diff options
Diffstat (limited to 'lib/private/Share20')
| -rw-r--r-- | lib/private/Share20/DefaultShareProvider.php | 1422 | ||||
| -rw-r--r-- | lib/private/Share20/Exception/BackendError.php | 22 | ||||
| -rw-r--r-- | lib/private/Share20/Exception/InvalidShare.php | 22 | ||||
| -rw-r--r-- | lib/private/Share20/Exception/ProviderException.php | 24 | ||||
| -rw-r--r-- | lib/private/Share20/GroupDeletedListener.php | 32 | ||||
| -rw-r--r-- | lib/private/Share20/LegacyHooks.php | 144 | ||||
| -rw-r--r-- | lib/private/Share20/Manager.php | 1938 | ||||
| -rw-r--r-- | lib/private/Share20/ProviderFactory.php | 250 | ||||
| -rw-r--r-- | lib/private/Share20/PublicShareTemplateFactory.php | 47 | ||||
| -rw-r--r-- | lib/private/Share20/Share.php | 332 | ||||
| -rw-r--r-- | lib/private/Share20/ShareAttributes.php | 59 | ||||
| -rw-r--r-- | lib/private/Share20/ShareDisableChecker.php | 80 | ||||
| -rw-r--r-- | lib/private/Share20/ShareHelper.php | 200 | ||||
| -rw-r--r-- | lib/private/Share20/UserDeletedListener.php | 32 | ||||
| -rw-r--r-- | lib/private/Share20/UserRemovedListener.php | 34 |
15 files changed, 3642 insertions, 996 deletions
diff --git a/lib/private/Share20/DefaultShareProvider.php b/lib/private/Share20/DefaultShareProvider.php index f6171f87992..5300e6e1baa 100644 --- a/lib/private/Share20/DefaultShareProvider.php +++ b/lib/private/Share20/DefaultShareProvider.php @@ -1,80 +1,64 @@ <?php + /** - * @author Joas Schilling <nickvergessen@owncloud.com> - * @author Roeland Jago Douma <rullzer@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OC\Share20; -use OCP\Files\File; -use OCP\Share\IShareProvider; +use OC\Files\Cache\Cache; +use OC\Share20\Exception\BackendError; use OC\Share20\Exception\InvalidShare; use OC\Share20\Exception\ProviderException; -use OCP\Share\Exceptions\ShareNotFound; -use OC\Share20\Exception\BackendError; +use OC\User\LazyUser; +use OCA\Files_Sharing\AppInfo\Application; +use OCP\AppFramework\Utility\ITimeFactory; use OCP\DB\QueryBuilder\IQueryBuilder; -use OCP\Files\NotFoundException; -use OCP\IGroup; -use OCP\IGroupManager; -use OCP\IUserManager; +use OCP\Defaults; +use OCP\Files\Folder; use OCP\Files\IRootFolder; -use OCP\IDBConnection; use OCP\Files\Node; +use OCP\IConfig; +use OCP\IDBConnection; +use OCP\IGroupManager; +use OCP\IL10N; +use OCP\IURLGenerator; +use OCP\IUser; +use OCP\IUserManager; +use OCP\L10N\IFactory; +use OCP\Mail\IMailer; +use OCP\Share\Exceptions\ShareNotFound; +use OCP\Share\IAttributes; +use OCP\Share\IManager; +use OCP\Share\IShare; +use OCP\Share\IShareProviderSupportsAccept; +use OCP\Share\IShareProviderSupportsAllSharesInFolder; +use OCP\Share\IShareProviderWithNotification; +use Psr\Log\LoggerInterface; +use function str_starts_with; /** * Class DefaultShareProvider * * @package OC\Share20 */ -class DefaultShareProvider implements IShareProvider { - - // Special share type for user modified group shares - const SHARE_TYPE_USERGROUP = 2; - - /** @var IDBConnection */ - private $dbConn; - - /** @var IUserManager */ - private $userManager; - - /** @var IGroupManager */ - private $groupManager; - - /** @var IRootFolder */ - private $rootFolder; - - /** - * DefaultShareProvider constructor. - * - * @param IDBConnection $connection - * @param IUserManager $userManager - * @param IGroupManager $groupManager - * @param IRootFolder $rootFolder - */ +class DefaultShareProvider implements IShareProviderWithNotification, IShareProviderSupportsAccept, IShareProviderSupportsAllSharesInFolder { public function __construct( - IDBConnection $connection, - IUserManager $userManager, - IGroupManager $groupManager, - IRootFolder $rootFolder) { - $this->dbConn = $connection; - $this->userManager = $userManager; - $this->groupManager = $groupManager; - $this->rootFolder = $rootFolder; + private IDBConnection $dbConn, + private IUserManager $userManager, + private IGroupManager $groupManager, + private IRootFolder $rootFolder, + private IMailer $mailer, + private Defaults $defaults, + private IFactory $l10nFactory, + private IURLGenerator $urlGenerator, + private ITimeFactory $timeFactory, + private LoggerInterface $logger, + private IManager $shareManager, + private IConfig $config, + ) { } /** @@ -100,29 +84,52 @@ class DefaultShareProvider implements IShareProvider { $qb->insert('share'); $qb->setValue('share_type', $qb->createNamedParameter($share->getShareType())); - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { + $expirationDate = $share->getExpirationDate(); + if ($expirationDate !== null) { + $expirationDate = clone $expirationDate; + $expirationDate->setTimezone(new \DateTimeZone(date_default_timezone_get())); + } + + if ($share->getShareType() === IShare::TYPE_USER) { //Set the UID of the user we share with $qb->setValue('share_with', $qb->createNamedParameter($share->getSharedWith())); - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { + $qb->setValue('accepted', $qb->createNamedParameter(IShare::STATUS_PENDING)); + + //If an expiration date is set store it + if ($expirationDate !== null) { + $qb->setValue('expiration', $qb->createNamedParameter($expirationDate, 'datetime')); + } + + $qb->setValue('reminder_sent', $qb->createNamedParameter($share->getReminderSent(), IQueryBuilder::PARAM_BOOL)); + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { //Set the GID of the group we share with $qb->setValue('share_with', $qb->createNamedParameter($share->getSharedWith())); - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { + + //If an expiration date is set store it + if ($expirationDate !== null) { + $qb->setValue('expiration', $qb->createNamedParameter($expirationDate, 'datetime')); + } + } elseif ($share->getShareType() === IShare::TYPE_LINK) { + //set label for public link + $qb->setValue('label', $qb->createNamedParameter($share->getLabel())); //Set the token of the share $qb->setValue('token', $qb->createNamedParameter($share->getToken())); //If a password is set store it if ($share->getPassword() !== null) { - $qb->setValue('share_with', $qb->createNamedParameter($share->getPassword())); + $qb->setValue('password', $qb->createNamedParameter($share->getPassword())); } + $qb->setValue('password_by_talk', $qb->createNamedParameter($share->getSendPasswordByTalk(), IQueryBuilder::PARAM_BOOL)); + //If an expiration date is set store it - if ($share->getExpirationDate() !== null) { - $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); + if ($expirationDate !== null) { + $qb->setValue('expiration', $qb->createNamedParameter($expirationDate, 'datetime')); } - if (method_exists($share, 'getParent')) { - $qb->setValue('parent', $qb->createNamedParameter($share->getParent())); - } + $qb->setValue('parent', $qb->createNamedParameter($share->getParent())); + + $qb->setValue('hide_download', $qb->createNamedParameter($share->getHideDownload() ? 1 : 0, IQueryBuilder::PARAM_INT)); } else { throw new \Exception('invalid share type!'); } @@ -142,6 +149,12 @@ class DefaultShareProvider implements IShareProvider { // set the permissions $qb->setValue('permissions', $qb->createNamedParameter($share->getPermissions())); + // set share attributes + $shareAttributes = $this->formatShareAttributes( + $share->getAttributes() + ); + $qb->setValue('attributes', $qb->createNamedParameter($shareAttributes)); + // Set who created this share $qb->setValue('uid_initiator', $qb->createNamedParameter($share->getSharedBy())); @@ -151,30 +164,27 @@ class DefaultShareProvider implements IShareProvider { // Set the file target $qb->setValue('file_target', $qb->createNamedParameter($share->getTarget())); + if ($share->getNote() !== '') { + $qb->setValue('note', $qb->createNamedParameter($share->getNote())); + } + // Set the time this share was created - $qb->setValue('stime', $qb->createNamedParameter(time())); + $shareTime = $this->timeFactory->now(); + $qb->setValue('stime', $qb->createNamedParameter($shareTime->getTimestamp())); // insert the data and fetch the id of the share - $this->dbConn->beginTransaction(); - $qb->execute(); - $id = $this->dbConn->lastInsertId('*PREFIX*share'); - $this->dbConn->commit(); + $qb->executeStatement(); - // Now fetch the inserted share and create a complete share object - $qb = $this->dbConn->getQueryBuilder(); - $qb->select('*') - ->from('share') - ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))); + // Update mandatory data + $id = $qb->getLastInsertId(); + $share->setId((string)$id); + $share->setProviderId($this->identifier()); - $cursor = $qb->execute(); - $data = $cursor->fetch(); - $cursor->closeCursor(); + $share->setShareTime(\DateTime::createFromImmutable($shareTime)); - if ($data === false) { - throw new ShareNotFound(); - } + $mailSendValue = $share->getMailSend(); + $share->setMailSend(($mailSendValue === null) ? true : $mailSendValue); - $share = $this->createShare($data); return $share; } @@ -183,9 +193,22 @@ class DefaultShareProvider implements IShareProvider { * * @param \OCP\Share\IShare $share * @return \OCP\Share\IShare The share object + * @throws ShareNotFound + * @throws \OCP\Files\InvalidPathException + * @throws \OCP\Files\NotFoundException */ public function update(\OCP\Share\IShare $share) { - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { + $originalShare = $this->getShareById($share->getId()); + + $shareAttributes = $this->formatShareAttributes($share->getAttributes()); + + $expirationDate = $share->getExpirationDate(); + if ($expirationDate !== null) { + $expirationDate = clone $expirationDate; + $expirationDate->setTimezone(new \DateTimeZone(date_default_timezone_get())); + } + + if ($share->getShareType() === IShare::TYPE_USER) { /* * We allow updating the recipient on user shares. */ @@ -196,19 +219,27 @@ class DefaultShareProvider implements IShareProvider { ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) ->set('permissions', $qb->createNamedParameter($share->getPermissions())) + ->set('attributes', $qb->createNamedParameter($shareAttributes)) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) - ->execute(); - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { + ->set('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATETIME_MUTABLE)) + ->set('note', $qb->createNamedParameter($share->getNote())) + ->set('accepted', $qb->createNamedParameter($share->getStatus())) + ->set('reminder_sent', $qb->createNamedParameter($share->getReminderSent(), IQueryBuilder::PARAM_BOOL)) + ->executeStatement(); + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { $qb = $this->dbConn->getQueryBuilder(); $qb->update('share') ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) ->set('permissions', $qb->createNamedParameter($share->getPermissions())) + ->set('attributes', $qb->createNamedParameter($shareAttributes)) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) - ->execute(); + ->set('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATETIME_MUTABLE)) + ->set('note', $qb->createNamedParameter($share->getNote())) + ->executeStatement(); /* * Update all user defined group shares @@ -216,11 +247,14 @@ class DefaultShareProvider implements IShareProvider { $qb = $this->dbConn->getQueryBuilder(); $qb->update('share') ->where($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) + ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) - ->execute(); + ->set('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATETIME_MUTABLE)) + ->set('note', $qb->createNamedParameter($share->getNote())) + ->executeStatement(); /* * Now update the permissions for all children that have not set it to 0 @@ -230,34 +264,99 @@ class DefaultShareProvider implements IShareProvider { ->where($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) ->andWhere($qb->expr()->neq('permissions', $qb->createNamedParameter(0))) ->set('permissions', $qb->createNamedParameter($share->getPermissions())) - ->execute(); - - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { + ->set('attributes', $qb->createNamedParameter($shareAttributes)) + ->executeStatement(); + } elseif ($share->getShareType() === IShare::TYPE_LINK) { $qb = $this->dbConn->getQueryBuilder(); $qb->update('share') ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) - ->set('share_with', $qb->createNamedParameter($share->getPassword())) + ->set('password', $qb->createNamedParameter($share->getPassword())) + ->set('password_by_talk', $qb->createNamedParameter($share->getSendPasswordByTalk(), IQueryBuilder::PARAM_BOOL)) ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) ->set('permissions', $qb->createNamedParameter($share->getPermissions())) + ->set('attributes', $qb->createNamedParameter($shareAttributes)) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('token', $qb->createNamedParameter($share->getToken())) - ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) - ->execute(); + ->set('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATETIME_MUTABLE)) + ->set('note', $qb->createNamedParameter($share->getNote())) + ->set('label', $qb->createNamedParameter($share->getLabel())) + ->set('hide_download', $qb->createNamedParameter($share->getHideDownload() ? 1 : 0, IQueryBuilder::PARAM_INT)) + ->executeStatement(); } + if ($originalShare->getNote() !== $share->getNote() && $share->getNote() !== '') { + $this->propagateNote($share); + } + + return $share; } /** - * Get all children of this share - * FIXME: remove once https://github.com/owncloud/core/pull/21660 is in + * Accept a share. * - * @param \OCP\Share\IShare $parent - * @return \OCP\Share\IShare[] + * @param IShare $share + * @param string $recipient + * @return IShare The share object + * @since 9.0.0 */ - public function getChildren(\OCP\Share\IShare $parent) { + public function acceptShare(IShare $share, string $recipient): IShare { + if ($share->getShareType() === IShare::TYPE_GROUP) { + $group = $this->groupManager->get($share->getSharedWith()); + $user = $this->userManager->get($recipient); + + if (is_null($group)) { + throw new ProviderException('Group "' . $share->getSharedWith() . '" does not exist'); + } + + if (!$group->inGroup($user)) { + throw new ProviderException('Recipient not in receiving group'); + } + + // Try to fetch user specific share + $qb = $this->dbConn->getQueryBuilder(); + $stmt = $qb->select('*') + ->from('share') + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) + ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) + ->executeQuery(); + + $data = $stmt->fetch(); + $stmt->closeCursor(); + + /* + * Check if there already is a user specific group share. + * If there is update it (if required). + */ + if ($data === false) { + $id = $this->createUserSpecificGroupShare($share, $recipient); + } else { + $id = $data['id']; + } + } elseif ($share->getShareType() === IShare::TYPE_USER) { + if ($share->getSharedWith() !== $recipient) { + throw new ProviderException('Recipient does not match'); + } + + $id = $share->getId(); + } else { + throw new ProviderException('Invalid shareType'); + } + + $qb = $this->dbConn->getQueryBuilder(); + $qb->update('share') + ->set('accepted', $qb->createNamedParameter(IShare::STATUS_ACCEPTED)) + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) + ->executeStatement(); + + return $share; + } + + public function getChildren(IShare $parent): array { $children = []; $qb = $this->dbConn->getQueryBuilder(); @@ -268,20 +367,17 @@ class DefaultShareProvider implements IShareProvider { $qb->expr()->in( 'share_type', $qb->createNamedParameter([ - \OCP\Share::SHARE_TYPE_USER, - \OCP\Share::SHARE_TYPE_GROUP, - \OCP\Share::SHARE_TYPE_LINK, + IShare::TYPE_USER, + IShare::TYPE_GROUP, + IShare::TYPE_LINK, ], IQueryBuilder::PARAM_INT_ARRAY) ) ) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) ->orderBy('id'); - $cursor = $qb->execute(); - while($data = $cursor->fetch()) { + $cursor = $qb->executeQuery(); + while ($data = $cursor->fetch()) { $children[] = $this->createShare($data); } $cursor->closeCursor(); @@ -303,44 +399,45 @@ class DefaultShareProvider implements IShareProvider { * If the share is a group share delete all possible * user defined groups shares. */ - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { + if ($share->getShareType() === IShare::TYPE_GROUP) { $qb->orWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))); } - $qb->execute(); + $qb->executeStatement(); } /** * Unshare a share from the recipient. If this is a group share * this means we need a special entry in the share db. * - * @param \OCP\Share\IShare $share + * @param IShare $share * @param string $recipient UserId of recipient * @throws BackendError * @throws ProviderException */ - public function deleteFromSelf(\OCP\Share\IShare $share, $recipient) { - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { - + public function deleteFromSelf(IShare $share, $recipient) { + if ($share->getShareType() === IShare::TYPE_GROUP) { $group = $this->groupManager->get($share->getSharedWith()); $user = $this->userManager->get($recipient); + if (is_null($group)) { + throw new ProviderException('Group "' . $share->getSharedWith() . '" does not exist'); + } + if (!$group->inGroup($user)) { - throw new ProviderException('Recipient not in receiving group'); + // nothing left to do + return; } // Try to fetch user specific share $qb = $this->dbConn->getQueryBuilder(); $stmt = $qb->select('*') ->from('share') - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_USERGROUP))) + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) - ->execute(); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) + ->executeQuery(); $data = $stmt->fetch(); @@ -349,38 +446,22 @@ class DefaultShareProvider implements IShareProvider { * If there is update it (if required). */ if ($data === false) { - $qb = $this->dbConn->getQueryBuilder(); - - $type = $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder'; - - //Insert new share - $qb->insert('share') - ->values([ - 'share_type' => $qb->createNamedParameter(self::SHARE_TYPE_USERGROUP), - 'share_with' => $qb->createNamedParameter($recipient), - 'uid_owner' => $qb->createNamedParameter($share->getShareOwner()), - 'uid_initiator' => $qb->createNamedParameter($share->getSharedBy()), - 'parent' => $qb->createNamedParameter($share->getId()), - 'item_type' => $qb->createNamedParameter($type), - 'item_source' => $qb->createNamedParameter($share->getNode()->getId()), - 'file_source' => $qb->createNamedParameter($share->getNode()->getId()), - 'file_target' => $qb->createNamedParameter($share->getTarget()), - 'permissions' => $qb->createNamedParameter(0), - 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), - ])->execute(); - - } else if ($data['permissions'] !== 0) { + $id = $this->createUserSpecificGroupShare($share, $recipient); + $permissions = $share->getPermissions(); + } else { + $permissions = $data['permissions']; + $id = $data['id']; + } + if ($permissions !== 0) { // Update existing usergroup share $qb = $this->dbConn->getQueryBuilder(); $qb->update('share') ->set('permissions', $qb->createNamedParameter(0)) - ->where($qb->expr()->eq('id', $qb->createNamedParameter($data['id']))) - ->execute(); + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) + ->executeStatement(); } - - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { - + } elseif ($share->getShareType() === IShare::TYPE_USER) { if ($share->getSharedWith() !== $recipient) { throw new ProviderException('Recipient does not match'); } @@ -392,67 +473,214 @@ class DefaultShareProvider implements IShareProvider { } } + protected function createUserSpecificGroupShare(IShare $share, string $recipient): int { + $type = $share->getNodeType(); + + $shareFolder = $this->config->getSystemValue('share_folder', '/'); + $allowCustomShareFolder = $this->config->getSystemValueBool('sharing.allow_custom_share_folder', true); + if ($allowCustomShareFolder) { + $shareFolder = $this->config->getUserValue($recipient, Application::APP_ID, 'share_folder', $shareFolder); + } + + $target = $shareFolder . '/' . $share->getNode()->getName(); + $target = \OC\Files\Filesystem::normalizePath($target); + + $qb = $this->dbConn->getQueryBuilder(); + $qb->insert('share') + ->values([ + 'share_type' => $qb->createNamedParameter(IShare::TYPE_USERGROUP), + 'share_with' => $qb->createNamedParameter($recipient), + 'uid_owner' => $qb->createNamedParameter($share->getShareOwner()), + 'uid_initiator' => $qb->createNamedParameter($share->getSharedBy()), + 'parent' => $qb->createNamedParameter($share->getId()), + 'item_type' => $qb->createNamedParameter($type), + 'item_source' => $qb->createNamedParameter($share->getNodeId()), + 'file_source' => $qb->createNamedParameter($share->getNodeId()), + 'file_target' => $qb->createNamedParameter($target), + 'permissions' => $qb->createNamedParameter($share->getPermissions()), + 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), + ])->executeStatement(); + + return $qb->getLastInsertId(); + } + + /** + * @inheritdoc + * + * For now this only works for group shares + * If this gets implemented for normal shares we have to extend it + */ + public function restore(IShare $share, string $recipient): IShare { + $qb = $this->dbConn->getQueryBuilder(); + $qb->select('permissions') + ->from('share') + ->where( + $qb->expr()->eq('id', $qb->createNamedParameter($share->getId())) + ); + $cursor = $qb->executeQuery(); + $data = $cursor->fetch(); + $cursor->closeCursor(); + + $originalPermission = $data['permissions']; + + $qb = $this->dbConn->getQueryBuilder(); + $qb->update('share') + ->set('permissions', $qb->createNamedParameter($originalPermission)) + ->where( + $qb->expr()->eq('parent', $qb->createNamedParameter($share->getParent())) + )->andWhere( + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)) + )->andWhere( + $qb->expr()->eq('share_with', $qb->createNamedParameter($recipient)) + ); + + $qb->executeStatement(); + + return $this->getShareById($share->getId(), $recipient); + } + /** * @inheritdoc */ public function move(\OCP\Share\IShare $share, $recipient) { - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { + if ($share->getShareType() === IShare::TYPE_USER) { // Just update the target $qb = $this->dbConn->getQueryBuilder(); $qb->update('share') ->set('file_target', $qb->createNamedParameter($share->getTarget())) ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) - ->execute(); - - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { - + ->executeStatement(); + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { // Check if there is a usergroup share $qb = $this->dbConn->getQueryBuilder(); $stmt = $qb->select('id') ->from('share') - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_USERGROUP))) + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) ->setMaxResults(1) - ->execute(); + ->executeQuery(); $data = $stmt->fetch(); $stmt->closeCursor(); + $shareAttributes = $this->formatShareAttributes( + $share->getAttributes() + ); + if ($data === false) { // No usergroup share yet. Create one. $qb = $this->dbConn->getQueryBuilder(); $qb->insert('share') ->values([ - 'share_type' => $qb->createNamedParameter(self::SHARE_TYPE_USERGROUP), + 'share_type' => $qb->createNamedParameter(IShare::TYPE_USERGROUP), 'share_with' => $qb->createNamedParameter($recipient), 'uid_owner' => $qb->createNamedParameter($share->getShareOwner()), 'uid_initiator' => $qb->createNamedParameter($share->getSharedBy()), 'parent' => $qb->createNamedParameter($share->getId()), - 'item_type' => $qb->createNamedParameter($share->getNode() instanceof File ? 'file' : 'folder'), - 'item_source' => $qb->createNamedParameter($share->getNode()->getId()), - 'file_source' => $qb->createNamedParameter($share->getNode()->getId()), + 'item_type' => $qb->createNamedParameter($share->getNodeType()), + 'item_source' => $qb->createNamedParameter($share->getNodeId()), + 'file_source' => $qb->createNamedParameter($share->getNodeId()), 'file_target' => $qb->createNamedParameter($share->getTarget()), 'permissions' => $qb->createNamedParameter($share->getPermissions()), + 'attributes' => $qb->createNamedParameter($shareAttributes), 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), - ])->execute(); + ])->executeStatement(); } else { // Already a usergroup share. Update it. $qb = $this->dbConn->getQueryBuilder(); $qb->update('share') ->set('file_target', $qb->createNamedParameter($share->getTarget())) ->where($qb->expr()->eq('id', $qb->createNamedParameter($data['id']))) - ->execute(); + ->executeStatement(); } } return $share; } + public function getSharesInFolder($userId, Folder $node, $reshares, $shallow = true) { + if (!$shallow) { + throw new \Exception('non-shallow getSharesInFolder is no longer supported'); + } + + return $this->getSharesInFolderInternal($userId, $node, $reshares); + } + + public function getAllSharesInFolder(Folder $node): array { + return $this->getSharesInFolderInternal(null, $node, null); + } + + /** + * @return array<int, list<IShare>> + */ + private function getSharesInFolderInternal(?string $userId, Folder $node, ?bool $reshares): array { + $qb = $this->dbConn->getQueryBuilder(); + $qb->select('s.*', + 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', + 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', + 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum') + ->from('share', 's') + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); + + $qb->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter([IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK], IQueryBuilder::PARAM_INT_ARRAY))); + + if ($userId !== null) { + /** + * Reshares for this user are shares where they are the owner. + */ + if ($reshares !== true) { + $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))); + } else { + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)), + $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)) + ) + ); + } + } + + // todo? maybe get these from the oc_mounts table + $childMountNodes = array_filter($node->getDirectoryListing(), function (Node $node): bool { + return $node->getInternalPath() === ''; + }); + $childMountRootIds = array_map(function (Node $node): int { + return $node->getId(); + }, $childMountNodes); + + $qb->innerJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')); + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())), + $qb->expr()->in('f.fileid', $qb->createParameter('chunk')) + ) + ); + + $qb->orderBy('id'); + + $shares = []; + + $chunks = array_chunk($childMountRootIds, 1000); + + // Force the request to be run when there is 0 mount. + if (count($chunks) === 0) { + $chunks = [[]]; + } + + foreach ($chunks as $chunk) { + $qb->setParameter('chunk', $chunk, IQueryBuilder::PARAM_INT_ARRAY); + $cursor = $qb->executeQuery(); + while ($data = $cursor->fetch()) { + $shares[$data['fileid']][] = $this->createShare($data); + } + $cursor->closeCursor(); + } + + return $shares; + } + /** * @inheritdoc */ @@ -460,10 +688,7 @@ class DefaultShareProvider implements IShareProvider { $qb = $this->dbConn->getQueryBuilder(); $qb->select('*') ->from('share') - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter($shareType))); @@ -473,12 +698,14 @@ class DefaultShareProvider implements IShareProvider { if ($reshares === false) { $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))); } else { - $qb->andWhere( - $qb->expr()->orX( - $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)), - $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)) - ) - ); + if ($node === null) { + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)), + $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)) + ) + ); + } } if ($node !== null) { @@ -492,9 +719,9 @@ class DefaultShareProvider implements IShareProvider { $qb->setFirstResult($offset); $qb->orderBy('id'); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); $shares = []; - while($data = $cursor->fetch()) { + while ($data = $cursor->fetch()) { $shares[] = $this->createShare($data); } $cursor->closeCursor(); @@ -515,18 +742,15 @@ class DefaultShareProvider implements IShareProvider { $qb->expr()->in( 'share_type', $qb->createNamedParameter([ - \OCP\Share::SHARE_TYPE_USER, - \OCP\Share::SHARE_TYPE_GROUP, - \OCP\Share::SHARE_TYPE_LINK, + IShare::TYPE_USER, + IShare::TYPE_GROUP, + IShare::TYPE_LINK, ], IQueryBuilder::PARAM_INT_ARRAY) ) ) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); - - $cursor = $qb->execute(); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); + + $cursor = $qb->executeQuery(); $data = $cursor->fetch(); $cursor->closeCursor(); @@ -541,8 +765,8 @@ class DefaultShareProvider implements IShareProvider { } // If the recipient is set for a group share resolve to that user - if ($recipientId !== null && $share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { - $share = $this->resolveGroupShare($share, $recipientId); + if ($recipientId !== null && $share->getShareType() === IShare::TYPE_GROUP) { + $share = $this->resolveGroupShares([(int)$share->getId() => $share], $recipientId)[0]; } return $share; @@ -560,20 +784,13 @@ class DefaultShareProvider implements IShareProvider { $cursor = $qb->select('*') ->from('share') ->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId()))) - ->andWhere( - $qb->expr()->orX( - $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_USER)), - $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_GROUP)) - ) - ) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) - ->execute(); + ->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter([IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK], IQueryBuilder::PARAM_INT_ARRAY))) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) + ->orderBy('id', 'ASC') + ->executeQuery(); $shares = []; - while($data = $cursor->fetch()) { + while ($data = $cursor->fetch()) { $shares[] = $this->createShare($data); } $cursor->closeCursor(); @@ -582,20 +799,52 @@ class DefaultShareProvider implements IShareProvider { } /** + * Returns whether the given database result can be interpreted as + * a share with accessible file (not trashed, not deleted) + */ + private function isAccessibleResult($data) { + // exclude shares leading to deleted file entries + if ($data['fileid'] === null || $data['path'] === null) { + return false; + } + + // exclude shares leading to trashbin on home storages + $pathSections = explode('/', $data['path'], 2); + // FIXME: would not detect rare md5'd home storage case properly + if ($pathSections[0] !== 'files' + && (str_starts_with($data['storage_string_id'], 'home::') || str_starts_with($data['storage_string_id'], 'object::user'))) { + return false; + } elseif ($pathSections[0] === '__groupfolders' + && str_starts_with($pathSections[1], 'trash/') + ) { + // exclude shares leading to trashbin on group folders storages + return false; + } + return true; + } + + /** * @inheritdoc */ public function getSharedWith($userId, $shareType, $node, $limit, $offset) { /** @var Share[] $shares */ $shares = []; - if ($shareType === \OCP\Share::SHARE_TYPE_USER) { + if ($shareType === IShare::TYPE_USER) { //Get shares directly with this user $qb = $this->dbConn->getQueryBuilder(); - $qb->select('*') - ->from('share'); + $qb->select('s.*', + 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', + 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', + 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum' + ) + ->selectAlias('st.id', 'storage_string_id') + ->from('share', 's') + ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) + ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')); // Order by id - $qb->orderBy('id'); + $qb->orderBy('s.id'); // Set limit and offset if ($limit !== -1) { @@ -603,45 +852,55 @@ class DefaultShareProvider implements IShareProvider { } $qb->setFirstResult($offset); - $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_USER))) + $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); // Filter by node if provided if ($node !== null) { $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); } - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); - while($data = $cursor->fetch()) { - $shares[] = $this->createShare($data); + while ($data = $cursor->fetch()) { + if ($data['fileid'] && $data['path'] === null) { + $data['path'] = (string)$data['path']; + $data['name'] = (string)$data['name']; + $data['checksum'] = (string)$data['checksum']; + } + if ($this->isAccessibleResult($data)) { + $shares[] = $this->createShare($data); + } } $cursor->closeCursor(); - - } else if ($shareType === \OCP\Share::SHARE_TYPE_GROUP) { - $user = $this->userManager->get($userId); - $allGroups = $this->groupManager->getUserGroups($user); + } elseif ($shareType === IShare::TYPE_GROUP) { + $user = new LazyUser($userId, $this->userManager); + $allGroups = $this->groupManager->getUserGroupIds($user); /** @var Share[] $shares2 */ $shares2 = []; $start = 0; - while(true) { - $groups = array_slice($allGroups, $start, 100); - $start += 100; + while (true) { + $groups = array_slice($allGroups, $start, 1000); + $start += 1000; if ($groups === []) { break; } $qb = $this->dbConn->getQueryBuilder(); - $qb->select('*') - ->from('share') - ->orderBy('id') + $qb->select('s.*', + 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', + 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', + 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum' + ) + ->selectAlias('st.id', 'storage_string_id') + ->from('share', 's') + ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) + ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')) + ->orderBy('s.id') ->setFirstResult(0); if ($limit !== -1) { @@ -653,36 +912,34 @@ class DefaultShareProvider implements IShareProvider { $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); } - $groups = array_map(function(IGroup $group) { return $group->getGID(); }, $groups); + $groups = array_filter($groups); - $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_GROUP))) + $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) ->andWhere($qb->expr()->in('share_with', $qb->createNamedParameter( $groups, IQueryBuilder::PARAM_STR_ARRAY ))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); - $cursor = $qb->execute(); - while($data = $cursor->fetch()) { + $cursor = $qb->executeQuery(); + while ($data = $cursor->fetch()) { if ($offset > 0) { $offset--; continue; } - $shares2[] = $this->createShare($data); + + if ($this->isAccessibleResult($data)) { + $share = $this->createShare($data); + $shares2[$share->getId()] = $share; + } } $cursor->closeCursor(); } /* - * Resolve all group shares to user specific shares - * TODO: Optmize this! - */ - foreach($shares2 as $share) { - $shares[] = $this->resolveGroupShare($share, $userId); - } + * Resolve all group shares to user specific shares + */ + $shares = $this->resolveGroupShares($shares2, $userId); } else { throw new BackendError('Invalid backend'); } @@ -703,13 +960,10 @@ class DefaultShareProvider implements IShareProvider { $cursor = $qb->select('*') ->from('share') - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share::SHARE_TYPE_LINK))) + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK))) ->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) - ->execute(); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) + ->executeQuery(); $data = $cursor->fetch(); @@ -725,35 +979,49 @@ class DefaultShareProvider implements IShareProvider { return $share; } - + /** - * Create a share object from an database row + * Create a share object from a database row * * @param mixed[] $data * @return \OCP\Share\IShare * @throws InvalidShare */ private function createShare($data) { - $share = new Share($this->rootFolder); + $share = new Share($this->rootFolder, $this->userManager); $share->setId((int)$data['id']) ->setShareType((int)$data['share_type']) ->setPermissions((int)$data['permissions']) ->setTarget($data['file_target']) - ->setMailSend((bool)$data['mail_send']); + ->setNote((string)$data['note']) + ->setMailSend((bool)$data['mail_send']) + ->setStatus((int)$data['accepted']) + ->setLabel($data['label'] ?? ''); $shareTime = new \DateTime(); $shareTime->setTimestamp((int)$data['stime']); $share->setShareTime($shareTime); - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { + if ($share->getShareType() === IShare::TYPE_USER) { $share->setSharedWith($data['share_with']); - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { + $displayName = $this->userManager->getDisplayName($data['share_with']); + if ($displayName !== null) { + $share->setSharedWithDisplayName($displayName); + } + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { $share->setSharedWith($data['share_with']); - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { - $share->setPassword($data['share_with']); + $group = $this->groupManager->get($data['share_with']); + if ($group !== null) { + $share->setSharedWithDisplayName($group->getDisplayName()); + } + } elseif ($share->getShareType() === IShare::TYPE_LINK) { + $share->setPassword($data['password']); + $share->setSendPasswordByTalk((bool)$data['password_by_talk']); $share->setToken($data['token']); } + $share = $this->updateShareAttributes($share, $data['attributes']); + $share->setSharedBy($data['uid_initiator']); $share->setShareOwner($data['uid_owner']); @@ -765,43 +1033,649 @@ class DefaultShareProvider implements IShareProvider { $share->setExpirationDate($expiration); } + if (isset($data['f_permissions'])) { + $entryData = $data; + $entryData['permissions'] = $entryData['f_permissions']; + $entryData['parent'] = $entryData['f_parent']; + $share->setNodeCacheEntry(Cache::cacheEntryFromData($entryData, + \OC::$server->getMimeTypeLoader())); + } + $share->setProviderId($this->identifier()); + $share->setHideDownload((int)$data['hide_download'] === 1); + $share->setReminderSent((bool)$data['reminder_sent']); return $share; } /** - * Resolve a group share to a user specific share - * Thus if the user moved their group share make sure this is properly reflected here. + * Update the data from group shares with any per-user modifications * - * @param \OCP\Share\IShare $share - * @param string $userId - * @return Share Returns the updated share if one was found else return the original share. + * @param array<int, Share> $shareMap shares indexed by share id + * @param $userId + * @return Share[] The updates shares if no update is found for a share return the original + */ + private function resolveGroupShares($shareMap, $userId) { + $qb = $this->dbConn->getQueryBuilder(); + $query = $qb->select('*') + ->from('share') + ->where($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) + ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); + + // this is called with either all group shares or one group share. + // for all shares it's easier to just only search by share_with, + // for a single share it's efficient to filter by parent + if (count($shareMap) === 1) { + $share = reset($shareMap); + $query->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))); + } + + $stmt = $query->executeQuery(); + + while ($data = $stmt->fetch()) { + if (array_key_exists($data['parent'], $shareMap)) { + $shareMap[$data['parent']]->setPermissions((int)$data['permissions']); + $shareMap[$data['parent']]->setStatus((int)$data['accepted']); + $shareMap[$data['parent']]->setTarget($data['file_target']); + $shareMap[$data['parent']]->setParent($data['parent']); + } + } + + return array_values($shareMap); + } + + /** + * A user is deleted from the system + * So clean up the relevant shares. + * + * @param string $uid + * @param int $shareType + */ + public function userDeleted($uid, $shareType) { + $qb = $this->dbConn->getQueryBuilder(); + + $qb->delete('share'); + + if ($shareType === IShare::TYPE_USER) { + /* + * Delete all user shares that are owned by this user + * or that are received by this user + */ + + $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER))); + + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)), + $qb->expr()->eq('share_with', $qb->createNamedParameter($uid)) + ) + ); + } elseif ($shareType === IShare::TYPE_GROUP) { + /* + * Delete all group shares that are owned by this user + * Or special user group shares that are received by this user + */ + $qb->where( + $qb->expr()->andX( + $qb->expr()->in('share_type', $qb->createNamedParameter([IShare::TYPE_GROUP, IShare::TYPE_USERGROUP], IQueryBuilder::PARAM_INT_ARRAY)), + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)) + ) + ); + + $qb->orWhere( + $qb->expr()->andX( + $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)), + $qb->expr()->eq('share_with', $qb->createNamedParameter($uid)) + ) + ); + } elseif ($shareType === IShare::TYPE_LINK) { + /* + * Delete all link shares owned by this user. + * And all link shares initiated by this user (until #22327 is in) + */ + $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK))); + + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)), + $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($uid)) + ) + ); + } else { + $e = new \InvalidArgumentException('Default share provider tried to delete all shares for type: ' . $shareType); + $this->logger->error($e->getMessage(), ['exception' => $e]); + return; + } + + $qb->executeStatement(); + } + + /** + * Delete all shares received by this group. As well as any custom group + * shares for group members. + * + * @param string $gid + */ + public function groupDeleted($gid) { + /* + * First delete all custom group shares for group members + */ + $qb = $this->dbConn->getQueryBuilder(); + $qb->select('id') + ->from('share') + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); + + $cursor = $qb->executeQuery(); + $ids = []; + while ($row = $cursor->fetch()) { + $ids[] = (int)$row['id']; + } + $cursor->closeCursor(); + + if (!empty($ids)) { + $chunks = array_chunk($ids, 100); + + $qb = $this->dbConn->getQueryBuilder(); + $qb->delete('share') + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) + ->andWhere($qb->expr()->in('parent', $qb->createParameter('parents'))); + + foreach ($chunks as $chunk) { + $qb->setParameter('parents', $chunk, IQueryBuilder::PARAM_INT_ARRAY); + $qb->executeStatement(); + } + } + + /* + * Now delete all the group shares + */ + $qb = $this->dbConn->getQueryBuilder(); + $qb->delete('share') + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); + $qb->executeStatement(); + } + + /** + * Delete custom group shares to this group for this user + * + * @param string $uid + * @param string $gid + * @return void + */ + public function userDeletedFromGroup($uid, $gid) { + /* + * Get all group shares + */ + $qb = $this->dbConn->getQueryBuilder(); + $qb->select('id') + ->from('share') + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); + + $cursor = $qb->executeQuery(); + $ids = []; + while ($row = $cursor->fetch()) { + $ids[] = (int)$row['id']; + } + $cursor->closeCursor(); + + if (!empty($ids)) { + $chunks = array_chunk($ids, 100); + + /* + * Delete all special shares with this user for the found group shares + */ + $qb = $this->dbConn->getQueryBuilder(); + $qb->delete('share') + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($uid))) + ->andWhere($qb->expr()->in('parent', $qb->createParameter('parents'))); + + foreach ($chunks as $chunk) { + $qb->setParameter('parents', $chunk, IQueryBuilder::PARAM_INT_ARRAY); + $qb->executeStatement(); + } + } + + if ($this->shareManager->shareWithGroupMembersOnly()) { + $user = $this->userManager->get($uid); + if ($user === null) { + return; + } + $userGroups = $this->groupManager->getUserGroupIds($user); + $userGroups = array_diff($userGroups, $this->shareManager->shareWithGroupMembersOnlyExcludeGroupsList()); + + // Delete user shares received by the user from users in the group. + $userReceivedShares = $this->shareManager->getSharedWith($uid, IShare::TYPE_USER, null, -1); + foreach ($userReceivedShares as $share) { + $owner = $this->userManager->get($share->getSharedBy()); + if ($owner === null) { + continue; + } + $ownerGroups = $this->groupManager->getUserGroupIds($owner); + $mutualGroups = array_intersect($userGroups, $ownerGroups); + + if (count($mutualGroups) === 0) { + $this->shareManager->deleteShare($share); + } + } + + // Delete user shares from the user to users in the group. + $userEmittedShares = $this->shareManager->getSharesBy($uid, IShare::TYPE_USER, null, true, -1); + foreach ($userEmittedShares as $share) { + $recipient = $this->userManager->get($share->getSharedWith()); + if ($recipient === null) { + continue; + } + $recipientGroups = $this->groupManager->getUserGroupIds($recipient); + $mutualGroups = array_intersect($userGroups, $recipientGroups); + + if (count($mutualGroups) === 0) { + $this->shareManager->deleteShare($share); + } + } + } + } + + /** + * @inheritdoc + */ + public function getAccessList($nodes, $currentAccess) { + $ids = []; + foreach ($nodes as $node) { + $ids[] = $node->getId(); + } + + $qb = $this->dbConn->getQueryBuilder(); + + $shareTypes = [IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK]; + + if ($currentAccess) { + $shareTypes[] = IShare::TYPE_USERGROUP; + } + + $qb->select('id', 'parent', 'share_type', 'share_with', 'file_source', 'file_target', 'permissions') + ->from('share') + ->where( + $qb->expr()->in('share_type', $qb->createNamedParameter($shareTypes, IQueryBuilder::PARAM_INT_ARRAY)) + ) + ->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY))) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); + + // Ensure accepted is true for user and usergroup type + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->andX( + $qb->expr()->neq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), + $qb->expr()->neq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)), + ), + $qb->expr()->eq('accepted', $qb->createNamedParameter(IShare::STATUS_ACCEPTED, IQueryBuilder::PARAM_INT)), + ), + ); + + $cursor = $qb->executeQuery(); + + $users = []; + $link = false; + while ($row = $cursor->fetch()) { + $type = (int)$row['share_type']; + if ($type === IShare::TYPE_USER) { + $uid = $row['share_with']; + $users[$uid] = $users[$uid] ?? []; + $users[$uid][$row['id']] = $row; + } elseif ($type === IShare::TYPE_GROUP) { + $gid = $row['share_with']; + $group = $this->groupManager->get($gid); + + if ($group === null) { + continue; + } + + $userList = $group->getUsers(); + foreach ($userList as $user) { + $uid = $user->getUID(); + $users[$uid] = $users[$uid] ?? []; + $users[$uid][$row['id']] = $row; + } + } elseif ($type === IShare::TYPE_LINK) { + $link = true; + } elseif ($type === IShare::TYPE_USERGROUP && $currentAccess === true) { + $uid = $row['share_with']; + $users[$uid] = $users[$uid] ?? []; + $users[$uid][$row['id']] = $row; + } + } + $cursor->closeCursor(); + + if ($currentAccess === true) { + $users = array_map([$this, 'filterSharesOfUser'], $users); + $users = array_filter($users); + } else { + $users = array_keys($users); + } + + return ['users' => $users, 'public' => $link]; + } + + /** + * For each user the path with the fewest slashes is returned + * @param array $shares + * @return array + */ + protected function filterSharesOfUser(array $shares) { + // Group shares when the user has a share exception + foreach ($shares as $id => $share) { + $type = (int)$share['share_type']; + $permissions = (int)$share['permissions']; + + if ($type === IShare::TYPE_USERGROUP) { + unset($shares[$share['parent']]); + + if ($permissions === 0) { + unset($shares[$id]); + } + } + } + + $best = []; + $bestDepth = 0; + foreach ($shares as $id => $share) { + $depth = substr_count(($share['file_target'] ?? ''), '/'); + if (empty($best) || $depth < $bestDepth) { + $bestDepth = $depth; + $best = [ + 'node_id' => $share['file_source'], + 'node_path' => $share['file_target'], + ]; + } + } + + return $best; + } + + /** + * propagate notes to the recipients + * + * @param IShare $share + * @throws \OCP\Files\NotFoundException + */ + private function propagateNote(IShare $share) { + if ($share->getShareType() === IShare::TYPE_USER) { + $user = $this->userManager->get($share->getSharedWith()); + $this->sendNote([$user], $share); + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { + $group = $this->groupManager->get($share->getSharedWith()); + $groupMembers = $group->getUsers(); + $this->sendNote($groupMembers, $share); + } + } + + public function sendMailNotification(IShare $share): bool { + try { + // Check user + $user = $this->userManager->get($share->getSharedWith()); + if ($user === null) { + $this->logger->debug('Share notification not sent to ' . $share->getSharedWith() . ' because user could not be found.', ['app' => 'share']); + return false; + } + + // Handle user shares + if ($share->getShareType() === IShare::TYPE_USER) { + // Check email address + $emailAddress = $user->getEMailAddress(); + if ($emailAddress === null || $emailAddress === '') { + $this->logger->debug('Share notification not sent to ' . $share->getSharedWith() . ' because email address is not set.', ['app' => 'share']); + return false; + } + + $userLang = $this->l10nFactory->getUserLanguage($user); + $l = $this->l10nFactory->get('lib', $userLang); + $this->sendUserShareMail( + $l, + $share->getNode()->getName(), + $this->urlGenerator->linkToRouteAbsolute('files_sharing.Accept.accept', ['shareId' => $share->getFullId()]), + $share->getSharedBy(), + $emailAddress, + $share->getExpirationDate(), + $share->getNote() + ); + $this->logger->debug('Sent share notification to ' . $emailAddress . ' for share with ID ' . $share->getId() . '.', ['app' => 'share']); + return true; + } + } catch (\Exception $e) { + $this->logger->error('Share notification mail could not be sent.', ['exception' => $e]); + } + + return false; + } + + /** + * Send mail notifications for the user share type + * + * @param IL10N $l Language of the recipient + * @param string $filename file/folder name + * @param string $link link to the file/folder + * @param string $initiator user ID of share sender + * @param string $shareWith email address of share receiver + * @param \DateTime|null $expiration + * @param string $note + * @throws \Exception */ - private function resolveGroupShare(\OCP\Share\IShare $share, $userId) { + protected function sendUserShareMail( + IL10N $l, + $filename, + $link, + $initiator, + $shareWith, + ?\DateTime $expiration = null, + $note = '') { + $initiatorUser = $this->userManager->get($initiator); + $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator; + + $message = $this->mailer->createMessage(); + + $emailTemplate = $this->mailer->createEMailTemplate('files_sharing.RecipientNotification', [ + 'filename' => $filename, + 'link' => $link, + 'initiator' => $initiatorDisplayName, + 'expiration' => $expiration, + 'shareWith' => $shareWith, + ]); + + $emailTemplate->setSubject($l->t('%1$s shared %2$s with you', [$initiatorDisplayName, $filename])); + $emailTemplate->addHeader(); + $emailTemplate->addHeading($l->t('%1$s shared %2$s with you', [$initiatorDisplayName, $filename]), false); + + if ($note !== '') { + $emailTemplate->addBodyText(htmlspecialchars($note), $note); + } + + $emailTemplate->addBodyButton( + $l->t('Open %s', [$filename]), + $link + ); + + $message->setTo([$shareWith]); + + // The "From" contains the sharers name + $instanceName = $this->defaults->getName(); + $senderName = $l->t( + '%1$s via %2$s', + [ + $initiatorDisplayName, + $instanceName, + ] + ); + $message->setFrom([\OCP\Util::getDefaultEmailAddress('noreply') => $senderName]); + + // The "Reply-To" is set to the sharer if an mail address is configured + // also the default footer contains a "Do not reply" which needs to be adjusted. + if ($initiatorUser) { + $initiatorEmail = $initiatorUser->getEMailAddress(); + if ($initiatorEmail !== null) { + $message->setReplyTo([$initiatorEmail => $initiatorDisplayName]); + $emailTemplate->addFooter($instanceName . ($this->defaults->getSlogan() !== '' ? ' - ' . $this->defaults->getSlogan() : '')); + } else { + $emailTemplate->addFooter(); + } + } else { + $emailTemplate->addFooter(); + } + + $message->useTemplate($emailTemplate); + $failedRecipients = $this->mailer->send($message); + if (!empty($failedRecipients)) { + $this->logger->error('Share notification mail could not be sent to: ' . implode(', ', $failedRecipients)); + return; + } + } + + /** + * send note by mail + * + * @param array $recipients + * @param IShare $share + * @throws \OCP\Files\NotFoundException + */ + private function sendNote(array $recipients, IShare $share) { + $toListByLanguage = []; + + foreach ($recipients as $recipient) { + /** @var IUser $recipient */ + $email = $recipient->getEMailAddress(); + if ($email) { + $language = $this->l10nFactory->getUserLanguage($recipient); + if (!isset($toListByLanguage[$language])) { + $toListByLanguage[$language] = []; + } + $toListByLanguage[$language][$email] = $recipient->getDisplayName(); + } + } + + if (empty($toListByLanguage)) { + return; + } + + foreach ($toListByLanguage as $l10n => $toList) { + $filename = $share->getNode()->getName(); + $initiator = $share->getSharedBy(); + $note = $share->getNote(); + + $l = $this->l10nFactory->get('lib', $l10n); + + $initiatorUser = $this->userManager->get($initiator); + $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator; + $initiatorEmailAddress = ($initiatorUser instanceof IUser) ? $initiatorUser->getEMailAddress() : null; + $plainHeading = $l->t('%1$s shared %2$s with you and wants to add:', [$initiatorDisplayName, $filename]); + $htmlHeading = $l->t('%1$s shared %2$s with you and wants to add', [$initiatorDisplayName, $filename]); + $message = $this->mailer->createMessage(); + + $emailTemplate = $this->mailer->createEMailTemplate('defaultShareProvider.sendNote'); + + $emailTemplate->setSubject($l->t('%s added a note to a file shared with you', [$initiatorDisplayName])); + $emailTemplate->addHeader(); + $emailTemplate->addHeading($htmlHeading, $plainHeading); + $emailTemplate->addBodyText(htmlspecialchars($note), $note); + + $link = $this->urlGenerator->linkToRouteAbsolute('files.viewcontroller.showFile', ['fileid' => $share->getNode()->getId()]); + $emailTemplate->addBodyButton( + $l->t('Open %s', [$filename]), + $link + ); + + + // The "From" contains the sharers name + $instanceName = $this->defaults->getName(); + $senderName = $l->t( + '%1$s via %2$s', + [ + $initiatorDisplayName, + $instanceName + ] + ); + $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]); + if ($initiatorEmailAddress !== null) { + $message->setReplyTo([$initiatorEmailAddress => $initiatorDisplayName]); + $emailTemplate->addFooter($instanceName . ' - ' . $this->defaults->getSlogan()); + } else { + $emailTemplate->addFooter(); + } + + if (count($toList) === 1) { + $message->setTo($toList); + } else { + $message->setTo([]); + $message->setBcc($toList); + } + $message->useTemplate($emailTemplate); + $this->mailer->send($message); + } + } + + public function getAllShares(): iterable { $qb = $this->dbConn->getQueryBuilder(); - $stmt = $qb->select('*') + $qb->select('*') ->from('share') - ->where($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) - ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(self::SHARE_TYPE_USERGROUP))) - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) - ->setMaxResults(1) - ->execute(); + ->where($qb->expr()->in('share_type', $qb->createNamedParameter([IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK], IQueryBuilder::PARAM_INT_ARRAY))); + + $cursor = $qb->executeQuery(); + while ($data = $cursor->fetch()) { + try { + $share = $this->createShare($data); + } catch (InvalidShare $e) { + continue; + } - $data = $stmt->fetch(); - $stmt->closeCursor(); + yield $share; + } + $cursor->closeCursor(); + } - if ($data !== false) { - $share->setPermissions((int)$data['permissions']); - $share->setTarget($data['file_target']); + /** + * Load from database format (JSON string) to IAttributes + * + * @return IShare the modified share + */ + protected function updateShareAttributes(IShare $share, ?string $data): IShare { + if ($data !== null && $data !== '') { + $attributes = new ShareAttributes(); + $compressedAttributes = \json_decode($data, true); + if ($compressedAttributes === false || $compressedAttributes === null) { + return $share; + } + foreach ($compressedAttributes as $compressedAttribute) { + $attributes->setAttribute( + $compressedAttribute[0], + $compressedAttribute[1], + $compressedAttribute[2] + ); + } + $share->setAttributes($attributes); } return $share; } + /** + * Format IAttributes to database format (JSON string) + */ + protected function formatShareAttributes(?IAttributes $attributes): ?string { + if ($attributes === null || empty($attributes->toArray())) { + return null; + } + + $compressedAttributes = []; + foreach ($attributes->toArray() as $attribute) { + $compressedAttributes[] = [ + 0 => $attribute['scope'], + 1 => $attribute['key'], + 2 => $attribute['value'] + ]; + } + return \json_encode($compressedAttributes); + } } diff --git a/lib/private/Share20/Exception/BackendError.php b/lib/private/Share20/Exception/BackendError.php index f15dea4a243..b2585367727 100644 --- a/lib/private/Share20/Exception/BackendError.php +++ b/lib/private/Share20/Exception/BackendError.php @@ -1,25 +1,11 @@ <?php + /** - * @author Roeland Jago Douma <rullzer@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20\Exception; class BackendError extends \Exception { - } diff --git a/lib/private/Share20/Exception/InvalidShare.php b/lib/private/Share20/Exception/InvalidShare.php index c176e4424ba..8756455f9d2 100644 --- a/lib/private/Share20/Exception/InvalidShare.php +++ b/lib/private/Share20/Exception/InvalidShare.php @@ -1,25 +1,11 @@ <?php + /** - * @author Roeland Jago Douma <rullzer@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20\Exception; class InvalidShare extends \Exception { - } diff --git a/lib/private/Share20/Exception/ProviderException.php b/lib/private/Share20/Exception/ProviderException.php index a14d5266581..cb79ab884b4 100644 --- a/lib/private/Share20/Exception/ProviderException.php +++ b/lib/private/Share20/Exception/ProviderException.php @@ -1,27 +1,11 @@ <?php + /** - * @author Roeland Jago Douma <rullzer@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20\Exception; - class ProviderException extends \Exception { - } - diff --git a/lib/private/Share20/GroupDeletedListener.php b/lib/private/Share20/GroupDeletedListener.php new file mode 100644 index 00000000000..7e1ad71c465 --- /dev/null +++ b/lib/private/Share20/GroupDeletedListener.php @@ -0,0 +1,32 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\Group\Events\GroupDeletedEvent; +use OCP\Share\IManager; + +/** + * @template-implements IEventListener<GroupDeletedEvent> + */ +class GroupDeletedListener implements IEventListener { + public function __construct( + protected IManager $shareManager, + ) { + } + + public function handle(Event $event): void { + if (!$event instanceof GroupDeletedEvent) { + return; + } + + $this->shareManager->groupDeleted($event->getGroup()->getGID()); + } +} diff --git a/lib/private/Share20/LegacyHooks.php b/lib/private/Share20/LegacyHooks.php new file mode 100644 index 00000000000..d54c8e3203d --- /dev/null +++ b/lib/private/Share20/LegacyHooks.php @@ -0,0 +1,144 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use OCP\EventDispatcher\IEventDispatcher; +use OCP\Files\File; +use OCP\Share; +use OCP\Share\Events\BeforeShareCreatedEvent; +use OCP\Share\Events\BeforeShareDeletedEvent; +use OCP\Share\Events\ShareCreatedEvent; +use OCP\Share\Events\ShareDeletedEvent; +use OCP\Share\Events\ShareDeletedFromSelfEvent; +use OCP\Share\IShare; + +class LegacyHooks { + /** @var IEventDispatcher */ + private $eventDispatcher; + + public function __construct(IEventDispatcher $eventDispatcher) { + $this->eventDispatcher = $eventDispatcher; + + $this->eventDispatcher->addListener(BeforeShareDeletedEvent::class, function (BeforeShareDeletedEvent $event) { + $this->preUnshare($event); + }); + $this->eventDispatcher->addListener(ShareDeletedEvent::class, function (ShareDeletedEvent $event) { + $this->postUnshare($event); + }); + $this->eventDispatcher->addListener(ShareDeletedFromSelfEvent::class, function (ShareDeletedFromSelfEvent $event) { + $this->postUnshareFromSelf($event); + }); + $this->eventDispatcher->addListener(BeforeShareCreatedEvent::class, function (BeforeShareCreatedEvent $event) { + $this->preShare($event); + }); + $this->eventDispatcher->addListener(ShareCreatedEvent::class, function (ShareCreatedEvent $event) { + $this->postShare($event); + }); + } + + public function preUnshare(BeforeShareDeletedEvent $e) { + $share = $e->getShare(); + + $formatted = $this->formatHookParams($share); + \OC_Hook::emit(Share::class, 'pre_unshare', $formatted); + } + + public function postUnshare(ShareDeletedEvent $e) { + $share = $e->getShare(); + + $formatted = $this->formatHookParams($share); + $formatted['deletedShares'] = [$formatted]; + + \OC_Hook::emit(Share::class, 'post_unshare', $formatted); + } + + public function postUnshareFromSelf(ShareDeletedFromSelfEvent $e) { + $share = $e->getShare(); + + $formatted = $this->formatHookParams($share); + $formatted['itemTarget'] = $formatted['fileTarget']; + $formatted['unsharedItems'] = [$formatted]; + + \OC_Hook::emit(Share::class, 'post_unshareFromSelf', $formatted); + } + + private function formatHookParams(IShare $share) { + // Prepare hook + $shareType = $share->getShareType(); + $sharedWith = ''; + if ($shareType === IShare::TYPE_USER + || $shareType === IShare::TYPE_GROUP + || $shareType === IShare::TYPE_REMOTE) { + $sharedWith = $share->getSharedWith(); + } + + $hookParams = [ + 'id' => $share->getId(), + 'itemType' => $share->getNodeType(), + 'itemSource' => $share->getNodeId(), + 'shareType' => $shareType, + 'shareWith' => $sharedWith, + 'itemparent' => $share->getParent(), + 'uidOwner' => $share->getSharedBy(), + 'fileSource' => $share->getNodeId(), + 'fileTarget' => $share->getTarget() + ]; + return $hookParams; + } + + public function preShare(BeforeShareCreatedEvent $e) { + $share = $e->getShare(); + + // Pre share hook + $run = true; + $error = ''; + $preHookData = [ + 'itemType' => $share->getNode() instanceof File ? 'file' : 'folder', + 'itemSource' => $share->getNode()->getId(), + 'shareType' => $share->getShareType(), + 'uidOwner' => $share->getSharedBy(), + 'permissions' => $share->getPermissions(), + 'fileSource' => $share->getNode()->getId(), + 'expiration' => $share->getExpirationDate(), + 'token' => $share->getToken(), + 'itemTarget' => $share->getTarget(), + 'shareWith' => $share->getSharedWith(), + 'run' => &$run, + 'error' => &$error, + ]; + \OC_Hook::emit(Share::class, 'pre_shared', $preHookData); + + if ($run === false) { + $e->setError($error); + $e->stopPropagation(); + } + + return $e; + } + + public function postShare(ShareCreatedEvent $e) { + $share = $e->getShare(); + + $postHookData = [ + 'itemType' => $share->getNode() instanceof File ? 'file' : 'folder', + 'itemSource' => $share->getNode()->getId(), + 'shareType' => $share->getShareType(), + 'uidOwner' => $share->getSharedBy(), + 'permissions' => $share->getPermissions(), + 'fileSource' => $share->getNode()->getId(), + 'expiration' => $share->getExpirationDate(), + 'token' => $share->getToken(), + 'id' => $share->getId(), + 'shareWith' => $share->getSharedWith(), + 'itemTarget' => $share->getTarget(), + 'fileTarget' => $share->getTarget(), + 'path' => $share->getNode()->getPath(), + ]; + + \OC_Hook::emit(Share::class, 'post_shared', $postHookData); + } +} diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 1c9d4d82277..28f29d6b20f 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -1,110 +1,95 @@ <?php + /** - * @author Arthur Schiwon <blizzz@owncloud.com> - * @author Joas Schilling <nickvergessen@owncloud.com> - * @author Roeland Jago Douma <rullzer@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ - namespace OC\Share20; +use OC\Core\AppInfo\ConfigLexicon; use OC\Files\Mount\MoveableMount; +use OC\KnownUser\KnownUserService; +use OC\Share20\Exception\ProviderException; +use OCA\Files_Sharing\AppInfo\Application; +use OCA\Files_Sharing\SharedStorage; +use OCA\ShareByMail\ShareByMailProvider; +use OCP\EventDispatcher\IEventDispatcher; +use OCP\Files\File; +use OCP\Files\Folder; use OCP\Files\IRootFolder; +use OCP\Files\Mount\IMountManager; +use OCP\Files\Mount\IShareOwnerlessMount; +use OCP\Files\Node; use OCP\Files\NotFoundException; -use OCP\IUserManager; -use OCP\Share\IManager; -use OCP\Share\IProviderFactory; -use OC\Share20\Exception\BackendError; +use OCP\HintException; +use OCP\IAppConfig; use OCP\IConfig; +use OCP\IDateTimeZone; +use OCP\IGroupManager; use OCP\IL10N; -use OCP\ILogger; -use OCP\Security\ISecureRandom; +use OCP\IURLGenerator; +use OCP\IUser; +use OCP\IUserManager; +use OCP\IUserSession; +use OCP\L10N\IFactory; +use OCP\Mail\IMailer; +use OCP\Security\Events\ValidatePasswordPolicyEvent; use OCP\Security\IHasher; -use OCP\Files\Mount\IMountManager; -use OCP\IGroupManager; -use OCP\Files\File; -use OCP\Files\Folder; - -use OCP\Share\Exceptions\ShareNotFound; +use OCP\Security\ISecureRandom; +use OCP\Security\PasswordContext; +use OCP\Share; +use OCP\Share\Events\BeforeShareDeletedEvent; +use OCP\Share\Events\ShareAcceptedEvent; +use OCP\Share\Events\ShareCreatedEvent; +use OCP\Share\Events\ShareDeletedEvent; +use OCP\Share\Events\ShareDeletedFromSelfEvent; +use OCP\Share\Exceptions\AlreadySharedException; use OCP\Share\Exceptions\GenericShareException; +use OCP\Share\Exceptions\ShareNotFound; +use OCP\Share\Exceptions\ShareTokenException; +use OCP\Share\IManager; +use OCP\Share\IProviderFactory; +use OCP\Share\IShare; +use OCP\Share\IShareProvider; +use OCP\Share\IShareProviderSupportsAccept; +use OCP\Share\IShareProviderSupportsAllSharesInFolder; +use OCP\Share\IShareProviderWithNotification; +use Psr\Log\LoggerInterface; /** * This class is the communication hub for all sharing related operations. */ class Manager implements IManager { - /** @var IProviderFactory */ - private $factory; - /** @var ILogger */ - private $logger; - /** @var IConfig */ - private $config; - /** @var ISecureRandom */ - private $secureRandom; - /** @var IHasher */ - private $hasher; - /** @var IMountManager */ - private $mountManager; - /** @var IGroupManager */ - private $groupManager; - /** @var IL10N */ - private $l; - /** @var IUserManager */ - private $userManager; - /** @var IRootFolder */ - private $rootFolder; + private ?IL10N $l; + private LegacyHooks $legacyHooks; - /** - * Manager constructor. - * - * @param ILogger $logger - * @param IConfig $config - * @param ISecureRandom $secureRandom - * @param IHasher $hasher - * @param IMountManager $mountManager - * @param IGroupManager $groupManager - * @param IL10N $l - * @param IProviderFactory $factory - * @param IUserManager $userManager - * @param IRootFolder $rootFolder - */ public function __construct( - ILogger $logger, - IConfig $config, - ISecureRandom $secureRandom, - IHasher $hasher, - IMountManager $mountManager, - IGroupManager $groupManager, - IL10N $l, - IProviderFactory $factory, - IUserManager $userManager, - IRootFolder $rootFolder + private LoggerInterface $logger, + private IConfig $config, + private ISecureRandom $secureRandom, + private IHasher $hasher, + private IMountManager $mountManager, + private IGroupManager $groupManager, + private IFactory $l10nFactory, + private IProviderFactory $factory, + private IUserManager $userManager, + private IRootFolder $rootFolder, + private IMailer $mailer, + private IURLGenerator $urlGenerator, + private \OC_Defaults $defaults, + private IEventDispatcher $dispatcher, + private IUserSession $userSession, + private KnownUserService $knownUserService, + private ShareDisableChecker $shareDisableChecker, + private IDateTimeZone $dateTimeZone, + private IAppConfig $appConfig, ) { - $this->logger = $logger; - $this->config = $config; - $this->secureRandom = $secureRandom; - $this->hasher = $hasher; - $this->mountManager = $mountManager; - $this->groupManager = $groupManager; - $this->l = $l; - $this->factory = $factory; - $this->userManager = $userManager; - $this->rootFolder = $rootFolder; + $this->l = $this->l10nFactory->get('lib'); + // The constructor of LegacyHooks registers the listeners of share events + // do not remove if those are not properly migrated + $this->legacyHooks = new LegacyHooks($this->dispatcher); } /** @@ -121,176 +106,322 @@ class Manager implements IManager { * Verify if a password meets all requirements * * @param string $password - * @throws \Exception + * @throws HintException */ protected function verifyPassword($password) { if ($password === null) { // No password is set, check if this is allowed. if ($this->shareApiLinkEnforcePassword()) { - throw new \InvalidArgumentException('Passwords are enforced for link shares'); + throw new \InvalidArgumentException($this->l->t('Passwords are enforced for link and mail shares')); } return; } // Let others verify the password - $accepted = true; - $message = ''; - \OCP\Util::emitHook('\OC\Share', 'verifyPassword', [ - 'password' => $password, - 'accepted' => &$accepted, - 'message' => &$message - ]); - - if (!$accepted) { - throw new \Exception($message); + try { + $event = new ValidatePasswordPolicyEvent($password, PasswordContext::SHARING); + $this->dispatcher->dispatchTyped($event); + } catch (HintException $e) { + /* Wrap in a 400 bad request error */ + throw new HintException($e->getMessage(), $e->getHint(), 400, $e); } } /** * Check for generic requirements before creating a share * - * @param \OCP\Share\IShare $share + * @param IShare $share * @throws \InvalidArgumentException * @throws GenericShareException + * + * @suppress PhanUndeclaredClassMethod */ - protected function generalCreateChecks(\OCP\Share\IShare $share) { - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { + protected function generalCreateChecks(IShare $share, bool $isUpdate = false) { + if ($share->getShareType() === IShare::TYPE_USER) { // We expect a valid user as sharedWith for user shares if (!$this->userManager->userExists($share->getSharedWith())) { - throw new \InvalidArgumentException('SharedWith is not a valid user'); + throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid user')); } - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { // We expect a valid group as sharedWith for group shares if (!$this->groupManager->groupExists($share->getSharedWith())) { - throw new \InvalidArgumentException('SharedWith is not a valid group'); + throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid group')); } - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { + } elseif ($share->getShareType() === IShare::TYPE_LINK) { + // No check for TYPE_EMAIL here as we have a recipient for them if ($share->getSharedWith() !== null) { - throw new \InvalidArgumentException('SharedWith should be empty'); + throw new \InvalidArgumentException($this->l->t('Share recipient should be empty')); + } + } elseif ($share->getShareType() === IShare::TYPE_EMAIL) { + if ($share->getSharedWith() === null) { + throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty')); } - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) { + } elseif ($share->getShareType() === IShare::TYPE_REMOTE) { if ($share->getSharedWith() === null) { - throw new \InvalidArgumentException('SharedWith should not be empty'); + throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty')); } + } elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) { + if ($share->getSharedWith() === null) { + throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty')); + } + } elseif ($share->getShareType() === IShare::TYPE_CIRCLE) { + $circle = \OCA\Circles\Api\v1\Circles::detailsCircle($share->getSharedWith()); + if ($circle === null) { + throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid circle')); + } + } elseif ($share->getShareType() === IShare::TYPE_ROOM) { + } elseif ($share->getShareType() === IShare::TYPE_DECK) { + } elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) { } else { - // We can't handle other types yet - throw new \InvalidArgumentException('unkown share type'); + // We cannot handle other types yet + throw new \InvalidArgumentException($this->l->t('Unknown share type')); } // Verify the initiator of the share is set if ($share->getSharedBy() === null) { - throw new \InvalidArgumentException('SharedBy should be set'); + throw new \InvalidArgumentException($this->l->t('Share initiator must be set')); } // Cannot share with yourself - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && - $share->getSharedWith() === $share->getSharedBy()) { - throw new \InvalidArgumentException('Can\'t share with yourself'); + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $share->getSharedBy()) { + throw new \InvalidArgumentException($this->l->t('Cannot share with yourself')); } // The path should be set if ($share->getNode() === null) { - throw new \InvalidArgumentException('Path should be set'); + throw new \InvalidArgumentException($this->l->t('Shared path must be set')); } // And it should be a file or a folder - if (!($share->getNode() instanceof \OCP\Files\File) && - !($share->getNode() instanceof \OCP\Files\Folder)) { - throw new \InvalidArgumentException('Path should be either a file or a folder'); + if (!($share->getNode() instanceof \OCP\Files\File) + && !($share->getNode() instanceof \OCP\Files\Folder)) { + throw new \InvalidArgumentException($this->l->t('Shared path must be either a file or a folder')); } - // And you can't share your rootfolder - if ($this->rootFolder->getUserFolder($share->getSharedBy())->getPath() === $share->getNode()->getPath()) { - throw new \InvalidArgumentException('You can\'t share your root folder'); + // And you cannot share your rootfolder + if ($this->userManager->userExists($share->getSharedBy())) { + $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy()); + } else { + $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner()); + } + if ($userFolder->getId() === $share->getNode()->getId()) { + throw new \InvalidArgumentException($this->l->t('You cannot share your root folder')); } // Check if we actually have share permissions if (!$share->getNode()->isShareable()) { - $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]); - throw new GenericShareException($message_t, $message_t, 404); + throw new GenericShareException($this->l->t('You are not allowed to share %s', [$share->getNode()->getName()]), code: 404); } // Permissions should be set if ($share->getPermissions() === null) { - throw new \InvalidArgumentException('A share requires permissions'); + throw new \InvalidArgumentException($this->l->t('Valid permissions are required for sharing')); } - /* - * Quick fix for #23536 - * Non moveable mount points do not have update and delete permissions - * while we 'most likely' do have that on the storage. - */ - $permissions = $share->getNode()->getPermissions(); - $mount = $share->getNode()->getMountPoint(); - if (!($mount instanceof MoveableMount)) { - $permissions |= \OCP\Constants::PERMISSION_DELETE | \OCP\Constants::PERMISSION_UPDATE; + // Permissions must be valid + if ($share->getPermissions() < 0 || $share->getPermissions() > \OCP\Constants::PERMISSION_ALL) { + throw new \InvalidArgumentException($this->l->t('Valid permissions are required for sharing')); + } + + // Single file shares should never have delete or create permissions + if (($share->getNode() instanceof File) + && (($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_DELETE)) !== 0)) { + throw new \InvalidArgumentException($this->l->t('File shares cannot have create or delete permissions')); + } + + $permissions = 0; + $nodesForUser = $userFolder->getById($share->getNodeId()); + foreach ($nodesForUser as $node) { + if ($node->getInternalPath() === '' && !$node->getMountPoint() instanceof MoveableMount) { + // for the root of non-movable mount, the permissions we see if limited by the mount itself, + // so we instead use the "raw" permissions from the storage + $permissions |= $node->getStorage()->getPermissions(''); + } else { + $permissions |= $node->getPermissions(); + } } // Check that we do not share with more permissions than we have if ($share->getPermissions() & ~$permissions) { - $message_t = $this->l->t('Cannot increase permissions of %s', [$share->getNode()->getPath()]); - throw new GenericShareException($message_t, $message_t, 404); + $path = $userFolder->getRelativePath($share->getNode()->getPath()); + throw new GenericShareException($this->l->t('Cannot increase permissions of %s', [$path]), code: 404); } // Check that read permissions are always set - if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { - throw new \InvalidArgumentException('Shares need at least read permissions'); + // Link shares are allowed to have no read permissions to allow upload to hidden folders + $noReadPermissionRequired = $share->getShareType() === IShare::TYPE_LINK + || $share->getShareType() === IShare::TYPE_EMAIL; + if (!$noReadPermissionRequired + && ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { + throw new \InvalidArgumentException($this->l->t('Shares need at least read permissions')); + } + + if ($share->getNode() instanceof \OCP\Files\File) { + if ($share->getPermissions() & \OCP\Constants::PERMISSION_DELETE) { + throw new GenericShareException($this->l->t('Files cannot be shared with delete permissions')); + } + if ($share->getPermissions() & \OCP\Constants::PERMISSION_CREATE) { + throw new GenericShareException($this->l->t('Files cannot be shared with create permissions')); + } } } /** * Validate if the expiration date fits the system settings * - * @param \OCP\Share\IShare $share The share to validate the expiration date of - * @return \OCP\Share\IShare The modified share object + * @param IShare $share The share to validate the expiration date of + * @return IShare The modified share object * @throws GenericShareException * @throws \InvalidArgumentException * @throws \Exception */ - protected function validateExpirationDate(\OCP\Share\IShare $share) { + protected function validateExpirationDateInternal(IShare $share) { + $isRemote = $share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP; $expirationDate = $share->getExpirationDate(); - if ($expirationDate !== null) { - //Make sure the expiration date is a date - $expirationDate->setTime(0, 0, 0); + if ($isRemote) { + $defaultExpireDate = $this->shareApiRemoteDefaultExpireDate(); + $defaultExpireDays = $this->shareApiRemoteDefaultExpireDays(); + $configProp = 'remote_defaultExpDays'; + $isEnforced = $this->shareApiRemoteDefaultExpireDateEnforced(); + } else { + $defaultExpireDate = $this->shareApiInternalDefaultExpireDate(); + $defaultExpireDays = $this->shareApiInternalDefaultExpireDays(); + $configProp = 'internal_defaultExpDays'; + $isEnforced = $this->shareApiInternalDefaultExpireDateEnforced(); + } - $date = new \DateTime(); - $date->setTime(0, 0, 0); - if ($date >= $expirationDate) { - $message = $this->l->t('Expiration date is in the past'); - throw new GenericShareException($message, $message, 404); + // If $expirationDate is falsy, noExpirationDate is true and expiration not enforced + // Then skip expiration date validation as null is accepted + if (!$share->getNoExpirationDate() || $isEnforced) { + if ($expirationDate !== null) { + $expirationDate->setTimezone($this->dateTimeZone->getTimeZone()); + $expirationDate->setTime(0, 0, 0); + + $date = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $date->setTime(0, 0, 0); + if ($date >= $expirationDate) { + throw new GenericShareException($this->l->t('Expiration date is in the past'), code: 404); + } } - } - // If expiredate is empty set a default one if there is a default - $fullId = null; - try { - $fullId = $share->getFullId(); - } catch (\UnexpectedValueException $e) { - // This is a new share + // If expiredate is empty set a default one if there is a default + $fullId = null; + try { + $fullId = $share->getFullId(); + } catch (\UnexpectedValueException $e) { + // This is a new share + } + + if ($fullId === null && $expirationDate === null && $defaultExpireDate) { + $expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $expirationDate->setTime(0, 0, 0); + $days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays); + if ($days > $defaultExpireDays) { + $days = $defaultExpireDays; + } + $expirationDate->add(new \DateInterval('P' . $days . 'D')); + } + + // If we enforce the expiration date check that is does not exceed + if ($isEnforced) { + if (empty($expirationDate)) { + throw new \InvalidArgumentException($this->l->t('Expiration date is enforced')); + } + + $date = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $date->setTime(0, 0, 0); + $date->add(new \DateInterval('P' . $defaultExpireDays . 'D')); + if ($date < $expirationDate) { + throw new GenericShareException($this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $defaultExpireDays), code: 404); + } + } } - if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) { - $expirationDate = new \DateTime(); - $expirationDate->setTime(0,0,0); - $expirationDate->add(new \DateInterval('P'.$this->shareApiLinkDefaultExpireDays().'D')); + $accepted = true; + $message = ''; + \OCP\Util::emitHook('\OC\Share', 'verifyExpirationDate', [ + 'expirationDate' => &$expirationDate, + 'accepted' => &$accepted, + 'message' => &$message, + 'passwordSet' => $share->getPassword() !== null, + ]); + + if (!$accepted) { + throw new \Exception($message); } - // If we enforce the expiration date check that is does not exceed - if ($this->shareApiLinkDefaultExpireDateEnforced()) { - if ($expirationDate === null) { - throw new \InvalidArgumentException('Expiration date is enforced'); + $share->setExpirationDate($expirationDate); + + return $share; + } + + /** + * Validate if the expiration date fits the system settings + * + * @param IShare $share The share to validate the expiration date of + * @return IShare The modified share object + * @throws GenericShareException + * @throws \InvalidArgumentException + * @throws \Exception + */ + protected function validateExpirationDateLink(IShare $share) { + $expirationDate = $share->getExpirationDate(); + $isEnforced = $this->shareApiLinkDefaultExpireDateEnforced(); + + // If $expirationDate is falsy, noExpirationDate is true and expiration not enforced + // Then skip expiration date validation as null is accepted + if (!($share->getNoExpirationDate() && !$isEnforced)) { + if ($expirationDate !== null) { + $expirationDate->setTimezone($this->dateTimeZone->getTimeZone()); + $expirationDate->setTime(0, 0, 0); + + $date = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $date->setTime(0, 0, 0); + if ($date >= $expirationDate) { + throw new GenericShareException($this->l->t('Expiration date is in the past'), code: 404); + } + } + + // If expiredate is empty set a default one if there is a default + $fullId = null; + try { + $fullId = $share->getFullId(); + } catch (\UnexpectedValueException $e) { + // This is a new share + } + + if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) { + $expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $expirationDate->setTime(0, 0, 0); + + $days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', (string)$this->shareApiLinkDefaultExpireDays()); + if ($days > $this->shareApiLinkDefaultExpireDays()) { + $days = $this->shareApiLinkDefaultExpireDays(); + } + $expirationDate->add(new \DateInterval('P' . $days . 'D')); } - $date = new \DateTime(); - $date->setTime(0, 0, 0); - $date->add(new \DateInterval('P' . $this->shareApiLinkDefaultExpireDays() . 'D')); - if ($date < $expirationDate) { - $message = $this->l->t('Cannot set expiration date more than %s days in the future', [$this->shareApiLinkDefaultExpireDays()]); - throw new GenericShareException($message, $message, 404); + // If we enforce the expiration date check that is does not exceed + if ($isEnforced) { + if (empty($expirationDate)) { + throw new \InvalidArgumentException($this->l->t('Expiration date is enforced')); + } + + $date = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $date->setTime(0, 0, 0); + $date->add(new \DateInterval('P' . $this->shareApiLinkDefaultExpireDays() . 'D')); + if ($date < $expirationDate) { + throw new GenericShareException( + $this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $this->shareApiLinkDefaultExpireDays()), + code: 404, + ); + } } + } $accepted = true; @@ -314,21 +445,26 @@ class Manager implements IManager { /** * Check for pre share requirements for user shares * - * @param \OCP\Share\IShare $share + * @param IShare $share * @throws \Exception */ - protected function userCreateChecks(\OCP\Share\IShare $share) { + protected function userCreateChecks(IShare $share) { // Check if we can share with group members only if ($this->shareWithGroupMembersOnly()) { $sharedBy = $this->userManager->get($share->getSharedBy()); $sharedWith = $this->userManager->get($share->getSharedWith()); // Verify we can share with this user $groups = array_intersect( - $this->groupManager->getUserGroupIds($sharedBy), - $this->groupManager->getUserGroupIds($sharedWith) + $this->groupManager->getUserGroupIds($sharedBy), + $this->groupManager->getUserGroupIds($sharedWith) ); + + // optional excluded groups + $excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList(); + $groups = array_diff($groups, $excludedGroups); + if (empty($groups)) { - throw new \Exception('Only sharing with group members is allowed'); + throw new \Exception($this->l->t('Sharing is only allowed with group members')); } } @@ -337,9 +473,9 @@ class Manager implements IManager { * * Also this is not what we want in the future.. then we want to squash identical shares. */ - $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_USER); + $provider = $this->factory->getProviderForType(IShare::TYPE_USER); $existingShares = $provider->getSharesByPath($share->getNode()); - foreach($existingShares as $existingShare) { + foreach ($existingShares as $existingShare) { // Ignore if it is the same share try { if ($existingShare->getFullId() === $share->getFullId()) { @@ -349,18 +485,20 @@ class Manager implements IManager { //Shares are not identical } - // Identical share already existst - if ($existingShare->getSharedWith() === $share->getSharedWith()) { - throw new \Exception('Path already shared with this user'); + // Identical share already exists + if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) { + throw new AlreadySharedException($this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]), $existingShare); } // The share is already shared with this user via a group share - if ($existingShare->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { + if ($existingShare->getShareType() === IShare::TYPE_GROUP) { $group = $this->groupManager->get($existingShare->getSharedWith()); - $user = $this->userManager->get($share->getSharedWith()); + if (!is_null($group)) { + $user = $this->userManager->get($share->getSharedWith()); - if ($group->inGroup($user) && $existingShare->getShareOwner() !== $share->getShareOwner()) { - throw new \Exception('Path already shared with this user'); + if ($group->inGroup($user) && $existingShare->getShareOwner() !== $share->getShareOwner()) { + throw new AlreadySharedException($this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]), $existingShare); + } } } } @@ -369,21 +507,24 @@ class Manager implements IManager { /** * Check for pre share requirements for group shares * - * @param \OCP\Share\IShare $share + * @param IShare $share * @throws \Exception */ - protected function groupCreateChecks(\OCP\Share\IShare $share) { + protected function groupCreateChecks(IShare $share) { // Verify group shares are allowed if (!$this->allowGroupSharing()) { - throw new \Exception('Group sharing is now allowed'); + throw new \Exception($this->l->t('Group sharing is now allowed')); } // Verify if the user can share with this group if ($this->shareWithGroupMembersOnly()) { $sharedBy = $this->userManager->get($share->getSharedBy()); $sharedWith = $this->groupManager->get($share->getSharedWith()); - if (!$sharedWith->inGroup($sharedBy)) { - throw new \Exception('Only sharing within your own groups is allowed'); + + // optional excluded groups + $excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList(); + if (is_null($sharedWith) || in_array($share->getSharedWith(), $excludedGroups) || !$sharedWith->inGroup($sharedBy)) { + throw new \Exception($this->l->t('Sharing is only allowed within your own groups')); } } @@ -392,9 +533,9 @@ class Manager implements IManager { * * Also this is not what we want in the future.. then we want to squash identical shares. */ - $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_GROUP); + $provider = $this->factory->getProviderForType(IShare::TYPE_GROUP); $existingShares = $provider->getSharesByPath($share->getNode()); - foreach($existingShares as $existingShare) { + foreach ($existingShares as $existingShare) { try { if ($existingShare->getFullId() === $share->getFullId()) { continue; @@ -403,8 +544,8 @@ class Manager implements IManager { //It is a new share so just continue } - if ($existingShare->getSharedWith() === $share->getSharedWith()) { - throw new \Exception('Path already shared with this group'); + if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) { + throw new AlreadySharedException($this->l->t('Path is already shared with this group'), $existingShare); } } } @@ -412,29 +553,19 @@ class Manager implements IManager { /** * Check for pre share requirements for link shares * - * @param \OCP\Share\IShare $share + * @param IShare $share * @throws \Exception */ - protected function linkCreateChecks(\OCP\Share\IShare $share) { + protected function linkCreateChecks(IShare $share) { // Are link shares allowed? if (!$this->shareApiAllowLinks()) { - throw new \Exception('Link sharing not allowed'); - } - - // Link shares by definition can't have share permissions - if ($share->getPermissions() & \OCP\Constants::PERMISSION_SHARE) { - throw new \InvalidArgumentException('Link shares can\'t have reshare permissions'); - } - - // We don't allow deletion on link shares - if ($share->getPermissions() & \OCP\Constants::PERMISSION_DELETE) { - throw new \InvalidArgumentException('Link shares can\'t have delete permissions'); + throw new \Exception($this->l->t('Link sharing is not allowed')); } // Check if public upload is allowed - if (!$this->shareApiLinkAllowPublicUpload() && - ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE))) { - throw new \InvalidArgumentException('Public upload not allowed'); + if ($share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload() + && ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) { + throw new \InvalidArgumentException($this->l->t('Public upload is not allowed')); } } @@ -447,17 +578,14 @@ class Manager implements IManager { * * FIXME: Remove once multiple link shares can be properly displayed * - * @param \OCP\Share\IShare $share + * @param IShare $share */ - protected function setLinkParent(\OCP\Share\IShare $share) { - - // No sense in checking if the method is not there. - if (method_exists($share, 'setParent')) { - $storage = $share->getNode()->getStorage(); - if ($storage->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) { - $share->setParent($storage->getShareId()); - } - }; + protected function setLinkParent(IShare $share) { + $storage = $share->getNode()->getStorage(); + if ($storage->instanceOfStorage(SharedStorage::class)) { + /** @var \OCA\Files_Sharing\SharedStorage $storage */ + $share->setParent((int)$storage->getShareId()); + } } /** @@ -467,9 +595,13 @@ class Manager implements IManager { // Make sure that we do not share a path that contains a shared mountpoint if ($path instanceof \OCP\Files\Folder) { $mounts = $this->mountManager->findIn($path->getPath()); - foreach($mounts as $mount) { + foreach ($mounts as $mount) { if ($mount->getStorage()->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) { - throw new \InvalidArgumentException('Path contains files shared with you'); + // Using a flat sharing model ensures the file owner can always see who has access. + // Allowing parent folder sharing would require tracking inherited access, which adds complexity + // and hurts performance/scalability. + // So we forbid sharing a parent folder of a share you received. + throw new \InvalidArgumentException($this->l->t('You cannot share a folder that contains other shares')); } } } @@ -478,66 +610,33 @@ class Manager implements IManager { /** * Check if the user that is sharing can actually share * - * @param \OCP\Share\IShare $share + * @param IShare $share * @throws \Exception */ - protected function canShare(\OCP\Share\IShare $share) { + protected function canShare(IShare $share) { if (!$this->shareApiEnabled()) { - throw new \Exception('The share API is disabled'); + throw new \Exception($this->l->t('Sharing is disabled')); } if ($this->sharingDisabledForUser($share->getSharedBy())) { - throw new \Exception('You are not allowed to share'); + throw new \Exception($this->l->t('Sharing is disabled for you')); } } /** * Share a path * - * @param \OCP\Share\IShare $share - * @return Share The share object + * @param IShare $share + * @return IShare The share object * @throws \Exception * * TODO: handle link share permissions or check them */ - public function createShare(\OCP\Share\IShare $share) { + public function createShare(IShare $share) { $this->canShare($share); $this->generalCreateChecks($share); - //Verify share type - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { - $this->userCreateChecks($share); - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { - $this->groupCreateChecks($share); - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { - $this->linkCreateChecks($share); - $this->setLinkParent($share); - - /* - * For now ignore a set token. - */ - $share->setToken( - $this->secureRandom->generate( - \OC\Share\Constants::TOKEN_LENGTH, - \OCP\Security\ISecureRandom::CHAR_LOWER. - \OCP\Security\ISecureRandom::CHAR_UPPER. - \OCP\Security\ISecureRandom::CHAR_DIGITS - ) - ); - - //Verify the expiration date - $this->validateExpirationDate($share); - - //Verify the password - $this->verifyPassword($share->getPassword()); - - // If a password is set. Hash it! - if ($share->getPassword() !== null) { - $share->setPassword($this->hasher->hash($share->getPassword())); - } - } - // Verify if there are any issues with the path $this->pathCreateChecks($share->getNode()); @@ -548,68 +647,120 @@ class Manager implements IManager { $storage = $share->getNode()->getStorage(); if ($storage->instanceOfStorage('OCA\Files_Sharing\External\Storage')) { $parent = $share->getNode()->getParent(); - while($parent->getStorage()->instanceOfStorage('OCA\Files_Sharing\External\Storage')) { + while ($parent->getStorage()->instanceOfStorage('OCA\Files_Sharing\External\Storage')) { $parent = $parent->getParent(); } $share->setShareOwner($parent->getOwner()->getUID()); } else { - $share->setShareOwner($share->getNode()->getOwner()->getUID()); + if ($share->getNode()->getOwner()) { + $share->setShareOwner($share->getNode()->getOwner()->getUID()); + } else { + $share->setShareOwner($share->getSharedBy()); + } } - // Cannot share with the owner - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && - $share->getSharedWith() === $share->getShareOwner()) { - throw new \InvalidArgumentException('Can\'t share with the share owner'); - } - - // Generate the target - $target = $this->config->getSystemValue('share_folder', '/') .'/'. $share->getNode()->getName(); - $target = \OC\Files\Filesystem::normalizePath($target); - $share->setTarget($target); - - // Pre share hook - $run = true; - $error = ''; - $preHookData = [ - 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder', - 'itemSource' => $share->getNode()->getId(), - 'shareType' => $share->getShareType(), - 'uidOwner' => $share->getSharedBy(), - 'permissions' => $share->getPermissions(), - 'fileSource' => $share->getNode()->getId(), - 'expiration' => $share->getExpirationDate(), - 'token' => $share->getToken(), - 'itemTarget' => $share->getTarget(), - 'shareWith' => $share->getSharedWith(), - 'run' => &$run, - 'error' => &$error, - ]; - \OC_Hook::emit('OCP\Share', 'pre_shared', $preHookData); + try { + // Verify share type + if ($share->getShareType() === IShare::TYPE_USER) { + $this->userCreateChecks($share); + + // Verify the expiration date + $share = $this->validateExpirationDateInternal($share); + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { + $this->groupCreateChecks($share); + + // Verify the expiration date + $share = $this->validateExpirationDateInternal($share); + } elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) { + // Verify the expiration date + $share = $this->validateExpirationDateInternal($share); + } elseif ($share->getShareType() === IShare::TYPE_LINK + || $share->getShareType() === IShare::TYPE_EMAIL) { + $this->linkCreateChecks($share); + $this->setLinkParent($share); + + $token = $this->generateToken(); + // Set the unique token + $share->setToken($token); + + // Verify the expiration date + $share = $this->validateExpirationDateLink($share); + + // Verify the password + $this->verifyPassword($share->getPassword()); - if ($run === false) { - throw new \Exception($error); - } + // If a password is set. Hash it! + if ($share->getShareType() === IShare::TYPE_LINK + && $share->getPassword() !== null) { + $share->setPassword($this->hasher->hash($share->getPassword())); + } + } - $provider = $this->factory->getProviderForType($share->getShareType()); - $share = $provider->create($share); - - // Post share hook - $postHookData = [ - 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder', - 'itemSource' => $share->getNode()->getId(), - 'shareType' => $share->getShareType(), - 'uidOwner' => $share->getSharedBy(), - 'permissions' => $share->getPermissions(), - 'fileSource' => $share->getNode()->getId(), - 'expiration' => $share->getExpirationDate(), - 'token' => $share->getToken(), - 'id' => $share->getId(), - 'shareWith' => $share->getSharedWith(), - 'itemTarget' => $share->getTarget(), - 'fileTarget' => $share->getTarget(), - ]; + // Cannot share with the owner + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $share->getShareOwner()) { + throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner')); + } + + // Generate the target + $shareFolder = $this->config->getSystemValue('share_folder', '/'); + if ($share->getShareType() === IShare::TYPE_USER) { + $allowCustomShareFolder = $this->config->getSystemValueBool('sharing.allow_custom_share_folder', true); + if ($allowCustomShareFolder) { + $shareFolder = $this->config->getUserValue($share->getSharedWith(), Application::APP_ID, 'share_folder', $shareFolder); + } + } + + $target = $shareFolder . '/' . $share->getNode()->getName(); + $target = \OC\Files\Filesystem::normalizePath($target); + $share->setTarget($target); + + // Pre share event + $event = new Share\Events\BeforeShareCreatedEvent($share); + $this->dispatcher->dispatchTyped($event); + if ($event->isPropagationStopped() && $event->getError()) { + throw new \Exception($event->getError()); + } + + $oldShare = $share; + $provider = $this->factory->getProviderForType($share->getShareType()); + $share = $provider->create($share); - \OC_Hook::emit('OCP\Share', 'post_shared', $postHookData); + // Reuse the node we already have + $share->setNode($oldShare->getNode()); + + // Reset the target if it is null for the new share + if ($share->getTarget() === '') { + $share->setTarget($target); + } + } catch (AlreadySharedException $e) { + // If a share for the same target already exists, dont create a new one, + // but do trigger the hooks and notifications again + $oldShare = $share; + + // Reuse the node we already have + $share = $e->getExistingShare(); + $share->setNode($oldShare->getNode()); + } + + // Post share event + $this->dispatcher->dispatchTyped(new ShareCreatedEvent($share)); + + // Send email if needed + if ($this->config->getSystemValueBool('sharing.enable_share_mail', true)) { + if ($share->getMailSend()) { + $provider = $this->factory->getProviderForType($share->getShareType()); + if ($provider instanceof IShareProviderWithNotification) { + $provider->sendMailNotification($share); + } else { + $this->logger->debug('Share notification not sent because the provider does not support it.', ['app' => 'share']); + } + } else { + $this->logger->debug('Share notification not sent because mailsend is false.', ['app' => 'share']); + } + } else { + $this->logger->debug('Share notification not sent because sharing notification emails is disabled.', ['app' => 'share']); + } return $share; } @@ -617,61 +768,97 @@ class Manager implements IManager { /** * Update a share * - * @param \OCP\Share\IShare $share - * @return \OCP\Share\IShare The share object + * @param IShare $share + * @return IShare The share object * @throws \InvalidArgumentException + * @throws HintException */ - public function updateShare(\OCP\Share\IShare $share) { + public function updateShare(IShare $share, bool $onlyValid = true) { $expirationDateUpdated = false; $this->canShare($share); try { - $originalShare = $this->getShareById($share->getFullId()); + $originalShare = $this->getShareById($share->getFullId(), onlyValid: $onlyValid); } catch (\UnexpectedValueException $e) { - throw new \InvalidArgumentException('Share does not have a full id'); + throw new \InvalidArgumentException($this->l->t('Share does not have a full ID')); } - // We can't change the share type! + // We cannot change the share type! if ($share->getShareType() !== $originalShare->getShareType()) { - throw new \InvalidArgumentException('Can\'t change share type'); + throw new \InvalidArgumentException($this->l->t('Cannot change share type')); } // We can only change the recipient on user shares - if ($share->getSharedWith() !== $originalShare->getSharedWith() && - $share->getShareType() !== \OCP\Share::SHARE_TYPE_USER) { - throw new \InvalidArgumentException('Can only update recipient on user shares'); + if ($share->getSharedWith() !== $originalShare->getSharedWith() + && $share->getShareType() !== IShare::TYPE_USER) { + throw new \InvalidArgumentException($this->l->t('Can only update recipient on user shares')); } // Cannot share with the owner - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && - $share->getSharedWith() === $share->getShareOwner()) { - throw new \InvalidArgumentException('Can\'t share with the share owner'); + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $share->getShareOwner()) { + throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner')); } - $this->generalCreateChecks($share); + $this->generalCreateChecks($share, true); - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { + if ($share->getShareType() === IShare::TYPE_USER) { $this->userCreateChecks($share); - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { + + if ($share->getExpirationDate() != $originalShare->getExpirationDate()) { + // Verify the expiration date + $this->validateExpirationDateInternal($share); + $expirationDateUpdated = true; + } + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { $this->groupCreateChecks($share); - } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { + + if ($share->getExpirationDate() != $originalShare->getExpirationDate()) { + // Verify the expiration date + $this->validateExpirationDateInternal($share); + $expirationDateUpdated = true; + } + } elseif ($share->getShareType() === IShare::TYPE_LINK + || $share->getShareType() === IShare::TYPE_EMAIL) { $this->linkCreateChecks($share); - // Password updated. - if ($share->getPassword() !== $originalShare->getPassword()) { - //Verify the password - $this->verifyPassword($share->getPassword()); + // The new password is not set again if it is the same as the old + // one, unless when switching from sending by Talk to sending by + // mail. + $plainTextPassword = $share->getPassword(); + $updatedPassword = $this->updateSharePasswordIfNeeded($share, $originalShare); - // If a password is set. Hash it! - if ($share->getPassword() !== null) { - $share->setPassword($this->hasher->hash($share->getPassword())); + /** + * Cannot enable the getSendPasswordByTalk if there is no password set + */ + if (empty($plainTextPassword) && $share->getSendPasswordByTalk()) { + throw new \InvalidArgumentException($this->l->t('Cannot enable sending the password by Talk with an empty password')); + } + + /** + * If we're in a mail share, we need to force a password change + * as either the user is not aware of the password or is already (received by mail) + * Thus the SendPasswordByTalk feature would not make sense + */ + if (!$updatedPassword && $share->getShareType() === IShare::TYPE_EMAIL) { + if (!$originalShare->getSendPasswordByTalk() && $share->getSendPasswordByTalk()) { + throw new \InvalidArgumentException($this->l->t('Cannot enable sending the password by Talk without setting a new password')); + } + if ($originalShare->getSendPasswordByTalk() && !$share->getSendPasswordByTalk()) { + throw new \InvalidArgumentException($this->l->t('Cannot disable sending the password by Talk without setting a new password')); } } if ($share->getExpirationDate() != $originalShare->getExpirationDate()) { - //Verify the expiration date - $this->validateExpirationDate($share); + // Verify the expiration date + $this->validateExpirationDateLink($share); + $expirationDateUpdated = true; + } + } elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) { + if ($share->getExpirationDate() != $originalShare->getExpirationDate()) { + // Verify the expiration date + $this->validateExpirationDateInternal($share); $expirationDateUpdated = true; } } @@ -680,10 +867,15 @@ class Manager implements IManager { // Now update the share! $provider = $this->factory->getProviderForType($share->getShareType()); - $share = $provider->update($share); + if ($share->getShareType() === IShare::TYPE_EMAIL) { + /** @var ShareByMailProvider $provider */ + $share = $provider->update($share, $plainTextPassword); + } else { + $share = $provider->update($share); + } if ($expirationDateUpdated === true) { - \OC_Hook::emit('OCP\Share', 'post_set_expiration_date', [ + \OC_Hook::emit(Share::class, 'post_set_expiration_date', [ 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder', 'itemSource' => $share->getNode()->getId(), 'date' => $share->getExpirationDate(), @@ -692,7 +884,7 @@ class Manager implements IManager { } if ($share->getPassword() !== $originalShare->getPassword()) { - \OC_Hook::emit('OCP\Share', 'post_update_password', [ + \OC_Hook::emit(Share::class, 'post_update_password', [ 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder', 'itemSource' => $share->getNode()->getId(), 'uidOwner' => $share->getSharedBy(), @@ -702,109 +894,256 @@ class Manager implements IManager { } if ($share->getPermissions() !== $originalShare->getPermissions()) { - $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner()); - \OC_Hook::emit('OCP\Share', 'post_update_permissions', array( + if ($this->userManager->userExists($share->getShareOwner())) { + $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner()); + } else { + $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy()); + } + \OC_Hook::emit(Share::class, 'post_update_permissions', [ 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder', 'itemSource' => $share->getNode()->getId(), 'shareType' => $share->getShareType(), 'shareWith' => $share->getSharedWith(), 'uidOwner' => $share->getSharedBy(), 'permissions' => $share->getPermissions(), + 'attributes' => $share->getAttributes() !== null ? $share->getAttributes()->toArray() : null, 'path' => $userFolder->getRelativePath($share->getNode()->getPath()), - )); + ]); } return $share; } /** + * Accept a share. + * + * @param IShare $share + * @param string $recipientId + * @return IShare The share object + * @throws \InvalidArgumentException Thrown if the provider does not implement `IShareProviderSupportsAccept` + * @since 9.0.0 + */ + public function acceptShare(IShare $share, string $recipientId): IShare { + [$providerId,] = $this->splitFullId($share->getFullId()); + $provider = $this->factory->getProvider($providerId); + + if (!($provider instanceof IShareProviderSupportsAccept)) { + throw new \InvalidArgumentException($this->l->t('Share provider does not support accepting')); + } + /** @var IShareProvider&IShareProviderSupportsAccept $provider */ + $provider->acceptShare($share, $recipientId); + + $event = new ShareAcceptedEvent($share); + $this->dispatcher->dispatchTyped($event); + + return $share; + } + + /** + * Updates the password of the given share if it is not the same as the + * password of the original share. + * + * @param IShare $share the share to update its password. + * @param IShare $originalShare the original share to compare its + * password with. + * @return boolean whether the password was updated or not. + */ + private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) { + $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) + && (($share->getPassword() !== null && $originalShare->getPassword() === null) + || ($share->getPassword() === null && $originalShare->getPassword() !== null) + || ($share->getPassword() !== null && $originalShare->getPassword() !== null + && !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); + + // Password updated. + if ($passwordsAreDifferent) { + // Verify the password + $this->verifyPassword($share->getPassword()); + + // If a password is set. Hash it! + if (!empty($share->getPassword())) { + $share->setPassword($this->hasher->hash($share->getPassword())); + if ($share->getShareType() === IShare::TYPE_EMAIL) { + // Shares shared by email have temporary passwords + $this->setSharePasswordExpirationTime($share); + } + + return true; + } else { + // Empty string and null are seen as NOT password protected + $share->setPassword(null); + if ($share->getShareType() === IShare::TYPE_EMAIL) { + $share->setPasswordExpirationTime(null); + } + return true; + } + } else { + // Reset the password to the original one, as it is either the same + // as the "new" password or a hashed version of it. + $share->setPassword($originalShare->getPassword()); + } + + return false; + } + + /** + * Set the share's password expiration time + */ + private function setSharePasswordExpirationTime(IShare $share): void { + if (!$this->config->getSystemValueBool('sharing.enable_mail_link_password_expiration', false)) { + // Sets password expiration date to NULL + $share->setPasswordExpirationTime(); + return; + } + // Sets password expiration date + $expirationTime = null; + $now = new \DateTime(); + $expirationInterval = $this->config->getSystemValue('sharing.mail_link_password_expiration_interval', 3600); + $expirationTime = $now->add(new \DateInterval('PT' . $expirationInterval . 'S')); + $share->setPasswordExpirationTime($expirationTime); + } + + + /** * Delete all the children of this share - * FIXME: remove once https://github.com/owncloud/core/pull/21660 is in * - * @param \OCP\Share\IShare $share - * @return \OCP\Share\IShare[] List of deleted shares + * @param IShare $share + * @return IShare[] List of deleted shares */ - protected function deleteChildren(\OCP\Share\IShare $share) { + protected function deleteChildren(IShare $share) { $deletedShares = []; $provider = $this->factory->getProviderForType($share->getShareType()); foreach ($provider->getChildren($share) as $child) { + $this->dispatcher->dispatchTyped(new BeforeShareDeletedEvent($child)); + $deletedChildren = $this->deleteChildren($child); $deletedShares = array_merge($deletedShares, $deletedChildren); $provider->delete($child); + $this->dispatcher->dispatchTyped(new ShareDeletedEvent($child)); $deletedShares[] = $child; } return $deletedShares; } + /** Promote re-shares into direct shares so that target user keeps access */ + protected function promoteReshares(IShare $share): void { + try { + $node = $share->getNode(); + } catch (NotFoundException) { + /* Skip if node not found */ + return; + } + + $userIds = []; + + if ($share->getShareType() === IShare::TYPE_USER) { + $userIds[] = $share->getSharedWith(); + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { + $group = $this->groupManager->get($share->getSharedWith()); + $users = $group?->getUsers() ?? []; + + foreach ($users as $user) { + /* Skip share owner */ + if ($user->getUID() === $share->getShareOwner() || $user->getUID() === $share->getSharedBy()) { + continue; + } + $userIds[] = $user->getUID(); + } + } else { + /* We only support user and group shares */ + return; + } + + $reshareRecords = []; + $shareTypes = [ + IShare::TYPE_GROUP, + IShare::TYPE_USER, + IShare::TYPE_LINK, + IShare::TYPE_REMOTE, + IShare::TYPE_EMAIL, + ]; + + foreach ($userIds as $userId) { + foreach ($shareTypes as $shareType) { + try { + $provider = $this->factory->getProviderForType($shareType); + } catch (ProviderException $e) { + continue; + } + + if ($node instanceof Folder) { + /* We need to get all shares by this user to get subshares */ + $shares = $provider->getSharesBy($userId, $shareType, null, false, -1, 0); + + foreach ($shares as $share) { + try { + $path = $share->getNode()->getPath(); + } catch (NotFoundException) { + /* Ignore share of non-existing node */ + continue; + } + if ($node->getRelativePath($path) !== null) { + /* If relative path is not null it means the shared node is the same or in a subfolder */ + $reshareRecords[] = $share; + } + } + } else { + $shares = $provider->getSharesBy($userId, $shareType, $node, false, -1, 0); + foreach ($shares as $child) { + $reshareRecords[] = $child; + } + } + } + } + + foreach ($reshareRecords as $child) { + try { + /* Check if the share is still valid (means the resharer still has access to the file through another mean) */ + $this->generalCreateChecks($child); + } catch (GenericShareException $e) { + /* The check is invalid, promote it to a direct share from the sharer of parent share */ + $this->logger->debug('Promote reshare because of exception ' . $e->getMessage(), ['exception' => $e, 'fullId' => $child->getFullId()]); + try { + $child->setSharedBy($share->getSharedBy()); + $this->updateShare($child); + } catch (GenericShareException|\InvalidArgumentException $e) { + $this->logger->warning('Failed to promote reshare because of exception ' . $e->getMessage(), ['exception' => $e, 'fullId' => $child->getFullId()]); + } + } + } + } + /** * Delete a share * - * @param \OCP\Share\IShare $share + * @param IShare $share * @throws ShareNotFound * @throws \InvalidArgumentException */ - public function deleteShare(\OCP\Share\IShare $share) { - + public function deleteShare(IShare $share) { try { $share->getFullId(); } catch (\UnexpectedValueException $e) { - throw new \InvalidArgumentException('Share does not have a full id'); - } - - $formatHookParams = function(\OCP\Share\IShare $share) { - // Prepare hook - $shareType = $share->getShareType(); - $sharedWith = ''; - if ($shareType === \OCP\Share::SHARE_TYPE_USER) { - $sharedWith = $share->getSharedWith(); - } else if ($shareType === \OCP\Share::SHARE_TYPE_GROUP) { - $sharedWith = $share->getSharedWith(); - } else if ($shareType === \OCP\Share::SHARE_TYPE_REMOTE) { - $sharedWith = $share->getSharedWith(); - } - - $hookParams = [ - 'id' => $share->getId(), - 'itemType' => $share->getNodeType(), - 'itemSource' => $share->getNodeId(), - 'shareType' => $shareType, - 'shareWith' => $sharedWith, - 'itemparent' => method_exists($share, 'getParent') ? $share->getParent() : '', - 'uidOwner' => $share->getSharedBy(), - 'fileSource' => $share->getNodeId(), - 'fileTarget' => $share->getTarget() - ]; - return $hookParams; - }; - - $hookParams = $formatHookParams($share); + throw new \InvalidArgumentException($this->l->t('Share does not have a full ID')); + } - // Emit pre-hook - \OC_Hook::emit('OCP\Share', 'pre_unshare', $hookParams); + $this->dispatcher->dispatchTyped(new BeforeShareDeletedEvent($share)); // Get all children and delete them as well - $deletedShares = $this->deleteChildren($share); + $this->deleteChildren($share); // Do the actual delete $provider = $this->factory->getProviderForType($share->getShareType()); $provider->delete($share); - // All the deleted shares caused by this delete - $deletedShares[] = $share; + $this->dispatcher->dispatchTyped(new ShareDeletedEvent($share)); - //Format hook info - $formattedDeletedShares = array_map(function($share) use ($formatHookParams) { - return $formatHookParams($share); - }, $deletedShares); - - $hookParams['deletedShares'] = $formattedDeletedShares; - - // Emit post hook - \OC_Hook::emit('OCP\Share', 'post_unshare', $hookParams); + // Promote reshares of the deleted share + $this->promoteReshares($share); } @@ -814,109 +1153,166 @@ class Manager implements IManager { * the users in a groups deletes that share. But the provider should * handle this. * - * @param \OCP\Share\IShare $share + * @param IShare $share * @param string $recipientId */ - public function deleteFromSelf(\OCP\Share\IShare $share, $recipientId) { - list($providerId, ) = $this->splitFullId($share->getId()); + public function deleteFromSelf(IShare $share, $recipientId) { + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); $provider->deleteFromSelf($share, $recipientId); + $event = new ShareDeletedFromSelfEvent($share); + $this->dispatcher->dispatchTyped($event); + } + + public function restoreShare(IShare $share, string $recipientId): IShare { + [$providerId,] = $this->splitFullId($share->getFullId()); + $provider = $this->factory->getProvider($providerId); + + return $provider->restore($share, $recipientId); } /** * @inheritdoc */ - public function moveShare(\OCP\Share\IShare $share, $recipientId) { - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { - throw new \InvalidArgumentException('Can\'t change target of link share'); + public function moveShare(IShare $share, $recipientId) { + if ($share->getShareType() === IShare::TYPE_LINK + || $share->getShareType() === IShare::TYPE_EMAIL) { + throw new \InvalidArgumentException($this->l->t('Cannot change target of link share')); } - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && $share->getSharedWith() !== $recipientId) { - throw new \InvalidArgumentException('Invalid recipient'); + if ($share->getShareType() === IShare::TYPE_USER && $share->getSharedWith() !== $recipientId) { + throw new \InvalidArgumentException($this->l->t('Invalid share recipient')); } - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { + if ($share->getShareType() === IShare::TYPE_GROUP) { $sharedWith = $this->groupManager->get($share->getSharedWith()); + if (is_null($sharedWith)) { + throw new \InvalidArgumentException($this->l->t('Group "%s" does not exist', [$share->getSharedWith()])); + } $recipient = $this->userManager->get($recipientId); if (!$sharedWith->inGroup($recipient)) { - throw new \InvalidArgumentException('Invalid recipient'); + throw new \InvalidArgumentException($this->l->t('Invalid share recipient')); } } - list($providerId, ) = $this->splitFullId($share->getId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); - $provider->move($share, $recipientId); + return $provider->move($share, $recipientId); + } + + public function getSharesInFolder($userId, Folder $node, $reshares = false, $shallow = true) { + $providers = $this->factory->getAllProviders(); + if (!$shallow) { + throw new \Exception('non-shallow getSharesInFolder is no longer supported'); + } + + $isOwnerless = $node->getMountPoint() instanceof IShareOwnerlessMount; + + $shares = []; + foreach ($providers as $provider) { + if ($isOwnerless) { + // If the provider does not implement the additional interface, + // we lack a performant way of querying all shares and therefore ignore the provider. + if ($provider instanceof IShareProviderSupportsAllSharesInFolder) { + foreach ($provider->getAllSharesInFolder($node) as $fid => $data) { + $shares[$fid] ??= []; + $shares[$fid] = array_merge($shares[$fid], $data); + } + } + } else { + foreach ($provider->getSharesInFolder($userId, $node, $reshares) as $fid => $data) { + $shares[$fid] ??= []; + $shares[$fid] = array_merge($shares[$fid], $data); + } + } + } + + return $shares; } /** * @inheritdoc */ - public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0) { - if ($path !== null && - !($path instanceof \OCP\Files\File) && - !($path instanceof \OCP\Files\Folder)) { - throw new \InvalidArgumentException('invalid path'); + public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0, bool $onlyValid = true) { + if ($path !== null + && !($path instanceof \OCP\Files\File) + && !($path instanceof \OCP\Files\Folder)) { + throw new \InvalidArgumentException($this->l->t('Invalid path')); } - $provider = $this->factory->getProviderForType($shareType); + try { + $provider = $this->factory->getProviderForType($shareType); + } catch (ProviderException $e) { + return []; + } - $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset); + if ($path?->getMountPoint() instanceof IShareOwnerlessMount) { + $shares = array_filter($provider->getSharesByPath($path), static fn (IShare $share) => $share->getShareType() === $shareType); + } else { + $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset); + } /* * Work around so we don't return expired shares but still follow * proper pagination. */ - if ($shareType === \OCP\Share::SHARE_TYPE_LINK) { - $shares2 = []; - $today = new \DateTime(); - - while(true) { - $added = 0; - foreach ($shares as $share) { - // Check if the share is expired and if so delete it - if ($share->getExpirationDate() !== null && - $share->getExpirationDate() <= $today - ) { - try { - $this->deleteShare($share); - } catch (NotFoundException $e) { - //Ignore since this basically means the share is deleted - } - continue; - } - $added++; - $shares2[] = $share; - if (count($shares2) === $limit) { - break; + $shares2 = []; + + while (true) { + $added = 0; + foreach ($shares as $share) { + if ($onlyValid) { + try { + $this->checkShare($share); + } catch (ShareNotFound $e) { + // Ignore since this basically means the share is deleted + continue; } } + $added++; + $shares2[] = $share; + if (count($shares2) === $limit) { break; } + } - // If there was no limit on the select we are done - if ($limit === -1) { - break; - } + // If we did not fetch more shares than the limit then there are no more shares + if (count($shares) < $limit) { + break; + } - $offset += $added; + if (count($shares2) === $limit) { + break; + } - // Fetch again $limit shares - $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset); + // If there was no limit on the select we are done + if ($limit === -1) { + break; + } - // No more shares means we are done - if (empty($shares)) { - break; - } + $offset += $added; + + // Fetch again $limit shares + if ($path?->getMountPoint() instanceof IShareOwnerlessMount) { + // We already fetched all shares, so end here + $shares = []; + } else { + $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset); } - $shares = $shares2; + // No more shares means we are done + if (empty($shares)) { + break; + } } + $shares = $shares2; + return $shares; } @@ -924,30 +1320,65 @@ class Manager implements IManager { * @inheritdoc */ public function getSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) { - $provider = $this->factory->getProviderForType($shareType); + try { + $provider = $this->factory->getProviderForType($shareType); + } catch (ProviderException $e) { + return []; + } + + $shares = $provider->getSharedWith($userId, $shareType, $node, $limit, $offset); + + // remove all shares which are already expired + foreach ($shares as $key => $share) { + try { + $this->checkShare($share); + } catch (ShareNotFound $e) { + unset($shares[$key]); + } + } - return $provider->getSharedWith($userId, $shareType, $node, $limit, $offset); + return $shares; } /** * @inheritdoc */ - public function getShareById($id, $recipient = null) { + public function getDeletedSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) { + $shares = $this->getSharedWith($userId, $shareType, $node, $limit, $offset); + + // Only get deleted shares + $shares = array_filter($shares, function (IShare $share) { + return $share->getPermissions() === 0; + }); + + // Only get shares where the owner still exists + $shares = array_filter($shares, function (IShare $share) { + return $this->userManager->userExists($share->getShareOwner()); + }); + + return $shares; + } + + /** + * @inheritdoc + */ + public function getShareById($id, $recipient = null, bool $onlyValid = true) { if ($id === null) { throw new ShareNotFound(); } - list($providerId, $id) = $this->splitFullId($id); - $provider = $this->factory->getProvider($providerId); + [$providerId, $id] = $this->splitFullId($id); + + try { + $provider = $this->factory->getProvider($providerId); + } catch (ProviderException $e) { + throw new ShareNotFound(); + } $share = $provider->getShareById($id, $recipient); - // Validate link shares expiration date - if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK && - $share->getExpirationDate() !== null && - $share->getExpirationDate() <= new \DateTime()) { - $this->deleteShare($share); - throw new ShareNotFound(); + if ($onlyValid) { + $this->checkShare($share); } return $share; @@ -962,45 +1393,127 @@ class Manager implements IManager { * * @return Share[] */ - public function getSharesByPath(\OCP\Files\Node $path, $page=0, $perPage=50) { + public function getSharesByPath(\OCP\Files\Node $path, $page = 0, $perPage = 50) { + return []; } /** * Get the share by token possible with password * * @param string $token - * @return Share + * @return IShare * * @throws ShareNotFound */ public function getShareByToken($token) { - $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_LINK); + // tokens cannot be valid local user names + if ($this->userManager->userExists($token)) { + throw new ShareNotFound(); + } + $share = null; + try { + if ($this->shareApiAllowLinks()) { + $provider = $this->factory->getProviderForType(IShare::TYPE_LINK); + $share = $provider->getShareByToken($token); + } + } catch (ProviderException $e) { + } catch (ShareNotFound $e) { + } - $share = $provider->getShareByToken($token); - if ($share->getExpirationDate() !== null && - $share->getExpirationDate() <= new \DateTime()) { - $this->deleteShare($share); - throw new ShareNotFound(); + // If it is not a link share try to fetch a federated share by token + if ($share === null) { + try { + $provider = $this->factory->getProviderForType(IShare::TYPE_REMOTE); + $share = $provider->getShareByToken($token); + } catch (ProviderException $e) { + } catch (ShareNotFound $e) { + } + } + + // If it is not a link share try to fetch a mail share by token + if ($share === null && $this->shareProviderExists(IShare::TYPE_EMAIL)) { + try { + $provider = $this->factory->getProviderForType(IShare::TYPE_EMAIL); + $share = $provider->getShareByToken($token); + } catch (ProviderException $e) { + } catch (ShareNotFound $e) { + } + } + + if ($share === null && $this->shareProviderExists(IShare::TYPE_CIRCLE)) { + try { + $provider = $this->factory->getProviderForType(IShare::TYPE_CIRCLE); + $share = $provider->getShareByToken($token); + } catch (ProviderException $e) { + } catch (ShareNotFound $e) { + } + } + + if ($share === null && $this->shareProviderExists(IShare::TYPE_ROOM)) { + try { + $provider = $this->factory->getProviderForType(IShare::TYPE_ROOM); + $share = $provider->getShareByToken($token); + } catch (ProviderException $e) { + } catch (ShareNotFound $e) { + } + } + + if ($share === null) { + throw new ShareNotFound($this->l->t('The requested share does not exist anymore')); + } + + $this->checkShare($share); + + /* + * Reduce the permissions for link or email shares if public upload is not enabled + */ + if (($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL) + && $share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload()) { + $share->setPermissions($share->getPermissions() & ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)); } return $share; } /** + * Check expire date and disabled owner + * + * @throws ShareNotFound + */ + protected function checkShare(IShare $share): void { + if ($share->isExpired()) { + $this->deleteShare($share); + throw new ShareNotFound($this->l->t('The requested share does not exist anymore')); + } + if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'no') === 'yes') { + $uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]); + foreach ($uids as $uid) { + $user = $this->userManager->get($uid); + if ($user?->isEnabled() === false) { + throw new ShareNotFound($this->l->t('The requested share comes from a disabled user')); + } + } + } + } + + /** * Verify the password of a public share * - * @param \OCP\Share\IShare $share - * @param string $password + * @param IShare $share + * @param ?string $password * @return bool */ - public function checkPassword(\OCP\Share\IShare $share, $password) { - if ($share->getShareType() !== \OCP\Share::SHARE_TYPE_LINK) { - //TODO maybe exception? + public function checkPassword(IShare $share, $password) { + + // if there is no password on the share object / passsword is null, there is nothing to check + if ($password === null || $share->getPassword() === null) { return false; } - if ($password === null || $share->getPassword() === null) { + // Makes sure password hasn't expired + $expirationTime = $share->getPasswordExpirationTime(); + if ($expirationTime !== null && $expirationTime < new \DateTime()) { return false; } @@ -1019,38 +1532,201 @@ class Manager implements IManager { } /** + * @inheritdoc + */ + public function userDeleted($uid) { + $types = [IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK, IShare::TYPE_REMOTE, IShare::TYPE_EMAIL]; + + foreach ($types as $type) { + try { + $provider = $this->factory->getProviderForType($type); + } catch (ProviderException $e) { + continue; + } + $provider->userDeleted($uid, $type); + } + } + + /** + * @inheritdoc + */ + public function groupDeleted($gid) { + foreach ([IShare::TYPE_GROUP, IShare::TYPE_REMOTE_GROUP] as $type) { + try { + $provider = $this->factory->getProviderForType($type); + } catch (ProviderException $e) { + continue; + } + $provider->groupDeleted($gid); + } + + $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); + if ($excludedGroups === '') { + return; + } + + $excludedGroups = json_decode($excludedGroups, true); + if (json_last_error() !== JSON_ERROR_NONE) { + return; + } + + $excludedGroups = array_diff($excludedGroups, [$gid]); + $this->config->setAppValue('core', 'shareapi_exclude_groups_list', json_encode($excludedGroups)); + } + + /** + * @inheritdoc + */ + public function userDeletedFromGroup($uid, $gid) { + foreach ([IShare::TYPE_GROUP, IShare::TYPE_REMOTE_GROUP] as $type) { + try { + $provider = $this->factory->getProviderForType($type); + } catch (ProviderException $e) { + continue; + } + $provider->userDeletedFromGroup($uid, $gid); + } + } + + /** * Get access list to a path. This means - * all the users and groups that can access a given path. + * all the users that can access a given path. * * Consider: * -root - * |-folder1 - * |-folder2 - * |-fileA + * |-folder1 (23) + * |-folder2 (32) + * |-fileA (42) * - * fileA is shared with user1 - * folder2 is shared with group2 - * folder1 is shared with user2 + * fileA is shared with user1 and user1@server1 and email1@maildomain1 + * folder2 is shared with group2 (user4 is a member of group2) + * folder1 is shared with user2 (renamed to "folder (1)") and user2@server2 + * and email2@maildomain2 * - * Then the access list will to '/folder1/folder2/fileA' is: + * Then the access list to '/folder1/folder2/fileA' with $currentAccess is: * [ - * 'users' => ['user1', 'user2'], - * 'groups' => ['group2'] + * users => [ + * 'user1' => ['node_id' => 42, 'node_path' => '/fileA'], + * 'user4' => ['node_id' => 32, 'node_path' => '/folder2'], + * 'user2' => ['node_id' => 23, 'node_path' => '/folder (1)'], + * ], + * remote => [ + * 'user1@server1' => ['node_id' => 42, 'token' => 'SeCr3t'], + * 'user2@server2' => ['node_id' => 23, 'token' => 'FooBaR'], + * ], + * public => bool + * mail => [ + * 'email1@maildomain1' => ['node_id' => 42, 'token' => 'aBcDeFg'], + * 'email2@maildomain2' => ['node_id' => 23, 'token' => 'hIjKlMn'], + * ] * ] * - * This is required for encryption + * The access list to '/folder1/folder2/fileA' **without** $currentAccess is: + * [ + * users => ['user1', 'user2', 'user4'], + * remote => bool, + * public => bool + * mail => ['email1@maildomain1', 'email2@maildomain2'] + * ] + * + * This is required for encryption/activity * * @param \OCP\Files\Node $path + * @param bool $recursive Should we check all parent folders as well + * @param bool $currentAccess Ensure the recipient has access to the file (e.g. did not unshare it) + * @return array */ - public function getAccessList(\OCP\Files\Node $path) { + public function getAccessList(\OCP\Files\Node $path, $recursive = true, $currentAccess = false) { + $owner = $path->getOwner(); + + if ($owner === null) { + return []; + } + + $owner = $owner->getUID(); + + if ($currentAccess) { + $al = ['users' => [], 'remote' => [], 'public' => false, 'mail' => []]; + } else { + $al = ['users' => [], 'remote' => false, 'public' => false, 'mail' => []]; + } + if (!$this->userManager->userExists($owner)) { + return $al; + } + + //Get node for the owner and correct the owner in case of external storage + $userFolder = $this->rootFolder->getUserFolder($owner); + if ($path->getId() !== $userFolder->getId() && !$userFolder->isSubNode($path)) { + $path = $userFolder->getFirstNodeById($path->getId()); + if ($path === null || $path->getOwner() === null) { + return []; + } + $owner = $path->getOwner()->getUID(); + } + + $providers = $this->factory->getAllProviders(); + + /** @var Node[] $nodes */ + $nodes = []; + + + if ($currentAccess) { + $ownerPath = $path->getPath(); + $ownerPath = explode('/', $ownerPath, 4); + if (count($ownerPath) < 4) { + $ownerPath = ''; + } else { + $ownerPath = $ownerPath[3]; + } + $al['users'][$owner] = [ + 'node_id' => $path->getId(), + 'node_path' => '/' . $ownerPath, + ]; + } else { + $al['users'][] = $owner; + } + + // Collect all the shares + while ($path->getPath() !== $userFolder->getPath()) { + $nodes[] = $path; + if (!$recursive) { + break; + } + $path = $path->getParent(); + } + + foreach ($providers as $provider) { + $tmp = $provider->getAccessList($nodes, $currentAccess); + + foreach ($tmp as $k => $v) { + if (isset($al[$k])) { + if (is_array($al[$k])) { + if ($currentAccess) { + $al[$k] += $v; + } else { + $al[$k] = array_merge($al[$k], $v); + $al[$k] = array_unique($al[$k]); + $al[$k] = array_values($al[$k]); + } + } else { + $al[$k] = $al[$k] || $v; + } + } else { + $al[$k] = $v; + } + } + } + + return $al; } /** * Create a new share - * @return \OCP\Share\IShare; + * + * @return IShare */ public function newShare() { - return new \OC\Share20\Share($this->rootFolder); + return new \OC\Share20\Share($this->rootFolder, $this->userManager); } /** @@ -1068,20 +1744,45 @@ class Manager implements IManager { * @return bool */ public function shareApiAllowLinks() { - return $this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes'; + if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') { + return false; + } + + $user = $this->userSession->getUser(); + if ($user) { + $excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]')); + if ($excludedGroups) { + $userGroups = $this->groupManager->getUserGroupIds($user); + return !(bool)array_intersect($excludedGroups, $userGroups); + } + } + + return true; } /** * Is password on public link requires * + * @param bool Check group membership exclusion * @return bool */ - public function shareApiLinkEnforcePassword() { - return $this->config->getAppValue('core', 'shareapi_enforce_links_password', 'no') === 'yes'; + public function shareApiLinkEnforcePassword(bool $checkGroupMembership = true) { + $excludedGroups = $this->config->getAppValue('core', 'shareapi_enforce_links_password_excluded_groups', ''); + if ($excludedGroups !== '' && $checkGroupMembership) { + $excludedGroups = json_decode($excludedGroups); + $user = $this->userSession->getUser(); + if ($user) { + $userGroups = $this->groupManager->getUserGroupIds($user); + if ((bool)array_intersect($excludedGroups, $userGroups)) { + return false; + } + } + } + return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_LINK_PASSWORD_ENFORCED); } /** - * Is default expire date enabled + * Is default link expire date enabled * * @return bool */ @@ -1090,18 +1791,20 @@ class Manager implements IManager { } /** - * Is default expire date enforced + * Is default link expire date enforced *` + * * @return bool */ public function shareApiLinkDefaultExpireDateEnforced() { - return $this->shareApiLinkDefaultExpireDate() && - $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes'; + return $this->shareApiLinkDefaultExpireDate() + && $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes'; } + /** - * Number of default expire days - *shareApiLinkAllowPublicUpload + * Number of default link expire days + * * @return int */ public function shareApiLinkDefaultExpireDays() { @@ -1109,6 +1812,62 @@ class Manager implements IManager { } /** + * Is default internal expire date enabled + * + * @return bool + */ + public function shareApiInternalDefaultExpireDate(): bool { + return $this->config->getAppValue('core', 'shareapi_default_internal_expire_date', 'no') === 'yes'; + } + + /** + * Is default remote expire date enabled + * + * @return bool + */ + public function shareApiRemoteDefaultExpireDate(): bool { + return $this->config->getAppValue('core', 'shareapi_default_remote_expire_date', 'no') === 'yes'; + } + + /** + * Is default expire date enforced + * + * @return bool + */ + public function shareApiInternalDefaultExpireDateEnforced(): bool { + return $this->shareApiInternalDefaultExpireDate() + && $this->config->getAppValue('core', 'shareapi_enforce_internal_expire_date', 'no') === 'yes'; + } + + /** + * Is default expire date enforced for remote shares + * + * @return bool + */ + public function shareApiRemoteDefaultExpireDateEnforced(): bool { + return $this->shareApiRemoteDefaultExpireDate() + && $this->config->getAppValue('core', 'shareapi_enforce_remote_expire_date', 'no') === 'yes'; + } + + /** + * Number of default expire days + * + * @return int + */ + public function shareApiInternalDefaultExpireDays(): int { + return (int)$this->config->getAppValue('core', 'shareapi_internal_expire_after_n_days', '7'); + } + + /** + * Number of default expire days for remote shares + * + * @return int + */ + public function shareApiRemoteDefaultExpireDays(): int { + return (int)$this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7'); + } + + /** * Allow public upload on link shares * * @return bool @@ -1119,6 +1878,7 @@ class Manager implements IManager { /** * check if user can only share with group members + * * @return bool */ public function shareWithGroupMembersOnly() { @@ -1126,49 +1886,181 @@ class Manager implements IManager { } /** - * Check if users can share with groups - * @return bool + * If shareWithGroupMembersOnly is enabled, return an optional + * list of groups that must be excluded from the principle of + * belonging to the same group. + * + * @return array */ - public function allowGroupSharing() { - return $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes'; + public function shareWithGroupMembersOnlyExcludeGroupsList() { + if (!$this->shareWithGroupMembersOnly()) { + return []; + } + $excludeGroups = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', ''); + return json_decode($excludeGroups, true) ?? []; } /** - * Copied from \OC_Util::isSharingDisabledForUser - * - * TODO: Deprecate fuction from OC_Util + * Check if users can share with groups * - * @param string $userId * @return bool */ - public function sharingDisabledForUser($userId) { - if ($this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') { - $groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); - $excludedGroups = json_decode($groupsList); - if (is_null($excludedGroups)) { - $excludedGroups = explode(',', $groupsList); - $newValue = json_encode($excludedGroups); - $this->config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue); - } - $user = $this->userManager->get($userId); - $usersGroups = $this->groupManager->getUserGroupIds($user); - if (!empty($usersGroups)) { - $remainingGroups = array_diff($usersGroups, $excludedGroups); - // if the user is only in groups which are disabled for sharing then - // sharing is also disabled for the user - if (empty($remainingGroups)) { - return true; - } + public function allowGroupSharing() { + return $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes'; + } + + public function allowEnumeration(): bool { + return $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; + } + + public function limitEnumerationToGroups(): bool { + return $this->allowEnumeration() + && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; + } + + public function limitEnumerationToPhone(): bool { + return $this->allowEnumeration() + && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; + } + + public function allowEnumerationFullMatch(): bool { + return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; + } + + public function matchEmail(): bool { + return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes'; + } + + public function ignoreSecondDisplayName(): bool { + return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes'; + } + + public function allowCustomTokens(): bool { + return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_CUSTOM_TOKEN); + } + + public function allowViewWithoutDownload(): bool { + return $this->appConfig->getValueBool('core', 'shareapi_allow_view_without_download', true); + } + + public function currentUserCanEnumerateTargetUser(?IUser $currentUser, IUser $targetUser): bool { + if ($this->allowEnumerationFullMatch()) { + return true; + } + + if (!$this->allowEnumeration()) { + return false; + } + + if (!$this->limitEnumerationToPhone() && !$this->limitEnumerationToGroups()) { + // Enumeration is enabled and not restricted: OK + return true; + } + + if (!$currentUser instanceof IUser) { + // Enumeration restrictions require an account + return false; + } + + // Enumeration is limited to phone match + if ($this->limitEnumerationToPhone() && $this->knownUserService->isKnownToUser($currentUser->getUID(), $targetUser->getUID())) { + return true; + } + + // Enumeration is limited to groups + if ($this->limitEnumerationToGroups()) { + $currentUserGroupIds = $this->groupManager->getUserGroupIds($currentUser); + $targetUserGroupIds = $this->groupManager->getUserGroupIds($targetUser); + if (!empty(array_intersect($currentUserGroupIds, $targetUserGroupIds))) { + return true; } } + return false; } /** + * Check if sharing is disabled for the current user + */ + public function sharingDisabledForUser(?string $userId): bool { + return $this->shareDisableChecker->sharingDisabledForUser($userId); + } + + /** * @inheritdoc */ public function outgoingServer2ServerSharesAllowed() { return $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'yes'; } + /** + * @inheritdoc + */ + public function outgoingServer2ServerGroupSharesAllowed() { + return $this->config->getAppValue('files_sharing', 'outgoing_server2server_group_share_enabled', 'no') === 'yes'; + } + + /** + * @inheritdoc + */ + public function shareProviderExists($shareType) { + try { + $this->factory->getProviderForType($shareType); + } catch (ProviderException $e) { + return false; + } + + return true; + } + + public function registerShareProvider(string $shareProviderClass): void { + $this->factory->registerProvider($shareProviderClass); + } + + public function getAllShares(): iterable { + $providers = $this->factory->getAllProviders(); + + foreach ($providers as $provider) { + yield from $provider->getAllShares(); + } + } + + public function generateToken(): string { + // Initial token length + $tokenLength = \OC\Share\Helper::getTokenLength(); + + do { + $tokenExists = false; + + for ($i = 0; $i <= 2; $i++) { + // Generate a new token + $token = $this->secureRandom->generate( + $tokenLength, + ISecureRandom::CHAR_HUMAN_READABLE, + ); + + try { + // Try to fetch a share with the generated token + $this->getShareByToken($token); + $tokenExists = true; // Token exists, we need to try again + } catch (ShareNotFound $e) { + // Token is unique, exit the loop + $tokenExists = false; + break; + } + } + + // If we've reached the maximum attempts and the token still exists, increase the token length + if ($tokenExists) { + $tokenLength++; + + // Check if the token length exceeds the maximum allowed length + if ($tokenLength > \OC\Share\Constants::MAX_TOKEN_LENGTH) { + throw new ShareTokenException('Unable to generate a unique share token. Maximum token length exceeded.'); + } + } + } while ($tokenExists); + + return $token; + } } diff --git a/lib/private/Share20/ProviderFactory.php b/lib/private/Share20/ProviderFactory.php index 4cb1ac71a88..d920edfd90e 100644 --- a/lib/private/Share20/ProviderFactory.php +++ b/lib/private/Share20/ProviderFactory.php @@ -1,34 +1,25 @@ <?php + +declare(strict_types=1); + /** - * @author Lukas Reschke <lukas@owncloud.com> - * @author Roeland Jago Douma <rullzer@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OC\Share20; -use OCA\FederatedFileSharing\AddressHandler; -use OCA\FederatedFileSharing\DiscoveryManager; +use OC\Share20\Exception\ProviderException; use OCA\FederatedFileSharing\FederatedShareProvider; -use OCA\FederatedFileSharing\Notifications; -use OCA\FederatedFileSharing\TokenHandler; +use OCA\ShareByMail\ShareByMailProvider; +use OCA\Talk\Share\RoomShareProvider; +use OCP\App\IAppManager; +use OCP\Server; use OCP\Share\IProviderFactory; -use OC\Share20\Exception\ProviderException; -use OCP\IServerContainer; +use OCP\Share\IShare; +use OCP\Share\IShareProvider; +use Psr\Log\LoggerInterface; /** * Class ProviderFactory @@ -36,88 +27,102 @@ use OCP\IServerContainer; * @package OC\Share20 */ class ProviderFactory implements IProviderFactory { + private ?DefaultShareProvider $defaultProvider = null; + private ?FederatedShareProvider $federatedProvider = null; + private ?ShareByMailProvider $shareByMailProvider = null; + /** + * @psalm-suppress UndefinedDocblockClass + * @var ?RoomShareProvider + */ + private $roomShareProvider = null; + + private array $registeredShareProviders = []; - /** @var IServerContainer */ - private $serverContainer; - /** @var DefaultShareProvider */ - private $defaultProvider = null; - /** @var FederatedShareProvider */ - private $federatedProvider = null; + private array $shareProviders = []; + + public function __construct( + protected IAppManager $appManager, + protected LoggerInterface $logger, + ) { + } + + public function registerProvider(string $shareProviderClass): void { + $this->registeredShareProviders[] = $shareProviderClass; + } /** - * IProviderFactory constructor. - * @param IServerContainer $serverContainer + * Create the default share provider. */ - public function __construct(IServerContainer $serverContainer) { - $this->serverContainer = $serverContainer; + protected function defaultShareProvider(): DefaultShareProvider { + return Server::get(DefaultShareProvider::class); } /** - * Create the default share provider. - * - * @return DefaultShareProvider + * Create the federated share provider */ - protected function defaultShareProvider() { - if ($this->defaultProvider === null) { - $this->defaultProvider = new DefaultShareProvider( - $this->serverContainer->getDatabaseConnection(), - $this->serverContainer->getUserManager(), - $this->serverContainer->getGroupManager(), - $this->serverContainer->getRootFolder() - ); + protected function federatedShareProvider(): ?FederatedShareProvider { + if ($this->federatedProvider === null) { + /* + * Check if the app is enabled + */ + if (!$this->appManager->isEnabledForUser('federatedfilesharing')) { + return null; + } + + $this->federatedProvider = Server::get(FederatedShareProvider::class); } - return $this->defaultProvider; + return $this->federatedProvider; } /** * Create the federated share provider - * - * @return FederatedShareProvider */ - protected function federatedShareProvider() { - if ($this->federatedProvider === null) { + protected function getShareByMailProvider(): ?ShareByMailProvider { + if ($this->shareByMailProvider === null) { /* * Check if the app is enabled */ - $appManager = $this->serverContainer->getAppManager(); - if (!$appManager->isEnabledForUser('federatedfilesharing')) { + if (!$this->appManager->isEnabledForUser('sharebymail')) { return null; } + $this->shareByMailProvider = Server::get(ShareByMailProvider::class); + } + + return $this->shareByMailProvider; + } + + /** + * Create the room share provider + * + * @psalm-suppress UndefinedDocblockClass + * @return ?RoomShareProvider + */ + protected function getRoomShareProvider() { + if ($this->roomShareProvider === null) { /* - * TODO: add factory to federated sharing app + * Check if the app is enabled */ - $l = $this->serverContainer->getL10N('federatedfilessharing'); - $addressHandler = new AddressHandler( - $this->serverContainer->getURLGenerator(), - $l - ); - $discoveryManager = new DiscoveryManager( - $this->serverContainer->getMemCacheFactory(), - $this->serverContainer->getHTTPClientService() - ); - $notifications = new Notifications( - $addressHandler, - $this->serverContainer->getHTTPClientService(), - $discoveryManager - ); - $tokenHandler = new TokenHandler( - $this->serverContainer->getSecureRandom() - ); - - $this->federatedProvider = new FederatedShareProvider( - $this->serverContainer->getDatabaseConnection(), - $addressHandler, - $notifications, - $tokenHandler, - $l, - $this->serverContainer->getLogger(), - $this->serverContainer->getRootFolder() - ); + if (!$this->appManager->isEnabledForUser('spreed')) { + return null; + } + + try { + /** + * @psalm-suppress UndefinedClass + */ + $this->roomShareProvider = Server::get(RoomShareProvider::class); + } catch (\Throwable $e) { + $this->logger->error( + $e->getMessage(), + ['exception' => $e] + ); + return null; + } } - return $this->federatedProvider; + return $this->roomShareProvider; } /** @@ -125,10 +130,35 @@ class ProviderFactory implements IProviderFactory { */ public function getProvider($id) { $provider = null; + if (isset($this->shareProviders[$id])) { + return $this->shareProviders[$id]; + } + if ($id === 'ocinternal') { $provider = $this->defaultShareProvider(); - } else if ($id === 'ocFederatedSharing') { + } elseif ($id === 'ocFederatedSharing') { $provider = $this->federatedShareProvider(); + } elseif ($id === 'ocMailShare') { + $provider = $this->getShareByMailProvider(); + } elseif ($id === 'ocRoomShare') { + $provider = $this->getRoomShareProvider(); + } + + foreach ($this->registeredShareProviders as $shareProvider) { + try { + /** @var IShareProvider $instance */ + $instance = Server::get($shareProvider); + $this->shareProviders[$instance->identifier()] = $instance; + } catch (\Throwable $e) { + $this->logger->error( + $e->getMessage(), + ['exception' => $e] + ); + } + } + + if (isset($this->shareProviders[$id])) { + $provider = $this->shareProviders[$id]; } if ($provider === null) { @@ -144,20 +174,64 @@ class ProviderFactory implements IProviderFactory { public function getProviderForType($shareType) { $provider = null; - //FIXME we should not report type 2 - if ($shareType === \OCP\Share::SHARE_TYPE_USER || - $shareType === 2 || - $shareType === \OCP\Share::SHARE_TYPE_GROUP || - $shareType === \OCP\Share::SHARE_TYPE_LINK) { + if ($shareType === IShare::TYPE_USER + || $shareType === IShare::TYPE_GROUP + || $shareType === IShare::TYPE_LINK + ) { $provider = $this->defaultShareProvider(); - } else if ($shareType === \OCP\Share::SHARE_TYPE_REMOTE) { + } elseif ($shareType === IShare::TYPE_REMOTE || $shareType === IShare::TYPE_REMOTE_GROUP) { $provider = $this->federatedShareProvider(); + } elseif ($shareType === IShare::TYPE_EMAIL) { + $provider = $this->getShareByMailProvider(); + } elseif ($shareType === IShare::TYPE_CIRCLE) { + $provider = $this->getProvider('ocCircleShare'); + } elseif ($shareType === IShare::TYPE_ROOM) { + $provider = $this->getRoomShareProvider(); + } elseif ($shareType === IShare::TYPE_DECK) { + $provider = $this->getProvider('deck'); + } elseif ($shareType === IShare::TYPE_SCIENCEMESH) { + $provider = $this->getProvider('sciencemesh'); } + if ($provider === null) { throw new ProviderException('No share provider for share type ' . $shareType); } return $provider; } + + public function getAllProviders() { + $shares = [$this->defaultShareProvider(), $this->federatedShareProvider()]; + $shareByMail = $this->getShareByMailProvider(); + if ($shareByMail !== null) { + $shares[] = $shareByMail; + } + $roomShare = $this->getRoomShareProvider(); + if ($roomShare !== null) { + $shares[] = $roomShare; + } + + foreach ($this->registeredShareProviders as $shareProvider) { + try { + /** @var IShareProvider $instance */ + $instance = Server::get($shareProvider); + } catch (\Throwable $e) { + $this->logger->error( + $e->getMessage(), + ['exception' => $e] + ); + continue; + } + + if (!isset($this->shareProviders[$instance->identifier()])) { + $this->shareProviders[$instance->identifier()] = $instance; + } + $shares[] = $this->shareProviders[$instance->identifier()]; + } + + + + return $shares; + } } diff --git a/lib/private/Share20/PublicShareTemplateFactory.php b/lib/private/Share20/PublicShareTemplateFactory.php new file mode 100644 index 00000000000..34dd9b13b61 --- /dev/null +++ b/lib/private/Share20/PublicShareTemplateFactory.php @@ -0,0 +1,47 @@ +<?php + +declare(strict_types=1); +/** + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use Exception; +use OC\AppFramework\Bootstrap\Coordinator; +use OCA\Files_Sharing\DefaultPublicShareTemplateProvider; +use OCP\Server; +use OCP\Share\IPublicShareTemplateFactory; +use OCP\Share\IPublicShareTemplateProvider; +use OCP\Share\IShare; + +class PublicShareTemplateFactory implements IPublicShareTemplateFactory { + public function __construct( + private Coordinator $coordinator, + private DefaultPublicShareTemplateProvider $defaultProvider, + ) { + } + + public function getProvider(IShare $share): IPublicShareTemplateProvider { + $context = $this->coordinator->getRegistrationContext(); + if ($context === null) { + throw new Exception("Can't retrieve public share template providers as context is not defined"); + } + + $providers = array_map( + fn ($registration) => Server::get($registration->getService()), + $context->getPublicShareTemplateProviders() + ); + + $filteredProviders = array_filter( + $providers, + fn (IPublicShareTemplateProvider $provider) => $provider->shouldRespond($share) + ); + + if (count($filteredProviders) === 0) { + return $this->defaultProvider; + } else { + return array_shift($filteredProviders); + } + } +} diff --git a/lib/private/Share20/Share.php b/lib/private/Share20/Share.php index c361f01216f..571efc8c4be 100644 --- a/lib/private/Share20/Share.php +++ b/lib/private/Share20/Share.php @@ -1,35 +1,26 @@ <?php + /** - * @author Roeland Jago Douma <rullzer@owncloud.com> - * - * @copyright Copyright (c) 2016, ownCloud, Inc. - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20; +use OCP\Files\Cache\ICacheEntry; use OCP\Files\File; +use OCP\Files\FileInfo; use OCP\Files\IRootFolder; use OCP\Files\Node; use OCP\Files\NotFoundException; -use OCP\IUser; -use OCP\IGroup; +use OCP\IUserManager; +use OCP\Server; use OCP\Share\Exceptions\IllegalIDChangeException; +use OCP\Share\IAttributes; +use OCP\Share\IManager; +use OCP\Share\IShare; -class Share implements \OCP\Share\IShare { - +class Share implements IShare { /** @var string */ private $id; /** @var string */ @@ -45,42 +36,62 @@ class Share implements \OCP\Share\IShare { /** @var string */ private $sharedWith; /** @var string */ + private $sharedWithDisplayName; + /** @var string */ + private $sharedWithAvatar; + /** @var string */ private $sharedBy; /** @var string */ private $shareOwner; /** @var int */ private $permissions; + /** @var IAttributes */ + private $attributes; + /** @var int */ + private $status; + /** @var string */ + private $note = ''; /** @var \DateTime */ private $expireDate; /** @var string */ private $password; + private ?\DateTimeInterface $passwordExpirationTime = null; + /** @var bool */ + private $sendPasswordByTalk = false; /** @var string */ private $token; - /** @var int */ - private $parent; + private ?int $parent = null; /** @var string */ private $target; /** @var \DateTime */ private $shareTime; /** @var bool */ private $mailSend; + /** @var ICacheEntry|null */ + private $nodeCacheEntry; + /** @var bool */ + private $hideDownload = false; + private bool $reminderSent = false; - /** @var IRootFolder */ - private $rootFolder; + private string $label = ''; + private bool $noExpirationDate = false; - public function __construct(IRootFolder $rootFolder) { - $this->rootFolder = $rootFolder; + public function __construct( + private IRootFolder $rootFolder, + private IUserManager $userManager, + ) { } /** * @inheritdoc */ public function setId($id) { + /** @var mixed $id Let's be safe until strong typing */ if (is_int($id)) { $id = (string)$id; } - if(!is_string($id)) { + if (!is_string($id)) { throw new \InvalidArgumentException('String expected.'); } @@ -113,7 +124,7 @@ class Share implements \OCP\Share\IShare { * @inheritdoc */ public function setProviderId($id) { - if(!is_string($id)) { + if (!is_string($id)) { throw new \InvalidArgumentException('String expected.'); } @@ -140,19 +151,24 @@ class Share implements \OCP\Share\IShare { */ public function getNode() { if ($this->node === null) { - if ($this->shareOwner === null || $this->fileId === null) { throw new NotFoundException(); } - $userFolder = $this->rootFolder->getUserFolder($this->shareOwner); + // for federated shares the owner can be a remote user, in this + // case we use the initiator + if ($this->userManager->userExists($this->shareOwner)) { + $userFolder = $this->rootFolder->getUserFolder($this->shareOwner); + } else { + $userFolder = $this->rootFolder->getUserFolder($this->sharedBy); + } - $nodes = $userFolder->getById($this->fileId); - if (empty($nodes)) { - throw new NotFoundException(); + $node = $userFolder->getFirstNodeById($this->fileId); + if (!$node) { + throw new NotFoundException('Node for share not found, fileid: ' . $this->fileId); } - $this->node = $nodes[0]; + $this->node = $node; } return $this->node; @@ -170,12 +186,16 @@ class Share implements \OCP\Share\IShare { /** * @inheritdoc */ - public function getNodeId() { + public function getNodeId(): int { if ($this->fileId === null) { $this->fileId = $this->getNode()->getId(); } - return $this->fileId; + if ($this->fileId === null) { + throw new NotFoundException('Share source not found'); + } else { + return $this->fileId; + } } /** @@ -195,8 +215,13 @@ class Share implements \OCP\Share\IShare { */ public function getNodeType() { if ($this->nodeType === null) { - $node = $this->getNode(); - $this->nodeType = $node instanceof File ? 'file' : 'folder'; + if ($this->getNodeCacheEntry()) { + $info = $this->getNodeCacheEntry(); + $this->nodeType = $info->getMimeType() === FileInfo::MIMETYPE_FOLDER ? 'folder' : 'file'; + } else { + $node = $this->getNode(); + $this->nodeType = $node instanceof File ? 'file' : 'folder'; + } } return $this->nodeType; @@ -238,8 +263,44 @@ class Share implements \OCP\Share\IShare { /** * @inheritdoc */ + public function setSharedWithDisplayName($displayName) { + if (!is_string($displayName)) { + throw new \InvalidArgumentException(); + } + $this->sharedWithDisplayName = $displayName; + return $this; + } + + /** + * @inheritdoc + */ + public function getSharedWithDisplayName() { + return $this->sharedWithDisplayName; + } + + /** + * @inheritdoc + */ + public function setSharedWithAvatar($src) { + if (!is_string($src)) { + throw new \InvalidArgumentException(); + } + $this->sharedWithAvatar = $src; + return $this; + } + + /** + * @inheritdoc + */ + public function getSharedWithAvatar() { + return $this->sharedWithAvatar; + } + + /** + * @inheritdoc + */ public function setPermissions($permissions) { - //TODO checkes + //TODO checks $this->permissions = $permissions; return $this; @@ -255,6 +316,76 @@ class Share implements \OCP\Share\IShare { /** * @inheritdoc */ + public function newAttributes(): IAttributes { + return new ShareAttributes(); + } + + /** + * @inheritdoc + */ + public function setAttributes(?IAttributes $attributes) { + $this->attributes = $attributes; + return $this; + } + + /** + * @inheritdoc + */ + public function getAttributes(): ?IAttributes { + return $this->attributes; + } + + /** + * @inheritdoc + */ + public function setStatus(int $status): IShare { + $this->status = $status; + return $this; + } + + /** + * @inheritdoc + */ + public function getStatus(): int { + return $this->status; + } + + /** + * @inheritdoc + */ + public function setNote($note) { + $this->note = $note; + return $this; + } + + /** + * @inheritdoc + */ + public function getNote() { + if (is_string($this->note)) { + return $this->note; + } + return ''; + } + + /** + * @inheritdoc + */ + public function setLabel($label) { + $this->label = $label; + return $this; + } + + /** + * @inheritdoc + */ + public function getLabel() { + return $this->label; + } + + /** + * @inheritdoc + */ public function setExpirationDate($expireDate) { //TODO checks @@ -272,6 +403,29 @@ class Share implements \OCP\Share\IShare { /** * @inheritdoc */ + public function setNoExpirationDate(bool $noExpirationDate) { + $this->noExpirationDate = $noExpirationDate; + return $this; + } + + /** + * @inheritdoc + */ + public function getNoExpirationDate(): bool { + return $this->noExpirationDate; + } + + /** + * @inheritdoc + */ + public function isExpired() { + return $this->getExpirationDate() !== null + && $this->getExpirationDate() <= new \DateTime(); + } + + /** + * @inheritdoc + */ public function setSharedBy($sharedBy) { if (!is_string($sharedBy)) { throw new \InvalidArgumentException(); @@ -329,6 +483,36 @@ class Share implements \OCP\Share\IShare { /** * @inheritdoc */ + public function setPasswordExpirationTime(?\DateTimeInterface $passwordExpirationTime = null): IShare { + $this->passwordExpirationTime = $passwordExpirationTime; + return $this; + } + + /** + * @inheritdoc + */ + public function getPasswordExpirationTime(): ?\DateTimeInterface { + return $this->passwordExpirationTime; + } + + /** + * @inheritdoc + */ + public function setSendPasswordByTalk(bool $sendPasswordByTalk) { + $this->sendPasswordByTalk = $sendPasswordByTalk; + return $this; + } + + /** + * @inheritdoc + */ + public function getSendPasswordByTalk(): bool { + return $this->sendPasswordByTalk; + } + + /** + * @inheritdoc + */ public function setToken($token) { $this->token = $token; return $this; @@ -341,25 +525,12 @@ class Share implements \OCP\Share\IShare { return $this->token; } - /** - * Set the parent of this share - * - * @param int parent - * @return \OCP\Share\IShare - * @deprecated The new shares do not have parents. This is just here for legacy reasons. - */ - public function setParent($parent) { + public function setParent(int $parent): self { $this->parent = $parent; return $this; } - /** - * Get the parent of this share. - * - * @return int - * @deprecated The new shares do not have parents. This is just here for legacy reasons. - */ - public function getParent() { + public function getParent(): ?int { return $this->parent; } @@ -407,4 +578,55 @@ class Share implements \OCP\Share\IShare { public function getMailSend() { return $this->mailSend; } + + /** + * @inheritdoc + */ + public function setNodeCacheEntry(ICacheEntry $entry) { + $this->nodeCacheEntry = $entry; + } + + /** + * @inheritdoc + */ + public function getNodeCacheEntry() { + return $this->nodeCacheEntry; + } + + public function setHideDownload(bool $hide): IShare { + $this->hideDownload = $hide; + return $this; + } + + public function getHideDownload(): bool { + return $this->hideDownload; + } + + public function setReminderSent(bool $reminderSent): IShare { + $this->reminderSent = $reminderSent; + return $this; + } + + public function getReminderSent(): bool { + return $this->reminderSent; + } + + public function canSeeContent(): bool { + $shareManager = Server::get(IManager::class); + + $allowViewWithoutDownload = $shareManager->allowViewWithoutDownload(); + // If the share manager allows viewing without download, we can always see the content. + if ($allowViewWithoutDownload) { + return true; + } + + // No "allow preview" header set, so we must check if + // the share has not explicitly disabled download permissions + $attributes = $this->getAttributes(); + if ($attributes?->getAttribute('permissions', 'download') === false) { + return false; + } + + return true; + } } diff --git a/lib/private/Share20/ShareAttributes.php b/lib/private/Share20/ShareAttributes.php new file mode 100644 index 00000000000..f90fbd9c6cd --- /dev/null +++ b/lib/private/Share20/ShareAttributes.php @@ -0,0 +1,59 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2019-2022 ownCloud GmbH + * SPDX-License-Identifier: AGPL-3.0-only + */ +namespace OC\Share20; + +use OCP\Share\IAttributes; + +class ShareAttributes implements IAttributes { + /** @var array */ + private $attributes; + + public function __construct() { + $this->attributes = []; + } + + /** + * @inheritdoc + */ + public function setAttribute(string $scope, string $key, mixed $value): IAttributes { + if (!\array_key_exists($scope, $this->attributes)) { + $this->attributes[$scope] = []; + } + $this->attributes[$scope][$key] = $value; + return $this; + } + + /** + * @inheritdoc + */ + public function getAttribute(string $scope, string $key): mixed { + if (\array_key_exists($scope, $this->attributes) + && \array_key_exists($key, $this->attributes[$scope])) { + return $this->attributes[$scope][$key]; + } + return null; + } + + /** + * @inheritdoc + */ + public function toArray(): array { + $result = []; + foreach ($this->attributes as $scope => $keys) { + foreach ($keys as $key => $value) { + $result[] = [ + 'scope' => $scope, + 'key' => $key, + 'value' => $value, + ]; + } + } + + return $result; + } +} diff --git a/lib/private/Share20/ShareDisableChecker.php b/lib/private/Share20/ShareDisableChecker.php new file mode 100644 index 00000000000..8cf523b8b31 --- /dev/null +++ b/lib/private/Share20/ShareDisableChecker.php @@ -0,0 +1,80 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use OCP\Cache\CappedMemoryCache; +use OCP\IConfig; +use OCP\IGroupManager; +use OCP\IUserManager; + +/** + * split of from the share manager to allow using it with minimal DI + */ +class ShareDisableChecker { + private CappedMemoryCache $sharingDisabledForUsersCache; + + public function __construct( + private IConfig $config, + private IUserManager $userManager, + private IGroupManager $groupManager, + ) { + $this->sharingDisabledForUsersCache = new CappedMemoryCache(); + } + + public function sharingDisabledForUser(?string $userId): bool { + if ($userId === null) { + return false; + } + + if (isset($this->sharingDisabledForUsersCache[$userId])) { + return $this->sharingDisabledForUsersCache[$userId]; + } + + $excludeGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no'); + + if ($excludeGroups && $excludeGroups !== 'no') { + $groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); + $excludedGroups = json_decode($groupsList); + if (is_null($excludedGroups)) { + $excludedGroups = explode(',', $groupsList); + $newValue = json_encode($excludedGroups); + $this->config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue); + } + $user = $this->userManager->get($userId); + if (!$user) { + return false; + } + $usersGroups = $this->groupManager->getUserGroupIds($user); + if ($excludeGroups !== 'allow') { + if (!empty($usersGroups)) { + $remainingGroups = array_diff($usersGroups, $excludedGroups); + // if the user is only in groups which are disabled for sharing then + // sharing is also disabled for the user + if (empty($remainingGroups)) { + $this->sharingDisabledForUsersCache[$userId] = true; + return true; + } + } + } else { + if (!empty($usersGroups)) { + $remainingGroups = array_intersect($usersGroups, $excludedGroups); + // if the user is in any group which is allowed for sharing then + // sharing is also allowed for the user + if (!empty($remainingGroups)) { + $this->sharingDisabledForUsersCache[$userId] = false; + return false; + } + } + $this->sharingDisabledForUsersCache[$userId] = true; + return true; + } + } + + $this->sharingDisabledForUsersCache[$userId] = false; + return false; + } +} diff --git a/lib/private/Share20/ShareHelper.php b/lib/private/Share20/ShareHelper.php new file mode 100644 index 00000000000..3f6bab98a7f --- /dev/null +++ b/lib/private/Share20/ShareHelper.php @@ -0,0 +1,200 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use OCP\Files\InvalidPathException; +use OCP\Files\Node; +use OCP\Files\NotFoundException; +use OCP\Files\NotPermittedException; +use OCP\Share\IManager; +use OCP\Share\IShareHelper; + +class ShareHelper implements IShareHelper { + /** @var IManager */ + private $shareManager; + + public function __construct(IManager $shareManager) { + $this->shareManager = $shareManager; + } + + /** + * @param Node $node + * @return array [ users => [Mapping $uid => $pathForUser], remotes => [Mapping $cloudId => $pathToMountRoot]] + */ + public function getPathsForAccessList(Node $node) { + $result = [ + 'users' => [], + 'remotes' => [], + ]; + + $accessList = $this->shareManager->getAccessList($node, true, true); + if (!empty($accessList['users'])) { + $result['users'] = $this->getPathsForUsers($node, $accessList['users']); + } + if (!empty($accessList['remote'])) { + $result['remotes'] = $this->getPathsForRemotes($node, $accessList['remote']); + } + + return $result; + } + + /** + * Sample: + * $users = [ + * 'test1' => ['node_id' => 16, 'node_path' => '/foo'], + * 'test2' => ['node_id' => 23, 'node_path' => '/bar'], + * 'test3' => ['node_id' => 42, 'node_path' => '/cat'], + * 'test4' => ['node_id' => 48, 'node_path' => '/dog'], + * ]; + * + * Node tree: + * - SixTeen is the parent of TwentyThree + * - TwentyThree is the parent of FortyTwo + * - FortyEight does not exist + * + * $return = [ + * 'test1' => '/foo/TwentyThree/FortyTwo', + * 'test2' => '/bar/FortyTwo', + * 'test3' => '/cat', + * ], + * + * @param Node $node + * @param array[] $users + * @return array + */ + protected function getPathsForUsers(Node $node, array $users) { + /** @var array[] $byId */ + $byId = []; + /** @var array[] $results */ + $results = []; + + foreach ($users as $uid => $info) { + if (!isset($byId[$info['node_id']])) { + $byId[$info['node_id']] = []; + } + $byId[$info['node_id']][$uid] = $info['node_path']; + } + + try { + if (isset($byId[$node->getId()])) { + foreach ($byId[$node->getId()] as $uid => $path) { + $results[$uid] = $path; + } + unset($byId[$node->getId()]); + } + } catch (NotFoundException $e) { + return $results; + } catch (InvalidPathException $e) { + return $results; + } + + if (empty($byId)) { + return $results; + } + + $item = $node; + $appendix = '/' . $node->getName(); + while (!empty($byId)) { + try { + /** @var Node $item */ + $item = $item->getParent(); + + if (!empty($byId[$item->getId()])) { + foreach ($byId[$item->getId()] as $uid => $path) { + $results[$uid] = $path . $appendix; + } + unset($byId[$item->getId()]); + } + + $appendix = '/' . $item->getName() . $appendix; + } catch (NotFoundException $e) { + return $results; + } catch (InvalidPathException $e) { + return $results; + } catch (NotPermittedException $e) { + return $results; + } + } + + return $results; + } + + /** + * Sample: + * $remotes = [ + * 'test1' => ['node_id' => 16, 'token' => 't1'], + * 'test2' => ['node_id' => 23, 'token' => 't2'], + * 'test3' => ['node_id' => 42, 'token' => 't3'], + * 'test4' => ['node_id' => 48, 'token' => 't4'], + * ]; + * + * Node tree: + * - SixTeen is the parent of TwentyThree + * - TwentyThree is the parent of FortyTwo + * - FortyEight does not exist + * + * $return = [ + * 'test1' => ['token' => 't1', 'node_path' => '/SixTeen'], + * 'test2' => ['token' => 't2', 'node_path' => '/SixTeen/TwentyThree'], + * 'test3' => ['token' => 't3', 'node_path' => '/SixTeen/TwentyThree/FortyTwo'], + * ], + * + * @param Node $node + * @param array[] $remotes + * @return array + */ + protected function getPathsForRemotes(Node $node, array $remotes) { + /** @var array[] $byId */ + $byId = []; + /** @var array[] $results */ + $results = []; + + foreach ($remotes as $cloudId => $info) { + if (!isset($byId[$info['node_id']])) { + $byId[$info['node_id']] = []; + } + $byId[$info['node_id']][$cloudId] = $info['token']; + } + + $item = $node; + while (!empty($byId)) { + try { + if (!empty($byId[$item->getId()])) { + $path = $this->getMountedPath($item); + foreach ($byId[$item->getId()] as $uid => $token) { + $results[$uid] = [ + 'node_path' => $path, + 'token' => $token, + ]; + } + unset($byId[$item->getId()]); + } + + /** @var Node $item */ + $item = $item->getParent(); + } catch (NotFoundException $e) { + return $results; + } catch (InvalidPathException $e) { + return $results; + } catch (NotPermittedException $e) { + return $results; + } + } + + return $results; + } + + /** + * @param Node $node + * @return string + */ + protected function getMountedPath(Node $node) { + $path = $node->getPath(); + $sections = explode('/', $path, 4); + return '/' . $sections[3]; + } +} diff --git a/lib/private/Share20/UserDeletedListener.php b/lib/private/Share20/UserDeletedListener.php new file mode 100644 index 00000000000..e0e091454b0 --- /dev/null +++ b/lib/private/Share20/UserDeletedListener.php @@ -0,0 +1,32 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\Share\IManager; +use OCP\User\Events\UserDeletedEvent; + +/** + * @template-implements IEventListener<UserDeletedEvent> + */ +class UserDeletedListener implements IEventListener { + public function __construct( + protected IManager $shareManager, + ) { + } + + public function handle(Event $event): void { + if (!$event instanceof UserDeletedEvent) { + return; + } + + $this->shareManager->userDeleted($event->getUser()->getUID()); + } +} diff --git a/lib/private/Share20/UserRemovedListener.php b/lib/private/Share20/UserRemovedListener.php new file mode 100644 index 00000000000..f06c945b591 --- /dev/null +++ b/lib/private/Share20/UserRemovedListener.php @@ -0,0 +1,34 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\Group\Events\UserRemovedEvent; +use OCP\Share\IManager; + +/** + * @template-implements IEventListener<UserRemovedEvent> + */ +class UserRemovedListener implements IEventListener { + /** @var IManager */ + protected $shareManager; + + public function __construct(IManager $shareManager) { + $this->shareManager = $shareManager; + } + + public function handle(Event $event): void { + if (!$event instanceof UserRemovedEvent) { + return; + } + + $this->shareManager->userDeletedFromGroup($event->getUser()->getUID(), $event->getGroup()->getGID()); + } +} |