allow admin to disable sharing for specific groups of users

7 files changed, 121 insertions, 15 deletions

diff --git a/apps/files/css/files.css b/apps/files/css/files.css
index 009cb355ba7..731dd7a23e7 100644
--- a/apps/files/css/files.css
+++ b/apps/files/css/files.css
@@ -358,6 +358,10 @@ table td.filename form { font-size:14px; margin-left:48px; margin-right:48px; }
 	padding: 28px 14px 19px !important;
 }
 
+#fileList .action.action-share-notification span, img, a {
+	cursor: default !important;
+}
+
 a.action>img { max-height:16px; max-width:16px; vertical-align:text-bottom; }
 
 /* Actions for selected files */
diff --git a/apps/files_sharing/js/share.js b/apps/files_sharing/js/share.js
index 7d68a8d8860..1b04097ccb1 100644
--- a/apps/files_sharing/js/share.js
+++ b/apps/files_sharing/js/share.js
@@ -27,13 +27,29 @@ $(document).ready(function() {
 		}
 
 		$('#fileList').on('fileActionsReady',function(){
-			var $fileList = $(this);
-			var allShared = $fileList.find('[data-share-owner] [data-Action="Share"]');
-			allShared.addClass('permanent');
-			allShared.find('span').text(function(){
-				var $owner = $(this).closest('tr').attr('data-share-owner');
-				return ' ' + t('files_sharing', 'Shared by {owner}', {owner: $owner});
-			});
+			// if no share action exists because the admin disabled sharing for this user
+			// we create a share notification action to inform the user about files
+			// shared with him otherwise we just update the existing share action.
+			var allShared;
+			if (oc_appconfig.core.sharingDisabledForUser) {
+				var $fileList = $(this);
+				allShared = $fileList.find('[data-share-owner]');
+				var shareNotification = '<a class="action action-share-notification permanent"' +
+						' data-action="Share-Notification" href="#" original-title="">' +
+						' <img class="svg" src="' + OC.imagePath('core', 'actions/share') + '"></img>';
+				$(allShared).find('.fileactions').append(function() {
+					var owner = $(this).closest('tr').attr('data-share-owner');
+					var shareBy = t('files_sharing', 'Shared by {owner}', {owner: owner});
+					return shareNotification + '<span> ' + shareBy + '</span></span>';
+				});
+			} else {
+				allShared = $fileList.find('[data-share-owner] [data-Action="Share"]');
+				allShared.addClass('permanent');
+				allShared.find('span').text(function(){
+					var $owner = $(this).closest('tr').attr('data-share-owner');
+					return ' ' + t('files_sharing', 'Shared by {owner}', {owner: $owner});
+				});
+			}
 
 			// FIXME: these calls are also working on hard-coded
 			// list selectors...
@@ -48,7 +64,7 @@ $(document).ready(function() {
 			}
 		});
 
-		FileActions.register('all', 'Share', OC.PERMISSION_READ, OC.imagePath('core', 'actions/share'), function(filename) {
+		FileActions.register('all', 'Share', OC.PERMISSION_SHARE, OC.imagePath('core', 'actions/share'), function(filename) {
 			var tr = FileList.findFileEl(filename);
 			var itemType = 'file';
 			if ($(tr).data('type') == 'dir') {
diff --git a/apps/files_sharing/lib/permissions.php b/apps/files_sharing/lib/permissions.php
index c3ad63e2fd2..f32ebabe40d 100644
--- a/apps/files_sharing/lib/permissions.php
+++ b/apps/files_sharing/lib/permissions.php
@@ -30,6 +30,7 @@ class Shared_Permissions extends Permissions {
 	 * @return int (-1 if file no permissions set)
 	 */
 	public function get($fileId, $user) {
+
 		if ($fileId == -1) {
 			// if we ask for the mount point return -1 so that we can get the correct
 			// permissions by the path, with the root fileId we have no idea which share is meant
@@ -37,11 +38,14 @@ class Shared_Permissions extends Permissions {
 		}
 		$source = \OCP\Share::getItemSharedWithBySource('file', $fileId, \OC_Share_Backend_File::FORMAT_SHARED_STORAGE,
 			null, true);
+
+		$permission = -1;
+
 		if ($source) {
-			return $source['permissions'];
-		} else {
-			return -1;
+			$permission = $this->updatePermissions($source['permissions']);
 		}
+
+		return $permission;
 	}
 
 	/**
@@ -55,7 +59,7 @@ class Shared_Permissions extends Permissions {
 		$source = \OCP\Share::getItemSharedWithBySource('file', $fileId, \OC_Share_Backend_File::FORMAT_SHARED_STORAGE,
 			null, false);
 		if ($source) {
-			return $source['permissions'];
+			return $this->updatePermissions($source['permissions']);
 		} else {
 			return -1;
 		}
@@ -106,7 +110,7 @@ class Shared_Permissions extends Permissions {
 		$result = $query->execute(array($parentId));
 		$filePermissions = array();
 		while ($row = $result->fetchRow()) {
-			$filePermissions[$row['fileid']] = $permissions;
+			$filePermissions[$row['fileid']] = $this->updatePermissions($permissions);
 		}
 		return $filePermissions;
 	}
diff --git a/apps/files_sharing/lib/sharedstorage.php b/apps/files_sharing/lib/sharedstorage.php
index c18e30966f0..07a0acf00a5 100644
--- a/apps/files_sharing/lib/sharedstorage.php
+++ b/apps/files_sharing/lib/sharedstorage.php
@@ -108,6 +108,11 @@ class Shared extends \OC\Files\Storage\Common {
 		if (pathinfo($target, PATHINFO_EXTENSION) === 'part') {
 			$permissions |= \OCP\PERMISSION_DELETE;
 		}
+
+		if (\OC_Util::isSharingDisabledForUser()) {
+			$permissions &= ~\OCP\PERMISSION_SHARE;
+		}
+
 		return $permissions;
 	}
 
@@ -198,6 +203,9 @@ class Shared extends \OC\Files\Storage\Common {
 	}
 
 	public function isSharable($path) {
+		if (\OCP\Util::isSharingDisabledForUser()) {
+			return false;
+		}
 		return ($this->getPermissions($path) & \OCP\PERMISSION_SHARE);
 	}
 
diff --git a/apps/files_sharing/tests/api.php b/apps/files_sharing/tests/api.php
index dc07c6fc620..6d0ed434ef2 100644
--- a/apps/files_sharing/tests/api.php
+++ b/apps/files_sharing/tests/api.php
@@ -171,6 +171,78 @@ class Test_Files_Sharing_Api extends Test_Files_Sharing_Base {
 		$appConfig->setValue('core', 'shareapi_enforce_links_password', 'no');
 	}
 
+	/**
+	 * @medium
+	*/
+	function testSharePermissions() {
+
+		// sharing file to a user should work if shareapi_exclude_groups is set
+		// to no
+		\OC_Appconfig::setValue('core', 'shareapi_exclude_groups', 'no');
+		$_POST['path'] = $this->filename;
+		$_POST['shareWith'] = \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2;
+		$_POST['shareType'] = \OCP\Share::SHARE_TYPE_USER;
+
+		$result = Share\Api::createShare(array());
+
+		$this->assertTrue($result->succeeded());
+		$data = $result->getData();
+
+		$share = $this->getShareFromId($data['id']);
+
+		$items = \OCP\Share::getItemShared('file', $share['item_source']);
+
+		$this->assertTrue(!empty($items));
+
+		$fileinfo = $this->view->getFileInfo($this->filename);
+
+		$result = \OCP\Share::unshare('file', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_USER,
+				\Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2);
+
+		$this->assertTrue($result);
+
+		// exclude groups, but not the group the user belongs to. Sharing should still work
+		\OC_Appconfig::setValue('core', 'shareapi_exclude_groups', 'yes');
+		\OC_Appconfig::setValue('core', 'shareapi_exclude_groups_list', 'admin,group1,group2');
+
+		$_POST['path'] = $this->filename;
+		$_POST['shareWith'] = \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2;
+		$_POST['shareType'] = \OCP\Share::SHARE_TYPE_USER;
+
+		$result = Share\Api::createShare(array());
+
+		$this->assertTrue($result->succeeded());
+		$data = $result->getData();
+
+		$share = $this->getShareFromId($data['id']);
+
+		$items = \OCP\Share::getItemShared('file', $share['item_source']);
+
+		$this->assertTrue(!empty($items));
+
+		$fileinfo = $this->view->getFileInfo($this->filename);
+
+		$result = \OCP\Share::unshare('file', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_USER,
+				\Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2);
+
+		$this->assertTrue($result);
+
+		// now we exclude the group the user belongs to ('group'), sharing should fail now
+		\OC_Appconfig::setValue('core', 'shareapi_exclude_groups_list', 'admin,group');
+
+		$_POST['path'] = $this->filename;
+		$_POST['shareWith'] = \Test_Files_Sharing_Api::TEST_FILES_SHARING_API_USER2;
+		$_POST['shareType'] = \OCP\Share::SHARE_TYPE_USER;
+
+		$result = Share\Api::createShare(array());
+
+		$this->assertFalse($result->succeeded());
+
+		// cleanup
+		\OC_Appconfig::setValue('core', 'shareapi_exclude_groups', 'no');
+		\OC_Appconfig::setValue('core', 'shareapi_exclude_groups_list', '');
+	}
+
 
 	/**
 	 * @medium
diff --git a/apps/files_sharing/tests/base.php b/apps/files_sharing/tests/base.php
index 7cd36b9d419..34ec4a36ede 100644
--- a/apps/files_sharing/tests/base.php
+++ b/apps/files_sharing/tests/base.php
@@ -109,6 +109,8 @@ abstract class Test_Files_Sharing_Base extends \PHPUnit_Framework_TestCase {
 
 		if ($create) {
 			\OC_User::createUser($user, $password);
+			\OC_Group::createGroup('group');
+			\OC_Group::addToGroup($user, 'group');
 		}
 
 		\OC_Util::tearDownFS();
diff --git a/apps/files_sharing/tests/proxy.php b/apps/files_sharing/tests/proxy.php
index 402402082df..634ed86db54 100644
--- a/apps/files_sharing/tests/proxy.php
+++ b/apps/files_sharing/tests/proxy.php
@@ -25,9 +25,9 @@ require_once __DIR__ . '/base.php';
 use OCA\Files\Share;
 
 /**
- * Class Test_Files_Sharing_Api
+ * Class Test_Files_Sharing_Proxy
  */
-class Test_Files_Sharing_Api extends Test_Files_Sharing_Base {
+class Test_Files_Sharing_Proxy extends Test_Files_Sharing_Base {
 
 	const TEST_FOLDER_NAME = '/folder_share_api_test';