diff options
author | Roeland Jago Douma <rullzer@owncloud.com> | 2015-10-23 13:57:09 +0200 |
---|---|---|
committer | Roeland Jago Douma <rullzer@owncloud.com> | 2016-01-08 20:27:01 +0100 |
commit | 629bac22fd724ac8bcde6401782d9d2517556137 (patch) | |
tree | 0441783995e7bdb567070541a00cfd3155ae87e7 | |
parent | c882d46e5f3ccdfb7beb062c219ba3f9a3a83b8f (diff) | |
download | nextcloud-server-629bac22fd724ac8bcde6401782d9d2517556137.tar.gz nextcloud-server-629bac22fd724ac8bcde6401782d9d2517556137.zip |
Make sure to respect deleted group shares by user
-rw-r--r-- | apps/files_sharing/tests/sharedmount.php | 79 | ||||
-rw-r--r-- | lib/private/share/share.php | 4 |
2 files changed, 82 insertions, 1 deletions
diff --git a/apps/files_sharing/tests/sharedmount.php b/apps/files_sharing/tests/sharedmount.php index 5b625585ebb..21c98625e60 100644 --- a/apps/files_sharing/tests/sharedmount.php +++ b/apps/files_sharing/tests/sharedmount.php @@ -372,6 +372,85 @@ class Test_Files_Sharing_Mount extends OCA\Files_sharing\Tests\TestCase { \OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup'); } + /** + * If the permissions on a group share are upgraded be sure to still respect + * removed shares by a member of that group + */ + function testPermissionUpgradeOnUserDeletedGroupShare() { + \OC_Group::createGroup('testGroup'); + \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER1, 'testGroup'); + \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup'); + \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup'); + + $connection = \OC::$server->getDatabaseConnection(); + + // Share item with group + $fileinfo = $this->view->getFileInfo($this->folder); + $this->assertTrue( + \OCP\Share::shareItem('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, "testGroup", \OCP\Constants::PERMISSION_READ) + ); + + // Login as user 2 and verify the item exists + self::loginHelper(self::TEST_FILES_SHARING_API_USER2); + $this->assertTrue(\OC\Files\Filesystem::file_exists($this->folder)); + $result = \OCP\Share::getItemSharedWithBySource('folder', $fileinfo['fileid']); + $this->assertNotEmpty($result); + $this->assertEquals(\OCP\Constants::PERMISSION_READ, $result['permissions']); + + // Delete the share + $this->assertTrue(\OC\Files\Filesystem::rmdir($this->folder)); + $this->assertFalse(\OC\Files\Filesystem::file_exists($this->folder)); + + // Verify we do not get a share + $result = \OCP\Share::getItemSharedWithBySource('folder', $fileinfo['fileid']); + $this->assertEmpty($result); + + // Verify that the permission is correct in the DB + $qb = $connection->getQueryBuilder(); + $qb->select('*') + ->from('share') + ->where($qb->expr()->eq('file_source', $qb->createParameter('fileSource'))) + ->andWhere($qb->expr()->eq('share_type', $qb->createParameter('shareType'))) + ->setParameter(':fileSource', $fileinfo['fileid']) + ->setParameter(':shareType', 2); + $res = $qb->execute()->fetchAll(); + + $this->assertCount(1, $res); + $this->assertEquals(0, $res[0]['permissions']); + + // Login as user 1 again and change permissions + self::loginHelper(self::TEST_FILES_SHARING_API_USER1); + $this->assertTrue( + \OCP\Share::setPermissions('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, "testGroup", \OCP\Constants::PERMISSION_ALL) + ); + + // Login as user 2 and verify + self::loginHelper(self::TEST_FILES_SHARING_API_USER2); + $this->assertFalse(\OC\Files\Filesystem::file_exists($this->folder)); + $result = \OCP\Share::getItemSharedWithBySource('folder', $fileinfo['fileid']); + $this->assertEmpty($result); + + $connection = \OC::$server->getDatabaseConnection(); + $qb = $connection->getQueryBuilder(); + $qb->select('*') + ->from('share') + ->where($qb->expr()->eq('file_source', $qb->createParameter('fileSource'))) + ->andWhere($qb->expr()->eq('share_type', $qb->createParameter('shareType'))) + ->setParameter(':fileSource', $fileinfo['fileid']) + ->setParameter(':shareType', 2); + $res = $qb->execute()->fetchAll(); + + $this->assertCount(1, $res); + $this->assertEquals(0, $res[0]['permissions']); + + //cleanup + self::loginHelper(self::TEST_FILES_SHARING_API_USER1); + \OCP\Share::unshare('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'testGroup'); + \OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER1, 'testGroup'); + \OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup'); + \OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup'); + } + } class DummyTestClassSharedMount extends \OCA\Files_Sharing\SharedMount { diff --git a/lib/private/share/share.php b/lib/private/share/share.php index e7f83909cb8..f02b2e9c770 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -1217,8 +1217,10 @@ class Share extends Constants { ->from('share') ->where($qb->expr()->eq('parent', $qb->createParameter('parent'))) ->andWhere($qb->expr()->eq('share_type', $qb->createParameter('share_type'))) + ->andWhere($qb->expr()->neq('permissions', $qb->createParameter('shareDeleted'))) ->setParameter(':parent', (int)$rootItem['id']) - ->setParameter(':share_type', 2); + ->setParameter(':share_type', 2) + ->setParameter(':shareDeleted', 0); $result = $qb->execute(); $ids = []; |