diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2016-11-14 15:21:08 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-11-14 15:21:08 +0100 |
| commit | ff96fffe39c09efa60233988637d2fd68828a2ea (patch) | |
| tree | 8bdcc87d87b3af84dd4bb3f27644d88f4064b08d /apps/files_sharing/tests | |
| parent | cebb68992509215163f6776b76e48411a31a287e (diff) | |
| parent | b27b690fa969638c7791bc465e9d07d9cadda6c5 (diff) | |
| download | nextcloud-server-ff96fffe39c09efa60233988637d2fd68828a2ea.tar.gz nextcloud-server-ff96fffe39c09efa60233988637d2fd68828a2ea.zip | |
Merge pull request #2100 from nextcloud/do_not_increse_link_share_perms
Fixes not allowed increasing of link share permissions
Diffstat (limited to 'apps/files_sharing/tests')
| -rw-r--r-- | apps/files_sharing/tests/Controller/ShareAPIControllerTest.php | 57 |
1 files changed, 56 insertions, 1 deletions
diff --git a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php index 890fdb6eda0..ed4aa1dba9e 100644 --- a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php +++ b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php @@ -1205,7 +1205,7 @@ class ShareAPIControllerTest extends \Test\TestCase { public function testUpdateLinkShareClear() { $ocs = $this->mockFormatShare(); - $node = $this->getMockBuilder('\OCP\Files\Folder')->getMock(); + $node = $this->getMockBuilder(Folder::class)->getMock(); $share = $this->newShare(); $share->setPermissions(\OCP\Constants::PERMISSION_ALL) ->setSharedBy($this->currentUser) @@ -1229,6 +1229,9 @@ class ShareAPIControllerTest extends \Test\TestCase { }) )->will($this->returnArgument(0)); + $this->shareManager->method('getSharedWith') + ->willReturn([]); + $expected = new DataResponse(null); $result = $ocs->updateShare(42, null, '', 'false', ''); @@ -1261,6 +1264,9 @@ class ShareAPIControllerTest extends \Test\TestCase { }) )->will($this->returnArgument(0)); + $this->shareManager->method('getSharedWith') + ->willReturn([]); + $expected = new DataResponse(null); $result = $ocs->updateShare(42, null, 'password', 'true', '2000-01-01'); @@ -1483,6 +1489,9 @@ class ShareAPIControllerTest extends \Test\TestCase { }) )->will($this->returnArgument(0)); + $this->shareManager->method('getSharedWith') + ->willReturn([]); + $expected = new DataResponse(null); $result = $ocs->updateShare(42, null, null, 'true', null); @@ -1633,6 +1642,52 @@ class ShareAPIControllerTest extends \Test\TestCase { } } + public function testUpdateShareCannotIncreasePermissionsLinkShare() { + $ocs = $this->mockFormatShare(); + + $folder = $this->createMock(Folder::class); + + $share = \OC::$server->getShareManager()->newShare(); + $share + ->setId(42) + ->setSharedBy($this->currentUser) + ->setShareOwner('anotheruser') + ->setShareType(\OCP\Share::SHARE_TYPE_LINK) + ->setPermissions(\OCP\Constants::PERMISSION_READ) + ->setNode($folder); + + // note: updateShare will modify the received instance but getSharedWith will reread from the database, + // so their values will be different + $incomingShare = \OC::$server->getShareManager()->newShare(); + $incomingShare + ->setId(42) + ->setSharedBy($this->currentUser) + ->setShareOwner('anotheruser') + ->setShareType(\OCP\Share::SHARE_TYPE_USER) + ->setSharedWith('currentUser') + ->setPermissions(\OCP\Constants::PERMISSION_READ) + ->setNode($folder); + + $this->shareManager->method('getShareById')->with('ocinternal:42')->willReturn($share); + + $this->shareManager->expects($this->any()) + ->method('getSharedWith') + ->will($this->returnValueMap([ + ['currentUser', \OCP\Share::SHARE_TYPE_USER, $share->getNode(), -1, 0, [$incomingShare]], + ['currentUser', \OCP\Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0, []] + ])); + + $this->shareManager->expects($this->never())->method('updateShare'); + $this->shareManager->method('shareApiLinkAllowPublicUpload')->willReturn(true); + + try { + $ocs->updateShare(42, null, null, 'true'); + $this->fail(); + } catch (OCSNotFoundException $e) { + $this->assertEquals('Cannot increase permissions', $e->getMessage()); + } + } + public function testUpdateShareCanIncreasePermissionsIfOwner() { $ocs = $this->mockFormatShare(); |