diff options
| -rw-r--r-- | build/integration/features/sharing-v1.feature | 8 | ||||
| -rw-r--r-- | lib/private/share20/manager.php | 5 | ||||
| -rw-r--r-- | tests/lib/share20/managertest.php | 29 |
3 files changed, 42 insertions, 0 deletions
diff --git a/build/integration/features/sharing-v1.feature b/build/integration/features/sharing-v1.feature index e16de8b6b11..462915cf5ba 100644 --- a/build/integration/features/sharing-v1.feature +++ b/build/integration/features/sharing-v1.feature @@ -506,3 +506,11 @@ Feature: sharing And file "myfile.txt" of user "user0" is shared with user "user1" When User "user1" uploads file "data/textfile.txt" to "/myfile.txt" Then the HTTP status code should be "204" + + Scenario: Don't allow sharing of the root + Given user "user0" exists + And As an "user0" + When creating a share with + | path | / | + | shareType | 3 | + Then the OCS status code should be "403"
\ No newline at end of file diff --git a/lib/private/share20/manager.php b/lib/private/share20/manager.php index 214126e3414..6932360a7e9 100644 --- a/lib/private/share20/manager.php +++ b/lib/private/share20/manager.php @@ -197,6 +197,11 @@ class Manager implements IManager { throw new \InvalidArgumentException('Path should be either a file or a folder'); } + // And you can't share your rootfolder + if ($this->rootFolder->getUserFolder($share->getSharedBy())->isSubNode($share->getNode()) === false) { + throw new \InvalidArgumentException('You can\'t share your root folder'); + } + // Check if we actually have share permissions if (!$share->getNode()->isShareable()) { $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]); diff --git a/tests/lib/share20/managertest.php b/tests/lib/share20/managertest.php index 22ca41cb501..2c40bf65c2c 100644 --- a/tests/lib/share20/managertest.php +++ b/tests/lib/share20/managertest.php @@ -677,6 +677,9 @@ class ManagerTest extends \Test\TestCase { ['group0', true], ])); + $userFolder = $this->getMock('\OCP\Files\Folder'); + $this->rootFolder->method('getUserFolder')->willReturn($userFolder); + try { $this->invokePrivate($this->manager, 'generalCreateChecks', [$share]); $thrown = false; @@ -692,6 +695,32 @@ class ManagerTest extends \Test\TestCase { } /** + * @expectedException \InvalidArgumentException + * @expectedExceptionMessage You can't share your root folder + */ + public function testGeneralCheckShareRoot() { + $thrown = null; + + $this->userManager->method('userExists')->will($this->returnValueMap([ + ['user0', true], + ['user1', true], + ])); + + $userFolder = $this->getMock('\OCP\Files\Folder'); + $userFolder->method('isSubNode')->with($userFolder)->willReturn(false); + $this->rootFolder->method('getUserFolder')->willReturn($userFolder); + + $share = $this->manager->newShare(); + + $share->setShareType(\OCP\Share::SHARE_TYPE_USER) + ->setSharedWith('user0') + ->setSharedBy('user1') + ->setNode($userFolder); + + $this->invokePrivate($this->manager, 'generalCreateChecks', [$share]); + } + + /** * @expectedException \OCP\Share\Exceptions\GenericShareException * @expectedExceptionMessage Expiration date is in the past */ |