -241,11 +241,7 @@ class FileInfo implements \OCP\Files\FileInfo, \ArrayAccess {
 	 * @return int
 	 */
 	public function getPermissions() {
-		$perms = (int) $this->data['permissions'];
-		if (\OCP\Util::isSharingDisabledForUser() || ($this->isShared() && !\OC\Share\Share::isResharingAllowed())) {
-			$perms = $perms & ~\OCP\Constants::PERMISSION_SHARE;
-		}
-		return $perms;
+		return (int) $this->data['permissions'];
 	}
 
 	/**
diff --git a/lib/private/Files/ObjectStore/HomeObjectStoreStorage.php b/lib/private/Files/ObjectStore/HomeObjectStoreStorage.php
index 824adcc1d0e..b361249ff47 100644
--- a/lib/private/Files/ObjectStore/HomeObjectStoreStorage.php
+++ b/lib/private/Files/ObjectStore/HomeObjectStoreStorage.php
@@ -26,6 +26,7 @@
 namespace OC\Files\ObjectStore;
 
 use OC\User\User;
+use OCP\IUser;
 
 class HomeObjectStoreStorage extends ObjectStoreStorage implements \OCP\Files\IHomeStorage {
 	/**
@@ -61,7 +62,7 @@ class HomeObjectStoreStorage extends ObjectStoreStorage implements \OCP\Files\IH
 	 * @param string $path, optional
 	 * @return \OC\User\User
 	 */
-	public function getUser($path = null) {
+	public function getUser($path = null): IUser {
 		return $this->user;
 	}
 }
diff --git a/lib/private/Files/SetupManager.php b/lib/private/Files/SetupManager.php
index 2198c8c60b7..b1d609a9225 100644
--- a/lib/private/Files/SetupManager.php
+++ b/lib/private/Files/SetupManager.php
@@ -34,9 +34,11 @@ use OC\Files\Storage\Wrapper\Encoding;
 use OC\Files\Storage\Wrapper\PermissionsMask;
 use OC\Files\Storage\Wrapper\Quota;
 use OC\Lockdown\Filesystem\NullStorage;
+use OC\Share\Share;
 use OC_App;
 use OC_Hook;
 use OC_Util;
+use OCA\Files_Sharing\ISharedStorage;
 use OCP\Constants;
 use OCP\Diagnostics\IEventLogger;
 use OCP\EventDispatcher\IEventDispatcher;
@@ -60,6 +62,7 @@ use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\Lockdown\ILockdownManager;
 use OCP\Share\Events\ShareCreatedEvent;
+use OCP\Share\IManager;
 use Psr\Log\LoggerInterface;
 
 class SetupManager {
@@ -139,8 +142,17 @@ class SetupManager {
 			return $storage;
 		});
 
-		Filesystem::addStorageWrapper('enable_sharing', function ($mountPoint, IStorage $storage, IMountPoint $mount) {
-			if (!$mount->getOption('enable_sharing', true)) {
+		Filesystem::addStorageWrapper('sharing_mask', function ($mountPoint, IStorage $storage, IMountPoint $mount) {
+			$reSharingEnabled = Share::isResharingAllowed();
+			$sharingEnabledForMount = $mount->getOption('enable_sharing', true);
+			/** @var IUserSession $userSession */
+			$userSession = \OC::$server->get(IUserSession::class);
+			$user = $userSession->getUser();
+			/** @var IManager $shareManager */
+			$shareManager = \OC::$server->get(IManager::class);
+			$sharingEnabledForUser = $user ? !$shareManager->sharingDisabledForUser($user->getUID()) : true;
+			$isShared = $storage->instanceOfStorage(ISharedStorage::class);
+			if (!$sharingEnabledForMount || !$sharingEnabledForUser || (!$reSharingEnabled && $isShared)) {
 				return new PermissionsMask([
 					'storage' => $storage,
 					'mask' => Constants::PERMISSION_ALL - Constants::PERMISSION_SHARE,
diff --git a/lib/private/Files/Storage/Home.php b/lib/private/Files/Storage/Home.php
index 5427bc425c2..5100b15215b 100644
--- a/lib/private/Files/Storage/Home.php
+++ b/lib/private/Files/Storage/Home.php
@@ -26,6 +26,7 @@
 namespace OC\Files\Storage;
 
 use OC\Files\Cache\HomePropagator;
+use OCP\IUser;
 
 /**
  * Specialized version of Local storage for home directory usage
@@ -94,7 +95,7 @@ class Home extends Local implements \OCP\Files\IHomeStorage {
 	 *
 	 * @return \OC\User\User owner of this home storage
 	 */
-	public function getUser() {
+	public function getUser(): IUser {
 		return $this->user;
 	}
 
diff --git a/lib/public/Files/IHomeStorage.php b/lib/public/Files/IHomeStorage.php
index 7eb3ffc4a24..1fea80f2d87 100644
--- a/lib/public/Files/IHomeStorage.php
+++ b/lib/public/Files/IHomeStorage.php
@@ -27,6 +27,7 @@
 namespace OCP\Files;
 
 use OCP\Files\Storage\IStorage;
+use OCP\IUser;
 
 /**
  * Interface IHomeStorage
@@ -34,4 +35,11 @@ use OCP\Files\Storage\IStorage;
  * @since 7.0.0
  */
 interface IHomeStorage extends IStorage {
+	/**
+	 * Get the user for this home storage
+	 *
+	 * @return IUser
+	 * @since 28.0.0
+	 */
+	public function getUser(): IUser;
 }