diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-10-06 09:24:22 +0200 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-10-06 09:24:22 +0200 |
commit | da640adf688baef651df08a81e04089553a6c3a0 (patch) | |
tree | 260bf6b81449773479afab5cb3045f0bcb73f18f /tests | |
parent | 822e8fbfe10c287218d66674d7f5749a4f1b7c2f (diff) | |
parent | 1c7244c1201ac607cc1b244551fa8f5282572ba7 (diff) | |
download | nextcloud-server-da640adf688baef651df08a81e04089553a6c3a0.tar.gz nextcloud-server-da640adf688baef651df08a81e04089553a6c3a0.zip |
Merge pull request #19577 from owncloud/share-donotreturnentrieswhenusernotingroup
Remove invalid share items from result when missing group membership
Diffstat (limited to 'tests')
-rw-r--r-- | tests/lib/share/share.php | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/tests/lib/share/share.php b/tests/lib/share/share.php index f0dc921e969..2ca54390e65 100644 --- a/tests/lib/share/share.php +++ b/tests/lib/share/share.php @@ -931,6 +931,43 @@ class Test_Share extends \Test\TestCase { $this->assertEmpty($expected, 'did not found all expected values'); } + public function testGetShareSubItemsWhenUserNotInGroup() { + OCP\Share::shareItem('test', 'test.txt', OCP\Share::SHARE_TYPE_GROUP, $this->group1, \OCP\Constants::PERMISSION_READ); + + $result = \OCP\Share::getItemsSharedWithUser('test', $this->user2); + $this->assertCount(1, $result); + + $groupShareId = array_keys($result)[0]; + + // remove user from group + $userObject = \OC::$server->getUserManager()->get($this->user2); + \OC::$server->getGroupManager()->get($this->group1)->removeUser($userObject); + + $result = \OCP\Share::getItemsSharedWithUser('test', $this->user2); + $this->assertCount(0, $result); + + // test with buggy data + $qb = \OC::$server->getDatabaseConnection()->getQueryBuilder(); + $qb->insert('share') + ->values([ + 'share_type' => $qb->expr()->literal(2), // group sub-share + 'share_with' => $qb->expr()->literal($this->user2), + 'parent' => $qb->expr()->literal($groupShareId), + 'uid_owner' => $qb->expr()->literal($this->user1), + 'item_type' => $qb->expr()->literal('test'), + 'item_source' => $qb->expr()->literal('test.txt'), + 'item_target' => $qb->expr()->literal('test.txt'), + 'file_target' => $qb->expr()->literal('test2.txt'), + 'permissions' => $qb->expr()->literal(1), + 'stime' => $qb->expr()->literal(time()), + ])->execute(); + + $result = \OCP\Share::getItemsSharedWithUser('test', $this->user2); + $this->assertCount(0, $result); + + $qb->delete('share')->execute(); + } + public function testShareItemWithLink() { OC_User::setUserId($this->user1); $token = OCP\Share::shareItem('test', 'test.txt', OCP\Share::SHARE_TYPE_LINK, null, \OCP\Constants::PERMISSION_READ); |