diff options
author | Robin Appelman <robin@icewind.nl> | 2021-04-23 20:20:56 +0200 |
---|---|---|
committer | Robin Appelman <robin@icewind.nl> | 2021-05-12 16:11:31 +0200 |
commit | 0e6321957df6635d43ad07d7add23b1cea581fc0 (patch) | |
tree | 0e0e448f515cd778b6f08e7140abf742a3e11e3a /lib | |
parent | b1dca57a1ce59bacc4089761275e4366e9760313 (diff) | |
download | nextcloud-server-0e6321957df6635d43ad07d7add23b1cea581fc0.tar.gz nextcloud-server-0e6321957df6635d43ad07d7add23b1cea581fc0.zip |
allow excluding groups from creating link shares
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Server.php | 3 | ||||
-rw-r--r-- | lib/private/Share20/Manager.php | 120 |
2 files changed, 62 insertions, 61 deletions
diff --git a/lib/private/Server.php b/lib/private/Server.php index f7eaf9f3591..9047a7c454d 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -1234,7 +1234,8 @@ class Server extends ServerContainer implements IServerContainer { $c->get(IMailer::class), $c->get(IURLGenerator::class), $c->get('ThemingDefaults'), - $c->get(IEventDispatcher::class) + $c->get(IEventDispatcher::class), + $c->get(IUserSession::class) ); return $manager; diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 00020c3a8f6..51b6c5be0fc 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -57,6 +57,7 @@ use OCP\ILogger; use OCP\IURLGenerator; use OCP\IUser; use OCP\IUserManager; +use OCP\IUserSession; use OCP\L10N\IFactory; use OCP\Mail\IMailer; use OCP\Security\Events\ValidatePasswordPolicyEvent; @@ -104,8 +105,6 @@ class Manager implements IManager { private $sharingDisabledForUsersCache; /** @var EventDispatcherInterface */ private $legacyDispatcher; - /** @var LegacyHooks */ - private $legacyHooks; /** @var IMailer */ private $mailer; /** @var IURLGenerator */ @@ -114,44 +113,26 @@ class Manager implements IManager { private $defaults; /** @var IEventDispatcher */ private $dispatcher; + private $userSession; - - /** - * Manager constructor. - * - * @param ILogger $logger - * @param IConfig $config - * @param ISecureRandom $secureRandom - * @param IHasher $hasher - * @param IMountManager $mountManager - * @param IGroupManager $groupManager - * @param IL10N $l - * @param IFactory $l10nFactory - * @param IProviderFactory $factory - * @param IUserManager $userManager - * @param IRootFolder $rootFolder - * @param EventDispatcherInterface $eventDispatcher - * @param IMailer $mailer - * @param IURLGenerator $urlGenerator - * @param \OC_Defaults $defaults - */ public function __construct( - ILogger $logger, - IConfig $config, - ISecureRandom $secureRandom, - IHasher $hasher, - IMountManager $mountManager, - IGroupManager $groupManager, - IL10N $l, - IFactory $l10nFactory, - IProviderFactory $factory, - IUserManager $userManager, - IRootFolder $rootFolder, - EventDispatcherInterface $legacyDispatcher, - IMailer $mailer, - IURLGenerator $urlGenerator, - \OC_Defaults $defaults, - IEventDispatcher $dispatcher + ILogger $logger, + IConfig $config, + ISecureRandom $secureRandom, + IHasher $hasher, + IMountManager $mountManager, + IGroupManager $groupManager, + IL10N $l, + IFactory $l10nFactory, + IProviderFactory $factory, + IUserManager $userManager, + IRootFolder $rootFolder, + EventDispatcherInterface $legacyDispatcher, + IMailer $mailer, + IURLGenerator $urlGenerator, + \OC_Defaults $defaults, + IEventDispatcher $dispatcher, + IUserSession $userSession ) { $this->logger = $logger; $this->config = $config; @@ -166,11 +147,11 @@ class Manager implements IManager { $this->rootFolder = $rootFolder; $this->legacyDispatcher = $legacyDispatcher; $this->sharingDisabledForUsersCache = new CappedMemoryCache(); - $this->legacyHooks = new LegacyHooks($this->legacyDispatcher); $this->mailer = $mailer; $this->urlGenerator = $urlGenerator; $this->defaults = $defaults; $this->dispatcher = $dispatcher; + $this->userSession = $userSession; } /** @@ -274,7 +255,7 @@ class Manager implements IManager { // And it should be a file or a folder if (!($share->getNode() instanceof \OCP\Files\File) && - !($share->getNode() instanceof \OCP\Files\Folder)) { + !($share->getNode() instanceof \OCP\Files\Folder)) { throw new \InvalidArgumentException('Path should be either a file or a folder'); } @@ -422,13 +403,13 @@ class Manager implements IManager { } if ($fullId === null && $expirationDate === null && $defaultExpireDate) { $expirationDate = new \DateTime(); - $expirationDate->setTime(0,0,0); + $expirationDate->setTime(0, 0, 0); $days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays); if ($days > $defaultExpireDays) { $days = $defaultExpireDays; } - $expirationDate->add(new \DateInterval('P'.$days.'D')); + $expirationDate->add(new \DateInterval('P' . $days . 'D')); } // If we enforce the expiration date check that is does not exceed @@ -498,13 +479,13 @@ class Manager implements IManager { if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) { $expirationDate = new \DateTime(); - $expirationDate->setTime(0,0,0); + $expirationDate->setTime(0, 0, 0); $days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', $this->shareApiLinkDefaultExpireDays()); if ($days > $this->shareApiLinkDefaultExpireDays()) { $days = $this->shareApiLinkDefaultExpireDays(); } - $expirationDate->add(new \DateInterval('P'.$days.'D')); + $expirationDate->add(new \DateInterval('P' . $days . 'D')); } // If we enforce the expiration date check that is does not exceed @@ -553,8 +534,8 @@ class Manager implements IManager { $sharedWith = $this->userManager->get($share->getSharedWith()); // Verify we can share with this user $groups = array_intersect( - $this->groupManager->getUserGroupIds($sharedBy), - $this->groupManager->getUserGroupIds($sharedWith) + $this->groupManager->getUserGroupIds($sharedBy), + $this->groupManager->getUserGroupIds($sharedWith) ); if (empty($groups)) { $message_t = $this->l->t('Sharing is only allowed with group members'); @@ -919,7 +900,7 @@ class Manager implements IManager { '%1$s via %2$s', [ $initiatorDisplayName, - $instanceName + $instanceName, ] ); $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]); @@ -1102,7 +1083,7 @@ class Manager implements IManager { * @since 9.0.0 */ public function acceptShare(IShare $share, string $recipientId): IShare { - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); if (!method_exists($provider, 'acceptShare')) { @@ -1127,10 +1108,10 @@ class Manager implements IManager { */ private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) { $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) && - (($share->getPassword() !== null && $originalShare->getPassword() === null) || - ($share->getPassword() === null && $originalShare->getPassword() !== null) || - ($share->getPassword() !== null && $originalShare->getPassword() !== null && - !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); + (($share->getPassword() !== null && $originalShare->getPassword() === null) || + ($share->getPassword() === null && $originalShare->getPassword() !== null) || + ($share->getPassword() !== null && $originalShare->getPassword() !== null && + !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); // Password updated. if ($passwordsAreDifferent) { @@ -1225,7 +1206,7 @@ class Manager implements IManager { * @param string $recipientId */ public function deleteFromSelf(IShare $share, $recipientId) { - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); $provider->deleteFromSelf($share, $recipientId); @@ -1234,7 +1215,7 @@ class Manager implements IManager { } public function restoreShare(IShare $share, string $recipientId): IShare { - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); return $provider->restore($share, $recipientId); @@ -1264,7 +1245,7 @@ class Manager implements IManager { } } - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); return $provider->move($share, $recipientId); @@ -1291,8 +1272,8 @@ class Manager implements IManager { */ public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0) { if ($path !== null && - !($path instanceof \OCP\Files\File) && - !($path instanceof \OCP\Files\Folder)) { + !($path instanceof \OCP\Files\File) && + !($path instanceof \OCP\Files\Folder)) { throw new \InvalidArgumentException('invalid path'); } @@ -1533,8 +1514,8 @@ class Manager implements IManager { */ public function checkPassword(IShare $share, $password) { $passwordProtected = $share->getShareType() !== IShare::TYPE_LINK - || $share->getShareType() !== IShare::TYPE_EMAIL - || $share->getShareType() !== IShare::TYPE_CIRCLE; + || $share->getShareType() !== IShare::TYPE_EMAIL + || $share->getShareType() !== IShare::TYPE_CIRCLE; if (!$passwordProtected) { //TODO maybe exception? return false; @@ -1756,7 +1737,20 @@ class Manager implements IManager { * @return bool */ public function shareApiAllowLinks() { - return $this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes'; + if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') { + return false; + } + + $user = $this->userSession->getUser(); + if ($user) { + $excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]')); + if ($excludedGroups) { + $userGroups = $this->groupManager->getUserGroupIds($user); + return !(bool)array_intersect($excludedGroups, $userGroups); + } + } + + return true; } /** @@ -1780,6 +1774,7 @@ class Manager implements IManager { /** * Is default link expire date enforced *` + * * @return bool */ public function shareApiLinkDefaultExpireDateEnforced() { @@ -1790,6 +1785,7 @@ class Manager implements IManager { /** * Number of default link expire days + * * @return int */ public function shareApiLinkDefaultExpireDays() { @@ -1836,6 +1832,7 @@ class Manager implements IManager { /** * Number of default expire days + * * @return int */ public function shareApiInternalDefaultExpireDays(): int { @@ -1844,6 +1841,7 @@ class Manager implements IManager { /** * Number of default expire days for remote shares + * * @return int */ public function shareApiRemoteDefaultExpireDays(): int { @@ -1861,6 +1859,7 @@ class Manager implements IManager { /** * check if user can only share with group members + * * @return bool */ public function shareWithGroupMembersOnly() { @@ -1869,6 +1868,7 @@ class Manager implements IManager { /** * Check if users can share with groups + * * @return bool */ public function allowGroupSharing() { |