Introduce MODIFY permission for external storages

5 files changed, 21 insertions, 11 deletions

diff --git a/apps/files_external/controller/globalstoragescontroller.php b/apps/files_external/controller/globalstoragescontroller.php
index 32408420039..7d97fdbb4f4 100644
--- a/apps/files_external/controller/globalstoragescontroller.php
+++ b/apps/files_external/controller/globalstoragescontroller.php
@@ -98,7 +98,7 @@ class GlobalStoragesController extends StoragesController {
 			return $newStorage;
 		}
 
-		$response = $this->validate($newStorage);
+		$response = $this->validate($newStorage, BackendService::PERMISSION_CREATE);
 		if (!empty($response)) {
 			return $response;
 		}
@@ -154,7 +154,7 @@ class GlobalStoragesController extends StoragesController {
 		}
 		$storage->setId($id);
 
-		$response = $this->validate($storage);
+		$response = $this->validate($storage, BackendService::PERMISSION_MODIFY);
 		if (!empty($response)) {
 			return $response;
 		}
diff --git a/apps/files_external/controller/storagescontroller.php b/apps/files_external/controller/storagescontroller.php
index d99b8b5f2c5..46202c8ba4a 100644
--- a/apps/files_external/controller/storagescontroller.php
+++ b/apps/files_external/controller/storagescontroller.php
@@ -125,10 +125,11 @@ abstract class StoragesController extends Controller {
 	 * Validate storage config
 	 *
 	 * @param StorageConfig $storage storage config
+	 * @param int $permissionCheck permission to check
 	 *
 	 * @return DataResponse|null returns response in case of validation error
 	 */
-	protected function validate(StorageConfig $storage) {
+	protected function validate(StorageConfig $storage, $permissionCheck = BackendService::PERMISSION_CREATE) {
 		$mountPoint = $storage->getMountPoint();
 		if ($mountPoint === '' || $mountPoint === '/') {
 			return new DataResponse(
@@ -165,7 +166,7 @@ abstract class StoragesController extends Controller {
 			);
 		}
 
-		if (!$backend->isPermitted($this->getUserType(), BackendService::PERMISSION_CREATE)) {
+		if (!$backend->isPermitted($this->getUserType(), $permissionCheck)) {
 			// not permitted to use backend
 			return new DataResponse(
 				array(
@@ -176,7 +177,7 @@ abstract class StoragesController extends Controller {
 				Http::STATUS_UNPROCESSABLE_ENTITY
 			);
 		}
-		if (!$authMechanism->isPermitted($this->getUserType(), BackendService::PERMISSION_CREATE)) {
+		if (!$authMechanism->isPermitted($this->getUserType(), $permissionCheck)) {
 			// not permitted to use auth mechanism
 			return new DataResponse(
 				array(
diff --git a/apps/files_external/controller/userstoragescontroller.php b/apps/files_external/controller/userstoragescontroller.php
index 585ff8eeb00..801c9ab0aae 100644
--- a/apps/files_external/controller/userstoragescontroller.php
+++ b/apps/files_external/controller/userstoragescontroller.php
@@ -103,7 +103,7 @@ class UserStoragesController extends StoragesController {
 			return $newStorage;
 		}
 
-		$response = $this->validate($newStorage);
+		$response = $this->validate($newStorage, BackendService::PERMISSION_CREATE);
 		if (!empty($response)) {
 			return $response;
 		}
@@ -151,7 +151,7 @@ class UserStoragesController extends StoragesController {
 		}
 		$storage->setId($id);
 
-		$response = $this->validate($storage);
+		$response = $this->validate($storage, BackendService::PERMISSION_MODIFY);
 		if (!empty($response)) {
 			return $response;
 		}
diff --git a/apps/files_external/service/backendservice.php b/apps/files_external/service/backendservice.php
index d9a3e316ce4..70cb9291660 100644
--- a/apps/files_external/service/backendservice.php
+++ b/apps/files_external/service/backendservice.php
@@ -35,8 +35,9 @@ class BackendService {
 	const PERMISSION_NONE = 0;
 	const PERMISSION_MOUNT = 1;
 	const PERMISSION_CREATE = 2;
+	const PERMISSION_MODIFY = 4;
 
-	const PERMISSION_DEFAULT = 3; // MOUNT | CREATE
+	const PERMISSION_DEFAULT = 7; // MOUNT | CREATE | MODIFY
 
 	/** User contants */
 	const USER_ADMIN = 'admin';
diff --git a/apps/files_external/tests/controller/userstoragescontrollertest.php b/apps/files_external/tests/controller/userstoragescontrollertest.php
index 720e59cff93..b61174b0797 100644
--- a/apps/files_external/tests/controller/userstoragescontrollertest.php
+++ b/apps/files_external/tests/controller/userstoragescontrollertest.php
@@ -49,15 +49,21 @@ class UserStoragesControllerTest extends StoragesControllerTest {
 	}
 
 	public function testAddOrUpdateStorageDisallowedBackend() {
-		$backend = $this->getBackendMock();
-		$backend->method('isPermitted')
+		$backend1 = $this->getBackendMock();
+		$backend1->expects($this->once())
+			->method('isPermitted')
 			->with(BackendService::USER_PERSONAL, BackendService::PERMISSION_CREATE)
 			->willReturn(false);
+		$backend2 = $this->getBackendMock();
+		$backend2->expects($this->once())
+			->method('isPermitted')
+			->with(BackendService::USER_PERSONAL, BackendService::PERMISSION_MODIFY)
+			->willReturn(false);
 		$authMech = $this->getAuthMechMock();
 
 		$storageConfig = new StorageConfig(1);
 		$storageConfig->setMountPoint('mount');
-		$storageConfig->setBackend($backend);
+		$storageConfig->setBackend($backend1);
 		$storageConfig->setAuthMechanism($authMech);
 		$storageConfig->setBackendOptions([]);
 
@@ -82,6 +88,8 @@ class UserStoragesControllerTest extends StoragesControllerTest {
 
 		$this->assertEquals(Http::STATUS_UNPROCESSABLE_ENTITY, $response->getStatus());
 
+		$storageConfig->setBackend($backend2);
+
 		$response = $this->controller->update(
 			1,
 			'mount',