diff options
| author | John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> | 2019-08-26 13:11:09 +0200 |
|---|---|---|
| committer | John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com> | 2019-10-04 19:25:11 +0200 |
| commit | b1069b29fa7eacdaed8160e600f5a98b32e6784b (patch) | |
| tree | 27b5cf9cc8da469a6478616c2ff41376bba34b16 /apps/files_sharing/tests/Controller | |
| parent | f02cff1304f5a8d4ff4f2f42add72fdfa688dedf (diff) | |
| download | nextcloud-server-b1069b29fa7eacdaed8160e600f5a98b32e6784b.tar.gz nextcloud-server-b1069b29fa7eacdaed8160e600f5a98b32e6784b.zip | |
Add checks for whether a user with access to a share can delete it
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Diffstat (limited to 'apps/files_sharing/tests/Controller')
| -rw-r--r-- | apps/files_sharing/tests/Controller/ShareAPIControllerTest.php | 206 |
1 files changed, 203 insertions, 3 deletions
diff --git a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php index 3d4dee5c64b..7eee526f2d1 100644 --- a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php +++ b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php @@ -213,19 +213,20 @@ class ShareAPIControllerTest extends TestCase { /** * @expectedException \OCP\AppFramework\OCS\OCSNotFoundException - * @expectedExceptionMessage could not delete share + * @expectedExceptionMessage Could not delete share */ public function testDeleteShareLocked() { $node = $this->getMockBuilder(File::class)->getMock(); $share = $this->newShare(); - $share->setSharedBy($this->currentUser) - ->setNode($node); + $share->setNode($node); + $this->shareManager ->expects($this->once()) ->method('getShareById') ->with('ocinternal:42') ->willReturn($share); + $this->shareManager ->expects($this->never()) ->method('deleteShare') @@ -235,6 +236,205 @@ class ShareAPIControllerTest extends TestCase { ->method('lock') ->with(\OCP\Lock\ILockingProvider::LOCK_SHARED) ->will($this->throwException(new LockedException('mypath'))); + + $this->assertFalse($this->invokePrivate($this->ocs, 'canDeleteFromSelf', [$share])); + $this->assertFalse($this->invokePrivate($this->ocs, 'canDeleteShare', [$share])); + + $this->ocs->deleteShare(42); + } + + /** + * You can always remove a share that was shared with you + */ + public function testDeleteShareWithMe() { + $node = $this->getMockBuilder(File::class)->getMock(); + + $share = $this->newShare(); + $share->setSharedWith($this->currentUser) + ->setShareType(\OCP\Share::SHARE_TYPE_USER) + ->setNode($node); + + $this->shareManager + ->expects($this->once()) + ->method('getShareById') + ->with('ocinternal:42') + ->willReturn($share); + + $this->shareManager + ->expects($this->once()) + ->method('deleteShare') + ->with($share); + + $node->expects($this->once()) + ->method('lock') + ->with(\OCP\Lock\ILockingProvider::LOCK_SHARED); + + $this->assertFalse($this->invokePrivate($this->ocs, 'canDeleteFromSelf', [$share])); + $this->assertTrue($this->invokePrivate($this->ocs, 'canDeleteShare', [$share])); + + $this->ocs->deleteShare(42); + } + + /** + * You can always delete a share you own + */ + public function testDeleteShareOwner() { + $node = $this->getMockBuilder(File::class)->getMock(); + + $share = $this->newShare(); + $share->setSharedBy($this->currentUser) + ->setNode($node); + + $this->shareManager + ->expects($this->once()) + ->method('getShareById') + ->with('ocinternal:42') + ->willReturn($share); + + $this->shareManager + ->expects($this->once()) + ->method('deleteShare') + ->with($share); + + $node->expects($this->once()) + ->method('lock') + ->with(\OCP\Lock\ILockingProvider::LOCK_SHARED); + + $this->assertFalse($this->invokePrivate($this->ocs, 'canDeleteFromSelf', [$share])); + $this->assertTrue($this->invokePrivate($this->ocs, 'canDeleteShare', [$share])); + + $this->ocs->deleteShare(42); + } + + /** + * You can always delete a share when you own + * the file path it belong to + */ + public function testDeleteShareFileOwner() { + $node = $this->getMockBuilder(File::class)->getMock(); + + $share = $this->newShare(); + $share->setShareOwner($this->currentUser) + ->setNode($node); + + $this->shareManager + ->expects($this->once()) + ->method('getShareById') + ->with('ocinternal:42') + ->willReturn($share); + + $this->shareManager + ->expects($this->once()) + ->method('deleteShare') + ->with($share); + + $node->expects($this->once()) + ->method('lock') + ->with(\OCP\Lock\ILockingProvider::LOCK_SHARED); + + $this->assertFalse($this->invokePrivate($this->ocs, 'canDeleteFromSelf', [$share])); + $this->assertTrue($this->invokePrivate($this->ocs, 'canDeleteShare', [$share])); + + $this->ocs->deleteShare(42); + } + + /** + * You can remove (the mountpoint, not the share) + * a share if you're in the group the share is shared with + */ + public function testDeleteSharedWithMyGroup() { + $node = $this->getMockBuilder(File::class)->getMock(); + + $share = $this->newShare(); + $share->setShareType(\OCP\Share::SHARE_TYPE_GROUP) + ->setSharedWith('group') + ->setNode($node); + + $this->shareManager + ->expects($this->once()) + ->method('getShareById') + ->with('ocinternal:42') + ->willReturn($share); + + // canDeleteShareFromSelf + $user = $this->createMock(IUser::class); + $group = $this->getMockBuilder('OCP\IGroup')->getMock(); + $this->groupManager + ->method('get') + ->with('group') + ->willReturn($group); + $this->userManager + ->method('get') + ->with($this->currentUser) + ->willReturn($user); + $group->method('inGroup') + ->with($user) + ->willReturn(true); + + $node->expects($this->once()) + ->method('lock') + ->with(\OCP\Lock\ILockingProvider::LOCK_SHARED); + + $this->shareManager->expects($this->once()) + ->method('deleteFromSelf') + ->with($share, $this->currentUser); + + $this->shareManager->expects($this->never()) + ->method('deleteShare'); + + $this->assertTrue($this->invokePrivate($this->ocs, 'canDeleteShareFromSelf', [$share])); + $this->assertFalse($this->invokePrivate($this->ocs, 'canDeleteShare', [$share])); + + $this->ocs->deleteShare(42); + } + + /** + * You cannot remove a share if you're not + * in the group the share is shared with + * @expectedException \OCP\AppFramework\OCS\OCSNotFoundException + * @expectedExceptionMessage Wrong share ID, share doesn't exist + */ + public function testDeleteSharedWithGroupIDontBelongTo() { + $node = $this->getMockBuilder(File::class)->getMock(); + + $share = $this->newShare(); + $share->setShareType(\OCP\Share::SHARE_TYPE_GROUP) + ->setSharedWith('group') + ->setNode($node); + + $this->shareManager + ->expects($this->once()) + ->method('getShareById') + ->with('ocinternal:42') + ->willReturn($share); + + // canDeleteShareFromSelf + $user = $this->createMock(IUser::class); + $group = $this->getMockBuilder('OCP\IGroup')->getMock(); + $this->groupManager + ->method('get') + ->with('group') + ->willReturn($group); + $this->userManager + ->method('get') + ->with($this->currentUser) + ->willReturn($user); + $group->method('inGroup') + ->with($user) + ->willReturn(false); + + $node->expects($this->once()) + ->method('lock') + ->with(\OCP\Lock\ILockingProvider::LOCK_SHARED); + + $this->shareManager->expects($this->never()) + ->method('deleteFromSelf'); + + $this->shareManager->expects($this->never()) + ->method('deleteShare'); + + $this->assertFalse($this->invokePrivate($this->ocs, 'canDeleteShareFromSelf', [$share])); + $this->assertFalse($this->invokePrivate($this->ocs, 'canDeleteShare', [$share])); $this->ocs->deleteShare(42); } |