diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2021-05-21 15:35:39 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-21 15:35:39 +0200 |
| commit | f1dbabd9109c08e62d6f82124c63201c96ad2203 (patch) | |
| tree | ea6b862c1fa97ec5ad03895c120268bd25d1d35e /lib/private | |
| parent | b1ad3faf14140e3c85a7eec1dade88cd551cc747 (diff) | |
| parent | 8d7fae8fae054eaa08635fea3ba092196c6f8b84 (diff) | |
| download | nextcloud-server-f1dbabd9109c08e62d6f82124c63201c96ad2203.tar.gz nextcloud-server-f1dbabd9109c08e62d6f82124c63201c96ad2203.zip | |
Merge pull request #26727 from nextcloud/group-exclude-link-share
Add option to exclude groups from creating link shares
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Server.php | 3 | ||||
| -rw-r--r-- | lib/private/Share20/Manager.php | 120 | ||||
| -rw-r--r-- | lib/private/legacy/OC_Util.php | 40 |
3 files changed, 73 insertions, 90 deletions
diff --git a/lib/private/Server.php b/lib/private/Server.php index f7eaf9f3591..9047a7c454d 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -1234,7 +1234,8 @@ class Server extends ServerContainer implements IServerContainer { $c->get(IMailer::class), $c->get(IURLGenerator::class), $c->get('ThemingDefaults'), - $c->get(IEventDispatcher::class) + $c->get(IEventDispatcher::class), + $c->get(IUserSession::class) ); return $manager; diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 983653b7661..5cb51dd0ad5 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -57,6 +57,7 @@ use OCP\ILogger; use OCP\IURLGenerator; use OCP\IUser; use OCP\IUserManager; +use OCP\IUserSession; use OCP\L10N\IFactory; use OCP\Mail\IMailer; use OCP\Security\Events\ValidatePasswordPolicyEvent; @@ -104,8 +105,6 @@ class Manager implements IManager { private $sharingDisabledForUsersCache; /** @var EventDispatcherInterface */ private $legacyDispatcher; - /** @var LegacyHooks */ - private $legacyHooks; /** @var IMailer */ private $mailer; /** @var IURLGenerator */ @@ -114,44 +113,26 @@ class Manager implements IManager { private $defaults; /** @var IEventDispatcher */ private $dispatcher; + private $userSession; - - /** - * Manager constructor. - * - * @param ILogger $logger - * @param IConfig $config - * @param ISecureRandom $secureRandom - * @param IHasher $hasher - * @param IMountManager $mountManager - * @param IGroupManager $groupManager - * @param IL10N $l - * @param IFactory $l10nFactory - * @param IProviderFactory $factory - * @param IUserManager $userManager - * @param IRootFolder $rootFolder - * @param EventDispatcherInterface $eventDispatcher - * @param IMailer $mailer - * @param IURLGenerator $urlGenerator - * @param \OC_Defaults $defaults - */ public function __construct( - ILogger $logger, - IConfig $config, - ISecureRandom $secureRandom, - IHasher $hasher, - IMountManager $mountManager, - IGroupManager $groupManager, - IL10N $l, - IFactory $l10nFactory, - IProviderFactory $factory, - IUserManager $userManager, - IRootFolder $rootFolder, - EventDispatcherInterface $legacyDispatcher, - IMailer $mailer, - IURLGenerator $urlGenerator, - \OC_Defaults $defaults, - IEventDispatcher $dispatcher + ILogger $logger, + IConfig $config, + ISecureRandom $secureRandom, + IHasher $hasher, + IMountManager $mountManager, + IGroupManager $groupManager, + IL10N $l, + IFactory $l10nFactory, + IProviderFactory $factory, + IUserManager $userManager, + IRootFolder $rootFolder, + EventDispatcherInterface $legacyDispatcher, + IMailer $mailer, + IURLGenerator $urlGenerator, + \OC_Defaults $defaults, + IEventDispatcher $dispatcher, + IUserSession $userSession ) { $this->logger = $logger; $this->config = $config; @@ -166,11 +147,11 @@ class Manager implements IManager { $this->rootFolder = $rootFolder; $this->legacyDispatcher = $legacyDispatcher; $this->sharingDisabledForUsersCache = new CappedMemoryCache(); - $this->legacyHooks = new LegacyHooks($this->legacyDispatcher); $this->mailer = $mailer; $this->urlGenerator = $urlGenerator; $this->defaults = $defaults; $this->dispatcher = $dispatcher; + $this->userSession = $userSession; } /** @@ -274,7 +255,7 @@ class Manager implements IManager { // And it should be a file or a folder if (!($share->getNode() instanceof \OCP\Files\File) && - !($share->getNode() instanceof \OCP\Files\Folder)) { + !($share->getNode() instanceof \OCP\Files\Folder)) { throw new \InvalidArgumentException('Path should be either a file or a folder'); } @@ -422,13 +403,13 @@ class Manager implements IManager { } if ($fullId === null && $expirationDate === null && $defaultExpireDate) { $expirationDate = new \DateTime(); - $expirationDate->setTime(0,0,0); + $expirationDate->setTime(0, 0, 0); $days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays); if ($days > $defaultExpireDays) { $days = $defaultExpireDays; } - $expirationDate->add(new \DateInterval('P'.$days.'D')); + $expirationDate->add(new \DateInterval('P' . $days . 'D')); } // If we enforce the expiration date check that is does not exceed @@ -498,13 +479,13 @@ class Manager implements IManager { if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) { $expirationDate = new \DateTime(); - $expirationDate->setTime(0,0,0); + $expirationDate->setTime(0, 0, 0); $days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', $this->shareApiLinkDefaultExpireDays()); if ($days > $this->shareApiLinkDefaultExpireDays()) { $days = $this->shareApiLinkDefaultExpireDays(); } - $expirationDate->add(new \DateInterval('P'.$days.'D')); + $expirationDate->add(new \DateInterval('P' . $days . 'D')); } // If we enforce the expiration date check that is does not exceed @@ -553,8 +534,8 @@ class Manager implements IManager { $sharedWith = $this->userManager->get($share->getSharedWith()); // Verify we can share with this user $groups = array_intersect( - $this->groupManager->getUserGroupIds($sharedBy), - $this->groupManager->getUserGroupIds($sharedWith) + $this->groupManager->getUserGroupIds($sharedBy), + $this->groupManager->getUserGroupIds($sharedWith) ); if (empty($groups)) { $message_t = $this->l->t('Sharing is only allowed with group members'); @@ -919,7 +900,7 @@ class Manager implements IManager { '%1$s via %2$s', [ $initiatorDisplayName, - $instanceName + $instanceName, ] ); $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]); @@ -1102,7 +1083,7 @@ class Manager implements IManager { * @since 9.0.0 */ public function acceptShare(IShare $share, string $recipientId): IShare { - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); if (!method_exists($provider, 'acceptShare')) { @@ -1127,10 +1108,10 @@ class Manager implements IManager { */ private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) { $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) && - (($share->getPassword() !== null && $originalShare->getPassword() === null) || - ($share->getPassword() === null && $originalShare->getPassword() !== null) || - ($share->getPassword() !== null && $originalShare->getPassword() !== null && - !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); + (($share->getPassword() !== null && $originalShare->getPassword() === null) || + ($share->getPassword() === null && $originalShare->getPassword() !== null) || + ($share->getPassword() !== null && $originalShare->getPassword() !== null && + !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); // Password updated. if ($passwordsAreDifferent) { @@ -1225,7 +1206,7 @@ class Manager implements IManager { * @param string $recipientId */ public function deleteFromSelf(IShare $share, $recipientId) { - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); $provider->deleteFromSelf($share, $recipientId); @@ -1234,7 +1215,7 @@ class Manager implements IManager { } public function restoreShare(IShare $share, string $recipientId): IShare { - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); return $provider->restore($share, $recipientId); @@ -1264,7 +1245,7 @@ class Manager implements IManager { } } - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); return $provider->move($share, $recipientId); @@ -1291,8 +1272,8 @@ class Manager implements IManager { */ public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0) { if ($path !== null && - !($path instanceof \OCP\Files\File) && - !($path instanceof \OCP\Files\Folder)) { + !($path instanceof \OCP\Files\File) && + !($path instanceof \OCP\Files\Folder)) { throw new \InvalidArgumentException('invalid path'); } @@ -1533,8 +1514,8 @@ class Manager implements IManager { */ public function checkPassword(IShare $share, $password) { $passwordProtected = $share->getShareType() !== IShare::TYPE_LINK - || $share->getShareType() !== IShare::TYPE_EMAIL - || $share->getShareType() !== IShare::TYPE_CIRCLE; + || $share->getShareType() !== IShare::TYPE_EMAIL + || $share->getShareType() !== IShare::TYPE_CIRCLE; if (!$passwordProtected) { //TODO maybe exception? return false; @@ -1756,7 +1737,20 @@ class Manager implements IManager { * @return bool */ public function shareApiAllowLinks() { - return $this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes'; + if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') { + return false; + } + + $user = $this->userSession->getUser(); + if ($user) { + $excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]')); + if ($excludedGroups) { + $userGroups = $this->groupManager->getUserGroupIds($user); + return !(bool)array_intersect($excludedGroups, $userGroups); + } + } + + return true; } /** @@ -1780,6 +1774,7 @@ class Manager implements IManager { /** * Is default link expire date enforced *` + * * @return bool */ public function shareApiLinkDefaultExpireDateEnforced() { @@ -1790,6 +1785,7 @@ class Manager implements IManager { /** * Number of default link expire days + * * @return int */ public function shareApiLinkDefaultExpireDays() { @@ -1836,6 +1832,7 @@ class Manager implements IManager { /** * Number of default expire days + * * @return int */ public function shareApiInternalDefaultExpireDays(): int { @@ -1844,6 +1841,7 @@ class Manager implements IManager { /** * Number of default expire days for remote shares + * * @return int */ public function shareApiRemoteDefaultExpireDays(): int { @@ -1861,6 +1859,7 @@ class Manager implements IManager { /** * check if user can only share with group members + * * @return bool */ public function shareWithGroupMembersOnly() { @@ -1869,6 +1868,7 @@ class Manager implements IManager { /** * Check if users can share with groups + * * @return bool */ public function allowGroupSharing() { diff --git a/lib/private/legacy/OC_Util.php b/lib/private/legacy/OC_Util.php index 63eaf303759..c9e19221f95 100644 --- a/lib/private/legacy/OC_Util.php +++ b/lib/private/legacy/OC_Util.php @@ -72,6 +72,7 @@ use OCP\IGroupManager; use OCP\ILogger; use OCP\IUser; use OCP\IUserSession; +use OCP\Share\IManager; use Psr\Log\LoggerInterface; class OC_Util { @@ -336,8 +337,9 @@ class OC_Util { * @suppress PhanDeprecatedFunction */ public static function isPublicLinkPasswordRequired() { - $enforcePassword = \OC::$server->getConfig()->getAppValue('core', 'shareapi_enforce_links_password', 'no'); - return $enforcePassword === 'yes'; + /** @var IManager $shareManager */ + $shareManager = \OC::$server->get(IManager::class); + return $shareManager->shareApiLinkEnforcePassword(); } /** @@ -348,25 +350,10 @@ class OC_Util { * @return bool */ public static function isSharingDisabledForUser(IConfig $config, IGroupManager $groupManager, $user) { - if ($config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') { - $groupsList = $config->getAppValue('core', 'shareapi_exclude_groups_list', ''); - $excludedGroups = json_decode($groupsList); - if (is_null($excludedGroups)) { - $excludedGroups = explode(',', $groupsList); - $newValue = json_encode($excludedGroups); - $config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue); - } - $usersGroups = $groupManager->getUserGroupIds($user); - if (!empty($usersGroups)) { - $remainingGroups = array_diff($usersGroups, $excludedGroups); - // if the user is only in groups which are disabled for sharing then - // sharing is also disabled for the user - if (empty($remainingGroups)) { - return true; - } - } - } - return false; + /** @var IManager $shareManager */ + $shareManager = \OC::$server->get(IManager::class); + $userId = $user ? $user->getUID() : null; + return $shareManager->sharingDisabledForUser($userId); } /** @@ -376,14 +363,9 @@ class OC_Util { * @suppress PhanDeprecatedFunction */ public static function isDefaultExpireDateEnforced() { - $isDefaultExpireDateEnabled = \OC::$server->getConfig()->getAppValue('core', 'shareapi_default_expire_date', 'no'); - $enforceDefaultExpireDate = false; - if ($isDefaultExpireDateEnabled === 'yes') { - $value = \OC::$server->getConfig()->getAppValue('core', 'shareapi_enforce_expire_date', 'no'); - $enforceDefaultExpireDate = $value === 'yes'; - } - - return $enforceDefaultExpireDate; + /** @var IManager $shareManager */ + $shareManager = \OC::$server->get(IManager::class); + return $shareManager->shareApiLinkDefaultExpireDateEnforced(); } /** |