aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBjoern Schiessle <bjoern@schiessle.org>2018-06-25 11:14:26 +0200
committerBjoern Schiessle <bjoern@schiessle.org>2018-07-02 11:29:31 +0200
commitcdf8abb060c596fec937bdc7ec4f287b22b240a3 (patch)
tree360c4894a875c4c6bab9b8ee152bcd224f4da2da
parent086e7a0aa2556cdcba1e246875448f9616ef3b72 (diff)
downloadnextcloud-server-cdf8abb060c596fec937bdc7ec4f287b22b240a3.tar.gz
nextcloud-server-cdf8abb060c596fec937bdc7ec4f287b22b240a3.zip
look for correct OCM permissions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
-rw-r--r--apps/dav/lib/Connector/Sabre/FilesPlugin.php38
-rw-r--r--apps/files_sharing/lib/External/Storage.php62
-rw-r--r--lib/private/Federation/CloudFederationShare.php2
3 files changed, 95 insertions, 7 deletions
diff --git a/apps/dav/lib/Connector/Sabre/FilesPlugin.php b/apps/dav/lib/Connector/Sabre/FilesPlugin.php
index f36ebe5636c..f53f13c5687 100644
--- a/apps/dav/lib/Connector/Sabre/FilesPlugin.php
+++ b/apps/dav/lib/Connector/Sabre/FilesPlugin.php
@@ -33,6 +33,7 @@
namespace OCA\DAV\Connector\Sabre;
use OC\AppFramework\Http\Request;
+use OCP\Constants;
use OCP\Files\ForbiddenException;
use OCP\IPreview;
use Sabre\DAV\Exception\Forbidden;
@@ -57,6 +58,7 @@ class FilesPlugin extends ServerPlugin {
const INTERNAL_FILEID_PROPERTYNAME = '{http://owncloud.org/ns}fileid';
const PERMISSIONS_PROPERTYNAME = '{http://owncloud.org/ns}permissions';
const SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-collaboration-services.org/ns}share-permissions';
+ const OCM_SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-cloud-mesh.org/ns}share-permissions';
const DOWNLOADURL_PROPERTYNAME = '{http://owncloud.org/ns}downloadURL';
const SIZE_PROPERTYNAME = '{http://owncloud.org/ns}size';
const GETETAG_PROPERTYNAME = '{DAV:}getetag';
@@ -149,6 +151,7 @@ class FilesPlugin extends ServerPlugin {
$server->protectedProperties[] = self::INTERNAL_FILEID_PROPERTYNAME;
$server->protectedProperties[] = self::PERMISSIONS_PROPERTYNAME;
$server->protectedProperties[] = self::SHARE_PERMISSIONS_PROPERTYNAME;
+ $server->protectedProperties[] = self::OCM_SHARE_PERMISSIONS_PROPERTYNAME;
$server->protectedProperties[] = self::SIZE_PROPERTYNAME;
$server->protectedProperties[] = self::DOWNLOADURL_PROPERTYNAME;
$server->protectedProperties[] = self::OWNER_ID_PROPERTYNAME;
@@ -318,6 +321,14 @@ class FilesPlugin extends ServerPlugin {
);
});
+ $propFind->handle(self::OCM_SHARE_PERMISSIONS_PROPERTYNAME, function() use ($node, $httpRequest) {
+ $ncPermissions = $node->getSharePermissions(
+ $httpRequest->getRawServerValue('PHP_AUTH_USER')
+ );
+ $ocmPermissions = $this->ncPermissions2ocmPermissions($ncPermissions);
+ return json_encode($ocmPermissions);
+ });
+
$propFind->handle(self::GETETAG_PROPERTYNAME, function() use ($node) {
return $node->getETag();
});
@@ -395,6 +406,33 @@ class FilesPlugin extends ServerPlugin {
}
/**
+ * translate Nextcloud permissions to OCM Permissions
+ *
+ * @param $ncPermissions
+ * @return array
+ */
+ protected function ncPermissions2ocmPermissions($ncPermissions) {
+
+ $ocmPermissions = [];
+
+ if ($ncPermissions & Constants::PERMISSION_SHARE) {
+ $ocmPermissions[] = 'share';
+ }
+
+ if ($ncPermissions & Constants::PERMISSION_READ) {
+ $ocmPermissions[] = 'read';
+ }
+
+ if (($ncPermissions & Constants::PERMISSION_CREATE) ||
+ ($ncPermissions & Constants::PERMISSION_UPDATE)) {
+ $ocmPermissions[] = 'write';
+ }
+
+ return $ocmPermissions;
+
+ }
+
+ /**
* Update ownCloud-specific properties
*
* @param string $path
diff --git a/apps/files_sharing/lib/External/Storage.php b/apps/files_sharing/lib/External/Storage.php
index a631a029aba..dadb1def702 100644
--- a/apps/files_sharing/lib/External/Storage.php
+++ b/apps/files_sharing/lib/External/Storage.php
@@ -36,6 +36,7 @@ use OC\Files\Storage\DAV;
use OC\ForbiddenException;
use OCA\Files_Sharing\ISharedStorage;
use OCP\AppFramework\Http;
+use OCP\Constants;
use OCP\Federation\ICloudId;
use OCP\Files\NotFoundException;
use OCP\Files\StorageInvalidException;
@@ -347,20 +348,20 @@ class Storage extends DAV implements ISharedStorage {
if (\OCP\Util::isSharingDisabledForUser() || !\OC\Share\Share::isResharingAllowed()) {
return false;
}
- return ($this->getPermissions($path) & \OCP\Constants::PERMISSION_SHARE);
+ return ($this->getPermissions($path) & Constants::PERMISSION_SHARE);
}
public function getPermissions($path) {
$response = $this->propfind($path);
+ // old federated sharing permissions
if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) {
$permissions = $response['{http://open-collaboration-services.org/ns}share-permissions'];
+ } else if (isset($response['{http://open-cloud-mesh.org/ns}share-permissions'])) {
+ // permissions provided by the OCM API
+ $permissions = $this->ocmPermissions2ncPermissions($response['{http://open-collaboration-services.org/ns}share-permissions']);
} else {
// use default permission if remote server doesn't provide the share permissions
- if ($this->is_dir($path)) {
- $permissions = \OCP\Constants::PERMISSION_ALL;
- } else {
- $permissions = \OCP\Constants::PERMISSION_ALL & ~\OCP\Constants::PERMISSION_CREATE;
- }
+ $permissions = $this->getDefaultPermissions($path);
}
return $permissions;
@@ -369,4 +370,53 @@ class Storage extends DAV implements ISharedStorage {
public function needsPartFile() {
return false;
}
+
+ /**
+ * translate OCM Permissions to Nextcloud permissions
+ *
+ * @param string $ocmPermissions json encoded OCM permissions
+ * @param string $path path to file
+ * @return int
+ */
+ protected function ocmPermissions2ncPermissions($ocmPermissions, $path) {
+ try {
+ $ocmPermissions = json_decode($ocmPermissions);
+ $ncPermissions = 0;
+ foreach($ocmPermissions as $permission) {
+ switch (strtolower($permission)) {
+ case 'read':
+ $ncPermissions += Constants::PERMISSION_READ;
+ break;
+ case 'write':
+ $ncPermissions += Constants::PERMISSION_CREATE + Constants::PERMISSION_UPDATE;
+ break;
+ case 'share':
+ $ncPermissions += Constants::PERMISSION_SHARE;
+ break;
+ default:
+ throw new \Exception();
+ }
+ }
+ } catch (\Exception $e) {
+ $ncPermissions = $this->getDefaultPermissions($path);
+ }
+
+ return $ncPermissions;
+ }
+
+ /**
+ * calculate default permissions in case no permissions are provided
+ *
+ * @param $path
+ * @return int
+ */
+ protected function getDefaultPermissions($path) {
+ if ($this->is_dir($path)) {
+ $permissions = Constants::PERMISSION_ALL;
+ } else {
+ $permissions = Constants::PERMISSION_ALL & ~Constants::PERMISSION_CREATE;
+ }
+
+ return $permissions;
+ }
}
diff --git a/lib/private/Federation/CloudFederationShare.php b/lib/private/Federation/CloudFederationShare.php
index d26073be822..0c2795188f0 100644
--- a/lib/private/Federation/CloudFederationShare.php
+++ b/lib/private/Federation/CloudFederationShare.php
@@ -78,7 +78,7 @@ class CloudFederationShare implements ICloudFederationShare {
'name' => 'webdav',
'options' => [
'sharedSecret' => $sharedSecret,
- 'permissions' => '{http://open-collaboration-services.org/ns}share-permissions'
+ 'permissions' => '{http://open-cloud-mesh.org/ns}share-permissions'
]
]);
$this->setShareType($shareType);