Make public link share page work with Webdav and add operations

The public page now uses the public.php/webdav endpoint.

Also enabled more file operations like rename, move, delete and create
folder from the public page, which are now all possible thanks to the
public.php/webdav endpoint.

6 files changed, 35 insertions, 117 deletions

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index a784642728f..18e9cfe6117 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -41,7 +41,6 @@ OCP\JSON::setContentTypeHeader('text/plain');
 // If not, check the login.
 // If no token is sent along, rely on login only
 
-$allowedPermissions = \OCP\Constants::PERMISSION_ALL;
 $errorCode = null;
 
 $l = \OC::$server->getL10N('files');
@@ -60,8 +59,6 @@ if (empty($_POST['dirToken'])) {
 
 	\OC_User::setIncognitoMode(true);
 
-	// return only read permissions for public upload
-	$allowedPermissions = \OCP\Constants::PERMISSION_READ;
 	$publicDirectory = !empty($_POST['subdir']) ? (string)$_POST['subdir'] : '/';
 
 	$linkItem = OCP\Share::getShareByToken((string)$_POST['dirToken']);
@@ -207,7 +204,7 @@ if (\OC\Files\Filesystem::isValidPath($dir) === true) {
 						$data['originalname'] = $files['name'][$i];
 						$data['uploadMaxFilesize'] = $maxUploadFileSize;
 						$data['maxHumanFilesize'] = $maxHumanFileSize;
-						$data['permissions'] = $meta['permissions'] & $allowedPermissions;
+						$data['permissions'] = $meta['permissions'];
 						$data['directory'] = $returnedDir;
 						$result[] = $data;
 					}
@@ -234,7 +231,7 @@ if (\OC\Files\Filesystem::isValidPath($dir) === true) {
 				$data['originalname'] = $files['name'][$i];
 				$data['uploadMaxFilesize'] = $maxUploadFileSize;
 				$data['maxHumanFilesize'] = $maxHumanFileSize;
-				$data['permissions'] = $meta['permissions'] & $allowedPermissions;
+				$data['permissions'] = $meta['permissions'];
 				$data['directory'] = $returnedDir;
 				$result[] = $data;
 			}
diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index 6bdd14ac65d..e33b8354437 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -207,7 +207,7 @@
 		 */
 		lazyLoadPreview : function(path, mime, ready, width, height, etag) {
 			console.warn('DEPRECATED: please use lazyLoadPreview() from an OCA.Files.FileList instance');
-			return OCA.Files.App.fileList.lazyLoadPreview({
+			return FileList.lazyLoadPreview({
 				path: path,
 				mime: mime,
 				callback: ready,
diff --git a/apps/files/templates/list.php b/apps/files/templates/list.php
index 7ebf80ee8b2..04550f945b6 100644
--- a/apps/files/templates/list.php
+++ b/apps/files/templates/list.php
@@ -1,16 +1,5 @@
 <div id="controls">
 		<div class="actions creatable hidden">
-		<?php /*
-			Only show upload button for public page
-		*/ ?>
-		<?php if(isset($_['dirToken'])):?>
-			<div id="upload" class="button upload"
-				 title="<?php isset($_['uploadMaxHumanFilesize']) ? p($l->t('Upload (max. %s)', array($_['uploadMaxHumanFilesize']))) : '' ?>">
-					<label for="file_upload_start" class="svg icon-upload">
-						<span class="hidden-visually"><?php p($l->t('Upload'))?></span>
-					</label>
-			</div>
-		<?php endif; ?>
 			<div id="uploadprogresswrapper">
 				<div id="uploadprogressbar"></div>
 				<button class="stop icon-close" style="display:none">
diff --git a/apps/files_sharing/ajax/list.php b/apps/files_sharing/ajax/list.php
deleted file mode 100644
index c7f0bde5d4a..00000000000
--- a/apps/files_sharing/ajax/list.php
+++ /dev/null
@@ -1,96 +0,0 @@
-<?php
-/**
- * @author Joas Schilling <nickvergessen@owncloud.com>
- * @author Lukas Reschke <lukas@owncloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <rullzer@owncloud.com>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- * @author Vincent Petry <pvince81@owncloud.com>
- *
- * @copyright Copyright (c) 2015, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-OCP\JSON::checkAppEnabled('files_sharing');
-
-if(!isset($_GET['t'])){
-	\OC_Response::setStatus(\OC_Response::STATUS_BAD_REQUEST);
-	\OCP\Util::writeLog('core-preview', 'No token parameter was passed', \OCP\Util::DEBUG);
-	exit;
-}
-
-$token = $_GET['t'];
-
-$password = null;
-if (isset($_POST['password'])) {
-	$password = $_POST['password'];
-}
-
-$relativePath = null;
-if (isset($_GET['dir'])) {
-	$relativePath = $_GET['dir'];
-}
-
-$sortAttribute = isset( $_GET['sort'] ) ? $_GET['sort'] : 'name';
-$sortDirection = isset( $_GET['sortdirection'] ) ? ($_GET['sortdirection'] === 'desc') : false;
-
-$data = \OCA\Files_Sharing\Helper::setupFromToken($token, $relativePath, $password);
-
-$linkItem = $data['linkItem'];
-// Load the files
-$dir = $data['realPath'];
-
-$dir = \OC\Files\Filesystem::normalizePath($dir);
-if (!\OC\Files\Filesystem::is_dir($dir . '/')) {
-	\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
-	\OCP\JSON::error(array('success' => false));
-	exit();
-}
-
-$data = array();
-
-// make filelist
-$files = \OCA\Files\Helper::getFiles($dir, $sortAttribute, $sortDirection);
-
-$formattedFiles = array();
-foreach ($files as $file) {
-	$entry = \OCA\Files\Helper::formatFileInfo($file);
-	// for now
-	unset($entry['directory']);
-	// do not disclose share owner
-	unset($entry['shareOwner']);
-	// do not disclose if something is a remote shares
-	unset($entry['mountType']);
-	unset($entry['icon']);
-	$entry['permissions'] = \OCP\Constants::PERMISSION_READ;
-	$formattedFiles[] = $entry;
-}
-
-$data['directory'] = $relativePath;
-$data['files'] = $formattedFiles;
-$data['dirToken'] = $linkItem['token'];
-
-$permissions = $linkItem['permissions'];
-
-// if globally disabled
-if (\OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_public_upload', 'yes') === 'no') {
-	// only allow reading
-	$permissions = \OCP\Constants::PERMISSION_READ;
-}
-
-$data['permissions'] = $permissions;
-
-OCP\JSON::success(array('data' => $data));
diff --git a/apps/files_sharing/js/public.js b/apps/files_sharing/js/public.js
index 246b639f652..82691129926 100644
--- a/apps/files_sharing/js/public.js
+++ b/apps/files_sharing/js/public.js
@@ -48,8 +48,20 @@ OCA.Sharing.PublicApp = {
 		this._initialized = true;
 		this.initialDir = $('#dir').val();
 
+		var token = $('#sharingToken').val();
+
 		// file list mode ?
 		if ($el.find('#filestable').length) {
+			var filesClient = new OC.Files.Client({
+				host: OC.getHost(),
+				port: OC.getPort(),
+				userName: token,
+				// note: password not be required, the endpoint
+				// will recognize previous validation from the session
+				root: OC.getRootPath() + '/public.php/webdav',
+				useHTTPS: OC.getProtocol() === 'https'
+			});
+
 			this.fileList = new OCA.Files.FileList(
 				$el,
 				{
@@ -58,7 +70,8 @@ OCA.Sharing.PublicApp = {
 					dragOptions: dragOptions,
 					folderDropOptions: folderDropOptions,
 					fileActions: fileActions,
-					detailsViewEnabled: false
+					detailsViewEnabled: false,
+					filesClient: filesClient
 				}
 			);
 			this.files = OCA.Files.Files;
@@ -88,7 +101,6 @@ OCA.Sharing.PublicApp = {
 
 
 		// dynamically load image previews
-		var token = $('#sharingToken').val();
 		var bottomMargin = 350;
 		var previewWidth = Math.ceil($(window).width() * window.devicePixelRatio);
 		var previewHeight = Math.ceil(($(window).height() - bottomMargin) * window.devicePixelRatio);
diff --git a/apps/files_sharing/tests/js/publicAppSpec.js b/apps/files_sharing/tests/js/publicAppSpec.js
index d496b78acfa..8a644232e6c 100644
--- a/apps/files_sharing/tests/js/publicAppSpec.js
+++ b/apps/files_sharing/tests/js/publicAppSpec.js
@@ -21,11 +21,14 @@
 
 describe('OCA.Sharing.PublicApp tests', function() {
 	var App = OCA.Sharing.PublicApp;
+	var hostStub, portStub, protocolStub, webrootStub;
 	var $preview;
-	var fileListIn;
-	var fileListOut;
 
 	beforeEach(function() {
+		protocolStub = sinon.stub(OC, 'getProtocol').returns('https');
+		hostStub = sinon.stub(OC, 'getHost').returns('example.com');
+		portStub = sinon.stub(OC, 'getPort').returns(8080);
+		webrootStub = sinon.stub(OC, 'getRootPath').returns('/owncloud');
 		$preview = $('<div id="preview"></div>');
 		$('#testArea').append($preview);
 		$preview.append(
@@ -35,6 +38,13 @@ describe('OCA.Sharing.PublicApp tests', function() {
 		);
 	});
 
+	afterEach(function() {
+		protocolStub.restore();
+		hostStub.restore();
+		portStub.restore();
+		webrootStub.restore();
+	});
+
 	describe('File list', function() {
 		// TODO: this should be moved to a separate file once the PublicFileList is extracted from public.js
 		beforeEach(function() {
@@ -78,6 +88,12 @@ describe('OCA.Sharing.PublicApp tests', function() {
 			App._initialized = false;
 		});
 
+		it('Uses public webdav endpoint', function() {
+			expect(fakeServer.requests.length).toEqual(1);
+			expect(fakeServer.requests[0].method).toEqual('PROPFIND');
+			expect(fakeServer.requests[0].url).toEqual('https://sh4tok@example.com:8080/owncloud/public.php/webdav/subdir');
+		});
+
 		describe('Download Url', function() {
 			var fileList;