Merge pull request #19676 from owncloud/fix_15253

Make sure that permissions stay in sync for share_type 2
author: Morris Jobke <hey@morrisjobke.de> 2016-01-08 21:37:12 +0100
committer: Morris Jobke <hey@morrisjobke.de> 2016-01-08 21:37:12 +0100
commit: a259effc7d22cfd686ac73744caf2ce209ac1f1f (patch)
tree: 781dc106fb313dff70785a6a6559e814af7f5e38 /apps
parent: d7d0cfc775630e8bf3b66cfa61c73a81d4723eab (diff)
parent: 17a066c18e6d855895bb4604988d5ed40a423dc8 (diff)
download: nextcloud-server-a259effc7d22cfd686ac73744caf2ce209ac1f1f.tar.gz
nextcloud-server-a259effc7d22cfd686ac73744caf2ce209ac1f1f.zip
1 files changed, 214 insertions, 0 deletions
diff --git a/apps/files_sharing/tests/sharedmount.php b/apps/files_sharing/tests/sharedmount.php
index 7b256588f93..15ebc7caf71 100644
--- a/apps/files_sharing/tests/sharedmount.php
+++ b/apps/files_sharing/tests/sharedmount.php
@@ -237,6 +237,220 @@ class Test_Files_Sharing_Mount extends OCA\Files_sharing\Tests\TestCase {
 		);
 	}
 
+	function dataPermissionMovedGroupShare() {
+		$data = [];
+
+		$powerset = function($permissions) {
+			$results = [\OCP\Constants::PERMISSION_READ];
+
+			foreach ($permissions as $permission) {
+				foreach ($results as $combination) {
+					$results[] = $permission | $combination;
+				}
+			}
+			return $results;
+		};
+
+		//Generate file permissions
+		$permissions = [
+			\OCP\Constants::PERMISSION_UPDATE,
+			\OCP\Constants::PERMISSION_CREATE,
+			\OCP\Constants::PERMISSION_SHARE,
+		];
+
+		$allPermissions = $powerset($permissions);
+
+		foreach ($allPermissions as $before) {
+			foreach ($allPermissions as $after) {
+				if ($before === $after) { continue; }
+
+				$data[] = [
+					'file', 
+					$before,
+					$after,
+				];
+			}
+		}
+
+		//Generate folder permissions
+		$permissions = [
+			\OCP\Constants::PERMISSION_UPDATE,
+			\OCP\Constants::PERMISSION_CREATE,
+			\OCP\Constants::PERMISSION_SHARE,
+			\OCP\Constants::PERMISSION_DELETE,
+		];
+
+		$allPermissions = $powerset($permissions);
+
+		foreach ($allPermissions as $before) {
+			foreach ($allPermissions as $after) {
+				if ($before === $after) { continue; }
+
+				$data[] = [
+					'folder',
+					$before,
+					$after,
+				];
+			}
+		}
+
+		return $data;
+	}
+
+
+
+	/**
+	 * moved mountpoints of a group share should keep the same permission as their parent group share.
+	 * See #15253
+	 *
+	 * @dataProvider dataPermissionMovedGroupShare
+	 */
+	function testPermissionMovedGroupShare($type, $beforePerm, $afterPerm) {
+
+		if ($type === 'file') {
+			$path = $this->filename;
+		} else if ($type === 'folder') {
+			$path = $this->folder;
+		}
+
+		\OC_Group::createGroup('testGroup');
+		\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER1, 'testGroup');
+		\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup');
+		\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup');
+
+		// Share item with group
+		$fileinfo = $this->view->getFileInfo($path);
+		$this->assertTrue(
+			\OCP\Share::shareItem($type, $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP,	"testGroup", $beforePerm)
+		);
+
+		// Login as user 2 and verify the item exists
+		self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
+		$this->assertTrue(\OC\Files\Filesystem::file_exists($path));
+		$result = \OCP\Share::getItemSharedWithBySource($type, $fileinfo['fileid']);
+		$this->assertNotEmpty($result);
+		$this->assertEquals($beforePerm, $result['permissions']);
+
+		// Now move the item forcing a new entry in the share table
+		\OC\Files\Filesystem::rename($path, "newPath");
+		$this->assertTrue(\OC\Files\Filesystem::file_exists('newPath'));
+		$this->assertFalse(\OC\Files\Filesystem::file_exists($path));
+
+		// Login as user 1 again and change permissions
+		self::loginHelper(self::TEST_FILES_SHARING_API_USER1);
+		$this->assertTrue(
+			\OCP\Share::setPermissions($type, $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, "testGroup", $afterPerm)
+		);
+
+		// Login as user 3 and verify that the permissions are changed
+		self::loginHelper(self::TEST_FILES_SHARING_API_USER3);
+		$result = \OCP\Share::getItemSharedWithBySource($type, $fileinfo['fileid']);
+		$this->assertNotEmpty($result);
+		$this->assertEquals($afterPerm, $result['permissions']);
+		$groupShareId = $result['id'];
+
+		// Login as user 2 and verify that the permissions are changed
+		self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
+		$result = \OCP\Share::getItemSharedWithBySource($type, $fileinfo['fileid']);
+		$this->assertNotEmpty($result);
+		$this->assertEquals($afterPerm, $result['permissions']);
+		$this->assertNotEquals($groupShareId, $result['id']);
+
+		// Also verify in the DB
+		$statement = "SELECT `permissions` FROM `*PREFIX*share` WHERE `id`=?";
+		$query = \OCP\DB::prepare($statement);
+		$result = $query->execute([$result['id']]);
+		$shares = $result->fetchAll();
+		$this->assertCount(1, $shares);
+		$this->assertEquals($afterPerm, $shares[0]['permissions']);
+
+		//cleanup
+		self::loginHelper(self::TEST_FILES_SHARING_API_USER1);
+		\OCP\Share::unshare($type, $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'testGroup');
+		\OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER1, 'testGroup');
+		\OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup');
+		\OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup');
+	}
+
+	/**
+	 * If the permissions on a group share are upgraded be sure to still respect 
+	 * removed shares by a member of that group
+	 */
+	function testPermissionUpgradeOnUserDeletedGroupShare() {
+		\OC_Group::createGroup('testGroup');
+		\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER1, 'testGroup');
+		\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup');
+		\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup');
+
+		$connection = \OC::$server->getDatabaseConnection();
+
+		// Share item with group
+		$fileinfo = $this->view->getFileInfo($this->folder);
+		$this->assertTrue(
+			\OCP\Share::shareItem('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP,	"testGroup", \OCP\Constants::PERMISSION_READ)
+		);
+
+		// Login as user 2 and verify the item exists
+		self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
+		$this->assertTrue(\OC\Files\Filesystem::file_exists($this->folder));
+		$result = \OCP\Share::getItemSharedWithBySource('folder', $fileinfo['fileid']);
+		$this->assertNotEmpty($result);
+		$this->assertEquals(\OCP\Constants::PERMISSION_READ, $result['permissions']);
+
+		// Delete the share
+		$this->assertTrue(\OC\Files\Filesystem::rmdir($this->folder));
+		$this->assertFalse(\OC\Files\Filesystem::file_exists($this->folder));
+
+		// Verify we do not get a share
+		$result = \OCP\Share::getItemSharedWithBySource('folder', $fileinfo['fileid']);
+		$this->assertEmpty($result);
+
+		// Verify that the permission is correct in the DB
+		$qb = $connection->getQueryBuilder();
+		$qb->select('*')
+			->from('share')
+			->where($qb->expr()->eq('file_source', $qb->createParameter('fileSource')))
+			->andWhere($qb->expr()->eq('share_type', $qb->createParameter('shareType')))
+			->setParameter(':fileSource', $fileinfo['fileid'])
+			->setParameter(':shareType', 2);
+		$res = $qb->execute()->fetchAll();
+
+		$this->assertCount(1, $res);
+		$this->assertEquals(0, $res[0]['permissions']);
+
+		// Login as user 1 again and change permissions
+		self::loginHelper(self::TEST_FILES_SHARING_API_USER1);
+		$this->assertTrue(
+			\OCP\Share::setPermissions('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, "testGroup", \OCP\Constants::PERMISSION_ALL)
+		);
+
+		// Login as user 2 and verify 
+		self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
+		$this->assertFalse(\OC\Files\Filesystem::file_exists($this->folder));
+		$result = \OCP\Share::getItemSharedWithBySource('folder', $fileinfo['fileid']);
+		$this->assertEmpty($result);
+
+		$connection = \OC::$server->getDatabaseConnection();
+		$qb = $connection->getQueryBuilder();
+		$qb->select('*')
+			->from('share')
+			->where($qb->expr()->eq('file_source', $qb->createParameter('fileSource')))
+			->andWhere($qb->expr()->eq('share_type', $qb->createParameter('shareType')))
+			->setParameter(':fileSource', $fileinfo['fileid'])
+			->setParameter(':shareType', 2);
+		$res = $qb->execute()->fetchAll();
+
+		$this->assertCount(1, $res);
+		$this->assertEquals(0, $res[0]['permissions']);
+
+		//cleanup
+		self::loginHelper(self::TEST_FILES_SHARING_API_USER1);
+		\OCP\Share::unshare('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'testGroup');
+		\OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER1, 'testGroup');
+		\OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup');
+		\OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup');
+	}
+
 }
 
 class DummyTestClassSharedMount extends \OCA\Files_Sharing\SharedMount {
author	Morris Jobke <hey@morrisjobke.de>	2016-01-08 21:37:12 +0100
committer	Morris Jobke <hey@morrisjobke.de>	2016-01-08 21:37:12 +0100
commit	a259effc7d22cfd686ac73744caf2ce209ac1f1f (patch)
tree	781dc106fb313dff70785a6a6559e814af7f5e38 /apps
parent	d7d0cfc775630e8bf3b66cfa61c73a81d4723eab (diff)
parent	17a066c18e6d855895bb4604988d5ed40a423dc8 (diff)
download	nextcloud-server-a259effc7d22cfd686ac73744caf2ce209ac1f1f.tar.gz nextcloud-server-a259effc7d22cfd686ac73744caf2ce209ac1f1f.zip