summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan-Philipp Litza <jpl@plutex.de>2022-11-16 15:25:10 +0100
committerJan-Philipp Litza <jpl@plutex.de>2022-12-06 16:00:20 +0100
commita7abe2c35a170d60b6860aa929fe9c3c658c4bc8 (patch)
tree6a84ee79b6ab7a6d442caf34f872a8e8c25284cd
parentb62d3c4f39bb2c7600e6a9016ba6696da547b6a8 (diff)
downloadnextcloud-server-a7abe2c35a170d60b6860aa929fe9c3c658c4bc8.tar.gz
nextcloud-server-a7abe2c35a170d60b6860aa929fe9c3c658c4bc8.zip
Honor permissions of new link share via OCS API
The API currently overrides the supplied permissions with "read only" when a file is shared via link. It allows to update the permissions later, however. This keeps the default to "read only" but honors the permissions supplied by API call if any. Signed-off-by: Jan-Philipp Litza <jpl@plutex.de>
-rw-r--r--apps/files_sharing/lib/Controller/ShareAPIController.php11
-rw-r--r--apps/files_sharing/tests/ApiTest.php3
-rw-r--r--apps/files_sharing/tests/Controller/ShareAPIControllerTest.php8
3 files changed, 13 insertions, 9 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 43f43d10731..ab318a81fc2 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -478,7 +478,14 @@ class ShareAPIController extends OCSController {
$share = $this->shareManager->newShare();
if ($permissions === null) {
- $permissions = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL);
+ if ($shareType === IShare::TYPE_LINK
+ || $shareType === IShare::TYPE_EMAIL) {
+
+ // to keep legacy default behaviour, we ignore the setting below for link shares
+ $permissions = Constants::PERMISSION_READ;
+ } else {
+ $permissions = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL);
+ }
}
// Verify path
@@ -581,8 +588,6 @@ class ShareAPIController extends OCSController {
Constants::PERMISSION_CREATE |
Constants::PERMISSION_UPDATE |
Constants::PERMISSION_DELETE;
- } else {
- $permissions = Constants::PERMISSION_READ;
}
// TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones
diff --git a/apps/files_sharing/tests/ApiTest.php b/apps/files_sharing/tests/ApiTest.php
index 9b88297a309..4d7389be24e 100644
--- a/apps/files_sharing/tests/ApiTest.php
+++ b/apps/files_sharing/tests/ApiTest.php
@@ -211,8 +211,7 @@ class ApiTest extends TestCase {
$ocs->cleanup();
$data = $result->getData();
- $this->assertEquals(\OCP\Constants::PERMISSION_READ |
- \OCP\Constants::PERMISSION_SHARE,
+ $this->assertEquals(\OCP\Constants::PERMISSION_ALL,
$data['permissions']);
$this->assertEmpty($data['expiration']);
$this->assertTrue(is_string($data['token']));
diff --git a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
index 6f053eef124..6405181d0dc 100644
--- a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
+++ b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
@@ -2055,7 +2055,7 @@ class ShareAPIControllerTest extends TestCase {
$this->callback(function (\OCP\Share\IShare $share) use ($path) {
return $share->getNode() === $path &&
$share->getShareType() === IShare::TYPE_LINK &&
- $share->getPermissions() === \OCP\Constants::PERMISSION_READ &&
+ $share->getPermissions() === \OCP\Constants::PERMISSION_ALL &&
$share->getSharedBy() === 'currentUser' &&
$share->getPassword() === 'password' &&
$share->getExpirationDate() === null;
@@ -2095,7 +2095,7 @@ class ShareAPIControllerTest extends TestCase {
$this->callback(function (\OCP\Share\IShare $share) use ($path) {
return $share->getNode() === $path &&
$share->getShareType() === IShare::TYPE_LINK &&
- $share->getPermissions() === \OCP\Constants::PERMISSION_READ &&
+ $share->getPermissions() === \OCP\Constants::PERMISSION_ALL &&
$share->getSharedBy() === 'currentUser' &&
$share->getPassword() === 'password' &&
$share->getSendPasswordByTalk() === true &&
@@ -2179,7 +2179,7 @@ class ShareAPIControllerTest extends TestCase {
return $share->getNode() === $path &&
$share->getShareType() === IShare::TYPE_LINK &&
- $share->getPermissions() === \OCP\Constants::PERMISSION_READ &&
+ $share->getPermissions() === \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_SHARE &&
$share->getSharedBy() === 'currentUser' &&
$share->getPassword() === null &&
$share->getExpirationDate() == $date;
@@ -2187,7 +2187,7 @@ class ShareAPIControllerTest extends TestCase {
)->willReturnArgument(0);
$expected = new DataResponse([]);
- $result = $ocs->createShare('valid-path', \OCP\Constants::PERMISSION_ALL, IShare::TYPE_LINK, null, 'false', '', null, '2000-01-01');
+ $result = $ocs->createShare('valid-path', null, IShare::TYPE_LINK, null, 'false', '', null, '2000-01-01');
$this->assertInstanceOf(get_class($expected), $result);
$this->assertEquals($expected->getData(), $result->getData());