Add a repair step that checks for group membership on shares

2 files changed, 130 insertions, 0 deletions

diff --git a/lib/private/repair.php b/lib/private/repair.php
index 20219e313fd..f6ac7ebe65b 100644
--- a/lib/private/repair.php
+++ b/lib/private/repair.php
@@ -34,6 +34,7 @@ use OC\Repair\AssetCache;
 use OC\Repair\CleanTags;
 use OC\Repair\Collation;
 use OC\Repair\DropOldJobs;
+use OC\Repair\OldGroupMembershipShares;
 use OC\Repair\RemoveGetETagEntries;
 use OC\Repair\SqliteAutoincrement;
 use OC\Repair\DropOldTables;
@@ -119,6 +120,18 @@ class Repair extends BasicEmitter {
 	}
 
 	/**
+	 * Returns expensive repair steps to be run on the
+	 * command line with a special option.
+	 *
+	 * @return array of RepairStep instances
+	 */
+	public static function getExpensiveRepairSteps() {
+		return [
+			new OldGroupMembershipShares(\OC::$server->getDatabaseConnection(), \OC::$server->getGroupManager()),
+		];
+	}
+
+	/**
 	 * Returns the repair steps to be run before an
 	 * upgrade.
 	 *
diff --git a/lib/repair/oldgroupmembershipshares.php b/lib/repair/oldgroupmembershipshares.php
new file mode 100644
index 00000000000..2d701ac9fb7
--- /dev/null
+++ b/lib/repair/oldgroupmembershipshares.php
@@ -0,0 +1,117 @@
+<?php
+/**
+ * @author Joas Schilling <nickvergessen@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Repair;
+
+
+use OC\Hooks\BasicEmitter;
+use OC\RepairStep;
+use OCP\IDBConnection;
+use OCP\IGroupManager;
+use OCP\Share;
+
+class OldGroupMembershipShares extends BasicEmitter implements RepairStep {
+
+	/** @var \OCP\IDBConnection */
+	protected $connection;
+
+	/** @var \OCP\IGroupManager */
+	protected $groupManager;
+
+	/**
+	 * @var array [gid => [uid => (bool)]]
+	 */
+	protected $memberships;
+
+	/**
+	 * @param IDBConnection $connection
+	 * @param IGroupManager $groupManager
+	 */
+	public function __construct(IDBConnection $connection, IGroupManager $groupManager) {
+		$this->connection = $connection;
+		$this->groupManager = $groupManager;
+	}
+
+	/**
+	 * Returns the step's name
+	 *
+	 * @return string
+	 */
+	public function getName() {
+		return 'Remove shares of old group memberships';
+	}
+
+	/**
+	 * Run repair step.
+	 * Must throw exception on error.
+	 *
+	 * @throws \Exception in case of failure
+	 */
+	public function run() {
+		$deletedEntries = 0;
+
+		$query = $this->connection->getQueryBuilder();
+		$query->select(['s1.id', $query->createFunction('s1.`share_with` AS `user`'), $query->createFunction('s2.`share_with` AS `group`')])
+			->from('share', 's1')
+			->where($query->expr()->isNotNull('s1.parent'))
+				// \OC\Share\Constant::$shareTypeGroupUserUnique === 2
+				->andWhere($query->expr()->eq('s1.share_type', $query->expr()->literal(2)))
+				->andWhere($query->expr()->isNotNull('s2.id'))
+				->andWhere($query->expr()->eq('s2.share_type', $query->expr()->literal(Share::SHARE_TYPE_GROUP)))
+			->leftJoin('s1', 'share', 's2', $query->expr()->eq('s1.parent', 's2.id'));
+
+		$deleteQuery = $this->connection->getQueryBuilder();
+		$deleteQuery->delete('share')
+			->where($query->expr()->eq('id', $deleteQuery->createParameter('share')));
+
+		$result = $query->execute();
+		while ($row = $result->fetch()) {
+			if (!$this->isMember($row['group'], $row['user'])) {
+				$deletedEntries += $deleteQuery->setParameter('share', (int) $row['id'])
+					->execute();
+			}
+		}
+		$result->closeCursor();
+
+		if ($deletedEntries) {
+			$this->emit('\OC\Repair', 'info', array('Removed ' . $deletedEntries . ' shares where user is not a member of the group anymore'));
+		}
+	}
+
+	/**
+	 * @param string $gid
+	 * @param string $uid
+	 * @return bool
+	 */
+	protected function isMember($gid, $uid) {
+		if (isset($this->memberships[$gid][$uid])) {
+			return $this->memberships[$gid][$uid];
+		}
+
+		$isMember = $this->groupManager->isInGroup($uid, $gid);
+		if (!isset($this->memberships[$gid])) {
+			$this->memberships[$gid] = [];
+		}
+		$this->memberships[$gid][$uid] = $isMember;
+
+		return $isMember;
+	}
+}