diff options
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareAPIController.php | 20 | ||||
| -rw-r--r-- | build/integration/sharing_features/sharing-v1.feature | 80 |
2 files changed, 92 insertions, 8 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index b470061c96b..208ea79c2ae 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -35,7 +35,6 @@ namespace OCA\Files_Sharing\Controller; use OCA\Files_Sharing\Exceptions\SharingRightsException; use OCA\Files_Sharing\External\Storage; use OCA\Files\Helper; -use OCA\Files_Sharing\External\Storage; use OCP\App\IAppManager; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSBadRequestException; @@ -641,9 +640,14 @@ class ShareAPIController extends OCSController { // filter out duplicate shares $known = []; - return array_filter($shares, function($share) use (&$known) { - if (in_array($share->getId(), $known)) { - return false; + + + $formatted = $miniFormatted = []; + $resharingRight = false; + $known = []; + foreach ($shares as $share) { + if (in_array($share->getId(), $known) || $share->getSharedWith() === $this->currentUser) { + continue; } try { @@ -673,7 +677,6 @@ class ShareAPIController extends OCSController { * The getShares function. * * @NoAdminRequired - * @NoCSRFRequired * * @param string $shared_with_me * @param string $reshares @@ -762,7 +765,9 @@ class ShareAPIController extends OCSController { try { /** @var IShare $share */ $format = $this->formatShare($share, $node); - $formatted[] = $format; + if ($share->getSharedWith() !== $this->currentUser) { + $formatted[] = $format; + } // let's also build a list of shares created // by the current user only, in case @@ -773,7 +778,7 @@ class ShareAPIController extends OCSController { // check if one of those share is shared with me // and if I have resharing rights on it - if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) { + if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $node)) { $resharingRight = true; } } catch (InvalidPathException | NotFoundException $e) { @@ -1479,7 +1484,6 @@ class ShareAPIController extends OCSController { * @throws InvalidPathException */ private function shareProviderResharingRights(string $userId, IShare $share, $node): bool { - if ($share->getShareOwner() === $userId) { return true; } diff --git a/build/integration/sharing_features/sharing-v1.feature b/build/integration/sharing_features/sharing-v1.feature index 37bbe620caf..e70c98c5b66 100644 --- a/build/integration/sharing_features/sharing-v1.feature +++ b/build/integration/sharing_features/sharing-v1.feature @@ -322,4 +322,84 @@ Feature: sharing And User "user2" should be included in the response And User "user3" should not be included in the response + Scenario: getting inherited shares of a file + Given user "user0" exists + And user "user1" exists + And user "user2" exists + And user "user3" exists + # will be shared with user1 + And User "user0" created a folder "/first" + # will be shared with user1, user2 + And User "user0" created a folder "/first/second" + # will be shared with user1, user3 + And User "user0" uploads file "data/textfile.txt" to "/first/test1.txt" + # will be shared with user1, user2, user3 + And User "user0" uploads file "data/textfile.txt" to "/first/second/test2.txt" + And As an "user0" + And creating a share with + | path | /first | + | shareType | 0 | + | shareWith | user1 | + | permissions | 16 | + And As an "user1" + And accepting last share +# And folder "first" of user "user0" is shared with user "user1" +# And creating a share with +# | path | /first/second | +# | shareType | 0 | +# | shareWith | user2 | +# | permissions | 16 | + And folder "first/second" of user "user0" is shared with user "user2" +# And As an "user1" +# And creating a share with +# | path | /first/test1.txt | +# | shareType | 0 | +# | shareWith | user3 | +# | permissions | 8 | + And file "first/test1.txt" of user "user0" is shared with user "user3" +# And As an "user2" +# And creating a share with +# | path | /second/test2.txt | +# | shareType | 0 | +# | shareWith | user3 | +# | permissions | 8 | + And file "first/second/test2.txt" of user "user0" is shared with user "user3" + # get inherited shares from the owner PoV + And As an "user0" + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/second/test2.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user0" should not be included in the response + And User "user1" should be included in the response + And User "user2" should be included in the response + And User "user3" should be included in the response + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/test1.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user0" should not be included in the response + And User "user1" should be included in the response + And User "user2" should not be included in the response + And User "user3" should be included in the response + # get inherited shares from the a user with no shares rights + And As an "user2" + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/test1.txt" + Then the OCS status code should be "404" + And the HTTP status code should be "200" + # get inherited shares from the PoV of a user with resharing rights (user1) + And As an "user1" + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/second/test2.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user0" should not be included in the response + And User "user1" should not be included in the response + And User "user2" should be included in the response + And User "user3" should be included in the response + When sending "GET" to "/apps/files_sharing/api/v1/shares/inherited?path=first/test1.txt" + Then the OCS status code should be "100" + And the HTTP status code should be "200" + And User "user0" should not be included in the response + And User "user1" should not be included in the response + And User "user2" should not be included in the response + And User "user3" should be included in the response + # See sharing-v1-part2.feature |