summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2018-02-27 13:44:34 +0100
committerGitHub <noreply@github.com>2018-02-27 13:44:34 +0100
commit7bc3c2e057c8c265ca7b1aa387dd1ba479690143 (patch)
treec02f1ec27b8037ef2f604829347e7efe2e3d34ab /apps
parent01f420c7ac38128c03975d7de7dd20190c4afcc1 (diff)
parent20ec0344a26faf725762e3b344b66bb45ef1a5a2 (diff)
downloadnextcloud-server-7bc3c2e057c8c265ca7b1aa387dd1ba479690143.tar.gz
nextcloud-server-7bc3c2e057c8c265ca7b1aa387dd1ba479690143.zip
Merge pull request #7363 from nextcloud/default-share-perms
Let the admin configure the default share permissions
Diffstat (limited to 'apps')
-rw-r--r--apps/files_sharing/lib/Capabilities.php2
-rw-r--r--apps/files_sharing/lib/Controller/ShareAPIController.php63
-rw-r--r--apps/files_sharing/tests/ApiTest.php5
-rw-r--r--apps/files_sharing/tests/Controller/ShareAPIControllerTest.php13
4 files changed, 53 insertions, 30 deletions
diff --git a/apps/files_sharing/lib/Capabilities.php b/apps/files_sharing/lib/Capabilities.php
index af41add250c..ce10c8df8a1 100644
--- a/apps/files_sharing/lib/Capabilities.php
+++ b/apps/files_sharing/lib/Capabilities.php
@@ -23,6 +23,7 @@
namespace OCA\Files_Sharing;
use OCP\Capabilities\ICapability;
+use OCP\Constants;
use \OCP\IConfig;
/**
@@ -86,6 +87,7 @@ class Capabilities implements ICapability {
$res['group'] = [];
$res['group']['enabled'] = $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes';
$res['group']['expire_date']['enabled'] = true;
+ $res['default_permissions'] = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL);
}
//Federated sharing
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 990571b778f..1e121d8c868 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -35,8 +35,10 @@ use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
+use OCP\Constants;
use OCP\Files\Node;
use OCP\Files\NotFoundException;
+use OCP\IConfig;
use OCP\IGroupManager;
use OCP\IL10N;
use OCP\IUserManager;
@@ -75,6 +77,8 @@ class ShareAPIController extends OCSController {
private $l;
/** @var \OCP\Files\Node */
private $lockedNode;
+ /** @var IConfig */
+ private $config;
/**
* Share20OCS constructor.
@@ -88,6 +92,7 @@ class ShareAPIController extends OCSController {
* @param IURLGenerator $urlGenerator
* @param string $userId
* @param IL10N $l10n
+ * @param IConfig $config
*/
public function __construct(
$appName,
@@ -98,7 +103,8 @@ class ShareAPIController extends OCSController {
IRootFolder $rootFolder,
IURLGenerator $urlGenerator,
$userId,
- IL10N $l10n
+ IL10N $l10n,
+ IConfig $config
) {
parent::__construct($appName, $request);
@@ -110,6 +116,7 @@ class ShareAPIController extends OCSController {
$this->urlGenerator = $urlGenerator;
$this->currentUser = $userId;
$this->l = $l10n;
+ $this->config = $config;
}
/**
@@ -318,7 +325,7 @@ class ShareAPIController extends OCSController {
*/
public function createShare(
$path = null,
- $permissions = \OCP\Constants::PERMISSION_ALL,
+ $permissions = null,
$shareType = -1,
$shareWith = null,
$publicUpload = 'false',
@@ -327,6 +334,10 @@ class ShareAPIController extends OCSController {
) {
$share = $this->shareManager->newShare();
+ if ($permissions === null) {
+ $permissions = $this->config->getAppValue('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL);
+ }
+
// Verify path
if ($path === null) {
throw new OCSNotFoundException($this->l->t('Please specify a file or folder path'));
@@ -347,17 +358,17 @@ class ShareAPIController extends OCSController {
throw new OCSNotFoundException($this->l->t('Could not create share'));
}
- if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) {
+ if ($permissions < 0 || $permissions > Constants::PERMISSION_ALL) {
throw new OCSNotFoundException($this->l->t('invalid permissions'));
}
// Shares always require read permissions
- $permissions |= \OCP\Constants::PERMISSION_READ;
+ $permissions |= Constants::PERMISSION_READ;
if ($path instanceof \OCP\Files\File) {
// Single file shares should never have delete or create permissions
- $permissions &= ~\OCP\Constants::PERMISSION_DELETE;
- $permissions &= ~\OCP\Constants::PERMISSION_CREATE;
+ $permissions &= ~Constants::PERMISSION_DELETE;
+ $permissions &= ~Constants::PERMISSION_CREATE;
}
/*
@@ -414,13 +425,13 @@ class ShareAPIController extends OCSController {
}
$share->setPermissions(
- \OCP\Constants::PERMISSION_READ |
- \OCP\Constants::PERMISSION_CREATE |
- \OCP\Constants::PERMISSION_UPDATE |
- \OCP\Constants::PERMISSION_DELETE
+ Constants::PERMISSION_READ |
+ Constants::PERMISSION_CREATE |
+ Constants::PERMISSION_UPDATE |
+ Constants::PERMISSION_DELETE
);
} else {
- $share->setPermissions(\OCP\Constants::PERMISSION_READ);
+ $share->setPermissions(Constants::PERMISSION_READ);
}
// Set password
@@ -447,13 +458,9 @@ class ShareAPIController extends OCSController {
$share->setPermissions($permissions);
} else if ($shareType === \OCP\Share::SHARE_TYPE_EMAIL) {
if ($share->getNodeType() === 'file') {
- $share->setPermissions(\OCP\Constants::PERMISSION_READ);
+ $share->setPermissions(Constants::PERMISSION_READ);
} else {
- $share->setPermissions(
- \OCP\Constants::PERMISSION_READ |
- \OCP\Constants::PERMISSION_CREATE |
- \OCP\Constants::PERMISSION_UPDATE |
- \OCP\Constants::PERMISSION_DELETE);
+ $share->setPermissions($permissions);
}
$share->setSharedWith($shareWith);
} else if ($shareType === \OCP\Share::SHARE_TYPE_CIRCLE) {
@@ -698,23 +705,23 @@ class ShareAPIController extends OCSController {
$newPermissions = null;
if ($publicUpload === 'true') {
- $newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE;
+ $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
} else if ($publicUpload === 'false') {
- $newPermissions = \OCP\Constants::PERMISSION_READ;
+ $newPermissions = Constants::PERMISSION_READ;
}
if ($permissions !== null) {
$newPermissions = (int)$permissions;
- $newPermissions = $newPermissions & ~\OCP\Constants::PERMISSION_SHARE;
+ $newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE;
}
if ($newPermissions !== null &&
!in_array($newPermissions, [
- \OCP\Constants::PERMISSION_READ,
- \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE, // legacy
- \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE, // correct
- \OCP\Constants::PERMISSION_CREATE, // hidden file list
- \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE, // allow to edit single files
+ Constants::PERMISSION_READ,
+ Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE, // legacy
+ Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE, // correct
+ Constants::PERMISSION_CREATE, // hidden file list
+ Constants::PERMISSION_READ | Constants::PERMISSION_UPDATE, // allow to edit single files
])
) {
throw new OCSBadRequestException($this->l->t('Can\'t change permissions for public share links'));
@@ -722,9 +729,9 @@ class ShareAPIController extends OCSController {
if (
// legacy
- $newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) ||
+ $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE) ||
// correct
- $newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE)
+ $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE)
) {
if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
@@ -735,7 +742,7 @@ class ShareAPIController extends OCSController {
}
// normalize to correct public upload permissions
- $newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE;
+ $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
}
if ($newPermissions !== null) {
diff --git a/apps/files_sharing/tests/ApiTest.php b/apps/files_sharing/tests/ApiTest.php
index 6d8e2dd8d84..d7bc169bf4a 100644
--- a/apps/files_sharing/tests/ApiTest.php
+++ b/apps/files_sharing/tests/ApiTest.php
@@ -37,6 +37,7 @@ use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
+use OCP\IConfig;
use OCP\IL10N;
use OCP\IRequest;
@@ -105,6 +106,7 @@ class ApiTest extends TestCase {
->will($this->returnCallback(function($text, $parameters = []) {
return vsprintf($text, $parameters);
}));
+ $config = $this->createMock(IConfig::class);
return new ShareAPIController(
self::APP_NAME,
@@ -115,7 +117,8 @@ class ApiTest extends TestCase {
\OC::$server->getRootFolder(),
\OC::$server->getURLGenerator(),
$userId,
- $l
+ $l,
+ $config
);
}
diff --git a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
index c438dac2521..a475474e3cf 100644
--- a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
+++ b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
@@ -31,6 +31,7 @@ use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\Files\File;
use OCP\Files\Folder;
use OCP\Files\Storage;
+use OCP\IConfig;
use OCP\IL10N;
use OCA\Files_Sharing\Controller\ShareAPIController;
use OCP\Files\NotFoundException;
@@ -84,6 +85,9 @@ class ShareAPIControllerTest extends TestCase {
/** @var IL10N|\PHPUnit_Framework_MockObject_MockObject */
private $l;
+ /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
+ private $config;
+
protected function setUp() {
$this->shareManager = $this->createMock(IManager::class);
$this->shareManager
@@ -102,6 +106,7 @@ class ShareAPIControllerTest extends TestCase {
->will($this->returnCallback(function($text, $parameters = []) {
return vsprintf($text, $parameters);
}));
+ $this->config = $this->createMock(IConfig::class);
$this->ocs = new ShareAPIController(
$this->appName,
@@ -112,7 +117,8 @@ class ShareAPIControllerTest extends TestCase {
$this->rootFolder,
$this->urlGenerator,
$this->currentUser,
- $this->l
+ $this->l,
+ $this->config
);
}
@@ -131,6 +137,7 @@ class ShareAPIControllerTest extends TestCase {
$this->urlGenerator,
$this->currentUser,
$this->l,
+ $this->config
])->setMethods(['formatShare'])
->getMock();
}
@@ -439,6 +446,7 @@ class ShareAPIControllerTest extends TestCase {
$this->urlGenerator,
$this->currentUser,
$this->l,
+ $this->config
])->setMethods(['canAccessShare'])
->getMock();
@@ -707,6 +715,7 @@ class ShareAPIControllerTest extends TestCase {
$this->urlGenerator,
$this->currentUser,
$this->l,
+ $this->config
])->setMethods(['formatShare'])
->getMock();
@@ -804,6 +813,7 @@ class ShareAPIControllerTest extends TestCase {
$this->urlGenerator,
$this->currentUser,
$this->l,
+ $this->config
])->setMethods(['formatShare'])
->getMock();
@@ -1119,6 +1129,7 @@ class ShareAPIControllerTest extends TestCase {
$this->urlGenerator,
$this->currentUser,
$this->l,
+ $this->config
])->setMethods(['formatShare'])
->getMock();