Respect not allowing outgoing shares

5 files changed, 65 insertions, 10 deletions

diff --git a/apps/files_sharing/api/share20ocs.php b/apps/files_sharing/api/share20ocs.php
index 331c6d9e780..67a94aaf8aa 100644
--- a/apps/files_sharing/api/share20ocs.php
+++ b/apps/files_sharing/api/share20ocs.php
@@ -165,6 +165,10 @@ class Share20OCS {
 		}
 
 		if ($share === null) {
+			if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
+				return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.');
+			}
+
 			try {
 				$share = $this->shareManager->getShareById('ocFederatedSharing:' . $id);
 			} catch (ShareNotFound $e) {
@@ -199,6 +203,10 @@ class Share20OCS {
 
 		// Could not find the share as internal share... maybe it is a federated share
 		if ($share === null) {
+			if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
+				return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.');
+			}
+
 			try {
 				$share = $this->shareManager->getShareById('ocFederatedSharing:' . $id);
 			} catch (ShareNotFound $e) {
@@ -321,6 +329,10 @@ class Share20OCS {
 			}
 
 		} else if ($shareType === \OCP\Share::SHARE_TYPE_REMOTE) {
+			if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
+				return new \OC_OCS_Result(null, 403, 'Sharing '.$path.' failed, because the backend does not allow shares from type '.$shareType);
+			}
+
 			$share->setSharedWith($shareWith);
 			$share->setPermissions($permissions);
 		} else {
@@ -379,7 +391,9 @@ class Share20OCS {
 			$shares = array_merge($shares, $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_USER, $node, false, -1, 0));
 			$shares = array_merge($shares, $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_GROUP, $node, false, -1, 0));
 			$shares = array_merge($shares, $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_LINK, $node, false, -1, 0));
-			$shares = array_merge($shares, $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_REMOTE, $node, false, -1, 0));
+			if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
+				$shares = array_merge($shares, $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_REMOTE, $node, false, -1, 0));
+			}
 		}
 
 		$formatted = [];
@@ -434,9 +448,13 @@ class Share20OCS {
 		$userShares = $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_USER, $path, $reshares, -1, 0);
 		$groupShares = $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_GROUP, $path, $reshares, -1, 0);
 		$linkShares = $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_LINK, $path, $reshares, -1, 0);
-		$federatedShares = $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_REMOTE, $path, $reshares, -1, 0);
+		$shares = array_merge($userShares, $groupShares, $linkShares);
+
+		if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
+			$federatedShares = $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_REMOTE, $path, $reshares, -1, 0);
+			$shares = array_merge($shares, $federatedShares);
+		}
 
-		$shares = array_merge($userShares, $groupShares, $linkShares, $federatedShares);
 
 		$formatted = [];
 		foreach ($shares as $share) {
@@ -463,6 +481,10 @@ class Share20OCS {
 
 		// Could not find the share as internal share... maybe it is a federated share
 		if ($share === null) {
+			if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
+				return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.');
+			}
+
 			try {
 				$share = $this->shareManager->getShareById('ocFederatedSharing:' . $id);
 			} catch (ShareNotFound $e) {
diff --git a/apps/files_sharing/tests/api/share20ocstest.php b/apps/files_sharing/tests/api/share20ocstest.php
index e6a78134734..a1094ce4b22 100644
--- a/apps/files_sharing/tests/api/share20ocstest.php
+++ b/apps/files_sharing/tests/api/share20ocstest.php
@@ -107,6 +107,8 @@ class Share20OCSTest extends \Test\TestCase {
 				}
 			}));
 
+		$this->shareManager->method('outgoingServer2ServerSharesAllowed')->willReturn(true);
+
 		$expected = new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.');
 		$this->assertEquals($expected, $this->ocs->deleteShare(42));
 	}
diff --git a/lib/private/share20/manager.php b/lib/private/share20/manager.php
index c3c739e4874..7cd44a7cb37 100644
--- a/lib/private/share20/manager.php
+++ b/lib/private/share20/manager.php
@@ -1072,4 +1072,11 @@ class Manager implements IManager {
 		return false;
 	}
 
+	/**
+	 * @inheritdoc
+	 */
+	public function outgoingServer2ServerSharesAllowed() {
+		return $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'yes';
+	}
+
 }
diff --git a/lib/private/share20/providerfactory.php b/lib/private/share20/providerfactory.php
index dba96aebdcf..bb440d2e01f 100644
--- a/lib/private/share20/providerfactory.php
+++ b/lib/private/share20/providerfactory.php
@@ -76,6 +76,14 @@ class ProviderFactory implements IProviderFactory {
 	protected function federatedShareProvider() {
 		if ($this->federatedProvider === null) {
 			/*
+			 * Check if the app is enabled
+			 */
+			$appManager = $this->serverContainer->getAppManager();
+			if (!$appManager->isEnabledForUser('federatedfilesharing')) {
+				return null;
+			}
+
+			/*
 			 * TODO: add factory to federated sharing app
 			 */
 			$l = $this->serverContainer->getL10N('federatedfilessharing');
@@ -109,31 +117,40 @@ class ProviderFactory implements IProviderFactory {
 	 * @inheritdoc
 	 */
 	public function getProvider($id) {
+		$provider = null;
 		if ($id === 'ocinternal') {
-			return $this->defaultShareProvider();
+			$provider = $this->defaultShareProvider();
+		} else if ($id === 'ocFederatedSharing') {
+			$provider = $this->federatedShareProvider();
 		}
 
-		if ($id === 'ocFederatedSharing') {
-			return $this->federatedShareProvider();
+		if ($provider === null) {
+			throw new ProviderException('No provider with id .' . $id . ' found.');
 		}
 
-		throw new ProviderException('No provider with id .' . $id . ' found.');
+		return $provider;
 	}
 
 	/**
 	 * @inheritdoc
 	 */
 	public function getProviderForType($shareType) {
+		$provider = null;
+
 		//FIXME we should not report type 2
 		if ($shareType === \OCP\Share::SHARE_TYPE_USER  ||
 			$shareType === 2 ||
 			$shareType === \OCP\Share::SHARE_TYPE_GROUP ||
 			$shareType === \OCP\Share::SHARE_TYPE_LINK) {
-			return $this->defaultShareProvider();
+			$provider = $this->defaultShareProvider();
 		} else if ($shareType === \OCP\Share::SHARE_TYPE_REMOTE) {
-			return $this->federatedShareProvider();
+			$provider = $this->federatedShareProvider();
+		}
+
+		if ($provider === null) {
+			throw new ProviderException('No share provider for share type ' . $shareType);
 		}
 
-		throw new ProviderException('No share provider for share type ' . $shareType);
+		return $provider;
 	}
 }
diff --git a/lib/public/share/imanager.php b/lib/public/share/imanager.php
index 4d79f97c31a..f926104dde0 100644
--- a/lib/public/share/imanager.php
+++ b/lib/public/share/imanager.php
@@ -229,4 +229,11 @@ interface IManager {
 	 */
 	public function sharingDisabledForUser($userId);
 
+	/**
+	 * Check if outgoing server2server shares are allowed
+	 * @return bool
+	 * @since 9.0.0
+	 */
+	public function outgoingServer2ServerSharesAllowed();
+
 }