diff options
Diffstat (limited to 'apps/files_sharing/lib/Controller/ShareAPIController.php')
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareAPIController.php | 1511 |
1 files changed, 936 insertions, 575 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index ab318a81fc2..095a8a75963 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -1,56 +1,32 @@ <?php declare(strict_types=1); - /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author castillo92 <37965565+castillo92@users.noreply.github.com> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Daniel Calviño Sánchez <danxuliu@gmail.com> - * @author Daniel Kesselberg <mail@danielkesselberg.de> - * @author Gary Kim <gary@garykim.dev> - * @author Georg Ehrke <oc.list@georgehrke.com> - * @author Joas Schilling <coding@schilljs.com> - * @author John Molakvoæ <skjnldsv@protonmail.com> - * @author Julius Härtl <jus@bitgrid.net> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Maxence Lange <maxence@artificial-owl.com> - * @author Maxence Lange <maxence@nextcloud.com> - * @author Michael Jobst <mjobst+github@tecratech.de> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Richard Steinmetz <richard@steinmetz.cloud> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Valdnet <47037905+Valdnet@users.noreply.github.com> - * @author Vincent Petry <vincent@nextcloud.com> - * @author waleczny <michal@walczak.xyz> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OCA\Files_Sharing\Controller; +use Exception; +use OC\Core\AppInfo\ConfigLexicon; use OC\Files\FileInfo; use OC\Files\Storage\Wrapper\Wrapper; +use OCA\Circles\Api\v1\Circles; +use OCA\Deck\Sharing\ShareAPIHelper; +use OCA\Federation\TrustedServers; +use OCA\Files\Helper; use OCA\Files_Sharing\Exceptions\SharingRightsException; use OCA\Files_Sharing\External\Storage; +use OCA\Files_Sharing\ResponseDefinitions; use OCA\Files_Sharing\SharedStorage; -use OCA\Files\Helper; +use OCA\GlobalSiteSelector\Service\SlaveService; use OCP\App\IAppManager; +use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\ApiRoute; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\UserRateLimit; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCS\OCSException; @@ -59,126 +35,98 @@ use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCSController; use OCP\AppFramework\QueryException; use OCP\Constants; +use OCP\Files\File; +use OCP\Files\Folder; use OCP\Files\InvalidPathException; use OCP\Files\IRootFolder; -use OCP\Files\Folder; +use OCP\Files\Mount\IShareOwnerlessMount; use OCP\Files\Node; use OCP\Files\NotFoundException; +use OCP\HintException; +use OCP\IAppConfig; use OCP\IConfig; +use OCP\IDateTimeZone; use OCP\IGroupManager; use OCP\IL10N; use OCP\IPreview; use OCP\IRequest; -use OCP\IServerContainer; +use OCP\ITagManager; use OCP\IURLGenerator; use OCP\IUserManager; use OCP\Lock\ILockingProvider; use OCP\Lock\LockedException; -use OCP\Share; +use OCP\Mail\IMailer; +use OCP\Server; use OCP\Share\Exceptions\GenericShareException; use OCP\Share\Exceptions\ShareNotFound; +use OCP\Share\Exceptions\ShareTokenException; use OCP\Share\IManager; +use OCP\Share\IProviderFactory; use OCP\Share\IShare; +use OCP\Share\IShareProviderWithNotification; use OCP\UserStatus\IManager as IUserStatusManager; +use Psr\Container\ContainerExceptionInterface; +use Psr\Container\ContainerInterface; +use Psr\Log\LoggerInterface; /** - * Class Share20OCS - * * @package OCA\Files_Sharing\API + * + * @psalm-import-type Files_SharingShare from ResponseDefinitions */ class ShareAPIController extends OCSController { - /** @var IManager */ - private $shareManager; - /** @var IGroupManager */ - private $groupManager; - /** @var IUserManager */ - private $userManager; - /** @var IRootFolder */ - private $rootFolder; - /** @var IURLGenerator */ - private $urlGenerator; - /** @var string */ - private $currentUser; - /** @var IL10N */ - private $l; - /** @var \OCP\Files\Node */ - private $lockedNode; - /** @var IConfig */ - private $config; - /** @var IAppManager */ - private $appManager; - /** @var IServerContainer */ - private $serverContainer; - /** @var IUserStatusManager */ - private $userStatusManager; - /** @var IPreview */ - private $previewManager; + private ?Node $lockedNode = null; + private array $trustedServerCache = []; /** * Share20OCS constructor. - * - * @param string $appName - * @param IRequest $request - * @param IManager $shareManager - * @param IGroupManager $groupManager - * @param IUserManager $userManager - * @param IRootFolder $rootFolder - * @param IURLGenerator $urlGenerator - * @param string $userId - * @param IL10N $l10n - * @param IConfig $config - * @param IAppManager $appManager - * @param IServerContainer $serverContainer - * @param IUserStatusManager $userStatusManager */ public function __construct( string $appName, IRequest $request, - IManager $shareManager, - IGroupManager $groupManager, - IUserManager $userManager, - IRootFolder $rootFolder, - IURLGenerator $urlGenerator, - string $userId = null, - IL10N $l10n, - IConfig $config, - IAppManager $appManager, - IServerContainer $serverContainer, - IUserStatusManager $userStatusManager, - IPreview $previewManager + private IManager $shareManager, + private IGroupManager $groupManager, + private IUserManager $userManager, + private IRootFolder $rootFolder, + private IURLGenerator $urlGenerator, + private IL10N $l, + private IConfig $config, + private IAppConfig $appConfig, + private IAppManager $appManager, + private ContainerInterface $serverContainer, + private IUserStatusManager $userStatusManager, + private IPreview $previewManager, + private IDateTimeZone $dateTimeZone, + private LoggerInterface $logger, + private IProviderFactory $factory, + private IMailer $mailer, + private ITagManager $tagManager, + private ?TrustedServers $trustedServers, + private ?string $userId = null, ) { parent::__construct($appName, $request); - - $this->shareManager = $shareManager; - $this->userManager = $userManager; - $this->groupManager = $groupManager; - $this->request = $request; - $this->rootFolder = $rootFolder; - $this->urlGenerator = $urlGenerator; - $this->currentUser = $userId; - $this->l = $l10n; - $this->config = $config; - $this->appManager = $appManager; - $this->serverContainer = $serverContainer; - $this->userStatusManager = $userStatusManager; - $this->previewManager = $previewManager; } /** * Convert an IShare to an array for OCS output * - * @param \OCP\Share\IShare $share + * @param IShare $share * @param Node|null $recipientNode - * @return array + * @return Files_SharingShare * @throws NotFoundException In case the node can't be resolved. * * @suppress PhanUndeclaredClassMethod */ - protected function formatShare(IShare $share, Node $recipientNode = null): array { + protected function formatShare(IShare $share, ?Node $recipientNode = null): array { $sharedBy = $this->userManager->get($share->getSharedBy()); $shareOwner = $this->userManager->get($share->getShareOwner()); + $isOwnShare = false; + if ($shareOwner !== null) { + $isOwnShare = $shareOwner->getUID() === $this->userId; + } + $result = [ 'id' => $share->getId(), 'share_type' => $share->getShareType(), @@ -199,19 +147,17 @@ class ShareAPIController extends OCSController { 'displayname_file_owner' => $shareOwner !== null ? $shareOwner->getDisplayName() : $share->getShareOwner(), ]; - $userFolder = $this->rootFolder->getUserFolder($this->currentUser); + $userFolder = $this->rootFolder->getUserFolder($this->userId); if ($recipientNode) { $node = $recipientNode; } else { - $nodes = $userFolder->getById($share->getNodeId()); - if (empty($nodes)) { + $node = $userFolder->getFirstNodeById($share->getNodeId()); + if (!$node) { // fallback to guessing the path $node = $userFolder->get($share->getTarget()); if ($node === null || $share->getTarget() === '') { throw new NotFoundException(); } - } else { - $node = reset($nodes); } } @@ -222,6 +168,32 @@ class ShareAPIController extends OCSController { $result['item_type'] = 'file'; } + // Get the original node permission if the share owner is the current user + if ($isOwnShare) { + $result['item_permissions'] = $node->getPermissions(); + } + + // If we're on the recipient side, the node permissions + // are bound to the share permissions. So we need to + // adjust the permissions to the share permissions if necessary. + if (!$isOwnShare) { + $result['item_permissions'] = $share->getPermissions(); + + // For some reason, single files share are forbidden to have the delete permission + // since we have custom methods to check those, let's adjust straight away. + // DAV permissions does not have that issue though. + if ($this->canDeleteShare($share) || $this->canDeleteShareFromSelf($share)) { + $result['item_permissions'] |= Constants::PERMISSION_DELETE; + } + if ($this->canEditShare($share)) { + $result['item_permissions'] |= Constants::PERMISSION_UPDATE; + } + } + + // See MOUNT_ROOT_PROPERTYNAME dav property + $result['is-mount-root'] = $node->getInternalPath() === ''; + $result['mount-type'] = $node->getMountPoint()->getMountType(); + $result['mimetype'] = $node->getMimetype(); $result['has_preview'] = $this->previewManager->isAvailable($node); $result['storage_id'] = $node->getStorage()->getId(); @@ -230,9 +202,38 @@ class ShareAPIController extends OCSController { $result['file_source'] = $node->getId(); $result['file_parent'] = $node->getParent()->getId(); $result['file_target'] = $share->getTarget(); + $result['item_size'] = $node->getSize(); + $result['item_mtime'] = $node->getMTime(); + + if ($this->trustedServers !== null && in_array($share->getShareType(), [IShare::TYPE_REMOTE, IShare::TYPE_REMOTE_GROUP], true)) { + $result['is_trusted_server'] = false; + $sharedWith = $share->getSharedWith(); + $remoteIdentifier = is_string($sharedWith) ? strrchr($sharedWith, '@') : false; + if ($remoteIdentifier !== false) { + $remote = substr($remoteIdentifier, 1); + + if (isset($this->trustedServerCache[$remote])) { + $result['is_trusted_server'] = $this->trustedServerCache[$remote]; + } else { + try { + $isTrusted = $this->trustedServers->isTrustedServer($remote); + $this->trustedServerCache[$remote] = $isTrusted; + $result['is_trusted_server'] = $isTrusted; + } catch (\Exception $e) { + // Server not found or other issue, we consider it not trusted + $this->trustedServerCache[$remote] = false; + $this->logger->error( + 'Error checking if remote server is trusted (treating as untrusted): ' . $e->getMessage(), + ['exception' => $e] + ); + } + } + } + } $expiration = $share->getExpirationDate(); if ($expiration !== null) { + $expiration->setTimezone($this->dateTimeZone->getTimeZone()); $result['expiration'] = $expiration->format('Y-m-d 00:00:00'); } @@ -241,9 +242,8 @@ class ShareAPIController extends OCSController { $result['share_with'] = $share->getSharedWith(); $result['share_with_displayname'] = $sharedWith !== null ? $sharedWith->getDisplayName() : $share->getSharedWith(); $result['share_with_displayname_unique'] = $sharedWith !== null ? ( - !empty($sharedWith->getSystemEMailAddress()) ? $sharedWith->getSystemEMailAddress() : $sharedWith->getUID() + !empty($sharedWith->getSystemEMailAddress()) ? $sharedWith->getSystemEMailAddress() : $sharedWith->getUID() ) : $share->getSharedWith(); - $result['status'] = []; $userStatuses = $this->userStatusManager->getUserStatuses([$share->getSharedWith()]); $userStatus = array_shift($userStatuses); @@ -274,7 +274,11 @@ class ShareAPIController extends OCSController { $result['token'] = $share->getToken(); $result['url'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $share->getToken()]); - } elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) { + } elseif ($share->getShareType() === IShare::TYPE_REMOTE) { + $result['share_with'] = $share->getSharedWith(); + $result['share_with_displayname'] = $this->getCachedFederatedDisplayName($share->getSharedWith()); + $result['token'] = $share->getToken(); + } elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) { $result['share_with'] = $share->getSharedWith(); $result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'CLOUD'); $result['token'] = $share->getToken(); @@ -287,7 +291,7 @@ class ShareAPIController extends OCSController { $result['token'] = $share->getToken(); } elseif ($share->getShareType() === IShare::TYPE_CIRCLE) { // getSharedWith() returns either "name (type, owner)" or - // "name (type, owner) [id]", depending on the Circles app version. + // "name (type, owner) [id]", depending on the Teams app version. $hasCircleId = (substr($share->getSharedWith(), -1) === ']'); $result['share_with_displayname'] = $share->getSharedWithDisplayName(); @@ -300,25 +304,40 @@ class ShareAPIController extends OCSController { $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0); $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' ')); - if (is_bool($shareWithLength)) { - $shareWithLength = -1; + if ($shareWithLength === false) { + $result['share_with'] = substr($share->getSharedWith(), $shareWithStart); + } else { + $result['share_with'] = substr($share->getSharedWith(), $shareWithStart, $shareWithLength); } - $result['share_with'] = substr($share->getSharedWith(), $shareWithStart, $shareWithLength); } elseif ($share->getShareType() === IShare::TYPE_ROOM) { $result['share_with'] = $share->getSharedWith(); $result['share_with_displayname'] = ''; try { - $result = array_merge($result, $this->getRoomShareHelper()->formatShare($share)); - } catch (QueryException $e) { + /** @var array{share_with_displayname: string, share_with_link: string, share_with?: string, token?: string} $roomShare */ + $roomShare = $this->getRoomShareHelper()->formatShare($share); + $result = array_merge($result, $roomShare); + } catch (ContainerExceptionInterface $e) { } } elseif ($share->getShareType() === IShare::TYPE_DECK) { $result['share_with'] = $share->getSharedWith(); $result['share_with_displayname'] = ''; try { - $result = array_merge($result, $this->getDeckShareHelper()->formatShare($share)); - } catch (QueryException $e) { + /** @var array{share_with: string, share_with_displayname: string, share_with_link: string} $deckShare */ + $deckShare = $this->getDeckShareHelper()->formatShare($share); + $result = array_merge($result, $deckShare); + } catch (ContainerExceptionInterface $e) { + } + } elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) { + $result['share_with'] = $share->getSharedWith(); + $result['share_with_displayname'] = ''; + + try { + /** @var array{share_with: string, share_with_displayname: string, token: string} $scienceMeshShare */ + $scienceMeshShare = $this->getSciencemeshShareHelper()->formatShare($share); + $result = array_merge($result, $scienceMeshShare); + } catch (ContainerExceptionInterface $e) { } } @@ -328,7 +347,7 @@ class ShareAPIController extends OCSController { $result['attributes'] = null; if ($attributes = $share->getAttributes()) { - $result['attributes'] = \json_encode($attributes->toArray()); + $result['attributes'] = (string)\json_encode($attributes->toArray()); } return $result; @@ -336,7 +355,7 @@ class ShareAPIController extends OCSController { /** * Check if one of the users address books knows the exact property, if - * yes we return the full name. + * not we return the full name. * * @param string $query * @param string $property @@ -344,11 +363,20 @@ class ShareAPIController extends OCSController { */ private function getDisplayNameFromAddressBook(string $query, string $property): string { // FIXME: If we inject the contacts manager it gets initialized before any address books are registered - $result = \OC::$server->getContactsManager()->search($query, [$property], [ - 'limit' => 1, - 'enumeration' => false, - 'strict_search' => true, - ]); + try { + $result = Server::get(\OCP\Contacts\IManager::class)->search($query, [$property], [ + 'limit' => 1, + 'enumeration' => false, + 'strict_search' => true, + ]); + } catch (Exception $e) { + $this->logger->error( + $e->getMessage(), + ['exception' => $e] + ); + return $query; + } + foreach ($result as $r) { foreach ($r[$property] as $value) { if ($value === $query && $r['FN']) { @@ -360,16 +388,113 @@ class ShareAPIController extends OCSController { return $query; } + + /** + * @param list<Files_SharingShare> $shares + * @param array<string, string>|null $updatedDisplayName + * + * @return list<Files_SharingShare> + */ + private function fixMissingDisplayName(array $shares, ?array $updatedDisplayName = null): array { + $userIds = $updated = []; + foreach ($shares as $share) { + // share is federated and share have no display name yet + if ($share['share_type'] === IShare::TYPE_REMOTE + && ($share['share_with'] ?? '') !== '' + && ($share['share_with_displayname'] ?? '') === '') { + $userIds[] = $userId = $share['share_with']; + + if ($updatedDisplayName !== null && array_key_exists($userId, $updatedDisplayName)) { + $share['share_with_displayname'] = $updatedDisplayName[$userId]; + } + } + + // prepping userIds with displayName to be updated + $updated[] = $share; + } + + // if $updatedDisplayName is not null, it means we should have already fixed displayNames of the shares + if ($updatedDisplayName !== null) { + return $updated; + } + + // get displayName for the generated list of userId with no displayName + $displayNames = $this->retrieveFederatedDisplayName($userIds); + + // if no displayName are updated, we exit + if (empty($displayNames)) { + return $updated; + } + + // let's fix missing display name and returns all shares + return $this->fixMissingDisplayName($shares, $displayNames); + } + + + /** + * get displayName of a list of userIds from the lookup-server; through the globalsiteselector app. + * returns an array with userIds as keys and displayName as values. + * + * @param array $userIds + * @param bool $cacheOnly - do not reach LUS, get data from cache. + * + * @return array + * @throws ContainerExceptionInterface + */ + private function retrieveFederatedDisplayName(array $userIds, bool $cacheOnly = false): array { + // check if gss is enabled and available + if (count($userIds) === 0 + || !$this->appManager->isEnabledForAnyone('globalsiteselector') + || !class_exists('\OCA\GlobalSiteSelector\Service\SlaveService')) { + return []; + } + + try { + $slaveService = Server::get(SlaveService::class); + } catch (\Throwable $e) { + $this->logger->error( + $e->getMessage(), + ['exception' => $e] + ); + return []; + } + + return $slaveService->getUsersDisplayName($userIds, $cacheOnly); + } + + + /** + * retrieve displayName from cache if available (should be used on federated shares) + * if not available in cache/lus, try for get from address-book, else returns empty string. + * + * @param string $userId + * @param bool $cacheOnly if true will not reach the lus but will only get data from cache + * + * @return string + */ + private function getCachedFederatedDisplayName(string $userId, bool $cacheOnly = true): string { + $details = $this->retrieveFederatedDisplayName([$userId], $cacheOnly); + if (array_key_exists($userId, $details)) { + return $details[$userId]; + } + + $displayName = $this->getDisplayNameFromAddressBook($userId, 'CLOUD'); + return ($displayName === $userId) ? '' : $displayName; + } + + + /** * Get a specific share by id * - * @NoAdminRequired + * @param string $id ID of the share + * @param bool $include_tags Include tags in the share + * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}> + * @throws OCSNotFoundException Share not found * - * @param string $id - * @param bool $includeTags - * @return DataResponse - * @throws OCSNotFoundException + * 200: Share returned */ + #[NoAdminRequired] public function getShare(string $id, bool $include_tags = false): DataResponse { try { $share = $this->getShareById($id); @@ -382,7 +507,7 @@ class ShareAPIController extends OCSController { $share = $this->formatShare($share); if ($include_tags) { - $share = Helper::populateTags([$share], 'file_source', \OC::$server->getTagManager()); + $share = $this->populateTags([$share]); } else { $share = [$share]; } @@ -399,12 +524,14 @@ class ShareAPIController extends OCSController { /** * Delete a share * - * @NoAdminRequired + * @param string $id ID of the share + * @return DataResponse<Http::STATUS_OK, list<empty>, array{}> + * @throws OCSNotFoundException Share not found + * @throws OCSForbiddenException Missing permissions to delete the share * - * @param string $id - * @return DataResponse - * @throws OCSNotFoundException + * 200: Share deleted successfully */ + #[NoAdminRequired] public function deleteShare(string $id): DataResponse { try { $share = $this->getShareById($id); @@ -427,7 +554,7 @@ class ShareAPIController extends OCSController { // mount point. Allowing it to be restored // from the deleted shares if ($this->canDeleteShareFromSelf($share)) { - $this->shareManager->deleteFromSelf($share, $this->currentUser); + $this->shareManager->deleteFromSelf($share, $this->userId); } else { if (!$this->canDeleteShare($share)) { throw new OCSForbiddenException($this->l->t('Could not delete share')); @@ -440,60 +567,58 @@ class ShareAPIController extends OCSController { } /** - * @NoAdminRequired + * Create a share * - * @param string $path - * @param int $permissions - * @param int $shareType - * @param string $shareWith - * @param string $publicUpload - * @param string $password - * @param string $sendPasswordByTalk - * @param string $expireDate - * @param string $label - * @param string $attributes + * @param string|null $path Path of the share + * @param int|null $permissions Permissions for the share + * @param int $shareType Type of the share + * @param ?string $shareWith The entity this should be shared with + * @param 'true'|'false'|null $publicUpload If public uploading is allowed (deprecated) + * @param string $password Password for the share + * @param string|null $sendPasswordByTalk Send the password for the share over Talk + * @param ?string $expireDate The expiry date of the share in the user's timezone at 00:00. + * If $expireDate is not supplied or set to `null`, the system default will be used. + * @param string $note Note for the share + * @param string $label Label for the share (only used in link and email) + * @param string|null $attributes Additional attributes for the share + * @param 'false'|'true'|null $sendMail Send a mail to the recipient * - * @return DataResponse - * @throws NotFoundException - * @throws OCSBadRequestException + * @return DataResponse<Http::STATUS_OK, Files_SharingShare, array{}> + * @throws OCSBadRequestException Unknown share type * @throws OCSException - * @throws OCSForbiddenException - * @throws OCSNotFoundException - * @throws InvalidPathException + * @throws OCSForbiddenException Creating the share is not allowed + * @throws OCSNotFoundException Creating the share failed * @suppress PhanUndeclaredClassMethod + * + * 200: Share created */ + #[NoAdminRequired] + #[UserRateLimit(limit: 20, period: 600)] public function createShare( - string $path = null, - int $permissions = null, + ?string $path = null, + ?int $permissions = null, int $shareType = -1, - string $shareWith = null, - string $publicUpload = 'false', + ?string $shareWith = null, + ?string $publicUpload = null, string $password = '', - string $sendPasswordByTalk = null, - string $expireDate = '', + ?string $sendPasswordByTalk = null, + ?string $expireDate = null, string $note = '', string $label = '', - string $attributes = null + ?string $attributes = null, + ?string $sendMail = null, ): DataResponse { - $share = $this->shareManager->newShare(); + assert($this->userId !== null); - if ($permissions === null) { - if ($shareType === IShare::TYPE_LINK - || $shareType === IShare::TYPE_EMAIL) { - - // to keep legacy default behaviour, we ignore the setting below for link shares - $permissions = Constants::PERMISSION_READ; - } else { - $permissions = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL); - } - } + $share = $this->shareManager->newShare(); + $hasPublicUpload = $this->getLegacyPublicUpload($publicUpload); // Verify path if ($path === null) { throw new OCSNotFoundException($this->l->t('Please specify a file or folder path')); } - $userFolder = $this->rootFolder->getUserFolder($this->currentUser); + $userFolder = $this->rootFolder->getUserFolder($this->userId); try { /** @var \OC\Files\Node\Node $node */ $node = $userFolder->get($path); @@ -518,17 +643,23 @@ class ShareAPIController extends OCSController { throw new OCSNotFoundException($this->l->t('Could not create share')); } - if ($permissions < 0 || $permissions > Constants::PERMISSION_ALL) { - throw new OCSNotFoundException($this->l->t('Invalid permissions')); + // Set permissions + if ($shareType === IShare::TYPE_LINK || $shareType === IShare::TYPE_EMAIL) { + $permissions = $this->getLinkSharePermissions($permissions, $hasPublicUpload); + $this->validateLinkSharePermissions($node, $permissions, $hasPublicUpload); + } else { + // Use default permissions only for non-link shares to keep legacy behavior + if ($permissions === null) { + $permissions = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL); + } + // Non-link shares always require read permissions (link shares could be file drop) + $permissions |= Constants::PERMISSION_READ; } - // Shares always require read permissions - $permissions |= Constants::PERMISSION_READ; - - if ($node instanceof \OCP\Files\File) { - // Single file shares should never have delete or create permissions - $permissions &= ~Constants::PERMISSION_DELETE; - $permissions &= ~Constants::PERMISSION_CREATE; + // For legacy reasons the API allows to pass PERMISSIONS_ALL even for single file shares (I look at you Talk) + if ($node instanceof File) { + // if this is a single file share we remove the DELETE and CREATE permissions + $permissions = $permissions & ~(Constants::PERMISSION_DELETE | Constants::PERMISSION_CREATE); } /** @@ -544,13 +675,44 @@ class ShareAPIController extends OCSController { $share = $this->setShareAttributes($share, $attributes); } - $share->setSharedBy($this->currentUser); - $this->checkInheritedAttributes($share); + // Expire date checks + // Normally, null means no expiration date but we still set the default for backwards compatibility + // If the client sends an empty string, we set noExpirationDate to true + if ($expireDate !== null) { + if ($expireDate !== '') { + try { + $expireDateTime = $this->parseDate($expireDate); + $share->setExpirationDate($expireDateTime); + } catch (\Exception $e) { + throw new OCSNotFoundException($e->getMessage(), $e); + } + } else { + // Client sent empty string for expire date. + // Set noExpirationDate to true so overwrite is prevented. + $share->setNoExpirationDate(true); + } + } + + $share->setSharedBy($this->userId); + + // Handle mail send + if (is_null($sendMail)) { + $allowSendMail = $this->config->getSystemValueBool('sharing.enable_share_mail', true); + if ($allowSendMail !== true || $shareType === IShare::TYPE_EMAIL) { + // Define a default behavior when sendMail is not provided + // For email shares with a valid recipient, the default is to send the mail + // For all other share types, the default is to not send the mail + $allowSendMail = ($shareType === IShare::TYPE_EMAIL && $shareWith !== null && $shareWith !== ''); + } + $share->setMailSend($allowSendMail); + } else { + $share->setMailSend($sendMail === 'true'); + } if ($shareType === IShare::TYPE_USER) { // Valid user is required to share if ($shareWith === null || !$this->userManager->userExists($shareWith)) { - throw new OCSNotFoundException($this->l->t('Please specify a valid user')); + throw new OCSNotFoundException($this->l->t('Please specify a valid account to share with')); } $share->setSharedWith($shareWith); $share->setPermissions($permissions); @@ -573,28 +735,7 @@ class ShareAPIController extends OCSController { throw new OCSNotFoundException($this->l->t('Public link sharing is disabled by the administrator')); } - if ($publicUpload === 'true') { - // Check if public upload is allowed - if (!$this->shareManager->shareApiLinkAllowPublicUpload()) { - throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator')); - } - - // Public upload can only be set for folders - if ($node instanceof \OCP\Files\File) { - throw new OCSNotFoundException($this->l->t('Public upload is only possible for publicly shared folders')); - } - - $permissions = Constants::PERMISSION_READ | - Constants::PERMISSION_CREATE | - Constants::PERMISSION_UPDATE | - Constants::PERMISSION_DELETE; - } - - // TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones - if ($this->shareManager->outgoingServer2ServerSharesAllowed()) { - $permissions |= Constants::PERMISSION_SHARE; - } - + $this->validateLinkSharePermissions($node, $permissions, $hasPublicUpload); $share->setPermissions($permissions); // Set password @@ -604,11 +745,18 @@ class ShareAPIController extends OCSController { // Only share by mail have a recipient if (is_string($shareWith) && $shareType === IShare::TYPE_EMAIL) { + // If sending a mail have been requested, validate the mail address + if ($share->getMailSend() && !$this->mailer->validateMailAddress($shareWith)) { + throw new OCSNotFoundException($this->l->t('Please specify a valid email address')); + } $share->setSharedWith($shareWith); } // If we have a label, use it - if (!empty($label)) { + if ($label !== '') { + if (strlen($label) > 255) { + throw new OCSBadRequestException('Maximum label length is 255'); + } $share->setLabel($label); } @@ -619,35 +767,18 @@ class ShareAPIController extends OCSController { $share->setSendPasswordByTalk(true); } - - //Expire date - if ($expireDate !== '') { - try { - $expireDate = $this->parseDate($expireDate); - $share->setExpirationDate($expireDate); - } catch (\Exception $e) { - throw new OCSNotFoundException($this->l->t('Invalid date, date format must be YYYY-MM-DD')); - } - } } elseif ($shareType === IShare::TYPE_REMOTE) { if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) { throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType])); } if ($shareWith === null) { - throw new OCSNotFoundException($this->l->t('Please specify a valid federated user ID')); + throw new OCSNotFoundException($this->l->t('Please specify a valid federated account ID')); } $share->setSharedWith($shareWith); $share->setPermissions($permissions); - if ($expireDate !== '') { - try { - $expireDate = $this->parseDate($expireDate); - $share->setExpirationDate($expireDate); - } catch (\Exception $e) { - throw new OCSNotFoundException($this->l->t('Invalid date, date format must be YYYY-MM-DD')); - } - } + $share->setSharedWithDisplayName($this->getCachedFederatedDisplayName($shareWith, false)); } elseif ($shareType === IShare::TYPE_REMOTE_GROUP) { if (!$this->shareManager->outgoingServer2ServerGroupSharesAllowed()) { throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType])); @@ -659,44 +790,43 @@ class ShareAPIController extends OCSController { $share->setSharedWith($shareWith); $share->setPermissions($permissions); - if ($expireDate !== '') { - try { - $expireDate = $this->parseDate($expireDate); - $share->setExpirationDate($expireDate); - } catch (\Exception $e) { - throw new OCSNotFoundException($this->l->t('Invalid date, date format must be YYYY-MM-DD')); - } - } } elseif ($shareType === IShare::TYPE_CIRCLE) { - if (!\OC::$server->getAppManager()->isEnabledForUser('circles') || !class_exists('\OCA\Circles\ShareByCircleProvider')) { - throw new OCSNotFoundException($this->l->t('You cannot share to a Circle if the app is not enabled')); + if (!Server::get(IAppManager::class)->isEnabledForUser('circles') || !class_exists('\OCA\Circles\ShareByCircleProvider')) { + throw new OCSNotFoundException($this->l->t('You cannot share to a Team if the app is not enabled')); } - $circle = \OCA\Circles\Api\v1\Circles::detailsCircle($shareWith); + $circle = Circles::detailsCircle($shareWith); - // Valid circle is required to share + // Valid team is required to share if ($circle === null) { - throw new OCSNotFoundException($this->l->t('Please specify a valid circle')); + throw new OCSNotFoundException($this->l->t('Please specify a valid team')); } $share->setSharedWith($shareWith); $share->setPermissions($permissions); } elseif ($shareType === IShare::TYPE_ROOM) { try { - $this->getRoomShareHelper()->createShare($share, $shareWith, $permissions, $expireDate); - } catch (QueryException $e) { + $this->getRoomShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? ''); + } catch (ContainerExceptionInterface $e) { throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()])); } } elseif ($shareType === IShare::TYPE_DECK) { try { - $this->getDeckShareHelper()->createShare($share, $shareWith, $permissions, $expireDate); - } catch (QueryException $e) { + $this->getDeckShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? ''); + } catch (ContainerExceptionInterface $e) { throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()])); } + } elseif ($shareType === IShare::TYPE_SCIENCEMESH) { + try { + $this->getSciencemeshShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? ''); + } catch (ContainerExceptionInterface $e) { + throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support ScienceMesh shares', [$node->getPath()])); + } } else { throw new OCSBadRequestException($this->l->t('Unknown share type')); } $share->setShareType($shareType); + $this->checkInheritedAttributes($share); if ($note !== '') { $share->setNote($note); @@ -704,13 +834,15 @@ class ShareAPIController extends OCSController { try { $share = $this->shareManager->createShare($share); - } catch (GenericShareException $e) { - \OC::$server->getLogger()->logException($e); + } catch (HintException $e) { $code = $e->getCode() === 0 ? 403 : $e->getCode(); throw new OCSException($e->getHint(), $code); - } catch (\Exception $e) { - \OC::$server->getLogger()->logException($e); + } catch (GenericShareException|\InvalidArgumentException $e) { + $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSForbiddenException($e->getMessage(), $e); + } catch (\Exception $e) { + $this->logger->error($e->getMessage(), ['exception' => $e]); + throw new OCSForbiddenException('Failed to create share.', $e); } $output = $this->formatShare($share); @@ -722,19 +854,20 @@ class ShareAPIController extends OCSController { * @param null|Node $node * @param boolean $includeTags * - * @return array + * @return list<Files_SharingShare> */ private function getSharedWithMe($node, bool $includeTags): array { - $userShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_USER, $node, -1, 0); - $groupShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_GROUP, $node, -1, 0); - $circleShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_CIRCLE, $node, -1, 0); - $roomShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_ROOM, $node, -1, 0); - $deckShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_DECK, $node, -1, 0); + $userShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_USER, $node, -1, 0); + $groupShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_GROUP, $node, -1, 0); + $circleShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_CIRCLE, $node, -1, 0); + $roomShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_ROOM, $node, -1, 0); + $deckShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_DECK, $node, -1, 0); + $sciencemeshShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_SCIENCEMESH, $node, -1, 0); - $shares = array_merge($userShares, $groupShares, $circleShares, $roomShares, $deckShares); + $shares = array_merge($userShares, $groupShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares); $filteredShares = array_filter($shares, function (IShare $share) { - return $share->getShareOwner() !== $this->currentUser; + return $share->getShareOwner() !== $this->userId; }); $formatted = []; @@ -749,27 +882,27 @@ class ShareAPIController extends OCSController { } if ($includeTags) { - $formatted = Helper::populateTags($formatted, 'file_source', \OC::$server->getTagManager()); + $formatted = $this->populateTags($formatted); } return $formatted; } /** - * @param \OCP\Files\Node $folder + * @param Node $folder * - * @return array + * @return list<Files_SharingShare> * @throws OCSBadRequestException * @throws NotFoundException */ private function getSharesInDir(Node $folder): array { - if (!($folder instanceof \OCP\Files\Folder)) { + if (!($folder instanceof Folder)) { throw new OCSBadRequestException($this->l->t('Not a directory')); } $nodes = $folder->getDirectoryListing(); - /** @var \OCP\Share\IShare[] $shares */ + /** @var IShare[] $shares */ $shares = array_reduce($nodes, function ($carry, $node) { $carry = array_merge($carry, $this->getAllShares($node, true)); return $carry; @@ -778,12 +911,11 @@ class ShareAPIController extends OCSController { // filter out duplicate shares $known = []; - $formatted = $miniFormatted = []; $resharingRight = false; $known = []; foreach ($shares as $share) { - if (in_array($share->getId(), $known) || $share->getSharedWith() === $this->currentUser) { + if (in_array($share->getId(), $known) || $share->getSharedWith() === $this->userId) { continue; } @@ -792,10 +924,10 @@ class ShareAPIController extends OCSController { $known[] = $share->getId(); $formatted[] = $format; - if ($share->getSharedBy() === $this->currentUser) { + if ($share->getSharedBy() === $this->userId) { $miniFormatted[] = $format; } - if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $folder)) { + if (!$resharingRight && $this->shareProviderResharingRights($this->userId, $share, $folder)) { $resharingRight = true; } } catch (\Exception $e) { @@ -811,38 +943,30 @@ class ShareAPIController extends OCSController { } /** - * The getShares function. + * Get shares of the current user * - * @NoAdminRequired + * @param string $shared_with_me Only get shares with the current user + * @param string $reshares Only get shares by the current user and reshares + * @param string $subfiles Only get all shares in a folder + * @param string $path Get shares for a specific path + * @param string $include_tags Include tags in the share * - * @param string $shared_with_me - * @param string $reshares - * @param string $subfiles - * @param string $path + * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}> + * @throws OCSNotFoundException The folder was not found or is inaccessible * - * - Get shares by the current user - * - Get shares by the current user and reshares (?reshares=true) - * - Get shares with the current user (?shared_with_me=true) - * - Get shares for a specific path (?path=...) - * - Get all shares in a folder (?subfiles=true&path=..) - * - * @param string $include_tags - * - * @return DataResponse - * @throws NotFoundException - * @throws OCSBadRequestException - * @throws OCSNotFoundException + * 200: Shares returned */ + #[NoAdminRequired] public function getShares( string $shared_with_me = 'false', string $reshares = 'false', string $subfiles = 'false', string $path = '', - string $include_tags = 'false' + string $include_tags = 'false', ): DataResponse { $node = null; if ($path !== '') { - $userFolder = $this->rootFolder->getUserFolder($this->currentUser); + $userFolder = $this->rootFolder->getUserFolder($this->userId); try { $node = $userFolder->get($path); $this->lock($node); @@ -856,7 +980,7 @@ class ShareAPIController extends OCSController { } $shares = $this->getFormattedShares( - $this->currentUser, + $this->userId, $node, ($shared_with_me === 'true'), ($reshares === 'true'), @@ -867,6 +991,71 @@ class ShareAPIController extends OCSController { return new DataResponse($shares); } + private function getLinkSharePermissions(?int $permissions, ?bool $legacyPublicUpload): int { + $permissions = $permissions ?? Constants::PERMISSION_READ; + + // Legacy option handling + if ($legacyPublicUpload !== null) { + $permissions = $legacyPublicUpload + ? (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE) + : Constants::PERMISSION_READ; + } + + if ($this->hasPermission($permissions, Constants::PERMISSION_READ) + && $this->shareManager->outgoingServer2ServerSharesAllowed() + && $this->appConfig->getValueBool('core', ConfigLexicon::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES)) { + $permissions |= Constants::PERMISSION_SHARE; + } + + return $permissions; + } + + /** + * Helper to check for legacy "publicUpload" handling. + * If the value is set to `true` or `false` then true or false are returned. + * Otherwise null is returned to indicate that the option was not (or wrong) set. + * + * @param null|string $legacyPublicUpload The value of `publicUpload` + */ + private function getLegacyPublicUpload(?string $legacyPublicUpload): ?bool { + if ($legacyPublicUpload === 'true') { + return true; + } elseif ($legacyPublicUpload === 'false') { + return false; + } + // Not set at all + return null; + } + + /** + * For link and email shares validate that only allowed combinations are set. + * + * @throw OCSBadRequestException If permission combination is invalid. + * @throw OCSForbiddenException If public upload was forbidden by the administrator. + */ + private function validateLinkSharePermissions(Node $node, int $permissions, ?bool $legacyPublicUpload): void { + if ($legacyPublicUpload && ($node instanceof File)) { + throw new OCSBadRequestException($this->l->t('Public upload is only possible for publicly shared folders')); + } + + // We need at least READ or CREATE (file drop) + if (!$this->hasPermission($permissions, Constants::PERMISSION_READ) + && !$this->hasPermission($permissions, Constants::PERMISSION_CREATE)) { + throw new OCSBadRequestException($this->l->t('Share must at least have READ or CREATE permissions')); + } + + // UPDATE and DELETE require a READ permission + if (!$this->hasPermission($permissions, Constants::PERMISSION_READ) + && ($this->hasPermission($permissions, Constants::PERMISSION_UPDATE) || $this->hasPermission($permissions, Constants::PERMISSION_DELETE))) { + throw new OCSBadRequestException($this->l->t('Share must have READ permission if UPDATE or DELETE permission is set')); + } + + // Check if public uploading was disabled + if ($this->hasPermission($permissions, Constants::PERMISSION_CREATE) + && !$this->shareManager->shareApiLinkAllowPublicUpload()) { + throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator')); + } + } /** * @param string $viewer @@ -876,7 +1065,7 @@ class ShareAPIController extends OCSController { * @param bool $subFiles * @param bool $includeTags * - * @return array + * @return list<Files_SharingShare> * @throws NotFoundException * @throws OCSBadRequestException */ @@ -886,7 +1075,7 @@ class ShareAPIController extends OCSController { bool $sharedWithMe = false, bool $reShares = false, bool $subFiles = false, - bool $includeTags = false + bool $includeTags = false, ): array { if ($sharedWithMe) { return $this->getSharedWithMe($node, $includeTags); @@ -912,7 +1101,7 @@ class ShareAPIController extends OCSController { } if (in_array($share->getId(), $known) - || ($share->getSharedWith() === $this->currentUser && $share->getShareType() === IShare::TYPE_USER)) { + || ($share->getSharedWith() === $this->userId && $share->getShareType() === IShare::TYPE_USER)) { continue; } @@ -925,16 +1114,16 @@ class ShareAPIController extends OCSController { // let's also build a list of shares created // by the current user only, in case // there is no resharing rights - if ($share->getSharedBy() === $this->currentUser) { + if ($share->getSharedBy() === $this->userId) { $miniFormatted[] = $format; } // check if one of those share is shared with me // and if I have resharing rights on it - if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $node)) { + if (!$resharingRight && $this->shareProviderResharingRights($this->userId, $share, $node)) { $resharingRight = true; } - } catch (InvalidPathException | NotFoundException $e) { + } catch (InvalidPathException|NotFoundException $e) { } } @@ -942,9 +1131,11 @@ class ShareAPIController extends OCSController { $formatted = $miniFormatted; } + // fix eventual missing display name from federated shares + $formatted = $this->fixMissingDisplayName($formatted); + if ($includeTags) { - $formatted = - Helper::populateTags($formatted, 'file_source', \OC::$server->getTagManager()); + $formatted = $this->populateTags($formatted); } return $formatted; @@ -952,41 +1143,33 @@ class ShareAPIController extends OCSController { /** - * The getInheritedShares function. - * returns all shares relative to a file, including parent folders shares rights. - * - * @NoAdminRequired - * - * @param string $path + * Get all shares relative to a file, including parent folders shares rights * - * - Get shares by the current user - * - Get shares by the current user and reshares (?reshares=true) - * - Get shares with the current user (?shared_with_me=true) - * - Get shares for a specific path (?path=...) - * - Get all shares in a folder (?subfiles=true&path=..) + * @param string $path Path all shares will be relative to * - * @return DataResponse + * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}> * @throws InvalidPathException * @throws NotFoundException - * @throws OCSNotFoundException - * @throws OCSBadRequestException + * @throws OCSNotFoundException The given path is invalid * @throws SharingRightsException + * + * 200: Shares returned */ + #[NoAdminRequired] public function getInheritedShares(string $path): DataResponse { - // get Node from (string) path. - $userFolder = $this->rootFolder->getUserFolder($this->currentUser); + $userFolder = $this->rootFolder->getUserFolder($this->userId); try { $node = $userFolder->get($path); $this->lock($node); - } catch (\OCP\Files\NotFoundException $e) { + } catch (NotFoundException $e) { throw new OCSNotFoundException($this->l->t('Wrong path, file/folder does not exist')); } catch (LockedException $e) { throw new OCSNotFoundException($this->l->t('Could not lock path')); } if (!($node->getPermissions() & Constants::PERMISSION_SHARE)) { - throw new SharingRightsException('no sharing rights on this item'); + throw new SharingRightsException($this->l->t('no sharing rights on this item')); } // The current top parent we have access to @@ -994,7 +1177,7 @@ class ShareAPIController extends OCSController { // initiate real owner. $owner = $node->getOwner() - ->getUID(); + ->getUID(); if (!$this->userManager->userExists($owner)) { return new DataResponse([]); } @@ -1003,23 +1186,25 @@ class ShareAPIController extends OCSController { $userFolder = $this->rootFolder->getUserFolder($owner); if ($node->getId() !== $userFolder->getId() && !$userFolder->isSubNode($node)) { $owner = $node->getOwner() - ->getUID(); + ->getUID(); $userFolder = $this->rootFolder->getUserFolder($owner); - $nodes = $userFolder->getById($node->getId()); - $node = array_shift($nodes); + $node = $userFolder->getFirstNodeById($node->getId()); } $basePath = $userFolder->getPath(); // generate node list for each parent folders /** @var Node[] $nodes */ $nodes = []; - while ($node->getPath() !== $basePath) { + while (true) { $node = $node->getParent(); + if ($node->getPath() === $basePath) { + break; + } $nodes[] = $node; } // The user that is requesting this list - $currentUserFolder = $this->rootFolder->getUserFolder($this->currentUser); + $currentUserFolder = $this->rootFolder->getUserFolder($this->userId); // for each nodes, retrieve shares. $shares = []; @@ -1027,9 +1212,9 @@ class ShareAPIController extends OCSController { foreach ($nodes as $node) { $getShares = $this->getFormattedShares($owner, $node, false, true); - $currentUserNodes = $currentUserFolder->getById($node->getId()); - if (!empty($currentUserNodes)) { - $parent = array_pop($currentUserNodes); + $currentUserNode = $currentUserFolder->getFirstNodeById($node->getId()); + if ($currentUserNode) { + $parent = $currentUserNode; } $subPath = $currentUserFolder->getRelativePath($parent->getPath()); @@ -1050,38 +1235,45 @@ class ShareAPIController extends OCSController { return ($permissionsSet & $permissionsToCheck) === $permissionsToCheck; } - /** - * @NoAdminRequired + * Update a share * - * @param string $id - * @param int $permissions - * @param string $password - * @param string $sendPasswordByTalk - * @param string $publicUpload - * @param string $expireDate - * @param string $note - * @param string $label - * @param string $hideDownload - * @param string $attributes - * @return DataResponse - * @throws LockedException - * @throws NotFoundException - * @throws OCSBadRequestException - * @throws OCSForbiddenException - * @throws OCSNotFoundException + * @param string $id ID of the share + * @param int|null $permissions New permissions + * @param string|null $password New password + * @param string|null $sendPasswordByTalk New condition if the password should be send over Talk + * @param string|null $publicUpload New condition if public uploading is allowed + * @param string|null $expireDate New expiry date + * @param string|null $note New note + * @param string|null $label New label + * @param string|null $hideDownload New condition if the download should be hidden + * @param string|null $attributes New additional attributes + * @param string|null $sendMail if the share should be send by mail. + * Considering the share already exists, no mail will be send after the share is updated. + * You will have to use the sendMail action to send the mail. + * @param string|null $shareWith New recipient for email shares + * @param string|null $token New token + * @return DataResponse<Http::STATUS_OK, Files_SharingShare, array{}> + * @throws OCSBadRequestException Share could not be updated because the requested changes are invalid + * @throws OCSForbiddenException Missing permissions to update the share + * @throws OCSNotFoundException Share not found + * + * 200: Share updated successfully */ + #[NoAdminRequired] public function updateShare( string $id, - int $permissions = null, - string $password = null, - string $sendPasswordByTalk = null, - string $publicUpload = null, - string $expireDate = null, - string $note = null, - string $label = null, - string $hideDownload = null, - string $attributes = null + ?int $permissions = null, + ?string $password = null, + ?string $sendPasswordByTalk = null, + ?string $publicUpload = null, + ?string $expireDate = null, + ?string $note = null, + ?string $label = null, + ?string $hideDownload = null, + ?string $attributes = null, + ?string $sendMail = null, + ?string $token = null, ): DataResponse { try { $share = $this->getShareById($id); @@ -1096,19 +1288,21 @@ class ShareAPIController extends OCSController { } if (!$this->canEditShare($share)) { - throw new OCSForbiddenException('You are not allowed to edit incoming shares'); + throw new OCSForbiddenException($this->l->t('You are not allowed to edit incoming shares')); } if ( - $permissions === null && - $password === null && - $sendPasswordByTalk === null && - $publicUpload === null && - $expireDate === null && - $note === null && - $label === null && - $hideDownload === null && - $attributes === null + $permissions === null + && $password === null + && $sendPasswordByTalk === null + && $publicUpload === null + && $expireDate === null + && $note === null + && $label === null + && $hideDownload === null + && $attributes === null + && $sendMail === null + && $token === null ) { throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given')); } @@ -1120,26 +1314,18 @@ class ShareAPIController extends OCSController { if ($attributes !== null) { $share = $this->setShareAttributes($share, $attributes); } - $this->checkInheritedAttributes($share); + + // Handle mail send + if ($sendMail === 'true' || $sendMail === 'false') { + $share->setMailSend($sendMail === 'true'); + } /** - * expirationdate, password and publicUpload only make sense for link shares + * expiration date, password and publicUpload only make sense for link shares */ if ($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL) { - /** - * We do not allow editing link shares that the current user - * doesn't own. This is confusing and lead to errors when - * someone else edit a password or expiration date without - * the share owner knowing about it. - * We only allow deletion - */ - - if ($share->getSharedBy() !== $this->currentUser) { - throw new OCSForbiddenException('You are not allowed to edit link shares that you don\'t own'); - } - // Update hide download state if ($hideDownload === 'true') { $share->setHideDownload(true); @@ -1147,69 +1333,13 @@ class ShareAPIController extends OCSController { $share->setHideDownload(false); } - $newPermissions = null; - if ($publicUpload === 'true') { - $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE; - } elseif ($publicUpload === 'false') { - $newPermissions = Constants::PERMISSION_READ; - } - - if ($permissions !== null) { - $newPermissions = $permissions; - $newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE; - } - - if ($newPermissions !== null) { - if (!$this->hasPermission($newPermissions, Constants::PERMISSION_READ) && !$this->hasPermission($newPermissions, Constants::PERMISSION_CREATE)) { - throw new OCSBadRequestException($this->l->t('Share must at least have READ or CREATE permissions')); - } - - if (!$this->hasPermission($newPermissions, Constants::PERMISSION_READ) && ( - $this->hasPermission($newPermissions, Constants::PERMISSION_UPDATE) || $this->hasPermission($newPermissions, Constants::PERMISSION_DELETE) - )) { - throw new OCSBadRequestException($this->l->t('Share must have READ permission if UPDATE or DELETE permission is set')); - } - } - - if ( - // legacy - $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE) || - // correct - $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE) - ) { - if (!$this->shareManager->shareApiLinkAllowPublicUpload()) { - throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator')); - } - - if (!($share->getNode() instanceof \OCP\Files\Folder)) { - throw new OCSBadRequestException($this->l->t('Public upload is only possible for publicly shared folders')); - } - - // normalize to correct public upload permissions - if ($publicUpload === 'true') { - $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE; - } - } - - if ($newPermissions !== null) { - // TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones - if (($newPermissions & Constants::PERMISSION_READ) && $this->shareManager->outgoingServer2ServerSharesAllowed()) { - $newPermissions |= Constants::PERMISSION_SHARE; - } - - $share->setPermissions($newPermissions); - $permissions = $newPermissions; - } - - if ($expireDate === '') { - $share->setExpirationDate(null); - } elseif ($expireDate !== null) { - try { - $expireDate = $this->parseDate($expireDate); - } catch (\Exception $e) { - throw new OCSBadRequestException($e->getMessage(), $e); - } - $share->setExpirationDate($expireDate); + // If either manual permissions are specified or publicUpload + // then we need to also update the permissions of the share + if ($permissions !== null || $publicUpload !== null) { + $hasPublicUpload = $this->getLegacyPublicUpload($publicUpload); + $permissions = $this->getLinkSharePermissions($permissions ?? Constants::PERMISSION_READ, $hasPublicUpload); + $this->validateLinkSharePermissions($share->getNode(), $permissions, $hasPublicUpload); + $share->setPermissions($permissions); } if ($password === '') { @@ -1220,7 +1350,7 @@ class ShareAPIController extends OCSController { if ($label !== null) { if (strlen($label) > 255) { - throw new OCSBadRequestException("Maximum label length is 255"); + throw new OCSBadRequestException('Maximum label length is 255'); } $share->setLabel($label); } @@ -1234,6 +1364,16 @@ class ShareAPIController extends OCSController { } elseif ($sendPasswordByTalk !== null) { $share->setSendPasswordByTalk(false); } + + if ($token !== null) { + if (!$this->shareManager->allowCustomTokens()) { + throw new OCSForbiddenException($this->l->t('Custom share link tokens have been disabled by the administrator')); + } + if (!$this->validateToken($token)) { + throw new OCSBadRequestException($this->l->t('Tokens must contain at least 1 character and may only contain letters, numbers, or a hyphen')); + } + $share->setToken($token); + } } // NOT A LINK SHARE @@ -1241,34 +1381,51 @@ class ShareAPIController extends OCSController { if ($permissions !== null) { $share->setPermissions($permissions); } + } - if ($expireDate === '') { - $share->setExpirationDate(null); - } elseif ($expireDate !== null) { - try { - $expireDate = $this->parseDate($expireDate); - } catch (\Exception $e) { - throw new OCSBadRequestException($e->getMessage(), $e); - } - $share->setExpirationDate($expireDate); + if ($expireDate === '') { + $share->setExpirationDate(null); + } elseif ($expireDate !== null) { + try { + $expireDateTime = $this->parseDate($expireDate); + $share->setExpirationDate($expireDateTime); + } catch (\Exception $e) { + throw new OCSBadRequestException($e->getMessage(), $e); } } try { + $this->checkInheritedAttributes($share); $share = $this->shareManager->updateShare($share); - } catch (GenericShareException $e) { + } catch (HintException $e) { $code = $e->getCode() === 0 ? 403 : $e->getCode(); throw new OCSException($e->getHint(), (int)$code); } catch (\Exception $e) { - throw new OCSBadRequestException($e->getMessage(), $e); + $this->logger->error($e->getMessage(), ['exception' => $e]); + throw new OCSBadRequestException('Failed to update share.', $e); } return new DataResponse($this->formatShare($share)); } + private function validateToken(string $token): bool { + if (mb_strlen($token) === 0) { + return false; + } + if (!preg_match('/^[a-z0-9-]+$/i', $token)) { + return false; + } + return true; + } + /** - * @NoAdminRequired + * Get all shares that are still pending + * + * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}> + * + * 200: Pending shares returned */ + #[NoAdminRequired] public function pendingShares(): DataResponse { $pendingShares = []; @@ -1278,7 +1435,7 @@ class ShareAPIController extends OCSController { ]; foreach ($shareTypes as $shareType) { - $shares = $this->shareManager->getSharedWith($this->currentUser, $shareType, null, -1, 0); + $shares = $this->shareManager->getSharedWith($this->userId, $shareType, null, -1, 0); foreach ($shares as $share) { if ($share->getStatus() === IShare::STATUS_PENDING || $share->getStatus() === IShare::STATUS_REJECTED) { @@ -1287,23 +1444,20 @@ class ShareAPIController extends OCSController { } } - $result = array_filter(array_map(function (IShare $share) { + $result = array_values(array_filter(array_map(function (IShare $share) { $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy()); - $nodes = $userFolder->getById($share->getNodeId()); - if (empty($nodes)) { + $node = $userFolder->getFirstNodeById($share->getNodeId()); + if (!$node) { // fallback to guessing the path $node = $userFolder->get($share->getTarget()); if ($node === null || $share->getTarget() === '') { return null; } - } else { - $node = $nodes[0]; } try { $formattedShare = $this->formatShare($share, $node); - $formattedShare['status'] = $share->getStatus(); - $formattedShare['path'] = $share->getNode()->getName(); + $formattedShare['path'] = '/' . $share->getNode()->getName(); $formattedShare['permissions'] = 0; return $formattedShare; } catch (NotFoundException $e) { @@ -1311,20 +1465,23 @@ class ShareAPIController extends OCSController { } }, $pendingShares), function ($entry) { return $entry !== null; - }); + })); return new DataResponse($result); } /** - * @NoAdminRequired + * Accept a share * - * @param string $id - * @return DataResponse - * @throws OCSNotFoundException + * @param string $id ID of the share + * @return DataResponse<Http::STATUS_OK, list<empty>, array{}> + * @throws OCSNotFoundException Share not found * @throws OCSException - * @throws OCSBadRequestException + * @throws OCSBadRequestException Share could not be accepted + * + * 200: Share accepted successfully */ + #[NoAdminRequired] public function acceptShare(string $id): DataResponse { try { $share = $this->getShareById($id); @@ -1337,12 +1494,13 @@ class ShareAPIController extends OCSController { } try { - $this->shareManager->acceptShare($share, $this->currentUser); - } catch (GenericShareException $e) { + $this->shareManager->acceptShare($share, $this->userId); + } catch (HintException $e) { $code = $e->getCode() === 0 ? 403 : $e->getCode(); throw new OCSException($e->getHint(), (int)$code); } catch (\Exception $e) { - throw new OCSBadRequestException($e->getMessage(), $e); + $this->logger->error($e->getMessage(), ['exception' => $e]); + throw new OCSBadRequestException('Failed to accept share.', $e); } return new DataResponse(); @@ -1351,43 +1509,43 @@ class ShareAPIController extends OCSController { /** * Does the user have read permission on the share * - * @param \OCP\Share\IShare $share the share to check + * @param IShare $share the share to check * @param boolean $checkGroups check groups as well? * @return boolean * @throws NotFoundException * * @suppress PhanUndeclaredClassMethod */ - protected function canAccessShare(\OCP\Share\IShare $share, bool $checkGroups = true): bool { + protected function canAccessShare(IShare $share, bool $checkGroups = true): bool { // A file with permissions 0 can't be accessed by us. So Don't show it if ($share->getPermissions() === 0) { return false; } // Owner of the file and the sharer of the file can always get share - if ($share->getShareOwner() === $this->currentUser - || $share->getSharedBy() === $this->currentUser) { + if ($share->getShareOwner() === $this->userId + || $share->getSharedBy() === $this->userId) { return true; } // If the share is shared with you, you can access it! if ($share->getShareType() === IShare::TYPE_USER - && $share->getSharedWith() === $this->currentUser) { + && $share->getSharedWith() === $this->userId) { return true; } // Have reshare rights on the shared file/folder ? // Does the currentUser have access to the shared file? - $userFolder = $this->rootFolder->getUserFolder($this->currentUser); - $files = $userFolder->getById($share->getNodeId()); - if (!empty($files) && $this->shareProviderResharingRights($this->currentUser, $share, $files[0])) { + $userFolder = $this->rootFolder->getUserFolder($this->userId); + $file = $userFolder->getFirstNodeById($share->getNodeId()); + if ($file && $this->shareProviderResharingRights($this->userId, $share, $file)) { return true; } // If in the recipient group, you can see the share if ($checkGroups && $share->getShareType() === IShare::TYPE_GROUP) { $sharedWith = $this->groupManager->get($share->getSharedWith()); - $user = $this->userManager->get($this->currentUser); + $user = $this->userManager->get($this->userId); if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) { return true; } @@ -1400,16 +1558,24 @@ class ShareAPIController extends OCSController { if ($share->getShareType() === IShare::TYPE_ROOM) { try { - return $this->getRoomShareHelper()->canAccessShare($share, $this->currentUser); - } catch (QueryException $e) { + return $this->getRoomShareHelper()->canAccessShare($share, $this->userId); + } catch (ContainerExceptionInterface $e) { return false; } } if ($share->getShareType() === IShare::TYPE_DECK) { try { - return $this->getDeckShareHelper()->canAccessShare($share, $this->currentUser); - } catch (QueryException $e) { + return $this->getDeckShareHelper()->canAccessShare($share, $this->userId); + } catch (ContainerExceptionInterface $e) { + return false; + } + } + + if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) { + try { + return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->userId); + } catch (ContainerExceptionInterface $e) { return false; } } @@ -1420,10 +1586,10 @@ class ShareAPIController extends OCSController { /** * Does the user have edit permission on the share * - * @param \OCP\Share\IShare $share the share to check + * @param IShare $share the share to check * @return boolean */ - protected function canEditShare(\OCP\Share\IShare $share): bool { + protected function canEditShare(IShare $share): bool { // A file with permissions 0 can't be accessed by us. So Don't show it if ($share->getPermissions() === 0) { return false; @@ -1431,12 +1597,18 @@ class ShareAPIController extends OCSController { // The owner of the file and the creator of the share // can always edit the share - if ($share->getShareOwner() === $this->currentUser || - $share->getSharedBy() === $this->currentUser + if ($share->getShareOwner() === $this->userId + || $share->getSharedBy() === $this->userId ) { return true; } + $userFolder = $this->rootFolder->getUserFolder($this->userId); + $file = $userFolder->getFirstNodeById($share->getNodeId()); + if ($file?->getMountPoint() instanceof IShareOwnerlessMount && $this->shareProviderResharingRights($this->userId, $share, $file)) { + return true; + } + //! we do NOT support some kind of `admin` in groups. //! You cannot edit shares shared to a group you're //! a member of if you're not the share owner or the file owner! @@ -1447,10 +1619,10 @@ class ShareAPIController extends OCSController { /** * Does the user have delete permission on the share * - * @param \OCP\Share\IShare $share the share to check + * @param IShare $share the share to check * @return boolean */ - protected function canDeleteShare(\OCP\Share\IShare $share): bool { + protected function canDeleteShare(IShare $share): bool { // A file with permissions 0 can't be accessed by us. So Don't show it if ($share->getPermissions() === 0) { return false; @@ -1458,20 +1630,26 @@ class ShareAPIController extends OCSController { // if the user is the recipient, i can unshare // the share with self - if ($share->getShareType() === IShare::TYPE_USER && - $share->getSharedWith() === $this->currentUser + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $this->userId ) { return true; } // The owner of the file and the creator of the share // can always delete the share - if ($share->getShareOwner() === $this->currentUser || - $share->getSharedBy() === $this->currentUser + if ($share->getShareOwner() === $this->userId + || $share->getSharedBy() === $this->userId ) { return true; } + $userFolder = $this->rootFolder->getUserFolder($this->userId); + $file = $userFolder->getFirstNodeById($share->getNodeId()); + if ($file?->getMountPoint() instanceof IShareOwnerlessMount && $this->shareProviderResharingRights($this->userId, $share, $file)) { + return true; + } + return false; } @@ -1482,21 +1660,22 @@ class ShareAPIController extends OCSController { * completely delete the share but only the mount point. * It can then be restored from the deleted shares section. * - * @param \OCP\Share\IShare $share the share to check + * @param IShare $share the share to check * @return boolean * * @suppress PhanUndeclaredClassMethod */ - protected function canDeleteShareFromSelf(\OCP\Share\IShare $share): bool { - if ($share->getShareType() !== IShare::TYPE_GROUP && - $share->getShareType() !== IShare::TYPE_ROOM && - $share->getShareType() !== IShare::TYPE_DECK + protected function canDeleteShareFromSelf(IShare $share): bool { + if ($share->getShareType() !== IShare::TYPE_GROUP + && $share->getShareType() !== IShare::TYPE_ROOM + && $share->getShareType() !== IShare::TYPE_DECK + && $share->getShareType() !== IShare::TYPE_SCIENCEMESH ) { return false; } - if ($share->getShareOwner() === $this->currentUser || - $share->getSharedBy() === $this->currentUser + if ($share->getShareOwner() === $this->userId + || $share->getSharedBy() === $this->userId ) { // Delete the whole share, not just for self return false; @@ -1505,7 +1684,7 @@ class ShareAPIController extends OCSController { // If in the recipient group, you can delete the share from self if ($share->getShareType() === IShare::TYPE_GROUP) { $sharedWith = $this->groupManager->get($share->getSharedWith()); - $user = $this->userManager->get($this->currentUser); + $user = $this->userManager->get($this->userId); if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) { return true; } @@ -1513,16 +1692,24 @@ class ShareAPIController extends OCSController { if ($share->getShareType() === IShare::TYPE_ROOM) { try { - return $this->getRoomShareHelper()->canAccessShare($share, $this->currentUser); - } catch (QueryException $e) { + return $this->getRoomShareHelper()->canAccessShare($share, $this->userId); + } catch (ContainerExceptionInterface $e) { return false; } } if ($share->getShareType() === IShare::TYPE_DECK) { try { - return $this->getDeckShareHelper()->canAccessShare($share, $this->currentUser); - } catch (QueryException $e) { + return $this->getDeckShareHelper()->canAccessShare($share, $this->userId); + } catch (ContainerExceptionInterface $e) { + return false; + } + } + + if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) { + try { + return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->userId); + } catch (ContainerExceptionInterface $e) { return false; } } @@ -1542,13 +1729,13 @@ class ShareAPIController extends OCSController { */ private function parseDate(string $expireDate): \DateTime { try { - $date = new \DateTime(trim($expireDate, "\"")); + $date = new \DateTime(trim($expireDate, '"'), $this->dateTimeZone->getTimeZone()); + // Make sure it expires at midnight in owner timezone + $date->setTime(0, 0, 0); } catch (\Exception $e) { - throw new \Exception('Invalid date. Format must be YYYY-MM-DD'); + throw new \Exception($this->l->t('Invalid date. Format must be YYYY-MM-DD')); } - $date->setTime(0, 0, 0); - return $date; } @@ -1557,7 +1744,7 @@ class ShareAPIController extends OCSController { * not support this we need to check all backends. * * @param string $id - * @return \OCP\Share\IShare + * @return IShare * @throws ShareNotFound */ private function getShareById(string $id): IShare { @@ -1565,7 +1752,7 @@ class ShareAPIController extends OCSController { // First check if it is an internal share. try { - $share = $this->shareManager->getShareById('ocinternal:' . $id, $this->currentUser); + $share = $this->shareManager->getShareById('ocinternal:' . $id, $this->userId); return $share; } catch (ShareNotFound $e) { // Do nothing, just try the other share type @@ -1574,7 +1761,7 @@ class ShareAPIController extends OCSController { try { if ($this->shareManager->shareProviderExists(IShare::TYPE_CIRCLE)) { - $share = $this->shareManager->getShareById('ocCircleShare:' . $id, $this->currentUser); + $share = $this->shareManager->getShareById('ocCircleShare:' . $id, $this->userId); return $share; } } catch (ShareNotFound $e) { @@ -1583,7 +1770,7 @@ class ShareAPIController extends OCSController { try { if ($this->shareManager->shareProviderExists(IShare::TYPE_EMAIL)) { - $share = $this->shareManager->getShareById('ocMailShare:' . $id, $this->currentUser); + $share = $this->shareManager->getShareById('ocMailShare:' . $id, $this->userId); return $share; } } catch (ShareNotFound $e) { @@ -1591,7 +1778,7 @@ class ShareAPIController extends OCSController { } try { - $share = $this->shareManager->getShareById('ocRoomShare:' . $id, $this->currentUser); + $share = $this->shareManager->getShareById('ocRoomShare:' . $id, $this->userId); return $share; } catch (ShareNotFound $e) { // Do nothing, just try the other share type @@ -1599,7 +1786,16 @@ class ShareAPIController extends OCSController { try { if ($this->shareManager->shareProviderExists(IShare::TYPE_DECK)) { - $share = $this->shareManager->getShareById('deck:' . $id, $this->currentUser); + $share = $this->shareManager->getShareById('deck:' . $id, $this->userId); + return $share; + } + } catch (ShareNotFound $e) { + // Do nothing, just try the other share type + } + + try { + if ($this->shareManager->shareProviderExists(IShare::TYPE_SCIENCEMESH)) { + $share = $this->shareManager->getShareById('sciencemesh:' . $id, $this->userId); return $share; } } catch (ShareNotFound $e) { @@ -1609,7 +1805,7 @@ class ShareAPIController extends OCSController { if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) { throw new ShareNotFound(); } - $share = $this->shareManager->getShareById('ocFederatedSharing:' . $id, $this->currentUser); + $share = $this->shareManager->getShareById('ocFederatedSharing:' . $id, $this->userId); return $share; } @@ -1617,10 +1813,10 @@ class ShareAPIController extends OCSController { /** * Lock a Node * - * @param \OCP\Files\Node $node + * @param Node $node * @throws LockedException */ - private function lock(\OCP\Files\Node $node) { + private function lock(Node $node) { $node->lock(ILockingProvider::LOCK_SHARED); $this->lockedNode = $node; } @@ -1639,10 +1835,10 @@ class ShareAPIController extends OCSController { * Returns the helper of ShareAPIController for room shares. * * If the Talk application is not enabled or the helper is not available - * a QueryException is thrown instead. + * a ContainerExceptionInterface is thrown instead. * * @return \OCA\Talk\Share\Helper\ShareAPIController - * @throws QueryException + * @throws ContainerExceptionInterface */ private function getRoomShareHelper() { if (!$this->appManager->isEnabledForUser('spreed')) { @@ -1656,10 +1852,10 @@ class ShareAPIController extends OCSController { * Returns the helper of ShareAPIHelper for deck shares. * * If the Deck application is not enabled or the helper is not available - * a QueryException is thrown instead. + * a ContainerExceptionInterface is thrown instead. * - * @return \OCA\Deck\Sharing\ShareAPIHelper - * @throws QueryException + * @return ShareAPIHelper + * @throws ContainerExceptionInterface */ private function getDeckShareHelper() { if (!$this->appManager->isEnabledForUser('deck')) { @@ -1670,6 +1866,23 @@ class ShareAPIController extends OCSController { } /** + * Returns the helper of ShareAPIHelper for sciencemesh shares. + * + * If the sciencemesh application is not enabled or the helper is not available + * a ContainerExceptionInterface is thrown instead. + * + * @return ShareAPIHelper + * @throws ContainerExceptionInterface + */ + private function getSciencemeshShareHelper() { + if (!$this->appManager->isEnabledForUser('sciencemesh')) { + throw new QueryException(); + } + + return $this->serverContainer->get('\OCA\ScienceMesh\Sharing\ShareAPIHelper'); + } + + /** * @param string $viewer * @param Node $node * @param bool $reShares @@ -1684,7 +1897,8 @@ class ShareAPIController extends OCSController { IShare::TYPE_EMAIL, IShare::TYPE_CIRCLE, IShare::TYPE_ROOM, - IShare::TYPE_DECK + IShare::TYPE_DECK, + IShare::TYPE_SCIENCEMESH ]; // Should we assume that the (currentUser) viewer is the owner of the node !? @@ -1694,21 +1908,21 @@ class ShareAPIController extends OCSController { continue; } - $providerShares = - $this->shareManager->getSharesBy($viewer, $provider, $node, $reShares, -1, 0); + $providerShares + = $this->shareManager->getSharesBy($viewer, $provider, $node, $reShares, -1, 0); $shares = array_merge($shares, $providerShares); } if ($this->shareManager->outgoingServer2ServerSharesAllowed()) { $federatedShares = $this->shareManager->getSharesBy( - $this->currentUser, IShare::TYPE_REMOTE, $node, $reShares, -1, 0 + $this->userId, IShare::TYPE_REMOTE, $node, $reShares, -1, 0 ); $shares = array_merge($shares, $federatedShares); } if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) { $federatedShares = $this->shareManager->getSharesBy( - $this->currentUser, IShare::TYPE_REMOTE_GROUP, $node, $reShares, -1, 0 + $this->userId, IShare::TYPE_REMOTE_GROUP, $node, $reShares, -1, 0 ); $shares = array_merge($shares, $federatedShares); } @@ -1723,8 +1937,8 @@ class ShareAPIController extends OCSController { * @throws SharingRightsException */ private function confirmSharingRights(Node $node): void { - if (!$this->hasResharingRights($this->currentUser, $node)) { - throw new SharingRightsException('no sharing rights on this item'); + if (!$this->hasResharingRights($this->userId, $node)) { + throw new SharingRightsException($this->l->t('No sharing rights on this item')); } } @@ -1747,7 +1961,7 @@ class ShareAPIController extends OCSController { if ($this->shareProviderResharingRights($viewer, $share, $node)) { return true; } - } catch (InvalidPathException | NotFoundException $e) { + } catch (InvalidPathException|NotFoundException $e) { } } } @@ -1779,7 +1993,7 @@ class ShareAPIController extends OCSController { return true; } - if ((\OCP\Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) { + if ((Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) { return false; } @@ -1791,9 +2005,9 @@ class ShareAPIController extends OCSController { return true; } - if ($share->getShareType() === IShare::TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles') + if ($share->getShareType() === IShare::TYPE_CIRCLE && Server::get(IAppManager::class)->isEnabledForUser('circles') && class_exists('\OCA\Circles\Api\v1\Circles')) { - $hasCircleId = (substr($share->getSharedWith(), -1) === ']'); + $hasCircleId = (str_ends_with($share->getSharedWith(), ']')); $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0); $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' ')); if ($shareWithLength === false) { @@ -1802,12 +2016,12 @@ class ShareAPIController extends OCSController { $sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength); } try { - $member = \OCA\Circles\Api\v1\Circles::getMember($sharedWith, $userId, 1); + $member = Circles::getMember($sharedWith, $userId, 1); if ($member->getLevel() >= 4) { return true; } return false; - } catch (QueryException $e) { + } catch (ContainerExceptionInterface $e) { return false; } } @@ -1824,34 +2038,38 @@ class ShareAPIController extends OCSController { */ private function getAllShares(?Node $path = null, bool $reshares = false) { // Get all shares - $userShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_USER, $path, $reshares, -1, 0); - $groupShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_GROUP, $path, $reshares, -1, 0); - $linkShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_LINK, $path, $reshares, -1, 0); + $userShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_USER, $path, $reshares, -1, 0); + $groupShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_GROUP, $path, $reshares, -1, 0); + $linkShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_LINK, $path, $reshares, -1, 0); // EMAIL SHARES - $mailShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_EMAIL, $path, $reshares, -1, 0); + $mailShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_EMAIL, $path, $reshares, -1, 0); - // CIRCLE SHARES - $circleShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_CIRCLE, $path, $reshares, -1, 0); + // TEAM SHARES + $circleShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_CIRCLE, $path, $reshares, -1, 0); // TALK SHARES - $roomShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_ROOM, $path, $reshares, -1, 0); + $roomShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_ROOM, $path, $reshares, -1, 0); + + // DECK SHARES + $deckShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_DECK, $path, $reshares, -1, 0); - $deckShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_DECK, $path, $reshares, -1, 0); + // SCIENCEMESH SHARES + $sciencemeshShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_SCIENCEMESH, $path, $reshares, -1, 0); // FEDERATION if ($this->shareManager->outgoingServer2ServerSharesAllowed()) { - $federatedShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_REMOTE, $path, $reshares, -1, 0); + $federatedShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_REMOTE, $path, $reshares, -1, 0); } else { $federatedShares = []; } if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) { - $federatedGroupShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_REMOTE_GROUP, $path, $reshares, -1, 0); + $federatedGroupShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_REMOTE_GROUP, $path, $reshares, -1, 0); } else { $federatedGroupShares = []; } - return array_merge($userShares, $groupShares, $linkShares, $mailShares, $circleShares, $roomShares, $deckShares, $federatedShares, $federatedGroupShares); + return array_merge($userShares, $groupShares, $linkShares, $mailShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares, $federatedShares, $federatedGroupShares); } @@ -1886,11 +2104,11 @@ class ShareAPIController extends OCSController { $newShareAttributes->setAttribute( $formattedAttr['scope'], $formattedAttr['key'], - is_string($formattedAttr['enabled']) ? (bool) \json_decode($formattedAttr['enabled']) : $formattedAttr['enabled'] + $formattedAttr['value'], ); } } else { - throw new OCSBadRequestException('Invalid share attributes provided: \"' . $attributesString . '\"'); + throw new OCSBadRequestException($this->l->t('Invalid share attributes provided: "%s"', [$attributesString])); } } $share->setAttributes($newShareAttributes); @@ -1902,33 +2120,176 @@ class ShareAPIController extends OCSController { if (!$share->getSharedBy()) { return; // Probably in a test } + + $canDownload = false; + $hideDownload = true; + $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy()); $nodes = $userFolder->getById($share->getNodeId()); - if (empty($nodes)) { - return; - } - $node = $nodes[0]; - if ($node->getStorage()->instanceOfStorage(SharedStorage::class)) { - $storage = $node->getStorage(); - if ($storage instanceof Wrapper) { - $storage = $storage->getInstanceOfStorage(SharedStorage::class); - if ($storage === null) { - throw new \RuntimeException('Should not happen, instanceOfStorage but getInstanceOfStorage return null'); + foreach ($nodes as $node) { + // Owner always can download it - so allow it and break + if ($node->getOwner()?->getUID() === $share->getSharedBy()) { + $canDownload = true; + $hideDownload = false; + break; + } + + if ($node->getStorage()->instanceOfStorage(SharedStorage::class)) { + $storage = $node->getStorage(); + if ($storage instanceof Wrapper) { + $storage = $storage->getInstanceOfStorage(SharedStorage::class); + if ($storage === null) { + throw new \RuntimeException('Should not happen, instanceOfStorage but getInstanceOfStorage return null'); + } + } else { + throw new \RuntimeException('Should not happen, instanceOfStorage but not a wrapper'); } - } else { - throw new \RuntimeException('Should not happen, instanceOfStorage but not a wrapper'); + + /** @var SharedStorage $storage */ + $originalShare = $storage->getShare(); + $inheritedAttributes = $originalShare->getAttributes(); + // hide if hidden and also the current share enforces hide (can only be false if one share is false or user is owner) + $hideDownload = $hideDownload && $originalShare->getHideDownload(); + // allow download if already allowed by previous share or when the current share allows downloading + $canDownload = $canDownload || $inheritedAttributes === null || $inheritedAttributes->getAttribute('permissions', 'download') !== false; + } elseif ($node->getStorage()->instanceOfStorage(Storage::class)) { + $canDownload = true; // in case of federation storage, we can expect the download to be activated by default } - /** @var \OCA\Files_Sharing\SharedStorage $storage */ - $inheritedAttributes = $storage->getShare()->getAttributes(); - if ($inheritedAttributes !== null && $inheritedAttributes->getAttribute('permissions', 'download') === false) { - $share->setHideDownload(true); - $attributes = $share->getAttributes(); - if ($attributes) { - $attributes->setAttribute('permissions', 'download', false); - $share->setAttributes($attributes); + } + + if ($hideDownload || !$canDownload) { + $share->setHideDownload(true); + + if (!$canDownload) { + $attributes = $share->getAttributes() ?? $share->newAttributes(); + $attributes->setAttribute('permissions', 'download', false); + $share->setAttributes($attributes); + } + } + } + + /** + * Send a mail notification again for a share. + * The mail_send option must be enabled for the given share. + * @param string $id the share ID + * @param string $password the password to check against. Necessary for password protected shares. + * @throws OCSNotFoundException Share not found + * @throws OCSForbiddenException You are not allowed to send mail notifications + * @throws OCSBadRequestException Invalid request or wrong password + * @throws OCSException Error while sending mail notification + * @return DataResponse<Http::STATUS_OK, list<empty>, array{}> + * + * 200: The email notification was sent successfully + */ + #[NoAdminRequired] + #[UserRateLimit(limit: 10, period: 600)] + public function sendShareEmail(string $id, $password = ''): DataResponse { + try { + $share = $this->getShareById($id); + + if (!$this->canAccessShare($share, false)) { + throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist')); + } + + if (!$this->canEditShare($share)) { + throw new OCSForbiddenException($this->l->t('You are not allowed to send mail notifications')); + } + + // For mail and link shares, the user must be + // the owner of the share, not only the file owner. + if ($share->getShareType() === IShare::TYPE_EMAIL + || $share->getShareType() === IShare::TYPE_LINK) { + if ($share->getSharedBy() !== $this->userId) { + throw new OCSForbiddenException($this->l->t('You are not allowed to send mail notifications')); + } + } + + try { + $provider = $this->factory->getProviderForType($share->getShareType()); + if (!($provider instanceof IShareProviderWithNotification)) { + throw new OCSBadRequestException($this->l->t('No mail notification configured for this share type')); + } + + // Circumvent the password encrypted data by + // setting the password clear. We're not storing + // the password clear, it is just a temporary + // object manipulation. The password will stay + // encrypted in the database. + if ($share->getPassword() !== null && $share->getPassword() !== $password) { + if (!$this->shareManager->checkPassword($share, $password)) { + throw new OCSBadRequestException($this->l->t('Wrong password')); + } + $share = $share->setPassword($password); + } + + $provider->sendMailNotification($share); + return new DataResponse(); + } catch (Exception $e) { + $this->logger->error($e->getMessage(), ['exception' => $e]); + throw new OCSException($this->l->t('Error while sending mail notification')); + } + + } catch (ShareNotFound $e) { + throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist')); + } + } + + /** + * Get a unique share token + * + * @throws OCSException Failed to generate a unique token + * + * @return DataResponse<Http::STATUS_OK, array{token: string}, array{}> + * + * 200: Token generated successfully + */ + #[ApiRoute(verb: 'GET', url: '/api/v1/token')] + #[NoAdminRequired] + public function generateToken(): DataResponse { + try { + $token = $this->shareManager->generateToken(); + return new DataResponse([ + 'token' => $token, + ]); + } catch (ShareTokenException $e) { + throw new OCSException($this->l->t('Failed to generate a unique token')); + } + } + + /** + * Populate the result set with file tags + * + * @psalm-template T of array{tags?: list<string>, file_source: int, ...array<string, mixed>} + * @param list<T> $fileList + * @return list<T> file list populated with tags + */ + private function populateTags(array $fileList): array { + $tagger = $this->tagManager->load('files'); + $tags = $tagger->getTagsForObjects(array_map(static fn (array $fileData) => $fileData['file_source'], $fileList)); + + if (!is_array($tags)) { + throw new \UnexpectedValueException('$tags must be an array'); + } + + // Set empty tag array + foreach ($fileList as &$fileData) { + $fileData['tags'] = []; + } + unset($fileData); + + if (!empty($tags)) { + foreach ($tags as $fileId => $fileTags) { + foreach ($fileList as &$fileData) { + if ($fileId !== $fileData['file_source']) { + continue; + } + + $fileData['tags'] = $fileTags; } + unset($fileData); } } + return $fileList; } } |