diff options
author | Bjoern Schiessle <bjoern@schiessle.org> | 2018-06-25 11:14:26 +0200 |
---|---|---|
committer | Bjoern Schiessle <bjoern@schiessle.org> | 2018-07-02 11:29:31 +0200 |
commit | cdf8abb060c596fec937bdc7ec4f287b22b240a3 (patch) | |
tree | 360c4894a875c4c6bab9b8ee152bcd224f4da2da | |
parent | 086e7a0aa2556cdcba1e246875448f9616ef3b72 (diff) | |
download | nextcloud-server-cdf8abb060c596fec937bdc7ec4f287b22b240a3.tar.gz nextcloud-server-cdf8abb060c596fec937bdc7ec4f287b22b240a3.zip |
look for correct OCM permissions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
-rw-r--r-- | apps/dav/lib/Connector/Sabre/FilesPlugin.php | 38 | ||||
-rw-r--r-- | apps/files_sharing/lib/External/Storage.php | 62 | ||||
-rw-r--r-- | lib/private/Federation/CloudFederationShare.php | 2 |
3 files changed, 95 insertions, 7 deletions
diff --git a/apps/dav/lib/Connector/Sabre/FilesPlugin.php b/apps/dav/lib/Connector/Sabre/FilesPlugin.php index f36ebe5636c..f53f13c5687 100644 --- a/apps/dav/lib/Connector/Sabre/FilesPlugin.php +++ b/apps/dav/lib/Connector/Sabre/FilesPlugin.php @@ -33,6 +33,7 @@ namespace OCA\DAV\Connector\Sabre; use OC\AppFramework\Http\Request; +use OCP\Constants; use OCP\Files\ForbiddenException; use OCP\IPreview; use Sabre\DAV\Exception\Forbidden; @@ -57,6 +58,7 @@ class FilesPlugin extends ServerPlugin { const INTERNAL_FILEID_PROPERTYNAME = '{http://owncloud.org/ns}fileid'; const PERMISSIONS_PROPERTYNAME = '{http://owncloud.org/ns}permissions'; const SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-collaboration-services.org/ns}share-permissions'; + const OCM_SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-cloud-mesh.org/ns}share-permissions'; const DOWNLOADURL_PROPERTYNAME = '{http://owncloud.org/ns}downloadURL'; const SIZE_PROPERTYNAME = '{http://owncloud.org/ns}size'; const GETETAG_PROPERTYNAME = '{DAV:}getetag'; @@ -149,6 +151,7 @@ class FilesPlugin extends ServerPlugin { $server->protectedProperties[] = self::INTERNAL_FILEID_PROPERTYNAME; $server->protectedProperties[] = self::PERMISSIONS_PROPERTYNAME; $server->protectedProperties[] = self::SHARE_PERMISSIONS_PROPERTYNAME; + $server->protectedProperties[] = self::OCM_SHARE_PERMISSIONS_PROPERTYNAME; $server->protectedProperties[] = self::SIZE_PROPERTYNAME; $server->protectedProperties[] = self::DOWNLOADURL_PROPERTYNAME; $server->protectedProperties[] = self::OWNER_ID_PROPERTYNAME; @@ -318,6 +321,14 @@ class FilesPlugin extends ServerPlugin { ); }); + $propFind->handle(self::OCM_SHARE_PERMISSIONS_PROPERTYNAME, function() use ($node, $httpRequest) { + $ncPermissions = $node->getSharePermissions( + $httpRequest->getRawServerValue('PHP_AUTH_USER') + ); + $ocmPermissions = $this->ncPermissions2ocmPermissions($ncPermissions); + return json_encode($ocmPermissions); + }); + $propFind->handle(self::GETETAG_PROPERTYNAME, function() use ($node) { return $node->getETag(); }); @@ -395,6 +406,33 @@ class FilesPlugin extends ServerPlugin { } /** + * translate Nextcloud permissions to OCM Permissions + * + * @param $ncPermissions + * @return array + */ + protected function ncPermissions2ocmPermissions($ncPermissions) { + + $ocmPermissions = []; + + if ($ncPermissions & Constants::PERMISSION_SHARE) { + $ocmPermissions[] = 'share'; + } + + if ($ncPermissions & Constants::PERMISSION_READ) { + $ocmPermissions[] = 'read'; + } + + if (($ncPermissions & Constants::PERMISSION_CREATE) || + ($ncPermissions & Constants::PERMISSION_UPDATE)) { + $ocmPermissions[] = 'write'; + } + + return $ocmPermissions; + + } + + /** * Update ownCloud-specific properties * * @param string $path diff --git a/apps/files_sharing/lib/External/Storage.php b/apps/files_sharing/lib/External/Storage.php index a631a029aba..dadb1def702 100644 --- a/apps/files_sharing/lib/External/Storage.php +++ b/apps/files_sharing/lib/External/Storage.php @@ -36,6 +36,7 @@ use OC\Files\Storage\DAV; use OC\ForbiddenException; use OCA\Files_Sharing\ISharedStorage; use OCP\AppFramework\Http; +use OCP\Constants; use OCP\Federation\ICloudId; use OCP\Files\NotFoundException; use OCP\Files\StorageInvalidException; @@ -347,20 +348,20 @@ class Storage extends DAV implements ISharedStorage { if (\OCP\Util::isSharingDisabledForUser() || !\OC\Share\Share::isResharingAllowed()) { return false; } - return ($this->getPermissions($path) & \OCP\Constants::PERMISSION_SHARE); + return ($this->getPermissions($path) & Constants::PERMISSION_SHARE); } public function getPermissions($path) { $response = $this->propfind($path); + // old federated sharing permissions if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) { $permissions = $response['{http://open-collaboration-services.org/ns}share-permissions']; + } else if (isset($response['{http://open-cloud-mesh.org/ns}share-permissions'])) { + // permissions provided by the OCM API + $permissions = $this->ocmPermissions2ncPermissions($response['{http://open-collaboration-services.org/ns}share-permissions']); } else { // use default permission if remote server doesn't provide the share permissions - if ($this->is_dir($path)) { - $permissions = \OCP\Constants::PERMISSION_ALL; - } else { - $permissions = \OCP\Constants::PERMISSION_ALL & ~\OCP\Constants::PERMISSION_CREATE; - } + $permissions = $this->getDefaultPermissions($path); } return $permissions; @@ -369,4 +370,53 @@ class Storage extends DAV implements ISharedStorage { public function needsPartFile() { return false; } + + /** + * translate OCM Permissions to Nextcloud permissions + * + * @param string $ocmPermissions json encoded OCM permissions + * @param string $path path to file + * @return int + */ + protected function ocmPermissions2ncPermissions($ocmPermissions, $path) { + try { + $ocmPermissions = json_decode($ocmPermissions); + $ncPermissions = 0; + foreach($ocmPermissions as $permission) { + switch (strtolower($permission)) { + case 'read': + $ncPermissions += Constants::PERMISSION_READ; + break; + case 'write': + $ncPermissions += Constants::PERMISSION_CREATE + Constants::PERMISSION_UPDATE; + break; + case 'share': + $ncPermissions += Constants::PERMISSION_SHARE; + break; + default: + throw new \Exception(); + } + } + } catch (\Exception $e) { + $ncPermissions = $this->getDefaultPermissions($path); + } + + return $ncPermissions; + } + + /** + * calculate default permissions in case no permissions are provided + * + * @param $path + * @return int + */ + protected function getDefaultPermissions($path) { + if ($this->is_dir($path)) { + $permissions = Constants::PERMISSION_ALL; + } else { + $permissions = Constants::PERMISSION_ALL & ~Constants::PERMISSION_CREATE; + } + + return $permissions; + } } diff --git a/lib/private/Federation/CloudFederationShare.php b/lib/private/Federation/CloudFederationShare.php index d26073be822..0c2795188f0 100644 --- a/lib/private/Federation/CloudFederationShare.php +++ b/lib/private/Federation/CloudFederationShare.php @@ -78,7 +78,7 @@ class CloudFederationShare implements ICloudFederationShare { 'name' => 'webdav', 'options' => [ 'sharedSecret' => $sharedSecret, - 'permissions' => '{http://open-collaboration-services.org/ns}share-permissions' + 'permissions' => '{http://open-cloud-mesh.org/ns}share-permissions' ] ]); $this->setShareType($shareType); |