diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2014-05-27 11:05:31 +0200 |
|---|---|---|
| committer | Robin Appelman <icewind@owncloud.com> | 2014-06-06 09:55:59 +0200 |
| commit | bf5e9357fc5dacc0bc951e7c60fe7105533a56fb (patch) | |
| tree | b61d8f542b92dd11e1cffdd59bee90272482890c /apps/files_sharing/appinfo/update.php | |
| parent | a66c2e6a4757b5d97e120897df1085e4410b279a (diff) | |
| download | nextcloud-server-bf5e9357fc5dacc0bc951e7c60fe7105533a56fb.tar.gz nextcloud-server-bf5e9357fc5dacc0bc951e7c60fe7105533a56fb.zip | |
don't allow to share single files with delete permissions, user should only be possible to unshare a single file but never to delete it
Diffstat (limited to 'apps/files_sharing/appinfo/update.php')
| -rw-r--r-- | apps/files_sharing/appinfo/update.php | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/apps/files_sharing/appinfo/update.php b/apps/files_sharing/appinfo/update.php index bc8cda42313..bc17915613c 100644 --- a/apps/files_sharing/appinfo/update.php +++ b/apps/files_sharing/appinfo/update.php @@ -1,6 +1,11 @@ <?php $installedVersion = OCP\Config::getAppValue('files_sharing', 'installed_version'); + +if (version_compare($installedVersion, '0.5', '<')) { + updateFilePermissions(); +} + if (version_compare($installedVersion, '0.4', '<')) { removeSharedFolder(); } @@ -12,6 +17,39 @@ if (version_compare($installedVersion, '0.3.5.6', '<')) { /** + * it is no longer possible to share single files with delete permissions. User + * should only be able to unshare single files but never to delete them. + */ +function updateFilePermissions($chunkSize = 99) { + $query = OCP\DB::prepare('SELECT * FROM `*PREFIX*share` WHERE item_type = ?'); + $result = $query->execute(array('file')); + + $updatedRows = array(); + + while ($row = $result->fetchRow()) { + if ($row['permissions'] & \OCP\PERMISSION_DELETE) { + $updatedRows[$row['id']] = (int)$row['permissions'] & ~\OCP\PERMISSION_DELETE; + } + } + + $chunkedPermissionList = array_chunk($updatedRows, $chunkSize, true); + + foreach ($chunkedPermissionList as $subList) { + $statement = "UPDATE `*PREFIX*share` SET `permissions` = CASE `id` "; + //update share table + $ids = implode(',', array_keys($subList)); + foreach ($subList as $id => $permission) { + $statement .= "WHEN " . $id . " THEN " . $permission . " "; + } + $statement .= ' END WHERE `id` IN (' . $ids . ')'; + + $query = OCP\DB::prepare($statement); + $query->execute(); + } + +} + +/** * update script for the removal of the logical "Shared" folder, we create physical "Shared" folder and * update the users file_target so that it doesn't make any difference for the user * @note parameters are just for testing, please ignore them |