summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjörn Schießle <schiessle@owncloud.com>2014-05-22 08:19:27 -0400
committerBjörn Schießle <schiessle@owncloud.com>2014-05-22 08:19:27 -0400
commit050df76830f05e25df0c298988658c9482fb4b87 (patch)
treedc1de7a8833883c91eaf15b1a45a1111d8fcfdc5
parentc4f6a80bdc10f502b5e0770fa25da7d5f8a95a7b (diff)
parent12338e0ef07c409156fa9cd1008bb981bda20461 (diff)
downloadnextcloud-server-050df76830f05e25df0c298988658c9482fb4b87.tar.gz
nextcloud-server-050df76830f05e25df0c298988658c9482fb4b87.zip
Merge pull request #8599 from owncloud/sharing_disable_for_groups
allow admin to disable sharing for specific groups of users
-rw-r--r--apps/files/css/files.css4
-rw-r--r--apps/files_sharing/js/share.js32
-rw-r--r--apps/files_sharing/lib/permissions.php14
-rw-r--r--apps/files_sharing/lib/sharedstorage.php8
-rw-r--r--apps/files_sharing/tests/api.php72
-rw-r--r--apps/files_sharing/tests/base.php2
-rw-r--r--apps/files_sharing/tests/proxy.php4
-rw-r--r--core/js/config.php1
-rw-r--r--lib/private/files/cache/permissions.php19
-rw-r--r--lib/private/files/storage/common.php4
-rw-r--r--lib/private/share/share.php10
-rwxr-xr-xlib/private/util.php23
-rw-r--r--lib/public/util.php9
-rwxr-xr-xsettings/admin.php18
-rw-r--r--settings/ajax/excludegroups.php18
-rw-r--r--settings/css/settings.css9
-rw-r--r--settings/js/admin.js49
-rw-r--r--settings/routes.php2
-rw-r--r--settings/templates/admin.php22
-rw-r--r--tests/lib/util.php55
20 files changed, 352 insertions, 23 deletions
diff --git a/apps/files/css/files.css b/apps/files/css/files.css
index 009cb355ba7..731dd7a23e7 100644
--- a/apps/files/css/files.css
+++ b/apps/files/css/files.css
@@ -358,6 +358,10 @@ table td.filename form { font-size:14px; margin-left:48px; margin-right:48px; }
padding: 28px 14px 19px !important;
}
+#fileList .action.action-share-notification span, img, a {
+ cursor: default !important;
+}
+
a.action>img { max-height:16px; max-width:16px; vertical-align:text-bottom; }
/* Actions for selected files */
diff --git a/apps/files_sharing/js/share.js b/apps/files_sharing/js/share.js
index 7d68a8d8860..1b04097ccb1 100644
--- a/apps/files_sharing/js/share.js
+++ b/apps/files_sharing/js/share.js
@@ -27,13 +27,29 @@ $(document).ready(function() {
}
$('#fileList').on('fileActionsReady',function(){
- var $fileList = $(this);
- var allShared = $fileList.find('[data-share-owner] [data-Action="Share"]');
- allShared.addClass('permanent');
- allShared.find('span').text(function(){
- var $owner = $(this).closest('tr').attr('data-share-owner');
- return ' ' + t('files_sharing', 'Shared by {owner}', {owner: $owner});
- });
+ // if no share action exists because the admin disabled sharing for this user
+ // we create a share notification action to inform the user about files
+ // shared with him otherwise we just update the existing share action.
+ var allShared;
+ if (oc_appconfig.core.sharingDisabledForUser) {
+ var $fileList = $(this);
+ allShared = $fileList.find('[data-share-owner]');
+ var shareNotification = '<a class="action action-share-notification permanent"' +
+ ' data-action="Share-Notification" href="#" original-title="">' +
+ ' <img class="svg" src="' + OC.imagePath('core', 'actions/share') + '"></img>';
+ $(allShared).find('.fileactions').append(function() {
+ var owner = $(this).closest('tr').attr('data-share-owner');
+ var shareBy = t('files_sharing', 'Shared by {owner}', {owner: owner});
+ return shareNotification + '<span> ' + shareBy + '</span></span>';
+ });
+ } else {
+ allShared = $fileList.find('[data-share-owner] [data-Action="Share"]');
+ allShared.addClass('permanent');
+ allShared.find('span').text(function(){
+ var $owner = $(this).closest('tr').attr('data-share-owner');
+ return ' ' + t('files_sharing', 'Shared by {owner}', {owner: $owner});
+ });
+ }
// FIXME: these calls are also working on hard-coded
// list selectors...
@@ -48,7 +64,7 @@ $(document).ready(function() {
}
});
- FileActions.register('all', 'Share', OC.PERMISSION_READ, OC.imagePath('core', 'actions/share'), function(filename) {
+ FileActions.register('all', 'Share', OC.PERMISSION_SHARE, OC.imagePath('core', 'actions/share'), function(filename) {
var tr = FileList.findFileEl(filename);
var itemType = 'file';
if ($(tr).data('type') == 'dir') {
diff --git a/apps/files_sharing/lib/permissions.php b/apps/files_sharing/lib/permissions.php
index c3ad63e2fd2..f32ebabe40d 100644
--- a/apps/files_sharing/lib/permissions.php
+++ b/apps/files_sharing/lib/permissions.php
@@ -30,6 +30,7 @@ class Shared_Permissions extends Permissions {
* @return int (-1 if file no permissions set)
*/
public function get($fileId, $user) {
+
if ($fileId == -1) {
// if we ask for the mount point return -1 so that we can get the correct
// permissions by the path, with the root fileId we have no idea which share is meant
@@ -37,11 +38,14 @@ class Shared_Permissions extends Permissions {
}
$source = \OCP\Share::getItemSharedWithBySource('file', $fileId, \OC_Share_Backend_File::FORMAT_SHARED_STORAGE,
null, true);
+
+ $permission = -1;
+
if ($source) {
- return $source['permissions'];
- } else {
- return -1;
+ $permission = $this->updatePermissions($source['permissions']);
}
+
+ return $permission;
}
/**
@@ -55,7 +59,7 @@ class Shared_Permissions extends Permissions {
$source = \OCP\Share::getItemSharedWithBySource('file', $fileId, \OC_Share_Backend_File::FORMAT_SHARED_STORAGE,
null, false);
if ($source) {
- return $source['permissions'];
+ return $this->updatePermissions($source['permissions']);
} else {
return -1;
}
@@ -106,7 +110,7 @@ class Shared_Permissions extends Permissions {
$result = $query->execute(array($parentId));
$filePermissions = array();
while ($row = $result->fetchRow()) {
- $filePermissions[$row['fileid']] = $permissions;
+ $filePermissions[$row['fileid']] = $this->updatePermissions($permissions);
}
return $filePermissions;
}
diff --git a/apps/files_sharing/lib/sharedstorage.php b/apps/files_sharing/lib/sharedstorage.php
index c18e30966f0..07a0acf00a5 100644
--- a/apps/files_sharing/lib/sharedstorage.php
+++ b/apps/files_sharing/lib/sharedstorage.php
@@ -108,6 +108,11 @@ class Shared extends \OC\Files\Storage\Common {
if (pathinfo($target, PATHINFO_EXTENSION) === 'part') {
$permissions |= \OCP\PERMISSION_DELETE;
}
+
+ if (\OC_Util::isSharingDisabledForUser()) {
+ $permissions &= ~\OCP\PERMISSION_SHARE;
+ }
+
return $permissions;
}
@@ -198,6 +203,9 @@ class Shared extends \OC\Files\Storage\Common {
}
public function isSharable($path) {
+ if (\OCP\Util::isSharingDisabledForUser()) {
+ return false;
+ }
return ($this->getPermissions($path) & \OCP\PERMISSION_SHARE);
}
diff --git a/apps/files_sharing/tests/api.php b/apps/files_sharing/tests/api.php
index dc07c6fc620..6d0ed434ef2 100644
--- a/apps/files_sharing/tests/api.php
+++ b/apps/files_sharing/tests/api.php
@@ -171,6 +171,78 @@ class Test_Files_Sharing_Api extends Test_Files_Sharing_Base {
$appConfig->setValue('core', 'shareapi_enforce_links_password', 'no');
}
+ /**
+ * @medium
+ */
+ function testSharePermissions() {
+
+ // sharing file to a user should work if shareapi_exclude_groups is set
+ // to no
+ \OC_Appconfig::setValue('core', 'shareapi_exclude_groups', 'no');
+ $_POST['path'] = $this->filename;
+ $_POST['shareWith'] = \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2;
+ $_POST['shareType'] = \OCP\Share::SHARE_TYPE_USER;
+
+ $result = Share\Api::createShare(array());
+
+ $this->assertTrue($result->succeeded());
+ $data = $result->getData();
+
+ $share = $this->getShareFromId($data['id']);
+
+ $items = \OCP\Share::getItemShared('file', $share['item_source']);
+
+ $this->assertTrue(!empty($items));
+
+ $fileinfo = $this->view->getFileInfo($this->filename);
+
+ $result = \OCP\Share::unshare('file', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_USER,
+ \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2);
+
+ $this->assertTrue($result);
+
+ // exclude groups, but not the group the user belongs to. Sharing should still work
+ \OC_Appconfig::setValue('core', 'shareapi_exclude_groups', 'yes');
+ \OC_Appconfig::setValue('core', 'shareapi_exclude_groups_list', 'admin,group1,group2');
+
+ $_POST['path'] = $this->filename;
+ $_POST['shareWith'] = \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2;
+ $_POST['shareType'] = \OCP\Share::SHARE_TYPE_USER;
+
+ $result = Share\Api::createShare(array());
+
+ $this->assertTrue($result->succeeded());
+ $data = $result->getData();
+
+ $share = $this->getShareFromId($data['id']);
+
+ $items = \OCP\Share::getItemShared('file', $share['item_source']);
+
+ $this->assertTrue(!empty($items));
+
+ $fileinfo = $this->view->getFileInfo($this->filename);
+
+ $result = \OCP\Share::unshare('file', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_USER,
+ \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2);
+
+ $this->assertTrue($result);
+
+ // now we exclude the group the user belongs to ('group'), sharing should fail now
+ \OC_Appconfig::setValue('core', 'shareapi_exclude_groups_list', 'admin,group');
+
+ $_POST['path'] = $this->filename;
+ $_POST['shareWith'] = \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2;
+ $_POST['shareType'] = \OCP\Share::SHARE_TYPE_USER;
+
+ $result = Share\Api::createShare(array());
+
+ $this->assertFalse($result->succeeded());
+
+ // cleanup
+ \OC_Appconfig::setValue('core', 'shareapi_exclude_groups', 'no');
+ \OC_Appconfig::setValue('core', 'shareapi_exclude_groups_list', '');
+ }
+
/**
* @medium
diff --git a/apps/files_sharing/tests/base.php b/apps/files_sharing/tests/base.php
index 7cd36b9d419..34ec4a36ede 100644
--- a/apps/files_sharing/tests/base.php
+++ b/apps/files_sharing/tests/base.php
@@ -109,6 +109,8 @@ abstract class Test_Files_Sharing_Base extends \PHPUnit_Framework_TestCase {
if ($create) {
\OC_User::createUser($user, $password);
+ \OC_Group::createGroup('group');
+ \OC_Group::addToGroup($user, 'group');
}
\OC_Util::tearDownFS();
diff --git a/apps/files_sharing/tests/proxy.php b/apps/files_sharing/tests/proxy.php
index 402402082df..634ed86db54 100644
--- a/apps/files_sharing/tests/proxy.php
+++ b/apps/files_sharing/tests/proxy.php
@@ -25,9 +25,9 @@ require_once __DIR__ . '/base.php';
use OCA\Files\Share;
/**
- * Class Test_Files_Sharing_Api
+ * Class Test_Files_Sharing_Proxy
*/
-class Test_Files_Sharing_Api extends Test_Files_Sharing_Base {
+class Test_Files_Sharing_Proxy extends Test_Files_Sharing_Base {
const TEST_FOLDER_NAME = '/folder_share_api_test';
diff --git a/core/js/config.php b/core/js/config.php
index 33665b8401c..80b1b6d242d 100644
--- a/core/js/config.php
+++ b/core/js/config.php
@@ -80,6 +80,7 @@ $array = array(
'defaultExpireDate' => $defaultExpireDate,
'defaultExpireDateEnforced' => $enforceDefaultExpireDate,
'enforcePasswordForPublicLink' => \OCP\Util::isPublicLinkPasswordRequired(),
+ 'sharingDisabledForUser' => \OCP\Util::isSharingDisabledForUser(),
)
)
),
diff --git a/lib/private/files/cache/permissions.php b/lib/private/files/cache/permissions.php
index 2e2bdb20b78..eba18af3863 100644
--- a/lib/private/files/cache/permissions.php
+++ b/lib/private/files/cache/permissions.php
@@ -36,7 +36,7 @@ class Permissions {
$sql = 'SELECT `permissions` FROM `*PREFIX*permissions` WHERE `user` = ? AND `fileid` = ?';
$result = \OC_DB::executeAudited($sql, array($user, $fileId));
if ($row = $result->fetchRow()) {
- return $row['permissions'];
+ return $this->updatePermissions($row['permissions']);
} else {
return -1;
}
@@ -78,7 +78,7 @@ class Permissions {
$result = \OC_DB::executeAudited($sql, $params);
$filePermissions = array();
while ($row = $result->fetchRow()) {
- $filePermissions[$row['fileid']] = $row['permissions'];
+ $filePermissions[$row['fileid']] = $this->updatePermissions($row['permissions']);
}
return $filePermissions;
}
@@ -99,7 +99,7 @@ class Permissions {
$result = \OC_DB::executeAudited($sql, array($parentId, $user));
$filePermissions = array();
while ($row = $result->fetchRow()) {
- $filePermissions[$row['fileid']] = $row['permissions'];
+ $filePermissions[$row['fileid']] = $this->updatePermissions($row['permissions']);
}
return $filePermissions;
}
@@ -140,4 +140,17 @@ class Permissions {
}
return $users;
}
+
+ /**
+ * check if admin removed the share permission for the user and update the permissions
+ *
+ * @param int $permissions
+ * @return int
+ */
+ protected function updatePermissions($permissions) {
+ if (\OCP\Util::isSharingDisabledForUser()) {
+ $permissions &= ~\OCP\PERMISSION_SHARE;
+ }
+ return $permissions;
+ }
}
diff --git a/lib/private/files/storage/common.php b/lib/private/files/storage/common.php
index fef33cabd87..b03ae7d0517 100644
--- a/lib/private/files/storage/common.php
+++ b/lib/private/files/storage/common.php
@@ -81,6 +81,10 @@ abstract class Common implements \OC\Files\Storage\Storage {
}
public function isSharable($path) {
+ if (\OC_Util::isSharingDisabledForUser()) {
+ return false;
+ }
+
return $this->isReadable($path);
}
diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 16bc492d383..46796c26370 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -485,15 +485,23 @@ class Share extends \OC\Share\Constants {
$itemSourceName = $itemSource;
}
- // verify that the file exists before we try to share it
+ // check if file can be shared
if ($itemType === 'file' or $itemType === 'folder') {
$path = \OC\Files\Filesystem::getPath($itemSource);
+ // verify that the file exists before we try to share it
if (!$path) {
$message = 'Sharing %s failed, because the file does not exist';
$message_t = $l->t('Sharing %s failed, because the file does not exist', array($itemSourceName));
\OC_Log::write('OCP\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR);
throw new \Exception($message_t);
}
+ // verify that the user has share permission
+ if (!\OC\Files\Filesystem::isSharable($path)) {
+ $message = 'You are not allowed to share %s';
+ $message_t = $l->t('You are not allowed to share %s', array($itemSourceName));
+ \OC_Log::write('OCP\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR);
+ throw new \Exception($message_t);
+ }
}
//verify that we don't share a folder which already contains a share mount point
diff --git a/lib/private/util.php b/lib/private/util.php
index c018721afe3..23c7053002c 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -97,6 +97,29 @@ class OC_Util {
}
/**
+ * check if sharing is disabled for the current user
+ *
+ * @return boolean
+ */
+ public static function isSharingDisabledForUser() {
+ if (\OC_Appconfig::getValue('core', 'shareapi_exclude_groups', 'no') === 'yes') {
+ $user = \OCP\User::getUser();
+ $groupsList = \OC_Appconfig::getValue('core', 'shareapi_exclude_groups_list', '');
+ $excludedGroups = explode(',', $groupsList);
+ $usersGroups = \OC_Group::getUserGroups($user);
+ if (!empty($usersGroups)) {
+ $remainingGroups = array_diff($usersGroups, $excludedGroups);
+ // if the user is only in groups which are disabled for sharing then
+ // sharing is also disabled for the user
+ if (empty($remainingGroups)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
* Get the quota of a user
* @param string $user
* @return int Quota bytes
diff --git a/lib/public/util.php b/lib/public/util.php
index 3166d4040d8..d1faec3997f 100644
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -117,6 +117,15 @@ class Util {
}
/**
+ * check if sharing is disabled for the current user
+ *
+ * @return boolean
+ */
+ public static function isSharingDisabledForUser() {
+ return \OC_Util::isSharingDisabledForUser();
+ }
+
+ /**
* get l10n object
* @param string $application
* @return \OC_L10N
diff --git a/settings/admin.php b/settings/admin.php
index f9406246e76..699ba97edd5 100755
--- a/settings/admin.php
+++ b/settings/admin.php
@@ -10,6 +10,7 @@ OC_Util::checkAdminUser();
OC_Util::addStyle( "settings", "settings" );
OC_Util::addScript( "settings", "admin" );
OC_Util::addScript( "settings", "log" );
+OC_Util::addScript( 'core', 'multiselect' );
OC_App::setActiveNavigationEntry( "admin" );
$tmpl = new OC_Template( 'settings', 'admin', 'user');
@@ -48,6 +49,23 @@ $tmpl->assign('shareAPIEnabled', OC_Appconfig::getValue('core', 'shareapi_enable
$tmpl->assign('shareDefaultExpireDateSet', OC_Appconfig::getValue('core', 'shareapi_default_expire_date', 'no'));
$tmpl->assign('shareExpireAfterNDays', OC_Appconfig::getValue('core', 'shareapi_expire_after_n_days', '7'));
$tmpl->assign('shareEnforceExpireDate', OC_Appconfig::getValue('core', 'shareapi_enforce_expire_date', 'no'));
+$excludeGroups = OC_Appconfig::getValue('core', 'shareapi_exclude_groups', 'no') === 'yes' ? true : false;
+$tmpl->assign('shareExcludeGroups', $excludeGroups);
+$allGroups = OC_Group::getGroups();
+$excludedGroupsList = OC_Appconfig::getValue('core', 'shareapi_exclude_groups_list', '');
+$excludedGroups = $excludedGroupsList !== '' ? explode(',', $excludedGroupsList) : array();
+$groups = array();
+foreach ($allGroups as $group) {
+ if (in_array($group, $excludedGroups)) {
+ $groups[$group] = array('gid' => $group,
+ 'excluded' => true);
+ } else {
+ $groups[$group] = array('gid' => $group,
+ 'excluded' => false);
+ }
+}
+ksort($groups);
+$tmpl->assign('groups', $groups);
// Check if connected using HTTPS
diff --git a/settings/ajax/excludegroups.php b/settings/ajax/excludegroups.php
new file mode 100644
index 00000000000..2934a448a6a
--- /dev/null
+++ b/settings/ajax/excludegroups.php
@@ -0,0 +1,18 @@
+<?php
+OC_JSON::checkSubAdminUser();
+OCP\JSON::callCheck();
+
+$selectedGroups = isset($_POST["selectedGroups"]) ? json_decode($_POST["selectedGroups"]) : array();
+$changedGroup = isset($_POST["changedGroup"]) ? $_POST["changedGroup"] : '';
+
+if ($changedGroup !== '') {
+ if(($key = array_search($changedGroup, $selectedGroups)) !== false) {
+ unset($selectedGroups[$key]);
+ } else {
+ $selectedGroups[] = $changedGroup;
+ }
+} else {
+ \OCP\Util::writeLog('core', 'Can not update list of excluded groups from sharing, parameter missing', \OCP\Util::WARN);
+}
+
+\OC_Appconfig::setValue('core', 'shareapi_exclude_groups_list', implode(',', $selectedGroups));
diff --git a/settings/css/settings.css b/settings/css/settings.css
index 2056e567b38..d0e44e721b4 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -158,6 +158,15 @@ table.shareAPI .indent { padding-left: 2em; }
vertical-align: text-bottom;
}
+#selectGroups select {
+ -moz-box-sizing: border-box;
+ -webkit-box-sizing: border-box;
+ box-sizing: border-box;
+ display: inline-block;
+ height: 36px;
+ padding: 7px 10px
+}
+
span.success {
background: #37ce02;
border-radius: 8px;
diff --git a/settings/js/admin.js b/settings/js/admin.js
index cd11e68442a..249131464a8 100644
--- a/settings/js/admin.js
+++ b/settings/js/admin.js
@@ -1,4 +1,49 @@
+var SharingGroupList = {
+ applyMultipleSelect: function(element) {
+ var checked = [];
+ if ($(element).hasClass('groupsselect')) {
+ if (element.data('userGroups')) {
+ checked = element.data('userGroups');
+ }
+ var checkHandeler = function(group) {
+ $.post(OC.filePath('settings', 'ajax', 'excludegroups.php'),
+ {changedGroup: group, selectedGroups: JSON.stringify(checked)},
+ function() {});
+ };
+
+
+ var addGroup = function(select, group) {
+ $(this).each(function(index, element) {
+ if ($(element).find('option[value="' + group + '"]').length === 0 &&
+ select.data('msid') !== $(element).data('msid')) {
+ $(element).append('<option value="' + escapeHTML(group) + '">' +
+ escapeHTML(group) + '</option>');
+ }
+ });
+ };
+
+ var label = null;
+ element.multiSelect({
+ createCallback: addGroup,
+ createText: label,
+ selectedFirst: true,
+ checked: checked,
+ oncheck: checkHandeler,
+ onuncheck: checkHandeler,
+ minWidth: 100
+ });
+
+ }
+ }
+};
+
$(document).ready(function(){
+
+ $('select#excludedGroups[multiple]').each(function (index, element) {
+ SharingGroupList.applyMultipleSelect($(element));
+ });
+
+
$('#loglevel').change(function(){
$.post(OC.filePath('settings','ajax','setloglevel.php'), { level: $(this).val() },function(){
OC.Log.reload();
@@ -84,4 +129,8 @@ $(document).ready(function(){
OC.msg.finishedAction('#sendtestmail_msg', data);
});
});
+
+ $('#shareapiExcludeGroups').change(function() {
+ $("#selectExcludedGroups").toggleClass('hidden', !this.checked);
+ });
});
diff --git a/settings/routes.php b/settings/routes.php
index 21d406beeca..0e0f293b9be 100644
--- a/settings/routes.php
+++ b/settings/routes.php
@@ -84,3 +84,5 @@ $this->create('settings_admin_mail_test', '/settings/admin/mailtest')
->action('OC\Settings\Admin\Controller', 'sendTestMail');
$this->create('settings_ajax_setsecurity', '/settings/ajax/setsecurity.php')
->actionInclude('settings/ajax/setsecurity.php');
+$this->create('settings_ajax_excludegroups', '/settings/ajax/excludegroups.php')
+ ->actionInclude('settings/ajax/excludegroups.php');
diff --git a/settings/templates/admin.php b/settings/templates/admin.php
index d1f519a072d..a4a3698d3bd 100644
--- a/settings/templates/admin.php
+++ b/settings/templates/admin.php
@@ -240,9 +240,6 @@ if (!$_['internetconnectionworking']) {
</div>
<em><?php p($l->t('Allow users to share items to the public with links')); ?></em>
-
-
-
</td>
</tr>
<tr>
@@ -271,7 +268,24 @@ if (!$_['internetconnectionworking']) {
<em><?php p($l->t('Allow users to send mail notification for shared files')); ?></em>
</td>
</tr>
-
+ <tr>
+ <td <?php if ($_['shareAPIEnabled'] === 'no') print_unescaped('class="hidden"');?>>
+ <input type="checkbox" name="shareapi_exclude_groups" id="shareapiExcludeGroups"
+ value="1" <?php if ($_['shareExcludeGroups']) print_unescaped('checked="checked"'); ?> />
+ <label for="shareapiExcludeGroups"><?php p($l->t('Exclude groups from sharing'));?></label><br/>
+ <div id="selectExcludedGroups" class="<?php ($_['shareExcludeGroups']) ? p('indent') : p('hidden indent'); ?>">
+ <select
+ class="groupsselect"
+ id="excludedGroups" data-placeholder="groups"
+ title="<?php p($l->t('Groups'))?>" multiple="multiple">
+ <?php foreach($_["groups"] as $group): ?>
+ <option value="<?php p($group['gid'])?>" <?php if($group['excluded']) { p('selected="selected"'); }?>><?php p($group['gid']);?></option>
+ <?php endforeach;?>
+ </select>
+ </div>
+ <em><?php p($l->t('These groups will still be able to receive shares, but not to initiate them.')); ?></em>
+ </td>
+ </tr>
</table>
</div>
diff --git a/tests/lib/util.php b/tests/lib/util.php
index c4780cc5f48..4dc7813d918 100644
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@@ -235,4 +235,59 @@ class Test_Util extends PHPUnit_Framework_TestCase {
array(' .', false),
);
}
+
+ /**
+ * @dataProvider dataProviderForTestIsSharingDisabledForUser
+ * @param array $groups existing groups
+ * @param array $membership groups the user belong to
+ * @param array $excludedGroups groups which should be excluded from sharing
+ * @param bool $expected expected result
+ */
+ function testIsSharingDisabledForUser($groups, $membership, $excludedGroups, $expected) {
+ $uid = "user1";
+ \OC_User::setUserId($uid);
+
+ \OC_User::createUser($uid, "passwd");
+
+ foreach($groups as $group) {
+ \OC_Group::createGroup($group);
+ }
+
+ foreach($membership as $group) {
+ \OC_Group::addToGroup($uid, $group);
+ }
+
+ $appConfig = \OC::$server->getAppConfig();
+ $appConfig->setValue('core', 'shareapi_exclude_groups_list', implode(',', $excludedGroups));
+ $appConfig->setValue('core', 'shareapi_exclude_groups', 'yes');
+
+ $result = \OCP\Util::isSharingDisabledForUser();
+
+ $this->assertSame($expected, $result);
+
+ // cleanup
+ \OC_User::deleteUser($uid);
+ \OC_User::setUserId('');
+
+ foreach($groups as $group) {
+ \OC_Group::deleteGroup($group);
+ }
+
+ $appConfig->setValue('core', 'shareapi_exclude_groups_list', '');
+ $appConfig->setValue('core', 'shareapi_exclude_groups', 'no');
+
+ }
+
+ public function dataProviderForTestIsSharingDisabledForUser() {
+ return array(
+ // existing groups, groups the user belong to, groups excluded from sharing, expected result
+ array(array('g1', 'g2', 'g3'), array(), array('g1'), false),
+ array(array('g1', 'g2', 'g3'), array(), array(), false),
+ array(array('g1', 'g2', 'g3'), array('g2'), array('g1'), false),
+ array(array('g1', 'g2', 'g3'), array('g2'), array(), false),
+ array(array('g1', 'g2', 'g3'), array('g1', 'g2'), array('g1'), false),
+ array(array('g1', 'g2', 'g3'), array('g1', 'g2'), array('g1', 'g2'), true),
+ array(array('g1', 'g2', 'g3'), array('g1', 'g2'), array('g1', 'g2', 'g3'), true),
+ );
+ }
}