summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2015-10-06 09:24:22 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2015-10-06 09:24:22 +0200
commitda640adf688baef651df08a81e04089553a6c3a0 (patch)
tree260bf6b81449773479afab5cb3045f0bcb73f18f /tests
parent822e8fbfe10c287218d66674d7f5749a4f1b7c2f (diff)
parent1c7244c1201ac607cc1b244551fa8f5282572ba7 (diff)
downloadnextcloud-server-da640adf688baef651df08a81e04089553a6c3a0.tar.gz
nextcloud-server-da640adf688baef651df08a81e04089553a6c3a0.zip
Merge pull request #19577 from owncloud/share-donotreturnentrieswhenusernotingroup
Remove invalid share items from result when missing group membership
Diffstat (limited to 'tests')
-rw-r--r--tests/lib/share/share.php37
1 files changed, 37 insertions, 0 deletions
diff --git a/tests/lib/share/share.php b/tests/lib/share/share.php
index f0dc921e969..2ca54390e65 100644
--- a/tests/lib/share/share.php
+++ b/tests/lib/share/share.php
@@ -931,6 +931,43 @@ class Test_Share extends \Test\TestCase {
$this->assertEmpty($expected, 'did not found all expected values');
}
+ public function testGetShareSubItemsWhenUserNotInGroup() {
+ OCP\Share::shareItem('test', 'test.txt', OCP\Share::SHARE_TYPE_GROUP, $this->group1, \OCP\Constants::PERMISSION_READ);
+
+ $result = \OCP\Share::getItemsSharedWithUser('test', $this->user2);
+ $this->assertCount(1, $result);
+
+ $groupShareId = array_keys($result)[0];
+
+ // remove user from group
+ $userObject = \OC::$server->getUserManager()->get($this->user2);
+ \OC::$server->getGroupManager()->get($this->group1)->removeUser($userObject);
+
+ $result = \OCP\Share::getItemsSharedWithUser('test', $this->user2);
+ $this->assertCount(0, $result);
+
+ // test with buggy data
+ $qb = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+ $qb->insert('share')
+ ->values([
+ 'share_type' => $qb->expr()->literal(2), // group sub-share
+ 'share_with' => $qb->expr()->literal($this->user2),
+ 'parent' => $qb->expr()->literal($groupShareId),
+ 'uid_owner' => $qb->expr()->literal($this->user1),
+ 'item_type' => $qb->expr()->literal('test'),
+ 'item_source' => $qb->expr()->literal('test.txt'),
+ 'item_target' => $qb->expr()->literal('test.txt'),
+ 'file_target' => $qb->expr()->literal('test2.txt'),
+ 'permissions' => $qb->expr()->literal(1),
+ 'stime' => $qb->expr()->literal(time()),
+ ])->execute();
+
+ $result = \OCP\Share::getItemsSharedWithUser('test', $this->user2);
+ $this->assertCount(0, $result);
+
+ $qb->delete('share')->execute();
+ }
+
public function testShareItemWithLink() {
OC_User::setUserId($this->user1);
$token = OCP\Share::shareItem('test', 'test.txt', OCP\Share::SHARE_TYPE_LINK, null, \OCP\Constants::PERMISSION_READ);