diff options
| -rw-r--r-- | apps/dav/lib/DAV/ViewOnlyPlugin.php | 1 | ||||
| -rwxr-xr-x | build/composer | bin | 0 -> 2799637 bytes | |||
| -rw-r--r-- | build/integration/features/bootstrap/Sharing.php | 2 | ||||
| -rw-r--r-- | build/integration/sharing_features/sharing-v1-part2.feature | 20 |
4 files changed, 22 insertions, 1 deletions
diff --git a/apps/dav/lib/DAV/ViewOnlyPlugin.php b/apps/dav/lib/DAV/ViewOnlyPlugin.php index 1504969b5b4..b4652da09e1 100644 --- a/apps/dav/lib/DAV/ViewOnlyPlugin.php +++ b/apps/dav/lib/DAV/ViewOnlyPlugin.php @@ -57,6 +57,7 @@ class ViewOnlyPlugin extends ServerPlugin { //priority 90 to make sure the plugin is called before //Sabre\DAV\CorePlugin::httpGet $this->server->on('method:GET', [$this, 'checkViewOnly'], 90); + $this->server->on('method:COPY', [$this, 'checkViewOnly'], 90); } /** diff --git a/build/composer b/build/composer Binary files differnew file mode 100755 index 00000000000..a3a5d90426d --- /dev/null +++ b/build/composer diff --git a/build/integration/features/bootstrap/Sharing.php b/build/integration/features/bootstrap/Sharing.php index f804f64e59a..aa9244d3c2a 100644 --- a/build/integration/features/bootstrap/Sharing.php +++ b/build/integration/features/bootstrap/Sharing.php @@ -440,7 +440,7 @@ trait Sharing { } /** - * @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with group "([^"]*)"( with permissions ([\d]*))( view-only)?$/ + * @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with group "([^"]*)"( with permissions ([\d]*))?( view-only)?$/ * * @param string $filepath * @param string $user diff --git a/build/integration/sharing_features/sharing-v1-part2.feature b/build/integration/sharing_features/sharing-v1-part2.feature index ba927250649..a9e2e50ce02 100644 --- a/build/integration/sharing_features/sharing-v1-part2.feature +++ b/build/integration/sharing_features/sharing-v1-part2.feature @@ -1187,4 +1187,24 @@ Feature: sharing When As an "user1" And Downloading file "/sharedviewonly/document.odt" Then the HTTP status code should be "403" + + Scenario: Cannot copy a file when it's shared view-only + Given user "user0" exists + And user "user1" exists + And User "user0" moves file "/textfile0.txt" to "/document.odt" + And file "document.odt" of user "user0" is shared with user "user1" view-only + And user "user1" accepts last share + When User "user1" copies file "/document.odt" to "/copyforbidden.odt" + Then the HTTP status code should be "403" + + Scenario: Cannot copy a file when its parent is shared view-only + Given user "user0" exists + And user "user1" exists + And User "user0" created a folder "/sharedviewonly" + And User "user0" moves file "/textfile0.txt" to "/sharedviewonly/document.odt" + And folder "sharedviewonly" of user "user0" is shared with user "user1" view-only + And user "user1" accepts last share + When User "user1" copies file "/sharedviewonly/document.odt" to "/copyforbidden.odt" + Then the HTTP status code should be "403" + # See sharing-v1-part3.feature |