diff options
author | Roeland Jago Douma <rullzer@owncloud.com> | 2015-11-24 09:37:17 +0100 |
---|---|---|
committer | Roeland Jago Douma <rullzer@owncloud.com> | 2015-11-24 10:26:36 +0100 |
commit | ab02b5c36e949c17433d11b3b5ca082739c42732 (patch) | |
tree | 4d0ef8ccb95002ace7668a998a88873f26033a07 | |
parent | a2b8483779b5cb868309ca3f98051bfcaafd6ff9 (diff) | |
download | nextcloud-server-ab02b5c36e949c17433d11b3b5ca082739c42732.tar.gz nextcloud-server-ab02b5c36e949c17433d11b3b5ca082739c42732.zip |
[Sharing 2.0] Move authentication to the OCS API
-rw-r--r-- | apps/files_sharing/api/ocssharewrapper.php | 3 | ||||
-rw-r--r-- | apps/files_sharing/api/share20ocs.php | 75 | ||||
-rw-r--r-- | apps/files_sharing/tests/api/share20ocstest.php | 131 |
3 files changed, 147 insertions, 62 deletions
diff --git a/apps/files_sharing/api/ocssharewrapper.php b/apps/files_sharing/api/ocssharewrapper.php index ab54e5e5e34..2a2c16da1f3 100644 --- a/apps/files_sharing/api/ocssharewrapper.php +++ b/apps/files_sharing/api/ocssharewrapper.php @@ -41,7 +41,8 @@ class OCSShareWrapper { \OC::$server->getUserManager(), \OC::$server->getRequest(), \OC::$server->getUserFolder(), - \OC::$server->getURLGenerator()); + \OC::$server->getURLGenerator(), + \OC::$server->getUserSession()->getUser()); } public function getAllShares($params) { diff --git a/apps/files_sharing/api/share20ocs.php b/apps/files_sharing/api/share20ocs.php index aaf5a3c72b6..788cbe85866 100644 --- a/apps/files_sharing/api/share20ocs.php +++ b/apps/files_sharing/api/share20ocs.php @@ -22,35 +22,52 @@ namespace OCA\Files_Sharing\API; use OC\Share20\IShare; +use OCP\IGroupManager; +use OCP\IUserManager; +use OCP\IRequest; +use OCP\Files\Folder; +use OCP\IURLGenerator; +use OCP\IUser; + class Share20OCS { /** @var \OC\Share20\Manager */ private $shareManager; - /** @var \OCP\IGroupManager */ + /** @var IGroupManager */ private $groupManager; - /** @var \OCP\IUserManager */ + /** @var IUserManager */ private $userManager; - /** @var \OCP\IRequest */ + /** @var IRequest */ private $request; - /** @var \OCP\Files\Folder */ + /** @var Folder */ private $userFolder; - public function __construct(\OC\Share20\Manager $shareManager, - \OCP\IGroupManager $groupManager, - \OCP\IUserManager $userManager, - \OCP\IRequest $request, - \OCP\Files\Folder $userFolder, - \OCP\IURLGenerator $urlGenerator) { + /** @var IUrlGenerator */ + private $urlGenerator; + + /** @var IUser */ + private $currentUser; + + public function __construct( + \OC\Share20\Manager $shareManager, + \OCP\IGroupManager $groupManager, + \OCP\IUserManager $userManager, + \OCP\IRequest $request, + \OCP\Files\Folder $userFolder, + \OCP\IURLGenerator $urlGenerator, + \OCP\IUser $currentUser + ) { $this->shareManager = $shareManager; $this->userManager = $userManager; $this->groupManager = $groupManager; $this->request = $request; $this->userFolder = $userFolder; $this->urlGenerator = $urlGenerator; + $this->currentUser = $currentUser; } /** @@ -131,8 +148,12 @@ class Share20OCS { return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.'); } - $share = $this->formatShare($share); - return new \OC_OCS_Result($share); + if ($this->canAccessShare($share)) { + $share = $this->formatShare($share); + return new \OC_OCS_Result($share); + } else { + return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.'); + } } /** @@ -156,6 +177,10 @@ class Share20OCS { \OCA\Files_Sharing\API\Local::deleteShare(['id' => $id]); } + if (!$this->canAccessShare($share)) { + return new \OC_OCS_Result(null, 404, 'could not delete share'); + } + try { $this->shareManager->deleteShare($share); } catch (\OC\Share20\Exception\BackendError $e) { @@ -164,4 +189,30 @@ class Share20OCS { return new \OC_OCS_Result(); } + + /** + * @param IShare $share + * @return bool + */ + protected function canAccessShare(IShare $share) { + // Owner of the file and the sharer of the file can always get share + if ($share->getShareOwner() === $this->currentUser || + $share->getSharedBy() === $this->currentUser + ) { + return true; + } + + // If the share is shared with you (or a group you are a member of) + if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && + $share->getSharedWith() === $this->currentUser) { + return true; + } + + if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP && + $share->getSharedWith()->inGroup($this->currentUser)) { + return true; + } + + return false; + } } diff --git a/apps/files_sharing/tests/api/share20ocstest.php b/apps/files_sharing/tests/api/share20ocstest.php index 9393b8d12c3..fb37824b337 100644 --- a/apps/files_sharing/tests/api/share20ocstest.php +++ b/apps/files_sharing/tests/api/share20ocstest.php @@ -20,28 +20,38 @@ */ namespace OCA\Files_Sharing\Tests\API; +use OC\Share20\IShare; use OCA\Files_Sharing\API\Share20OCS; +use OCP\IGroupManager; +use OCP\IUserManager; +use OCP\IRequest; +use OCP\Files\Folder; +use OCP\IURLGenerator; +use OCP\IUser; class Share20OCSTest extends \Test\TestCase { /** @var \OC\Share20\Manager */ private $shareManager; - /** @var \OCP\IGroupManager */ + /** @var IGroupManager */ private $groupManager; - /** @var \OCP\IUserManager */ + /** @var IUserManager */ private $userManager; - /** @var \OCP\IRequest */ + /** @var IRequest */ private $request; - /** @var \OCP\Files\Folder */ + /** @var Folder */ private $userFolder; - /** @var \OCP\IURLGenerator */ + /** @var IURLGenerator */ private $urlGenerator; + /** @var IUser */ + private $currentUser; + /** @var Share20OCS */ private $ocs; @@ -54,13 +64,17 @@ class Share20OCSTest extends \Test\TestCase { $this->request = $this->getMock('OCP\IRequest'); $this->userFolder = $this->getMock('OCP\Files\Folder'); $this->urlGenerator = $this->getMock('OCP\IURLGenerator'); - - $this->ocs = new Share20OCS($this->shareManager, - $this->groupManager, - $this->userManager, - $this->request, - $this->userFolder, - $this->urlGenerator); + $this->currentUser = $this->getMock('OCP\IUser'); + + $this->ocs = new Share20OCS( + $this->shareManager, + $this->groupManager, + $this->userManager, + $this->request, + $this->userFolder, + $this->urlGenerator, + $this->currentUser + ); } public function testDeleteShareShareNotFound() { @@ -76,6 +90,7 @@ class Share20OCSTest extends \Test\TestCase { public function testDeleteShareCouldNotDelete() { $share = $this->getMock('OC\Share20\IShare'); + $share->method('getShareOwner')->willReturn($this->currentUser); $this->shareManager ->expects($this->once()) ->method('getShareById') @@ -94,6 +109,7 @@ class Share20OCSTest extends \Test\TestCase { public function testDeleteShare() { $share = $this->getMock('OC\Share20\IShare'); + $share->method('getSharedBy')->willReturn($this->currentUser); $this->shareManager ->expects($this->once()) ->method('getShareById') @@ -244,42 +260,6 @@ class Share20OCSTest extends \Test\TestCase { ]; $data[] = [$share, $expected]; - // Folder shared with remote - $share = $this->createShare(101, - \OCP\Share::SHARE_TYPE_REMOTE, - 'user@remote.com', - $owner, - $folder, - 4, - 5, - null, - 6, - 'target', - 0); - $expected = [ - 'id' => 101, - 'share_type' => \OCP\Share::SHARE_TYPE_REMOTE, - 'share_with' => 'user@remote.com', - 'share_with_displayname' => 'user@remote.com', - 'uid_owner' => 'ownerId', - 'displayname_owner' => 'ownerDisplay', - 'item_type' => 'folder', - 'item_source' => 2, - 'file_source' => 2, - 'file_target' => 'target', - 'file_parent' => 3, - 'token' => null, - 'expiration' => null, - 'permissions' => 4, - 'stime' => 5, - 'parent' => 6, - 'storage_id' => 'STORAGE', - 'path' => 'folder', - 'storage' => null, // HACK around static function - 'mail_send' => 0, - ]; - $data[] = [$share, $expected]; - // File shared by link with Expire $expire = \DateTime::createFromFormat('Y-m-d h:i:s', '2000-01-02 01:02:03'); $share = $this->createShare(101, @@ -327,6 +307,20 @@ class Share20OCSTest extends \Test\TestCase { * @dataProvider dataGetShare */ public function testGetShare(\OC\Share20\IShare $share, array $result) { + $ocs = $this->getMockBuilder('OCA\Files_Sharing\API\Share20OCS') + ->setConstructorArgs([ + $this->shareManager, + $this->groupManager, + $this->userManager, + $this->request, + $this->userFolder, + $this->urlGenerator, + $this->currentUser + ])->setMethods(['canAccessShare']) + ->getMock(); + + $ocs->method('canAccessShare')->willReturn(true); + $this->shareManager ->expects($this->once()) ->method('getShareById') @@ -342,5 +336,44 @@ class Share20OCSTest extends \Test\TestCase { ->willReturn('url'); $expected = new \OC_OCS_Result($result); - $this->assertEquals($expected->getData(), $this->ocs->getShare($share->getId())->getData()); } + $this->assertEquals($expected->getData(), $ocs->getShare($share->getId())->getData()); + } + + public function testCanAccessShare() { + $share = $this->getMock('OC\Share20\IShare'); + $share->method('getShareOwner')->willReturn($this->currentUser); + $this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share])); + + $share = $this->getMock('OC\Share20\IShare'); + $share->method('getSharedBy')->willReturn($this->currentUser); + $this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share])); + + $share = $this->getMock('OC\Share20\IShare'); + $share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_USER); + $share->method('getSharedWith')->willReturn($this->currentUser); + $this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share])); + + $share = $this->getMock('OC\Share20\IShare'); + $share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_USER); + $share->method('getSharedWith')->willReturn($this->getMock('OCP\IUser')); + $this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share])); + + $share = $this->getMock('OC\Share20\IShare'); + $share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_GROUP); + $group = $this->getMock('OCP\IGroup'); + $group->method('inGroup')->with($this->currentUser)->willReturn(true); + $share->method('getSharedWith')->willReturn($group); + $this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share])); + + $share = $this->getMock('OC\Share20\IShare'); + $share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_GROUP); + $group = $this->getMock('OCP\IGroup'); + $group->method('inGroup')->with($this->currentUser)->willReturn(false); + $share->method('getSharedWith')->willReturn($group); + $this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share])); + + $share = $this->getMock('OC\Share20\IShare'); + $share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_LINK); + $this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share])); + } } |