diff options
author | Bjoern Schiessle <schiessle@owncloud.com> | 2015-03-31 16:23:31 +0200 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-04-07 13:30:29 +0200 |
commit | e4895bda01f9c94fc33e094ae9466e1cf5502916 (patch) | |
tree | f78a79ef0c3035d443fc10e2eaedcb4f436d7091 /lib | |
parent | bd933b1c85dff950e83591a6245ba2e15db33caf (diff) | |
download | nextcloud-server-e4895bda01f9c94fc33e094ae9466e1cf5502916.tar.gz nextcloud-server-e4895bda01f9c94fc33e094ae9466e1cf5502916.zip |
add helper class accessible for encryption modules to ask for a list of users with access to a file, needed to apply the recovery key to all files
Diffstat (limited to 'lib')
-rw-r--r-- | lib/base.php | 1 | ||||
-rw-r--r-- | lib/private/encryption/file.php | 81 | ||||
-rw-r--r-- | lib/private/encryption/update.php | 8 | ||||
-rw-r--r-- | lib/private/encryption/util.php | 47 | ||||
-rw-r--r-- | lib/private/files/stream/encryption.php | 9 | ||||
-rw-r--r-- | lib/private/server.php | 12 | ||||
-rw-r--r-- | lib/public/encryption/ifile.php | 36 | ||||
-rw-r--r-- | lib/public/encryption/imanager.php | 4 | ||||
-rw-r--r-- | lib/public/iservercontainer.php | 5 |
9 files changed, 153 insertions, 50 deletions
diff --git a/lib/base.php b/lib/base.php index a5ca08123ac..1d536464153 100644 --- a/lib/base.php +++ b/lib/base.php @@ -723,6 +723,7 @@ class OC { \OC::$server->getConfig()), \OC\Files\Filesystem::getMountManager(), \OC::$server->getEncryptionManager(), + \OC::$server->getEncryptionFilesHelper(), $uid ); \OCP\Util::connectHook('OCP\Share', 'post_shared', $updater, 'postShared'); diff --git a/lib/private/encryption/file.php b/lib/private/encryption/file.php new file mode 100644 index 00000000000..f231500fb02 --- /dev/null +++ b/lib/private/encryption/file.php @@ -0,0 +1,81 @@ +<?php + +/** + * ownCloud + * + * @copyright (C) 2015 ownCloud, Inc. + * + * @author Bjoern Schiessle <schiessle@owncloud.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + */ + +namespace OC\Encryption; + +use OC\Encryption\Util; + +class File implements \OCP\Encryption\IFile { + + /** @var Util */ + protected $util; + + public function __construct(Util $util) { + $this->util = $util; + } + + + /** + * get list of users with access to the file + * + * @param $path to the file + * @return array + */ + public function getAccessList($path) { + + // Make sure that a share key is generated for the owner too + list($owner, $ownerPath) = $this->util->getUidAndFilename($path); + + // always add owner to the list of users with access to the file + $userIds = array($owner); + + if (!$this->util->isFile($ownerPath)) { + return array('users' => $userIds, 'public' => false); + } + + $ownerPath = substr($ownerPath, strlen('/files')); + $ownerPath = $this->util->stripPartialFileExtension($ownerPath); + + // Find out who, if anyone, is sharing the file + $result = \OCP\Share::getUsersSharingFile($ownerPath, $owner); + $userIds = \array_merge($userIds, $result['users']); + $public = $result['public'] || $result['remote']; + + // check if it is a group mount + if (\OCP\App::isEnabled("files_external")) { + $mounts = \OC_Mount_Config::getSystemMountPoints(); + foreach ($mounts as $mount) { + if ($mount['mountpoint'] == substr($ownerPath, 1, strlen($mount['mountpoint']))) { + $mountedFor = $this->util->getUserWithAccessToMountPoint($mount['applicable']['users'], $mount['applicable']['groups']); + $userIds = array_merge($userIds, $mountedFor); + } + } + } + + // Remove duplicate UIDs + $uniqueUserIds = array_unique($userIds); + + return array('users' => $uniqueUserIds, 'public' => $public); + } + +}
\ No newline at end of file diff --git a/lib/private/encryption/update.php b/lib/private/encryption/update.php index 06dc330151e..21cedde6140 100644 --- a/lib/private/encryption/update.php +++ b/lib/private/encryption/update.php @@ -46,12 +46,16 @@ class Update { /** @var string */ protected $uid; + /** @var \OC\Encryption\File */ + protected $file; + /** * * @param \OC\Files\View $view * @param \OC\Encryption\Util $util * @param \OC\Files\Mount\Manager $mountManager * @param \OC\Encryption\Manager $encryptionManager + * @param \OC\Encryption\File $file * @param string $uid */ public function __construct( @@ -59,6 +63,7 @@ class Update { Util $util, Mount\Manager $mountManager, Manager $encryptionManager, + File $file, $uid ) { @@ -66,6 +71,7 @@ class Update { $this->util = $util; $this->mountManager = $mountManager; $this->encryptionManager = $encryptionManager; + $this->file = $file; $this->uid = $uid; } @@ -103,7 +109,7 @@ class Update { $encryptionModule = $this->encryptionManager->getDefaultEncryptionModule(); foreach ($allFiles as $path) { - $usersSharing = $this->util->getSharingUsersArray($path); + $usersSharing = $this->file->getAccessList($path); $encryptionModule->update($absPath, $this->uid, $usersSharing); } } diff --git a/lib/private/encryption/util.php b/lib/private/encryption/util.php index 1308d27c924..734da741fdd 100644 --- a/lib/private/encryption/util.php +++ b/lib/private/encryption/util.php @@ -163,49 +163,6 @@ class Util { } /** - * Find, sanitise and format users sharing a file - * @note This wraps other methods into a portable bundle - * @param string $path path relative to current users files folder - * @return array - */ - public function getSharingUsersArray($path) { - - // Make sure that a share key is generated for the owner too - list($owner, $ownerPath) = $this->getUidAndFilename($path); - - // always add owner to the list of users with access to the file - $userIds = array($owner); - - if (!$this->isFile($ownerPath)) { - return array('users' => $userIds, 'public' => false); - } - - $ownerPath = substr($ownerPath, strlen('/files')); - $ownerPath = $this->stripPartialFileExtension($ownerPath); - - // Find out who, if anyone, is sharing the file - $result = \OCP\Share::getUsersSharingFile($ownerPath, $owner); - $userIds = \array_merge($userIds, $result['users']); - $public = $result['public'] || $result['remote']; - - // check if it is a group mount - if (\OCP\App::isEnabled("files_external")) { - $mounts = \OC_Mount_Config::getSystemMountPoints(); - foreach ($mounts as $mount) { - if ($mount['mountpoint'] == substr($ownerPath, 1, strlen($mount['mountpoint']))) { - $mountedFor = $this->getUserWithAccessToMountPoint($mount['applicable']['users'], $mount['applicable']['groups']); - $userIds = array_merge($userIds, $mountedFor); - } - } - } - - // Remove duplicate UIDs - $uniqueUserIds = array_unique($userIds); - - return array('users' => $uniqueUserIds, 'public' => $public); - } - - /** * go recursively through a dir and collect all files and sub files. * * @param string $dir relative to the users files folder @@ -243,7 +200,7 @@ class Util { * @param string $path * @return boolean */ - protected function isFile($path) { + public function isFile($path) { if (substr($path, 0, strlen('/files/')) === '/files/') { return true; } @@ -361,7 +318,7 @@ class Util { } } - protected function getUserWithAccessToMountPoint($users, $groups) { + public function getUserWithAccessToMountPoint($users, $groups) { $result = array(); if (in_array('all', $users)) { $result = \OCP\User::getUsers(); diff --git a/lib/private/files/stream/encryption.php b/lib/private/files/stream/encryption.php index e3927edff2c..a96d573723c 100644 --- a/lib/private/files/stream/encryption.php +++ b/lib/private/files/stream/encryption.php @@ -31,6 +31,9 @@ class Encryption extends Wrapper { /** @var \OC\Encryption\Util */ protected $util; + /** @var \OC\Encryption\File */ + protected $file; + /** @var \OCP\Encryption\IEncryptionModule */ protected $encryptionModule; @@ -97,6 +100,7 @@ class Encryption extends Wrapper { 'encryptionModule', 'header', 'uid', + 'file', 'util', 'size', 'unencryptedSize', @@ -117,6 +121,7 @@ class Encryption extends Wrapper { * @param \OC\Files\Storage\Storage $storage * @param \OC\Files\Storage\Wrapper\Encryption $encStorage * @param \OC\Encryption\Util $util + * @param \OC\Encryption\File $file * @param string $mode * @param int $size * @param int $unencryptedSize @@ -130,6 +135,7 @@ class Encryption extends Wrapper { \OC\Files\Storage\Storage $storage, \OC\Files\Storage\Wrapper\Encryption $encStorage, \OC\Encryption\Util $util, + \OC\Encryption\File $file, $mode, $size, $unencryptedSize) { @@ -144,6 +150,7 @@ class Encryption extends Wrapper { 'header' => $header, 'uid' => $uid, 'util' => $util, + 'file' => $file, 'size' => $size, 'unencryptedSize' => $unencryptedSize, 'encryptionStorage' => $encStorage @@ -229,7 +236,7 @@ class Encryption extends Wrapper { $sharePath = dirname($path); } - $accessList = $this->util->getSharingUsersArray($sharePath); + $accessList = $this->file->getAccessList($sharePath); $this->newHeader = $this->encryptionModule->begin($this->fullPath, $this->uid, $this->header, $accessList); return true; diff --git a/lib/private/server.php b/lib/private/server.php index a38096cf740..661aaf6786d 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -87,6 +87,11 @@ class Server extends SimpleContainer implements IServerContainer { return new Encryption\Manager($c->getConfig()); }); + $this->registerService('EncryptionFileHelper', function (Server $c) { + $util = new \OC\Encryption\Util(new \OC\Files\View(), $c->getUserManager(), $c->getConfig()); + return new Encryption\File($util); + }); + $this->registerService('EncryptionKeyStorageFactory', function ($c) { return new Encryption\Keys\Factory(); }); @@ -408,6 +413,13 @@ class Server extends SimpleContainer implements IServerContainer { } /** + * @return \OC\Encryption\File + */ + function getEncryptionFilesHelper() { + return $this->query('EncryptionFileHelper'); + } + + /** * @param string $encryptionModuleId encryption module ID * * @return \OCP\Encryption\Keys\IStorage diff --git a/lib/public/encryption/ifile.php b/lib/public/encryption/ifile.php new file mode 100644 index 00000000000..cb4faea0625 --- /dev/null +++ b/lib/public/encryption/ifile.php @@ -0,0 +1,36 @@ +<?php + +/** + * ownCloud + * + * @copyright (C) 2015 ownCloud, Inc. + * + * @author Bjoern Schiessle <schiessle@owncloud.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + */ + +namespace OCP\Encryption; + +interface IFile { + + /** + * get list of users with access to the file + * + * @param $path to the file + * @return array + */ + public function getAccessList($path); + +}
\ No newline at end of file diff --git a/lib/public/encryption/imanager.php b/lib/public/encryption/imanager.php index 9a12e401593..2691604ac37 100644 --- a/lib/public/encryption/imanager.php +++ b/lib/public/encryption/imanager.php @@ -22,9 +22,7 @@ */ namespace OCP\Encryption; -// -// TODO: move exceptions to OCP -// + use OC\Encryption\Exceptions\ModuleDoesNotExistsException; use OC\Encryption\Exceptions\ModuleAlreadyExistsException; diff --git a/lib/public/iservercontainer.php b/lib/public/iservercontainer.php index 9e36bc31bed..509e5894d47 100644 --- a/lib/public/iservercontainer.php +++ b/lib/public/iservercontainer.php @@ -184,6 +184,11 @@ interface IServerContainer { function getEncryptionManager(); /** + * @return \OC\Encryption\File + */ + function getEncryptionFilesHelper(); + + /** * @param string $encryptionModuleId encryption module ID * * @return \OCP\Encryption\Keys\IStorage |