summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2015-01-09 18:05:05 +0100
committerMorris Jobke <hey@morrisjobke.de>2015-01-09 18:05:05 +0100
commitda8228fa14ee5c2b5db7ba79bbba6da6f0bdcf26 (patch)
tree594aed2e1216a697f69524aef5f1e9f7e0d9d15b
parent9fb61b42f6c531d07f90780aafe2e04bcdc606fe (diff)
parentc897a14d56827098af3d2059b0cc892959ba56a7 (diff)
downloadnextcloud-server-da8228fa14ee5c2b5db7ba79bbba6da6f0bdcf26.tar.gz
nextcloud-server-da8228fa14ee5c2b5db7ba79bbba6da6f0bdcf26.zip
Merge pull request #13195 from owncloud/resharepermfix
Fix reshare permission issue
-rw-r--r--core/js/share.js2
-rw-r--r--core/js/tests/specs/shareSpec.js156
2 files changed, 158 insertions, 0 deletions
diff --git a/core/js/share.js b/core/js/share.js
index 2692ff60b5c..877ef4856a3 100644
--- a/core/js/share.js
+++ b/core/js/share.js
@@ -360,6 +360,8 @@ OC.Share={
html += '<span class="reshare">'+t('core', 'Shared with you by {owner}', {owner: data.reshare.displayname_owner})+'</span>';
}
html += '<br />';
+ // reduce possible permissions to what the original share allowed
+ possiblePermissions = possiblePermissions & data.reshare.permissions;
}
if (possiblePermissions & OC.PERMISSION_SHARE) {
diff --git a/core/js/tests/specs/shareSpec.js b/core/js/tests/specs/shareSpec.js
index 4859ba782d2..f4500895464 100644
--- a/core/js/tests/specs/shareSpec.js
+++ b/core/js/tests/specs/shareSpec.js
@@ -61,6 +61,7 @@ describe('OC.Share tests', function() {
loadItemStub.restore();
autocompleteStub.restore();
+ $('#dropdown').remove();
});
it('calls loadItem with the correct arguments', function() {
OC.Share.showDropDown(
@@ -502,6 +503,161 @@ describe('OC.Share tests', function() {
expect(shares[OC.Share.SHARE_TYPE_GROUP]).not.toBeDefined();
});
});
+ describe('share permissions', function() {
+ beforeEach(function() {
+ oc_appconfig.core.resharingAllowed = true;
+ });
+
+ /**
+ * Tests sharing with the given possible permissions
+ *
+ * @param {int} possiblePermissions
+ * @return {int} permissions sent to the server
+ */
+ function testWithPermissions(possiblePermissions) {
+ OC.Share.showDropDown(
+ 'file',
+ 123,
+ $container,
+ true,
+ possiblePermissions,
+ 'shared_file_name.txt'
+ );
+ var autocompleteOptions = autocompleteStub.getCall(0).args[0];
+ // simulate autocomplete selection
+ autocompleteOptions.select(new $.Event('select'), {
+ item: {
+ label: 'User Two',
+ value: {
+ shareType: OC.Share.SHARE_TYPE_USER,
+ shareWith: 'user2'
+ }
+ }
+ });
+ autocompleteStub.reset();
+ var requestBody = OC.parseQueryString(_.last(fakeServer.requests).requestBody);
+ return parseInt(requestBody.permissions, 10);
+ }
+
+ describe('regular sharing', function() {
+ it('shares with given permissions with default config', function() {
+ loadItemStub.returns({
+ reshare: [],
+ shares: []
+ });
+ expect(
+ testWithPermissions(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE)
+ ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE);
+ expect(
+ testWithPermissions(OC.PERMISSION_READ | OC.PERMISSION_SHARE)
+ ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_SHARE);
+ });
+ it('removes share permission when not allowed', function() {
+ oc_appconfig.core.resharingAllowed = false;
+ loadItemStub.returns({
+ reshare: [],
+ shares: []
+ });
+ expect(
+ testWithPermissions(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE)
+ ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_UPDATE);
+ });
+ it('automatically adds READ permission even when not specified', function() {
+ oc_appconfig.core.resharingAllowed = false;
+ loadItemStub.returns({
+ reshare: [],
+ shares: []
+ });
+ expect(
+ testWithPermissions(OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE)
+ ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_UPDATE);
+ });
+ it('does not show sharing options when sharing not allowed', function() {
+ loadItemStub.returns({
+ reshare: [],
+ shares: []
+ });
+ OC.Share.showDropDown(
+ 'file',
+ 123,
+ $container,
+ true,
+ OC.PERMISSION_READ,
+ 'shared_file_name.txt'
+ );
+ expect($('#dropdown #shareWithList').length).toEqual(0);
+ });
+ });
+ describe('resharing', function() {
+ it('shares with given permissions when original share had all permissions', function() {
+ loadItemStub.returns({
+ reshare: {
+ permissions: OC.PERMISSION_ALL
+ },
+ shares: []
+ });
+ expect(
+ testWithPermissions(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE)
+ ).toEqual(OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_SHARE);
+ });
+ it('reduces reshare permissions to the ones from the original share', function() {
+ loadItemStub.returns({
+ reshare: {
+ permissions: OC.PERMISSION_READ,
+ uid_owner: 'user1'
+ },
+ shares: []
+ });
+ OC.Share.showDropDown(
+ 'file',
+ 123,
+ $container,
+ true,
+ OC.PERMISSION_ALL,
+ 'shared_file_name.txt'
+ );
+ // no resharing allowed
+ expect($('#dropdown #shareWithList').length).toEqual(0);
+ });
+ it('reduces reshare permissions to possible permissions', function() {
+ loadItemStub.returns({
+ reshare: {
+ permissions: OC.PERMISSION_ALL,
+ uid_owner: 'user1'
+ },
+ shares: []
+ });
+ OC.Share.showDropDown(
+ 'file',
+ 123,
+ $container,
+ true,
+ OC.PERMISSION_READ,
+ 'shared_file_name.txt'
+ );
+ // no resharing allowed
+ expect($('#dropdown #shareWithList').length).toEqual(0);
+ });
+ it('does not show sharing options when resharing not allowed', function() {
+ loadItemStub.returns({
+ reshare: {
+ permissions: OC.PERMISSION_READ | OC.PERMISSION_UPDATE | OC.PERMISSION_DELETE,
+ uid_owner: 'user1'
+ },
+ shares: []
+ });
+ OC.Share.showDropDown(
+ 'file',
+ 123,
+ $container,
+ true,
+ OC.PERMISSION_ALL,
+ 'shared_file_name.txt'
+ );
+ expect($('#dropdown #shareWithList').length).toEqual(0);
+ });
+ });
+ });
});
describe('markFileAsShared', function() {
var $file;