diff options
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files/ajax/upload.php | 7 | ||||
-rw-r--r-- | apps/files/js/files.js | 2 | ||||
-rw-r--r-- | apps/files/templates/list.php | 11 | ||||
-rw-r--r-- | apps/files_sharing/ajax/list.php | 96 | ||||
-rw-r--r-- | apps/files_sharing/js/public.js | 16 | ||||
-rw-r--r-- | apps/files_sharing/tests/js/publicAppSpec.js | 20 |
6 files changed, 35 insertions, 117 deletions
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php index a784642728f..18e9cfe6117 100644 --- a/apps/files/ajax/upload.php +++ b/apps/files/ajax/upload.php @@ -41,7 +41,6 @@ OCP\JSON::setContentTypeHeader('text/plain'); // If not, check the login. // If no token is sent along, rely on login only -$allowedPermissions = \OCP\Constants::PERMISSION_ALL; $errorCode = null; $l = \OC::$server->getL10N('files'); @@ -60,8 +59,6 @@ if (empty($_POST['dirToken'])) { \OC_User::setIncognitoMode(true); - // return only read permissions for public upload - $allowedPermissions = \OCP\Constants::PERMISSION_READ; $publicDirectory = !empty($_POST['subdir']) ? (string)$_POST['subdir'] : '/'; $linkItem = OCP\Share::getShareByToken((string)$_POST['dirToken']); @@ -207,7 +204,7 @@ if (\OC\Files\Filesystem::isValidPath($dir) === true) { $data['originalname'] = $files['name'][$i]; $data['uploadMaxFilesize'] = $maxUploadFileSize; $data['maxHumanFilesize'] = $maxHumanFileSize; - $data['permissions'] = $meta['permissions'] & $allowedPermissions; + $data['permissions'] = $meta['permissions']; $data['directory'] = $returnedDir; $result[] = $data; } @@ -234,7 +231,7 @@ if (\OC\Files\Filesystem::isValidPath($dir) === true) { $data['originalname'] = $files['name'][$i]; $data['uploadMaxFilesize'] = $maxUploadFileSize; $data['maxHumanFilesize'] = $maxHumanFileSize; - $data['permissions'] = $meta['permissions'] & $allowedPermissions; + $data['permissions'] = $meta['permissions']; $data['directory'] = $returnedDir; $result[] = $data; } diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 6bdd14ac65d..e33b8354437 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -207,7 +207,7 @@ */ lazyLoadPreview : function(path, mime, ready, width, height, etag) { console.warn('DEPRECATED: please use lazyLoadPreview() from an OCA.Files.FileList instance'); - return OCA.Files.App.fileList.lazyLoadPreview({ + return FileList.lazyLoadPreview({ path: path, mime: mime, callback: ready, diff --git a/apps/files/templates/list.php b/apps/files/templates/list.php index 7ebf80ee8b2..04550f945b6 100644 --- a/apps/files/templates/list.php +++ b/apps/files/templates/list.php @@ -1,16 +1,5 @@ <div id="controls"> <div class="actions creatable hidden"> - <?php /* - Only show upload button for public page - */ ?> - <?php if(isset($_['dirToken'])):?> - <div id="upload" class="button upload" - title="<?php isset($_['uploadMaxHumanFilesize']) ? p($l->t('Upload (max. %s)', array($_['uploadMaxHumanFilesize']))) : '' ?>"> - <label for="file_upload_start" class="svg icon-upload"> - <span class="hidden-visually"><?php p($l->t('Upload'))?></span> - </label> - </div> - <?php endif; ?> <div id="uploadprogresswrapper"> <div id="uploadprogressbar"></div> <button class="stop icon-close" style="display:none"> diff --git a/apps/files_sharing/ajax/list.php b/apps/files_sharing/ajax/list.php deleted file mode 100644 index c7f0bde5d4a..00000000000 --- a/apps/files_sharing/ajax/list.php +++ /dev/null @@ -1,96 +0,0 @@ -<?php -/** - * @author Joas Schilling <nickvergessen@owncloud.com> - * @author Lukas Reschke <lukas@owncloud.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Roeland Jago Douma <rullzer@owncloud.com> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * @author Vincent Petry <pvince81@owncloud.com> - * - * @copyright Copyright (c) 2015, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ - -OCP\JSON::checkAppEnabled('files_sharing'); - -if(!isset($_GET['t'])){ - \OC_Response::setStatus(\OC_Response::STATUS_BAD_REQUEST); - \OCP\Util::writeLog('core-preview', 'No token parameter was passed', \OCP\Util::DEBUG); - exit; -} - -$token = $_GET['t']; - -$password = null; -if (isset($_POST['password'])) { - $password = $_POST['password']; -} - -$relativePath = null; -if (isset($_GET['dir'])) { - $relativePath = $_GET['dir']; -} - -$sortAttribute = isset( $_GET['sort'] ) ? $_GET['sort'] : 'name'; -$sortDirection = isset( $_GET['sortdirection'] ) ? ($_GET['sortdirection'] === 'desc') : false; - -$data = \OCA\Files_Sharing\Helper::setupFromToken($token, $relativePath, $password); - -$linkItem = $data['linkItem']; -// Load the files -$dir = $data['realPath']; - -$dir = \OC\Files\Filesystem::normalizePath($dir); -if (!\OC\Files\Filesystem::is_dir($dir . '/')) { - \OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND); - \OCP\JSON::error(array('success' => false)); - exit(); -} - -$data = array(); - -// make filelist -$files = \OCA\Files\Helper::getFiles($dir, $sortAttribute, $sortDirection); - -$formattedFiles = array(); -foreach ($files as $file) { - $entry = \OCA\Files\Helper::formatFileInfo($file); - // for now - unset($entry['directory']); - // do not disclose share owner - unset($entry['shareOwner']); - // do not disclose if something is a remote shares - unset($entry['mountType']); - unset($entry['icon']); - $entry['permissions'] = \OCP\Constants::PERMISSION_READ; - $formattedFiles[] = $entry; -} - -$data['directory'] = $relativePath; -$data['files'] = $formattedFiles; -$data['dirToken'] = $linkItem['token']; - -$permissions = $linkItem['permissions']; - -// if globally disabled -if (\OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_public_upload', 'yes') === 'no') { - // only allow reading - $permissions = \OCP\Constants::PERMISSION_READ; -} - -$data['permissions'] = $permissions; - -OCP\JSON::success(array('data' => $data)); diff --git a/apps/files_sharing/js/public.js b/apps/files_sharing/js/public.js index 246b639f652..82691129926 100644 --- a/apps/files_sharing/js/public.js +++ b/apps/files_sharing/js/public.js @@ -48,8 +48,20 @@ OCA.Sharing.PublicApp = { this._initialized = true; this.initialDir = $('#dir').val(); + var token = $('#sharingToken').val(); + // file list mode ? if ($el.find('#filestable').length) { + var filesClient = new OC.Files.Client({ + host: OC.getHost(), + port: OC.getPort(), + userName: token, + // note: password not be required, the endpoint + // will recognize previous validation from the session + root: OC.getRootPath() + '/public.php/webdav', + useHTTPS: OC.getProtocol() === 'https' + }); + this.fileList = new OCA.Files.FileList( $el, { @@ -58,7 +70,8 @@ OCA.Sharing.PublicApp = { dragOptions: dragOptions, folderDropOptions: folderDropOptions, fileActions: fileActions, - detailsViewEnabled: false + detailsViewEnabled: false, + filesClient: filesClient } ); this.files = OCA.Files.Files; @@ -88,7 +101,6 @@ OCA.Sharing.PublicApp = { // dynamically load image previews - var token = $('#sharingToken').val(); var bottomMargin = 350; var previewWidth = Math.ceil($(window).width() * window.devicePixelRatio); var previewHeight = Math.ceil(($(window).height() - bottomMargin) * window.devicePixelRatio); diff --git a/apps/files_sharing/tests/js/publicAppSpec.js b/apps/files_sharing/tests/js/publicAppSpec.js index d496b78acfa..8a644232e6c 100644 --- a/apps/files_sharing/tests/js/publicAppSpec.js +++ b/apps/files_sharing/tests/js/publicAppSpec.js @@ -21,11 +21,14 @@ describe('OCA.Sharing.PublicApp tests', function() { var App = OCA.Sharing.PublicApp; + var hostStub, portStub, protocolStub, webrootStub; var $preview; - var fileListIn; - var fileListOut; beforeEach(function() { + protocolStub = sinon.stub(OC, 'getProtocol').returns('https'); + hostStub = sinon.stub(OC, 'getHost').returns('example.com'); + portStub = sinon.stub(OC, 'getPort').returns(8080); + webrootStub = sinon.stub(OC, 'getRootPath').returns('/owncloud'); $preview = $('<div id="preview"></div>'); $('#testArea').append($preview); $preview.append( @@ -35,6 +38,13 @@ describe('OCA.Sharing.PublicApp tests', function() { ); }); + afterEach(function() { + protocolStub.restore(); + hostStub.restore(); + portStub.restore(); + webrootStub.restore(); + }); + describe('File list', function() { // TODO: this should be moved to a separate file once the PublicFileList is extracted from public.js beforeEach(function() { @@ -78,6 +88,12 @@ describe('OCA.Sharing.PublicApp tests', function() { App._initialized = false; }); + it('Uses public webdav endpoint', function() { + expect(fakeServer.requests.length).toEqual(1); + expect(fakeServer.requests[0].method).toEqual('PROPFIND'); + expect(fakeServer.requests[0].url).toEqual('https://sh4tok@example.com:8080/owncloud/public.php/webdav/subdir'); + }); + describe('Download Url', function() { var fileList; |