diff options
author | Vincent Petry <pvince81@owncloud.com> | 2015-01-19 14:39:00 +0100 |
---|---|---|
committer | Joas Schilling <nickvergessen@gmx.de> | 2015-01-23 15:11:06 +0100 |
commit | 8fa3e7a6bf42fc907a5e98f01104220b35fee48f (patch) | |
tree | edd39ab43325368e27163adafea4da1c249b3f7f | |
parent | 3a66b7c6eca7a7b841ec8c15c59f691d3079afab (diff) | |
download | nextcloud-server-8fa3e7a6bf42fc907a5e98f01104220b35fee48f.tar.gz nextcloud-server-8fa3e7a6bf42fc907a5e98f01104220b35fee48f.zip |
Do not retrieve shares through group if user has no group
-rw-r--r-- | lib/private/share/share.php | 42 | ||||
-rw-r--r-- | tests/lib/share/share.php | 27 |
2 files changed, 48 insertions, 21 deletions
diff --git a/lib/private/share/share.php b/lib/private/share/share.php index e5f350a24fb..c9f9654203e 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -337,27 +337,29 @@ class Share extends \OC\Share\Constants { if(empty($shares) && $user !== null) { $groups = \OC_Group::getUserGroups($user); - $where = 'WHERE `' . $column . '` = ? AND `item_type` = ? AND `share_with` in (?)'; - $arguments = array($itemSource, $itemType, $groups); - $types = array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY); - - if ($owner !== null) { - $where .= ' AND `uid_owner` = ?'; - $arguments[] = $owner; - $types[] = null; - } - - // TODO: inject connection, hopefully one day in the future when this - // class isn't static anymore... - $conn = \OC_DB::getConnection(); - $result = $conn->executeQuery( - 'SELECT * FROM `*PREFIX*share` ' . $where, - $arguments, - $types - ); + if (!empty($groups)) { + $where = 'WHERE `' . $column . '` = ? AND `item_type` = ? AND `share_with` in (?)'; + $arguments = array($itemSource, $itemType, $groups); + $types = array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY); + + if ($owner !== null) { + $where .= ' AND `uid_owner` = ?'; + $arguments[] = $owner; + $types[] = null; + } - while ($row = $result->fetch()) { - $shares[] = $row; + // TODO: inject connection, hopefully one day in the future when this + // class isn't static anymore... + $conn = \OC_DB::getConnection(); + $result = $conn->executeQuery( + 'SELECT * FROM `*PREFIX*share` ' . $where, + $arguments, + $types + ); + + while ($row = $result->fetch()) { + $shares[] = $row; + } } } diff --git a/tests/lib/share/share.php b/tests/lib/share/share.php index 4b42036fc22..6a50dd1f962 100644 --- a/tests/lib/share/share.php +++ b/tests/lib/share/share.php @@ -27,6 +27,8 @@ class Test_Share extends \Test\TestCase { protected $user2; protected $user3; protected $user4; + protected $user5; + protected $user6; protected $groupAndUser; protected $groupBackend; protected $group1; @@ -45,12 +47,14 @@ class Test_Share extends \Test\TestCase { $this->user3 = $this->getUniqueID('user3_'); $this->user4 = $this->getUniqueID('user4_'); $this->user5 = $this->getUniqueID('user5_'); + $this->user6 = $this->getUniqueID('user6_'); $this->groupAndUser = $this->getUniqueID('groupAndUser_'); OC_User::createUser($this->user1, 'pass'); OC_User::createUser($this->user2, 'pass'); OC_User::createUser($this->user3, 'pass'); OC_User::createUser($this->user4, 'pass'); OC_User::createUser($this->user5, 'pass'); + OC_User::createUser($this->user6, 'pass'); // no group OC_User::createUser($this->groupAndUser, 'pass'); OC_User::setUserId($this->user1); OC_Group::clearBackends(); @@ -85,6 +89,18 @@ class Test_Share extends \Test\TestCase { $query->execute(array('test')); OC_Appconfig::setValue('core', 'shareapi_allow_resharing', $this->resharing); + OC_User::deleteUser($this->user1); + OC_User::deleteUser($this->user2); + OC_User::deleteUser($this->user3); + OC_User::deleteUser($this->user4); + OC_User::deleteUser($this->user5); + OC_User::deleteUser($this->user6); + OC_User::deleteUser($this->groupAndUser); + + OC_Group::deleteGroup($this->group1); + OC_Group::deleteGroup($this->group2); + OC_Group::deleteGroup($this->groupAndUser); + parent::tearDown(); } @@ -720,6 +736,8 @@ class Test_Share extends \Test\TestCase { $query->execute($args); $args = array('test', 99, 'target4', OCP\Share::SHARE_TYPE_USER, $this->user3, $this->user4); $query->execute($args); + $args = array('test', 99, 'target4', OCP\Share::SHARE_TYPE_USER, $this->user6, $this->user4); + $query->execute($args); $result1 = \OCP\Share::getItemSharedWithUser('test', 99, $this->user2, $this->user1); @@ -735,8 +753,12 @@ class Test_Share extends \Test\TestCase { $this->verifyResult($result3, array('target3', 'target4')); $result4 = \OCP\Share::getItemSharedWithUser('test', 99, null, null); - $this->assertSame(4, count($result4)); + $this->assertSame(5, count($result4)); // 5 because target4 appears twice $this->verifyResult($result4, array('target1', 'target2', 'target3', 'target4')); + + $result6 = \OCP\Share::getItemSharedWithUser('test', 99, $this->user6, null); + $this->assertSame(1, count($result6)); + $this->verifyResult($result6, array('target4')); } public function testGetItemSharedWithUserFromGroupShare() { @@ -772,6 +794,9 @@ class Test_Share extends \Test\TestCase { $result4 = \OCP\Share::getItemSharedWithUser('test', 99, null, null); $this->assertSame(4, count($result4)); $this->verifyResult($result4, array('target1', 'target2', 'target3', 'target4')); + + $result6 = \OCP\Share::getItemSharedWithUser('test', 99, $this->user6, null); + $this->assertSame(0, count($result6)); } public function verifyResult($result, $expected) { |