feat(files_sharing): allow to specify allowed groups to share instead of excluded groups

Relates to #3387 Signed-off-by: Corentin Damman <c.damman@intopix.com>
author: Corentin Damman <c.damman@intopix.com> 2022-09-16 17:43:01 +0200
committer: skjnldsv <skjnldsv@protonmail.com> 2024-03-15 16:52:59 +0100
commit: 0fa9f3049f20ee4d573a6c615ebf9e7ecf7abdd1 (patch)
tree: 29110a4f03ce26db4419817aec2b2e996b22bd27 /lib/private
parent: a0913739c68d9c4263fc0a9fa7e58f4276458f45 (diff)
download: nextcloud-server-0fa9f3049f20ee4d573a6c615ebf9e7ecf7abdd1.tar.gz
nextcloud-server-0fa9f3049f20ee4d573a6c615ebf9e7ecf7abdd1.zip
2 files changed, 36 insertions, 12 deletions
diff --git a/lib/private/Contacts/ContactsMenu/ContactsStore.php b/lib/private/Contacts/ContactsMenu/ContactsStore.php
index 2f141cbc0ab..3b39cc869a7 100644
--- a/lib/private/Contacts/ContactsMenu/ContactsStore.php
+++ b/lib/private/Contacts/ContactsMenu/ContactsStore.php
@@ -193,7 +193,7 @@ class ContactsStore implements IContactsStore {
 		$restrictEnumerationGroup = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
 		$restrictEnumerationPhone = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
 		$allowEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
-		$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes';
+		$excludeGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no');
 
 		// whether to filter out local users
 		$skipLocal = false;
@@ -202,14 +202,22 @@ class ContactsStore implements IContactsStore {
 
 		$selfGroups = $this->groupManager->getUserGroupIds($self);
 
-		if ($excludedGroups) {
+		if ($excludeGroups && $excludeGroups !== 'no') {
 			$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
 			$decodedExcludeGroups = json_decode($excludedGroups, true);
 			$excludeGroupsList = $decodedExcludeGroups ?? [];
 
-			if (count(array_intersect($excludeGroupsList, $selfGroups)) !== 0) {
-				// a group of the current user is excluded -> filter all local users
+			if ($excludeGroups != 'allow') {
+				if (count(array_intersect($excludeGroupsList, $selfGroups)) !== 0) {
+					// a group of the current user is excluded -> filter all local users
+					$skipLocal = true;
+				}
+			} else {
 				$skipLocal = true;
+				if (count(array_intersect($excludeGroupsList, $selfGroups)) !== 0) {
+					// a group of the current user is allowed -> do not filter all local users
+					$skipLocal = false;
+				}
 			}
 		}
 
diff --git a/lib/private/Share20/ShareDisableChecker.php b/lib/private/Share20/ShareDisableChecker.php
index 9d0c2b8c2b4..1e72ce84a59 100644
--- a/lib/private/Share20/ShareDisableChecker.php
+++ b/lib/private/Share20/ShareDisableChecker.php
@@ -35,7 +35,9 @@ class ShareDisableChecker {
 			return $this->sharingDisabledForUsersCache[$userId];
 		}
 
-		if ($this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') {
+		$excludeGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no');
+
+		if ($excludeGroups && $excludeGroups !== 'no') {
 			$groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
 			$excludedGroups = json_decode($groupsList);
 			if (is_null($excludedGroups)) {
@@ -48,14 +50,28 @@ class ShareDisableChecker {
 				return false;
 			}
 			$usersGroups = $this->groupManager->getUserGroupIds($user);
-			if (!empty($usersGroups)) {
-				$remainingGroups = array_diff($usersGroups, $excludedGroups);
-				// if the user is only in groups which are disabled for sharing then
-				// sharing is also disabled for the user
-				if (empty($remainingGroups)) {
-					$this->sharingDisabledForUsersCache[$userId] = true;
-					return true;
+			if ($excludeGroups !== 'allow') {
+				if (!empty($usersGroups)) {
+					$remainingGroups = array_diff($usersGroups, $excludedGroups);
+					// if the user is only in groups which are disabled for sharing then
+					// sharing is also disabled for the user
+					if (empty($remainingGroups)) {
+						$this->sharingDisabledForUsersCache[$userId] = true;
+						return true;
+					}
+				}
+			} else {
+				if (!empty($usersGroups)) {
+					$remainingGroups = array_intersect($usersGroups, $excludedGroups);
+					// if the user is in any group which is allowed for sharing then
+					// sharing is also allowed for the user
+					if (!empty($remainingGroups)) {
+						$this->sharingDisabledForUsersCache[$userId] = false;
+						return false;
+					}
 				}
+				$this->sharingDisabledForUsersCache[$userId] = true;
+				return true;
 			}
 		}
author	Corentin Damman <c.damman@intopix.com>	2022-09-16 17:43:01 +0200
committer	skjnldsv <skjnldsv@protonmail.com>	2024-03-15 16:52:59 +0100
commit	0fa9f3049f20ee4d573a6c615ebf9e7ecf7abdd1 (patch)
tree	29110a4f03ce26db4419817aec2b2e996b22bd27 /lib/private
parent	a0913739c68d9c4263fc0a9fa7e58f4276458f45 (diff)
download	nextcloud-server-0fa9f3049f20ee4d573a6c615ebf9e7ecf7abdd1.tar.gz nextcloud-server-0fa9f3049f20ee4d573a6c615ebf9e7ecf7abdd1.zip