diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-08-29 11:21:44 +0200 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2016-09-06 16:20:36 +0200 |
| commit | d8d29f2221f50e842f76cf12cebfab40d7357cfc (patch) | |
| tree | 0c3e69cab1d45d48c887d9609d7f6320b68e243c /apps | |
| parent | 7c042a47e82271f61020009e19b52715c0ef178c (diff) | |
| download | nextcloud-server-d8d29f2221f50e842f76cf12cebfab40d7357cfc.tar.gz nextcloud-server-d8d29f2221f50e842f76cf12cebfab40d7357cfc.zip | |
Allow increasing permissions for share owner
In some cases, the owner of the share is also recipient through a group
share. The owner must still be able to increase permissions in that
situation.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_sharing/lib/API/Share20OCS.php | 2 | ||||
| -rw-r--r-- | apps/files_sharing/tests/API/Share20OCSTest.php | 108 |
2 files changed, 109 insertions, 1 deletions
diff --git a/apps/files_sharing/lib/API/Share20OCS.php b/apps/files_sharing/lib/API/Share20OCS.php index 436b8d15ac8..3372e5f2cb2 100644 --- a/apps/files_sharing/lib/API/Share20OCS.php +++ b/apps/files_sharing/lib/API/Share20OCS.php @@ -665,7 +665,7 @@ class Share20OCS { } } - if ($permissions !== null) { + if ($permissions !== null && $share->getShareOwner() !== $this->currentUser->getUID()) { /* Check if this is an incomming share */ $incomingShares = $this->shareManager->getSharedWith($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_USER, $share->getNode(), -1, 0); $incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0)); diff --git a/apps/files_sharing/tests/API/Share20OCSTest.php b/apps/files_sharing/tests/API/Share20OCSTest.php index 6435c992f25..27ea30860b5 100644 --- a/apps/files_sharing/tests/API/Share20OCSTest.php +++ b/apps/files_sharing/tests/API/Share20OCSTest.php @@ -1764,6 +1764,114 @@ class Share20OCSTest extends \Test\TestCase { $this->assertEquals($expected->getData(), $result->getData()); } + public function testUpdateShareCannotIncreasePermissions() { + $ocs = $this->mockFormatShare(); + + $date = new \DateTime('2000-01-01'); + + $folder = $this->getMock('\OCP\Files\Folder'); + + $share = \OC::$server->getShareManager()->newShare(); + $share + ->setId(42) + ->setSharedBy($this->currentUser->getUID()) + ->setShareOwner('anotheruser') + ->setShareType(\OCP\Share::SHARE_TYPE_GROUP) + ->setSharedWith('group1') + ->setPermissions(\OCP\Constants::PERMISSION_READ) + ->setNode($folder); + + // note: updateShare will modify the received instance but getSharedWith will reread from the database, + // so their values will be different + $incomingShare = \OC::$server->getShareManager()->newShare(); + $incomingShare + ->setId(42) + ->setSharedBy($this->currentUser->getUID()) + ->setShareOwner('anotheruser') + ->setShareType(\OCP\Share::SHARE_TYPE_GROUP) + ->setSharedWith('group1') + ->setPermissions(\OCP\Constants::PERMISSION_READ) + ->setNode($folder); + + $this->request + ->method('getParam') + ->will($this->returnValueMap([ + ['permissions', null, '31'], + ])); + + $this->shareManager->method('getShareById')->with('ocinternal:42')->willReturn($share); + + $this->shareManager->expects($this->any(0)) + ->method('getSharedWith') + ->will($this->returnValueMap([ + ['currentUser', \OCP\Share::SHARE_TYPE_USER, $share->getNode(), -1, 0, []], + ['currentUser', \OCP\Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0, [$incomingShare]] + ])); + + $this->shareManager->expects($this->never())->method('updateShare'); + + $expected = new \OC_OCS_Result(null, 404, 'Cannot increase permissions'); + $result = $ocs->updateShare(42); + + $this->assertEquals($expected->getMeta(), $result->getMeta()); + $this->assertEquals($expected->getData(), $result->getData()); + } + + public function testUpdateShareCanIncreasePermissionsIfOwner() { + $ocs = $this->mockFormatShare(); + + $date = new \DateTime('2000-01-01'); + + $folder = $this->getMock('\OCP\Files\Folder'); + + $share = \OC::$server->getShareManager()->newShare(); + $share + ->setId(42) + ->setSharedBy($this->currentUser->getUID()) + ->setShareOwner($this->currentUser->getUID()) + ->setShareType(\OCP\Share::SHARE_TYPE_GROUP) + ->setSharedWith('group1') + ->setPermissions(\OCP\Constants::PERMISSION_READ) + ->setNode($folder); + + // note: updateShare will modify the received instance but getSharedWith will reread from the database, + // so their values will be different + $incomingShare = \OC::$server->getShareManager()->newShare(); + $incomingShare + ->setId(42) + ->setSharedBy($this->currentUser->getUID()) + ->setShareOwner($this->currentUser->getUID()) + ->setShareType(\OCP\Share::SHARE_TYPE_GROUP) + ->setSharedWith('group1') + ->setPermissions(\OCP\Constants::PERMISSION_READ) + ->setNode($folder); + + $this->request + ->method('getParam') + ->will($this->returnValueMap([ + ['permissions', null, '31'], + ])); + + $this->shareManager->method('getShareById')->with('ocinternal:42')->willReturn($share); + + $this->shareManager->expects($this->any(0)) + ->method('getSharedWith') + ->will($this->returnValueMap([ + ['currentUser', \OCP\Share::SHARE_TYPE_USER, $share->getNode(), -1, 0, []], + ['currentUser', \OCP\Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0, [$incomingShare]] + ])); + + $this->shareManager->expects($this->once()) + ->method('updateShare') + ->with($share) + ->willReturn($share); + + $expected = new \OC_OCS_Result(); + $result = $ocs->updateShare(42); + + $this->assertEquals($expected->getMeta(), $result->getMeta()); + $this->assertEquals($expected->getData(), $result->getData()); + } public function dataFormatShare() { $file = $this->getMock('\OCP\Files\File'); $folder = $this->getMock('\OCP\Files\Folder'); |