diff options
author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2017-01-06 16:17:09 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-06 16:17:09 +0100 |
commit | 6347d97c7fb052f8c7f51ddbd410002156ba2d6d (patch) | |
tree | cb3986daa369d689cd226ee549f3651018034852 /apps/dav | |
parent | 4a2fbe9a5b6fd17781dd6de78b1247824618d717 (diff) | |
parent | 9ea432f88c47a8e387e6f8144ef1d8bd663d03dd (diff) | |
download | nextcloud-server-6347d97c7fb052f8c7f51ddbd410002156ba2d6d.tar.gz nextcloud-server-6347d97c7fb052f8c7f51ddbd410002156ba2d6d.zip |
Merge pull request #2512 from nextcloud/cleanup-system-tag-usage
Only allow admins to delete tags
Diffstat (limited to 'apps/dav')
-rw-r--r-- | apps/dav/lib/SystemTag/SystemTagNode.php | 7 | ||||
-rw-r--r-- | apps/dav/tests/unit/SystemTag/SystemTagNodeTest.php | 42 |
2 files changed, 17 insertions, 32 deletions
diff --git a/apps/dav/lib/SystemTag/SystemTagNode.php b/apps/dav/lib/SystemTag/SystemTagNode.php index 36fddcd8240..bd21082f783 100644 --- a/apps/dav/lib/SystemTag/SystemTagNode.php +++ b/apps/dav/lib/SystemTag/SystemTagNode.php @@ -157,12 +157,13 @@ class SystemTagNode implements \Sabre\DAV\INode { public function delete() { try { + if (!$this->isAdmin) { + throw new Forbidden('No permission to delete tag ' . $this->tag->getId()); + } + if (!$this->tagManager->canUserSeeTag($this->tag, $this->user)) { throw new NotFound('Tag with id ' . $this->tag->getId() . ' not found'); } - if (!$this->tagManager->canUserAssignTag($this->tag, $this->user)) { - throw new Forbidden('No permission to delete tag ' . $this->tag->getId()); - } $this->tagManager->deleteTags($this->tag->getId()); } catch (TagNotFoundException $e) { diff --git a/apps/dav/tests/unit/SystemTag/SystemTagNodeTest.php b/apps/dav/tests/unit/SystemTag/SystemTagNodeTest.php index 43674f4b795..3722bd9d25a 100644 --- a/apps/dav/tests/unit/SystemTag/SystemTagNodeTest.php +++ b/apps/dav/tests/unit/SystemTag/SystemTagNodeTest.php @@ -24,19 +24,17 @@ namespace OCA\DAV\Tests\unit\SystemTag; -use Sabre\DAV\Exception\NotFound; -use Sabre\DAV\Exception\MethodNotAllowed; -use Sabre\DAV\Exception\Conflict; use OC\SystemTag\SystemTag; use OCP\SystemTag\TagNotFoundException; use OCP\SystemTag\TagAlreadyExistsException; use OCP\SystemTag\ISystemTag; +use Sabre\DAV\Exception\Forbidden; class SystemTagNodeTest extends \Test\TestCase { /** - * @var \OCP\SystemTag\ISystemTagManager + * @var \OCP\SystemTag\ISystemTagManager|\PHPUnit_Framework_MockObject_MockObject */ private $tagManager; @@ -113,7 +111,7 @@ class SystemTagNodeTest extends \Test\TestCase { /** * @dataProvider tagNodeProvider */ - public function testUpdateTag($isAdmin, $originalTag, $changedArgs) { + public function testUpdateTag($isAdmin, ISystemTag $originalTag, $changedArgs) { $this->tagManager->expects($this->once()) ->method('canUserSeeTag') ->with($originalTag) @@ -173,7 +171,7 @@ class SystemTagNodeTest extends \Test\TestCase { /** * @dataProvider tagNodeProviderPermissionException */ - public function testUpdateTagPermissionException($originalTag, $changedArgs, $expectedException = null) { + public function testUpdateTagPermissionException(ISystemTag $originalTag, $changedArgs, $expectedException = null) { $this->tagManager->expects($this->any()) ->method('canUserSeeTag') ->with($originalTag) @@ -242,17 +240,16 @@ class SystemTagNodeTest extends \Test\TestCase { */ public function testDeleteTag($isAdmin) { $tag = new SystemTag(1, 'tag1', true, true); - $this->tagManager->expects($this->once()) + $this->tagManager->expects($isAdmin ? $this->once() : $this->never()) ->method('canUserSeeTag') ->with($tag) ->will($this->returnValue(true)); - $this->tagManager->expects($this->once()) - ->method('canUserAssignTag') - ->with($tag) - ->will($this->returnValue(true)); - $this->tagManager->expects($this->once()) + $this->tagManager->expects($isAdmin ? $this->once() : $this->never()) ->method('deleteTags') ->with('1'); + if (!$isAdmin) { + $this->setExpectedException(Forbidden::class); + } $this->getTagNode($isAdmin, $tag)->delete(); } @@ -261,7 +258,7 @@ class SystemTagNodeTest extends \Test\TestCase { [ // cannot delete invisible tag new SystemTag(1, 'Original', false, true), - 'Sabre\DAV\Exception\NotFound', + 'Sabre\DAV\Exception\Forbidden', ], [ // cannot delete non-assignable tag @@ -279,20 +276,11 @@ class SystemTagNodeTest extends \Test\TestCase { ->method('canUserSeeTag') ->with($tag) ->will($this->returnValue($tag->isUserVisible())); - $this->tagManager->expects($this->any()) - ->method('canUserAssignTag') - ->with($tag) - ->will($this->returnValue($tag->isUserAssignable())); $this->tagManager->expects($this->never()) ->method('deleteTags'); - try { - $this->getTagNode(false, $tag)->delete(); - } catch (\Exception $e) { - $thrown = $e; - } - - $this->assertInstanceOf($expectedException, $thrown); + $this->setExpectedException($expectedException); + $this->getTagNode(false, $tag)->delete(); } /** @@ -304,14 +292,10 @@ class SystemTagNodeTest extends \Test\TestCase { ->method('canUserSeeTag') ->with($tag) ->will($this->returnValue($tag->isUserVisible())); - $this->tagManager->expects($this->any()) - ->method('canUserAssignTag') - ->with($tag) - ->will($this->returnValue($tag->isUserAssignable())); $this->tagManager->expects($this->once()) ->method('deleteTags') ->with('1') ->will($this->throwException(new TagNotFoundException())); - $this->getTagNode(false, $tag)->delete(); + $this->getTagNode(true, $tag)->delete(); } } |