diff options
Diffstat (limited to 'lib/private/Share20')
-rw-r--r-- | lib/private/Share20/Exception/BackendError.php | 1 | ||||
-rw-r--r-- | lib/private/Share20/Exception/InvalidShare.php | 1 | ||||
-rw-r--r-- | lib/private/Share20/LegacyHooks.php | 7 | ||||
-rw-r--r-- | lib/private/Share20/Manager.php | 68 | ||||
-rw-r--r-- | lib/private/Share20/ProviderFactory.php | 6 | ||||
-rw-r--r-- | lib/private/Share20/Share.php | 25 | ||||
-rw-r--r-- | lib/private/Share20/ShareAttributes.php | 4 | ||||
-rw-r--r-- | lib/private/Share20/ShareHelper.php | 1 |
8 files changed, 71 insertions, 42 deletions
diff --git a/lib/private/Share20/Exception/BackendError.php b/lib/private/Share20/Exception/BackendError.php index 60f7dcc1a17..b2585367727 100644 --- a/lib/private/Share20/Exception/BackendError.php +++ b/lib/private/Share20/Exception/BackendError.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. diff --git a/lib/private/Share20/Exception/InvalidShare.php b/lib/private/Share20/Exception/InvalidShare.php index 755efdfd2cc..8756455f9d2 100644 --- a/lib/private/Share20/Exception/InvalidShare.php +++ b/lib/private/Share20/Exception/InvalidShare.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. diff --git a/lib/private/Share20/LegacyHooks.php b/lib/private/Share20/LegacyHooks.php index 99c2b0a9a87..3bce0b9560a 100644 --- a/lib/private/Share20/LegacyHooks.php +++ b/lib/private/Share20/LegacyHooks.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -69,9 +70,9 @@ class LegacyHooks { // Prepare hook $shareType = $share->getShareType(); $sharedWith = ''; - if ($shareType === IShare::TYPE_USER || - $shareType === IShare::TYPE_GROUP || - $shareType === IShare::TYPE_REMOTE) { + if ($shareType === IShare::TYPE_USER + || $shareType === IShare::TYPE_GROUP + || $shareType === IShare::TYPE_REMOTE) { $sharedWith = $share->getSharedWith(); } diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 2104c07593a..01664c6a0a3 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -182,8 +182,8 @@ class Manager implements IManager { } // Cannot share with yourself - if ($share->getShareType() === IShare::TYPE_USER && - $share->getSharedWith() === $share->getSharedBy()) { + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $share->getSharedBy()) { throw new \InvalidArgumentException($this->l->t('Cannot share with yourself')); } @@ -193,8 +193,8 @@ class Manager implements IManager { } // And it should be a file or a folder - if (!($share->getNode() instanceof \OCP\Files\File) && - !($share->getNode() instanceof \OCP\Files\Folder)) { + if (!($share->getNode() instanceof \OCP\Files\File) + && !($share->getNode() instanceof \OCP\Files\Folder)) { throw new \InvalidArgumentException($this->l->t('Shared path must be either a file or a folder')); } @@ -251,8 +251,8 @@ class Manager implements IManager { // Link shares are allowed to have no read permissions to allow upload to hidden folders $noReadPermissionRequired = $share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL; - if (!$noReadPermissionRequired && - ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { + if (!$noReadPermissionRequired + && ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { throw new \InvalidArgumentException($this->l->t('Shares need at least read permissions')); } @@ -561,8 +561,8 @@ class Manager implements IManager { } // Check if public upload is allowed - if ($share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload() && - ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) { + if ($share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload() + && ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) { throw new \InvalidArgumentException($this->l->t('Public upload is not allowed')); } } @@ -698,8 +698,8 @@ class Manager implements IManager { } // Cannot share with the owner - if ($share->getShareType() === IShare::TYPE_USER && - $share->getSharedWith() === $share->getShareOwner()) { + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $share->getShareOwner()) { throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner')); } @@ -791,14 +791,14 @@ class Manager implements IManager { } // We can only change the recipient on user shares - if ($share->getSharedWith() !== $originalShare->getSharedWith() && - $share->getShareType() !== IShare::TYPE_USER) { + if ($share->getSharedWith() !== $originalShare->getSharedWith() + && $share->getShareType() !== IShare::TYPE_USER) { throw new \InvalidArgumentException($this->l->t('Can only update recipient on user shares')); } // Cannot share with the owner - if ($share->getShareType() === IShare::TYPE_USER && - $share->getSharedWith() === $share->getShareOwner()) { + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $share->getShareOwner()) { throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner')); } @@ -949,11 +949,11 @@ class Manager implements IManager { * @return boolean whether the password was updated or not. */ private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) { - $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) && - (($share->getPassword() !== null && $originalShare->getPassword() === null) || - ($share->getPassword() === null && $originalShare->getPassword() !== null) || - ($share->getPassword() !== null && $originalShare->getPassword() !== null && - !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); + $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) + && (($share->getPassword() !== null && $originalShare->getPassword() === null) + || ($share->getPassword() === null && $originalShare->getPassword() !== null) + || ($share->getPassword() !== null && $originalShare->getPassword() !== null + && !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); // Password updated. if ($passwordsAreDifferent) { @@ -1237,9 +1237,9 @@ class Manager implements IManager { * @inheritdoc */ public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0, bool $onlyValid = true) { - if ($path !== null && - !($path instanceof \OCP\Files\File) && - !($path instanceof \OCP\Files\Folder)) { + if ($path !== null + && !($path instanceof \OCP\Files\File) + && !($path instanceof \OCP\Files\Folder)) { throw new \InvalidArgumentException($this->l->t('Invalid path')); } @@ -1798,8 +1798,8 @@ class Manager implements IManager { * @return bool */ public function shareApiLinkDefaultExpireDateEnforced() { - return $this->shareApiLinkDefaultExpireDate() && - $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes'; + return $this->shareApiLinkDefaultExpireDate() + && $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes'; } @@ -1836,8 +1836,8 @@ class Manager implements IManager { * @return bool */ public function shareApiInternalDefaultExpireDateEnforced(): bool { - return $this->shareApiInternalDefaultExpireDate() && - $this->config->getAppValue('core', 'shareapi_enforce_internal_expire_date', 'no') === 'yes'; + return $this->shareApiInternalDefaultExpireDate() + && $this->config->getAppValue('core', 'shareapi_enforce_internal_expire_date', 'no') === 'yes'; } /** @@ -1846,8 +1846,8 @@ class Manager implements IManager { * @return bool */ public function shareApiRemoteDefaultExpireDateEnforced(): bool { - return $this->shareApiRemoteDefaultExpireDate() && - $this->config->getAppValue('core', 'shareapi_enforce_remote_expire_date', 'no') === 'yes'; + return $this->shareApiRemoteDefaultExpireDate() + && $this->config->getAppValue('core', 'shareapi_enforce_remote_expire_date', 'no') === 'yes'; } /** @@ -1915,13 +1915,13 @@ class Manager implements IManager { } public function limitEnumerationToGroups(): bool { - return $this->allowEnumeration() && - $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; + return $this->allowEnumeration() + && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; } public function limitEnumerationToPhone(): bool { - return $this->allowEnumeration() && - $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; + return $this->allowEnumeration() + && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; } public function allowEnumerationFullMatch(): bool { @@ -1940,6 +1940,10 @@ class Manager implements IManager { return $this->appConfig->getValueBool('core', 'shareapi_allow_custom_tokens', false); } + public function allowViewWithoutDownload(): bool { + return $this->appConfig->getValueBool('core', 'shareapi_allow_view_without_download', true); + } + public function currentUserCanEnumerateTargetUser(?IUser $currentUser, IUser $targetUser): bool { if ($this->allowEnumerationFullMatch()) { return true; diff --git a/lib/private/Share20/ProviderFactory.php b/lib/private/Share20/ProviderFactory.php index eba3f4f26f1..d920edfd90e 100644 --- a/lib/private/Share20/ProviderFactory.php +++ b/lib/private/Share20/ProviderFactory.php @@ -174,9 +174,9 @@ class ProviderFactory implements IProviderFactory { public function getProviderForType($shareType) { $provider = null; - if ($shareType === IShare::TYPE_USER || - $shareType === IShare::TYPE_GROUP || - $shareType === IShare::TYPE_LINK + if ($shareType === IShare::TYPE_USER + || $shareType === IShare::TYPE_GROUP + || $shareType === IShare::TYPE_LINK ) { $provider = $this->defaultShareProvider(); } elseif ($shareType === IShare::TYPE_REMOTE || $shareType === IShare::TYPE_REMOTE_GROUP) { diff --git a/lib/private/Share20/Share.php b/lib/private/Share20/Share.php index 466817efc9a..8caabb0898a 100644 --- a/lib/private/Share20/Share.php +++ b/lib/private/Share20/Share.php @@ -14,8 +14,10 @@ use OCP\Files\IRootFolder; use OCP\Files\Node; use OCP\Files\NotFoundException; use OCP\IUserManager; +use OCP\Server; use OCP\Share\Exceptions\IllegalIDChangeException; use OCP\Share\IAttributes; +use OCP\Share\IManager; use OCP\Share\IShare; class Share implements IShare { @@ -418,8 +420,8 @@ class Share implements IShare { * @inheritdoc */ public function isExpired() { - return $this->getExpirationDate() !== null && - $this->getExpirationDate() <= new \DateTime(); + return $this->getExpirationDate() !== null + && $this->getExpirationDate() <= new \DateTime(); } /** @@ -622,4 +624,23 @@ class Share implements IShare { public function getReminderSent(): bool { return $this->reminderSent; } + + public function canSeeContent(): bool { + $shareManager = Server::get(IManager::class); + + $allowViewWithoutDownload = $shareManager->allowViewWithoutDownload(); + // If the share manager allows viewing without download, we can always see the content. + if ($allowViewWithoutDownload) { + return true; + } + + // No "allow preview" header set, so we must check if + // the share has not explicitly disabled download permissions + $attributes = $this->getAttributes(); + if ($attributes?->getAttribute('permissions', 'download') === false) { + return false; + } + + return true; + } } diff --git a/lib/private/Share20/ShareAttributes.php b/lib/private/Share20/ShareAttributes.php index 96da1e336e3..f90fbd9c6cd 100644 --- a/lib/private/Share20/ShareAttributes.php +++ b/lib/private/Share20/ShareAttributes.php @@ -32,8 +32,8 @@ class ShareAttributes implements IAttributes { * @inheritdoc */ public function getAttribute(string $scope, string $key): mixed { - if (\array_key_exists($scope, $this->attributes) && - \array_key_exists($key, $this->attributes[$scope])) { + if (\array_key_exists($scope, $this->attributes) + && \array_key_exists($key, $this->attributes[$scope])) { return $this->attributes[$scope][$key]; } return null; diff --git a/lib/private/Share20/ShareHelper.php b/lib/private/Share20/ShareHelper.php index d4a54f1d687..3f6bab98a7f 100644 --- a/lib/private/Share20/ShareHelper.php +++ b/lib/private/Share20/ShareHelper.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later |