diff options
Diffstat (limited to 'lib/private/Share20')
| -rw-r--r-- | lib/private/Share20/DefaultShareProvider.php | 748 | ||||
| -rw-r--r-- | lib/private/Share20/Exception/BackendError.php | 22 | ||||
| -rw-r--r-- | lib/private/Share20/Exception/InvalidShare.php | 22 | ||||
| -rw-r--r-- | lib/private/Share20/Exception/ProviderException.php | 22 | ||||
| -rw-r--r-- | lib/private/Share20/GroupDeletedListener.php | 32 | ||||
| -rw-r--r-- | lib/private/Share20/Hooks.php | 32 | ||||
| -rw-r--r-- | lib/private/Share20/LegacyHooks.php | 117 | ||||
| -rw-r--r-- | lib/private/Share20/Manager.php | 1127 | ||||
| -rw-r--r-- | lib/private/Share20/ProviderFactory.php | 243 | ||||
| -rw-r--r-- | lib/private/Share20/PublicShareTemplateFactory.php | 22 | ||||
| -rw-r--r-- | lib/private/Share20/Share.php | 137 | ||||
| -rw-r--r-- | lib/private/Share20/ShareAttributes.php | 41 | ||||
| -rw-r--r-- | lib/private/Share20/ShareDisableChecker.php | 80 | ||||
| -rw-r--r-- | lib/private/Share20/ShareHelper.php | 23 | ||||
| -rw-r--r-- | lib/private/Share20/UserDeletedListener.php | 32 | ||||
| -rw-r--r-- | lib/private/Share20/UserRemovedListener.php | 21 |
16 files changed, 1299 insertions, 1422 deletions
diff --git a/lib/private/Share20/DefaultShareProvider.php b/lib/private/Share20/DefaultShareProvider.php index 215b47344b5..5300e6e1baa 100644 --- a/lib/private/Share20/DefaultShareProvider.php +++ b/lib/private/Share20/DefaultShareProvider.php @@ -1,43 +1,20 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Daniel Calviño Sánchez <danxuliu@gmail.com> - * @author Jan-Philipp Litza <jplitza@users.noreply.github.com> - * @author Joas Schilling <coding@schilljs.com> - * @author Julius Härtl <jus@bitgrid.net> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Maxence Lange <maxence@artificial-owl.com> - * @author phisch <git@philippschaffrath.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Vincent Petry <vincent@nextcloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OC\Share20; use OC\Files\Cache\Cache; use OC\Share20\Exception\BackendError; use OC\Share20\Exception\InvalidShare; use OC\Share20\Exception\ProviderException; +use OC\User\LazyUser; +use OCA\Files_Sharing\AppInfo\Application; +use OCP\AppFramework\Utility\ITimeFactory; use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\Defaults; use OCP\Files\Folder; @@ -46,6 +23,7 @@ use OCP\Files\Node; use OCP\IConfig; use OCP\IDBConnection; use OCP\IGroupManager; +use OCP\IL10N; use OCP\IURLGenerator; use OCP\IUser; use OCP\IUserManager; @@ -53,64 +31,34 @@ use OCP\L10N\IFactory; use OCP\Mail\IMailer; use OCP\Share\Exceptions\ShareNotFound; use OCP\Share\IAttributes; +use OCP\Share\IManager; use OCP\Share\IShare; -use OCP\Share\IShareProvider; +use OCP\Share\IShareProviderSupportsAccept; +use OCP\Share\IShareProviderSupportsAllSharesInFolder; +use OCP\Share\IShareProviderWithNotification; +use Psr\Log\LoggerInterface; +use function str_starts_with; /** * Class DefaultShareProvider * * @package OC\Share20 */ -class DefaultShareProvider implements IShareProvider { - // Special share type for user modified group shares - public const SHARE_TYPE_USERGROUP = 2; - - /** @var IDBConnection */ - private $dbConn; - - /** @var IUserManager */ - private $userManager; - - /** @var IGroupManager */ - private $groupManager; - - /** @var IRootFolder */ - private $rootFolder; - - /** @var IMailer */ - private $mailer; - - /** @var Defaults */ - private $defaults; - - /** @var IFactory */ - private $l10nFactory; - - /** @var IURLGenerator */ - private $urlGenerator; - - /** @var IConfig */ - private $config; - +class DefaultShareProvider implements IShareProviderWithNotification, IShareProviderSupportsAccept, IShareProviderSupportsAllSharesInFolder { public function __construct( - IDBConnection $connection, - IUserManager $userManager, - IGroupManager $groupManager, - IRootFolder $rootFolder, - IMailer $mailer, - Defaults $defaults, - IFactory $l10nFactory, - IURLGenerator $urlGenerator, - IConfig $config) { - $this->dbConn = $connection; - $this->userManager = $userManager; - $this->groupManager = $groupManager; - $this->rootFolder = $rootFolder; - $this->mailer = $mailer; - $this->defaults = $defaults; - $this->l10nFactory = $l10nFactory; - $this->urlGenerator = $urlGenerator; - $this->config = $config; + private IDBConnection $dbConn, + private IUserManager $userManager, + private IGroupManager $groupManager, + private IRootFolder $rootFolder, + private IMailer $mailer, + private Defaults $defaults, + private IFactory $l10nFactory, + private IURLGenerator $urlGenerator, + private ITimeFactory $timeFactory, + private LoggerInterface $logger, + private IManager $shareManager, + private IConfig $config, + ) { } /** @@ -136,22 +84,30 @@ class DefaultShareProvider implements IShareProvider { $qb->insert('share'); $qb->setValue('share_type', $qb->createNamedParameter($share->getShareType())); + $expirationDate = $share->getExpirationDate(); + if ($expirationDate !== null) { + $expirationDate = clone $expirationDate; + $expirationDate->setTimezone(new \DateTimeZone(date_default_timezone_get())); + } + if ($share->getShareType() === IShare::TYPE_USER) { //Set the UID of the user we share with $qb->setValue('share_with', $qb->createNamedParameter($share->getSharedWith())); $qb->setValue('accepted', $qb->createNamedParameter(IShare::STATUS_PENDING)); //If an expiration date is set store it - if ($share->getExpirationDate() !== null) { - $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); + if ($expirationDate !== null) { + $qb->setValue('expiration', $qb->createNamedParameter($expirationDate, 'datetime')); } + + $qb->setValue('reminder_sent', $qb->createNamedParameter($share->getReminderSent(), IQueryBuilder::PARAM_BOOL)); } elseif ($share->getShareType() === IShare::TYPE_GROUP) { //Set the GID of the group we share with $qb->setValue('share_with', $qb->createNamedParameter($share->getSharedWith())); //If an expiration date is set store it - if ($share->getExpirationDate() !== null) { - $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); + if ($expirationDate !== null) { + $qb->setValue('expiration', $qb->createNamedParameter($expirationDate, 'datetime')); } } elseif ($share->getShareType() === IShare::TYPE_LINK) { //set label for public link @@ -167,13 +123,11 @@ class DefaultShareProvider implements IShareProvider { $qb->setValue('password_by_talk', $qb->createNamedParameter($share->getSendPasswordByTalk(), IQueryBuilder::PARAM_BOOL)); //If an expiration date is set store it - if ($share->getExpirationDate() !== null) { - $qb->setValue('expiration', $qb->createNamedParameter($share->getExpirationDate(), 'datetime')); + if ($expirationDate !== null) { + $qb->setValue('expiration', $qb->createNamedParameter($expirationDate, 'datetime')); } - if (method_exists($share, 'getParent')) { - $qb->setValue('parent', $qb->createNamedParameter($share->getParent())); - } + $qb->setValue('parent', $qb->createNamedParameter($share->getParent())); $qb->setValue('hide_download', $qb->createNamedParameter($share->getHideDownload() ? 1 : 0, IQueryBuilder::PARAM_INT)); } else { @@ -215,32 +169,22 @@ class DefaultShareProvider implements IShareProvider { } // Set the time this share was created - $qb->setValue('stime', $qb->createNamedParameter(time())); + $shareTime = $this->timeFactory->now(); + $qb->setValue('stime', $qb->createNamedParameter($shareTime->getTimestamp())); // insert the data and fetch the id of the share - $this->dbConn->beginTransaction(); - $qb->execute(); - $id = $this->dbConn->lastInsertId('*PREFIX*share'); + $qb->executeStatement(); - // Now fetch the inserted share and create a complete share object - $qb = $this->dbConn->getQueryBuilder(); - $qb->select('*') - ->from('share') - ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))); - - $cursor = $qb->execute(); - $data = $cursor->fetch(); - $this->dbConn->commit(); - $cursor->closeCursor(); + // Update mandatory data + $id = $qb->getLastInsertId(); + $share->setId((string)$id); + $share->setProviderId($this->identifier()); - if ($data === false) { - throw new ShareNotFound('Newly created share could not be found'); - } + $share->setShareTime(\DateTime::createFromImmutable($shareTime)); $mailSendValue = $share->getMailSend(); - $data['mail_send'] = ($mailSendValue === null) ? true : $mailSendValue; + $share->setMailSend(($mailSendValue === null) ? true : $mailSendValue); - $share = $this->createShare($data); return $share; } @@ -258,6 +202,12 @@ class DefaultShareProvider implements IShareProvider { $shareAttributes = $this->formatShareAttributes($share->getAttributes()); + $expirationDate = $share->getExpirationDate(); + if ($expirationDate !== null) { + $expirationDate = clone $expirationDate; + $expirationDate->setTimezone(new \DateTimeZone(date_default_timezone_get())); + } + if ($share->getShareType() === IShare::TYPE_USER) { /* * We allow updating the recipient on user shares. @@ -272,10 +222,11 @@ class DefaultShareProvider implements IShareProvider { ->set('attributes', $qb->createNamedParameter($shareAttributes)) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) - ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) + ->set('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATETIME_MUTABLE)) ->set('note', $qb->createNamedParameter($share->getNote())) ->set('accepted', $qb->createNamedParameter($share->getStatus())) - ->execute(); + ->set('reminder_sent', $qb->createNamedParameter($share->getReminderSent(), IQueryBuilder::PARAM_BOOL)) + ->executeStatement(); } elseif ($share->getShareType() === IShare::TYPE_GROUP) { $qb = $this->dbConn->getQueryBuilder(); $qb->update('share') @@ -286,9 +237,9 @@ class DefaultShareProvider implements IShareProvider { ->set('attributes', $qb->createNamedParameter($shareAttributes)) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) - ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) + ->set('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATETIME_MUTABLE)) ->set('note', $qb->createNamedParameter($share->getNote())) - ->execute(); + ->executeStatement(); /* * Update all user defined group shares @@ -301,9 +252,9 @@ class DefaultShareProvider implements IShareProvider { ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) - ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) + ->set('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATETIME_MUTABLE)) ->set('note', $qb->createNamedParameter($share->getNote())) - ->execute(); + ->executeStatement(); /* * Now update the permissions for all children that have not set it to 0 @@ -314,7 +265,7 @@ class DefaultShareProvider implements IShareProvider { ->andWhere($qb->expr()->neq('permissions', $qb->createNamedParameter(0))) ->set('permissions', $qb->createNamedParameter($share->getPermissions())) ->set('attributes', $qb->createNamedParameter($shareAttributes)) - ->execute(); + ->executeStatement(); } elseif ($share->getShareType() === IShare::TYPE_LINK) { $qb = $this->dbConn->getQueryBuilder(); $qb->update('share') @@ -328,11 +279,11 @@ class DefaultShareProvider implements IShareProvider { ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('token', $qb->createNamedParameter($share->getToken())) - ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE)) + ->set('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATETIME_MUTABLE)) ->set('note', $qb->createNamedParameter($share->getNote())) ->set('label', $qb->createNamedParameter($share->getLabel())) - ->set('hide_download', $qb->createNamedParameter($share->getHideDownload() ? 1 : 0), IQueryBuilder::PARAM_INT) - ->execute(); + ->set('hide_download', $qb->createNamedParameter($share->getHideDownload() ? 1 : 0, IQueryBuilder::PARAM_INT)) + ->executeStatement(); } if ($originalShare->getNote() !== $share->getNote() && $share->getNote() !== '') { @@ -371,11 +322,8 @@ class DefaultShareProvider implements IShareProvider { ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) - ->execute(); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) + ->executeQuery(); $data = $stmt->fetch(); $stmt->closeCursor(); @@ -403,19 +351,12 @@ class DefaultShareProvider implements IShareProvider { $qb->update('share') ->set('accepted', $qb->createNamedParameter(IShare::STATUS_ACCEPTED)) ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) - ->execute(); + ->executeStatement(); return $share; } - /** - * Get all children of this share - * FIXME: remove once https://github.com/owncloud/core/pull/21660 is in - * - * @param \OCP\Share\IShare $parent - * @return \OCP\Share\IShare[] - */ - public function getChildren(\OCP\Share\IShare $parent) { + public function getChildren(IShare $parent): array { $children = []; $qb = $this->dbConn->getQueryBuilder(); @@ -432,13 +373,10 @@ class DefaultShareProvider implements IShareProvider { ], IQueryBuilder::PARAM_INT_ARRAY) ) ) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) ->orderBy('id'); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); while ($data = $cursor->fetch()) { $children[] = $this->createShare($data); } @@ -465,7 +403,7 @@ class DefaultShareProvider implements IShareProvider { $qb->orWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))); } - $qb->execute(); + $qb->executeStatement(); } /** @@ -498,11 +436,8 @@ class DefaultShareProvider implements IShareProvider { ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) - ->execute(); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) + ->executeQuery(); $data = $stmt->fetch(); @@ -524,7 +459,7 @@ class DefaultShareProvider implements IShareProvider { $qb->update('share') ->set('permissions', $qb->createNamedParameter(0)) ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) - ->execute(); + ->executeStatement(); } } elseif ($share->getShareType() === IShare::TYPE_USER) { if ($share->getSharedWith() !== $recipient) { @@ -541,6 +476,15 @@ class DefaultShareProvider implements IShareProvider { protected function createUserSpecificGroupShare(IShare $share, string $recipient): int { $type = $share->getNodeType(); + $shareFolder = $this->config->getSystemValue('share_folder', '/'); + $allowCustomShareFolder = $this->config->getSystemValueBool('sharing.allow_custom_share_folder', true); + if ($allowCustomShareFolder) { + $shareFolder = $this->config->getUserValue($recipient, Application::APP_ID, 'share_folder', $shareFolder); + } + + $target = $shareFolder . '/' . $share->getNode()->getName(); + $target = \OC\Files\Filesystem::normalizePath($target); + $qb = $this->dbConn->getQueryBuilder(); $qb->insert('share') ->values([ @@ -552,10 +496,10 @@ class DefaultShareProvider implements IShareProvider { 'item_type' => $qb->createNamedParameter($type), 'item_source' => $qb->createNamedParameter($share->getNodeId()), 'file_source' => $qb->createNamedParameter($share->getNodeId()), - 'file_target' => $qb->createNamedParameter($share->getTarget()), + 'file_target' => $qb->createNamedParameter($target), 'permissions' => $qb->createNamedParameter($share->getPermissions()), 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), - ])->execute(); + ])->executeStatement(); return $qb->getLastInsertId(); } @@ -573,7 +517,7 @@ class DefaultShareProvider implements IShareProvider { ->where( $qb->expr()->eq('id', $qb->createNamedParameter($share->getId())) ); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); $data = $cursor->fetch(); $cursor->closeCursor(); @@ -590,7 +534,7 @@ class DefaultShareProvider implements IShareProvider { $qb->expr()->eq('share_with', $qb->createNamedParameter($recipient)) ); - $qb->execute(); + $qb->executeStatement(); return $this->getShareById($share->getId(), $recipient); } @@ -605,7 +549,7 @@ class DefaultShareProvider implements IShareProvider { $qb->update('share') ->set('file_target', $qb->createNamedParameter($share->getTarget())) ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))) - ->execute(); + ->executeStatement(); } elseif ($share->getShareType() === IShare::TYPE_GROUP) { // Check if there is a usergroup share $qb = $this->dbConn->getQueryBuilder(); @@ -614,12 +558,9 @@ class DefaultShareProvider implements IShareProvider { ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($recipient))) ->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) ->setMaxResults(1) - ->execute(); + ->executeQuery(); $data = $stmt->fetch(); $stmt->closeCursor(); @@ -645,14 +586,14 @@ class DefaultShareProvider implements IShareProvider { 'permissions' => $qb->createNamedParameter($share->getPermissions()), 'attributes' => $qb->createNamedParameter($shareAttributes), 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), - ])->execute(); + ])->executeStatement(); } else { // Already a usergroup share. Update it. $qb = $this->dbConn->getQueryBuilder(); $qb->update('share') ->set('file_target', $qb->createNamedParameter($share->getTarget())) ->where($qb->expr()->eq('id', $qb->createNamedParameter($data['id']))) - ->execute(); + ->executeStatement(); } } @@ -660,35 +601,45 @@ class DefaultShareProvider implements IShareProvider { } public function getSharesInFolder($userId, Folder $node, $reshares, $shallow = true) { + if (!$shallow) { + throw new \Exception('non-shallow getSharesInFolder is no longer supported'); + } + + return $this->getSharesInFolderInternal($userId, $node, $reshares); + } + + public function getAllSharesInFolder(Folder $node): array { + return $this->getSharesInFolderInternal(null, $node, null); + } + + /** + * @return array<int, list<IShare>> + */ + private function getSharesInFolderInternal(?string $userId, Folder $node, ?bool $reshares): array { $qb = $this->dbConn->getQueryBuilder(); $qb->select('s.*', 'f.fileid', 'f.path', 'f.permissions AS f_permissions', 'f.storage', 'f.path_hash', 'f.parent AS f_parent', 'f.name', 'f.mimetype', 'f.mimepart', 'f.size', 'f.mtime', 'f.storage_mtime', 'f.encrypted', 'f.unencrypted_size', 'f.etag', 'f.checksum') ->from('share', 's') - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); - $qb->andWhere($qb->expr()->orX( - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)), - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK)) - )); + $qb->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter([IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK], IQueryBuilder::PARAM_INT_ARRAY))); - /** - * Reshares for this user are shares where they are the owner. - */ - if ($reshares === false) { - $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))); - } else { - $qb->andWhere( - $qb->expr()->orX( - $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)), - $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)) - ) - ); + if ($userId !== null) { + /** + * Reshares for this user are shares where they are the owner. + */ + if ($reshares !== true) { + $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))); + } else { + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)), + $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)) + ) + ); + } } // todo? maybe get these from the oc_mounts table @@ -700,21 +651,12 @@ class DefaultShareProvider implements IShareProvider { }, $childMountNodes); $qb->innerJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')); - if ($shallow) { - $qb->andWhere( - $qb->expr()->orX( - $qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())), - $qb->expr()->in('f.fileid', $qb->createParameter('chunk')) - ) - ); - } else { - $qb->andWhere( - $qb->expr()->orX( - $qb->expr()->like('f.path', $qb->createNamedParameter($this->dbConn->escapeLikeParameter($node->getInternalPath()) . '/%')), - $qb->expr()->in('f.fileid', $qb->createParameter('chunk')) - ) - ); - } + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId())), + $qb->expr()->in('f.fileid', $qb->createParameter('chunk')) + ) + ); $qb->orderBy('id'); @@ -746,10 +688,7 @@ class DefaultShareProvider implements IShareProvider { $qb = $this->dbConn->getQueryBuilder(); $qb->select('*') ->from('share') - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter($shareType))); @@ -780,7 +719,7 @@ class DefaultShareProvider implements IShareProvider { $qb->setFirstResult($offset); $qb->orderBy('id'); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); $shares = []; while ($data = $cursor->fetch()) { $shares[] = $this->createShare($data); @@ -809,12 +748,9 @@ class DefaultShareProvider implements IShareProvider { ], IQueryBuilder::PARAM_INT_ARRAY) ) ) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); $data = $cursor->fetch(); $cursor->closeCursor(); @@ -830,7 +766,7 @@ class DefaultShareProvider implements IShareProvider { // If the recipient is set for a group share resolve to that user if ($recipientId !== null && $share->getShareType() === IShare::TYPE_GROUP) { - $share = $this->resolveGroupShares([$share], $recipientId)[0]; + $share = $this->resolveGroupShares([(int)$share->getId() => $share], $recipientId)[0]; } return $share; @@ -848,17 +784,10 @@ class DefaultShareProvider implements IShareProvider { $cursor = $qb->select('*') ->from('share') ->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId()))) - ->andWhere( - $qb->expr()->orX( - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)) - ) - ) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) - ->execute(); + ->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter([IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK], IQueryBuilder::PARAM_INT_ARRAY))) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) + ->orderBy('id', 'ASC') + ->executeQuery(); $shares = []; while ($data = $cursor->fetch()) { @@ -883,7 +812,12 @@ class DefaultShareProvider implements IShareProvider { $pathSections = explode('/', $data['path'], 2); // FIXME: would not detect rare md5'd home storage case properly if ($pathSections[0] !== 'files' - && (strpos($data['storage_string_id'], 'home::') === 0 || strpos($data['storage_string_id'], 'object::user') === 0)) { + && (str_starts_with($data['storage_string_id'], 'home::') || str_starts_with($data['storage_string_id'], 'object::user'))) { + return false; + } elseif ($pathSections[0] === '__groupfolders' + && str_starts_with($pathSections[1], 'trash/') + ) { + // exclude shares leading to trashbin on group folders storages return false; } return true; @@ -920,23 +854,20 @@ class DefaultShareProvider implements IShareProvider { $qb->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); // Filter by node if provided if ($node !== null) { $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); } - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); while ($data = $cursor->fetch()) { if ($data['fileid'] && $data['path'] === null) { - $data['path'] = (string) $data['path']; - $data['name'] = (string) $data['name']; - $data['checksum'] = (string) $data['checksum']; + $data['path'] = (string)$data['path']; + $data['name'] = (string)$data['name']; + $data['checksum'] = (string)$data['checksum']; } if ($this->isAccessibleResult($data)) { $shares[] = $this->createShare($data); @@ -944,8 +875,8 @@ class DefaultShareProvider implements IShareProvider { } $cursor->closeCursor(); } elseif ($shareType === IShare::TYPE_GROUP) { - $user = $this->userManager->get($userId); - $allGroups = ($user instanceof IUser) ? $this->groupManager->getUserGroupIds($user) : []; + $user = new LazyUser($userId, $this->userManager); + $allGroups = $this->groupManager->getUserGroupIds($user); /** @var Share[] $shares2 */ $shares2 = []; @@ -981,7 +912,6 @@ class DefaultShareProvider implements IShareProvider { $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId()))); } - $groups = array_filter($groups); $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) @@ -989,12 +919,9 @@ class DefaultShareProvider implements IShareProvider { $groups, IQueryBuilder::PARAM_STR_ARRAY ))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); while ($data = $cursor->fetch()) { if ($offset > 0) { $offset--; @@ -1002,7 +929,8 @@ class DefaultShareProvider implements IShareProvider { } if ($this->isAccessibleResult($data)) { - $shares2[] = $this->createShare($data); + $share = $this->createShare($data); + $shares2[$share->getId()] = $share; } } $cursor->closeCursor(); @@ -1034,11 +962,8 @@ class DefaultShareProvider implements IShareProvider { ->from('share') ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK))) ->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )) - ->execute(); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))) + ->executeQuery(); $data = $cursor->fetch(); @@ -1056,7 +981,7 @@ class DefaultShareProvider implements IShareProvider { } /** - * Create a share object from an database row + * Create a share object from a database row * * @param mixed[] $data * @return \OCP\Share\IShare @@ -1071,7 +996,7 @@ class DefaultShareProvider implements IShareProvider { ->setNote((string)$data['note']) ->setMailSend((bool)$data['mail_send']) ->setStatus((int)$data['accepted']) - ->setLabel($data['label']); + ->setLabel($data['label'] ?? ''); $shareTime = new \DateTime(); $shareTime->setTimestamp((int)$data['stime']); @@ -1079,9 +1004,9 @@ class DefaultShareProvider implements IShareProvider { if ($share->getShareType() === IShare::TYPE_USER) { $share->setSharedWith($data['share_with']); - $user = $this->userManager->get($data['share_with']); - if ($user !== null) { - $share->setSharedWithDisplayName($user->getDisplayName()); + $displayName = $this->userManager->getDisplayName($data['share_with']); + if ($displayName !== null) { + $share->setSharedWithDisplayName($displayName); } } elseif ($share->getShareType() === IShare::TYPE_GROUP) { $share->setSharedWith($data['share_with']); @@ -1118,66 +1043,46 @@ class DefaultShareProvider implements IShareProvider { $share->setProviderId($this->identifier()); $share->setHideDownload((int)$data['hide_download'] === 1); + $share->setReminderSent((bool)$data['reminder_sent']); return $share; } /** - * @param Share[] $shares + * Update the data from group shares with any per-user modifications + * + * @param array<int, Share> $shareMap shares indexed by share id * @param $userId * @return Share[] The updates shares if no update is found for a share return the original */ - private function resolveGroupShares($shares, $userId) { - $result = []; - - $start = 0; - while (true) { - /** @var Share[] $shareSlice */ - $shareSlice = array_slice($shares, $start, 100); - $start += 100; - - if ($shareSlice === []) { - break; - } - - /** @var int[] $ids */ - $ids = []; - /** @var Share[] $shareMap */ - $shareMap = []; - - foreach ($shareSlice as $share) { - $ids[] = (int)$share->getId(); - $shareMap[$share->getId()] = $share; - } - - $qb = $this->dbConn->getQueryBuilder(); - - $query = $qb->select('*') - ->from('share') - ->where($qb->expr()->in('parent', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY))) - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); + private function resolveGroupShares($shareMap, $userId) { + $qb = $this->dbConn->getQueryBuilder(); + $query = $qb->select('*') + ->from('share') + ->where($qb->expr()->eq('share_with', $qb->createNamedParameter($userId))) + ->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); + + // this is called with either all group shares or one group share. + // for all shares it's easier to just only search by share_with, + // for a single share it's efficient to filter by parent + if (count($shareMap) === 1) { + $share = reset($shareMap); + $query->andWhere($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))); + } - $stmt = $query->execute(); + $stmt = $query->executeQuery(); - while ($data = $stmt->fetch()) { + while ($data = $stmt->fetch()) { + if (array_key_exists($data['parent'], $shareMap)) { $shareMap[$data['parent']]->setPermissions((int)$data['permissions']); $shareMap[$data['parent']]->setStatus((int)$data['accepted']); $shareMap[$data['parent']]->setTarget($data['file_target']); $shareMap[$data['parent']]->setParent($data['parent']); } - - $stmt->closeCursor(); - - foreach ($shareMap as $share) { - $result[] = $share; - } } - return $result; + return array_values($shareMap); } /** @@ -1213,10 +1118,7 @@ class DefaultShareProvider implements IShareProvider { */ $qb->where( $qb->expr()->andX( - $qb->expr()->orX( - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)), - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)) - ), + $qb->expr()->in('share_type', $qb->createNamedParameter([IShare::TYPE_GROUP, IShare::TYPE_USERGROUP], IQueryBuilder::PARAM_INT_ARRAY)), $qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)) ) ); @@ -1241,11 +1143,12 @@ class DefaultShareProvider implements IShareProvider { ) ); } else { - \OC::$server->getLogger()->logException(new \InvalidArgumentException('Default share provider tried to delete all shares for type: ' . $shareType)); + $e = new \InvalidArgumentException('Default share provider tried to delete all shares for type: ' . $shareType); + $this->logger->error($e->getMessage(), ['exception' => $e]); return; } - $qb->execute(); + $qb->executeStatement(); } /** @@ -1264,7 +1167,7 @@ class DefaultShareProvider implements IShareProvider { ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); $ids = []; while ($row = $cursor->fetch()) { $ids[] = (int)$row['id']; @@ -1273,11 +1176,15 @@ class DefaultShareProvider implements IShareProvider { if (!empty($ids)) { $chunks = array_chunk($ids, 100); + + $qb = $this->dbConn->getQueryBuilder(); + $qb->delete('share') + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) + ->andWhere($qb->expr()->in('parent', $qb->createParameter('parents'))); + foreach ($chunks as $chunk) { - $qb->delete('share') - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) - ->andWhere($qb->expr()->in('parent', $qb->createNamedParameter($chunk, IQueryBuilder::PARAM_INT_ARRAY))); - $qb->execute(); + $qb->setParameter('parents', $chunk, IQueryBuilder::PARAM_INT_ARRAY); + $qb->executeStatement(); } } @@ -1288,7 +1195,7 @@ class DefaultShareProvider implements IShareProvider { $qb->delete('share') ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); - $qb->execute(); + $qb->executeStatement(); } /** @@ -1296,6 +1203,7 @@ class DefaultShareProvider implements IShareProvider { * * @param string $uid * @param string $gid + * @return void */ public function userDeletedFromGroup($uid, $gid) { /* @@ -1307,7 +1215,7 @@ class DefaultShareProvider implements IShareProvider { ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP))) ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid))); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); $ids = []; while ($row = $cursor->fetch()) { $ids[] = (int)$row['id']; @@ -1316,15 +1224,58 @@ class DefaultShareProvider implements IShareProvider { if (!empty($ids)) { $chunks = array_chunk($ids, 100); + + /* + * Delete all special shares with this user for the found group shares + */ + $qb = $this->dbConn->getQueryBuilder(); + $qb->delete('share') + ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) + ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($uid))) + ->andWhere($qb->expr()->in('parent', $qb->createParameter('parents'))); + foreach ($chunks as $chunk) { - /* - * Delete all special shares with this users for the found group shares - */ - $qb->delete('share') - ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))) - ->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($uid))) - ->andWhere($qb->expr()->in('parent', $qb->createNamedParameter($chunk, IQueryBuilder::PARAM_INT_ARRAY))); - $qb->execute(); + $qb->setParameter('parents', $chunk, IQueryBuilder::PARAM_INT_ARRAY); + $qb->executeStatement(); + } + } + + if ($this->shareManager->shareWithGroupMembersOnly()) { + $user = $this->userManager->get($uid); + if ($user === null) { + return; + } + $userGroups = $this->groupManager->getUserGroupIds($user); + $userGroups = array_diff($userGroups, $this->shareManager->shareWithGroupMembersOnlyExcludeGroupsList()); + + // Delete user shares received by the user from users in the group. + $userReceivedShares = $this->shareManager->getSharedWith($uid, IShare::TYPE_USER, null, -1); + foreach ($userReceivedShares as $share) { + $owner = $this->userManager->get($share->getSharedBy()); + if ($owner === null) { + continue; + } + $ownerGroups = $this->groupManager->getUserGroupIds($owner); + $mutualGroups = array_intersect($userGroups, $ownerGroups); + + if (count($mutualGroups) === 0) { + $this->shareManager->deleteShare($share); + } + } + + // Delete user shares from the user to users in the group. + $userEmittedShares = $this->shareManager->getSharesBy($uid, IShare::TYPE_USER, null, true, -1); + foreach ($userEmittedShares as $share) { + $recipient = $this->userManager->get($share->getSharedWith()); + if ($recipient === null) { + continue; + } + $recipientGroups = $this->groupManager->getUserGroupIds($recipient); + $mutualGroups = array_intersect($userGroups, $recipientGroups); + + if (count($mutualGroups) === 0) { + $this->shareManager->deleteShare($share); + } } } } @@ -1340,27 +1291,32 @@ class DefaultShareProvider implements IShareProvider { $qb = $this->dbConn->getQueryBuilder(); - $or = $qb->expr()->orX( - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)), - $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_LINK)) - ); + $shareTypes = [IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK]; if ($currentAccess) { - $or->add($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP))); + $shareTypes[] = IShare::TYPE_USERGROUP; } $qb->select('id', 'parent', 'share_type', 'share_with', 'file_source', 'file_target', 'permissions') ->from('share') ->where( - $or + $qb->expr()->in('share_type', $qb->createNamedParameter($shareTypes, IQueryBuilder::PARAM_INT_ARRAY)) ) ->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY))) - ->andWhere($qb->expr()->orX( - $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), - $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) - )); - $cursor = $qb->execute(); + ->andWhere($qb->expr()->in('item_type', $qb->createNamedParameter(['file', 'folder'], IQueryBuilder::PARAM_STR_ARRAY))); + + // Ensure accepted is true for user and usergroup type + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->andX( + $qb->expr()->neq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), + $qb->expr()->neq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)), + ), + $qb->expr()->eq('accepted', $qb->createNamedParameter(IShare::STATUS_ACCEPTED, IQueryBuilder::PARAM_INT)), + ), + ); + + $cursor = $qb->executeQuery(); $users = []; $link = false; @@ -1368,7 +1324,7 @@ class DefaultShareProvider implements IShareProvider { $type = (int)$row['share_type']; if ($type === IShare::TYPE_USER) { $uid = $row['share_with']; - $users[$uid] = isset($users[$uid]) ? $users[$uid] : []; + $users[$uid] = $users[$uid] ?? []; $users[$uid][$row['id']] = $row; } elseif ($type === IShare::TYPE_GROUP) { $gid = $row['share_with']; @@ -1381,14 +1337,14 @@ class DefaultShareProvider implements IShareProvider { $userList = $group->getUsers(); foreach ($userList as $user) { $uid = $user->getUID(); - $users[$uid] = isset($users[$uid]) ? $users[$uid] : []; + $users[$uid] = $users[$uid] ?? []; $users[$uid][$row['id']] = $row; } } elseif ($type === IShare::TYPE_LINK) { $link = true; } elseif ($type === IShare::TYPE_USERGROUP && $currentAccess === true) { $uid = $row['share_with']; - $users[$uid] = isset($users[$uid]) ? $users[$uid] : []; + $users[$uid] = $users[$uid] ?? []; $users[$uid][$row['id']] = $row; } } @@ -1412,8 +1368,8 @@ class DefaultShareProvider implements IShareProvider { protected function filterSharesOfUser(array $shares) { // Group shares when the user has a share exception foreach ($shares as $id => $share) { - $type = (int) $share['share_type']; - $permissions = (int) $share['permissions']; + $type = (int)$share['share_type']; + $permissions = (int)$share['permissions']; if ($type === IShare::TYPE_USERGROUP) { unset($shares[$share['parent']]); @@ -1457,6 +1413,126 @@ class DefaultShareProvider implements IShareProvider { } } + public function sendMailNotification(IShare $share): bool { + try { + // Check user + $user = $this->userManager->get($share->getSharedWith()); + if ($user === null) { + $this->logger->debug('Share notification not sent to ' . $share->getSharedWith() . ' because user could not be found.', ['app' => 'share']); + return false; + } + + // Handle user shares + if ($share->getShareType() === IShare::TYPE_USER) { + // Check email address + $emailAddress = $user->getEMailAddress(); + if ($emailAddress === null || $emailAddress === '') { + $this->logger->debug('Share notification not sent to ' . $share->getSharedWith() . ' because email address is not set.', ['app' => 'share']); + return false; + } + + $userLang = $this->l10nFactory->getUserLanguage($user); + $l = $this->l10nFactory->get('lib', $userLang); + $this->sendUserShareMail( + $l, + $share->getNode()->getName(), + $this->urlGenerator->linkToRouteAbsolute('files_sharing.Accept.accept', ['shareId' => $share->getFullId()]), + $share->getSharedBy(), + $emailAddress, + $share->getExpirationDate(), + $share->getNote() + ); + $this->logger->debug('Sent share notification to ' . $emailAddress . ' for share with ID ' . $share->getId() . '.', ['app' => 'share']); + return true; + } + } catch (\Exception $e) { + $this->logger->error('Share notification mail could not be sent.', ['exception' => $e]); + } + + return false; + } + + /** + * Send mail notifications for the user share type + * + * @param IL10N $l Language of the recipient + * @param string $filename file/folder name + * @param string $link link to the file/folder + * @param string $initiator user ID of share sender + * @param string $shareWith email address of share receiver + * @param \DateTime|null $expiration + * @param string $note + * @throws \Exception + */ + protected function sendUserShareMail( + IL10N $l, + $filename, + $link, + $initiator, + $shareWith, + ?\DateTime $expiration = null, + $note = '') { + $initiatorUser = $this->userManager->get($initiator); + $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator; + + $message = $this->mailer->createMessage(); + + $emailTemplate = $this->mailer->createEMailTemplate('files_sharing.RecipientNotification', [ + 'filename' => $filename, + 'link' => $link, + 'initiator' => $initiatorDisplayName, + 'expiration' => $expiration, + 'shareWith' => $shareWith, + ]); + + $emailTemplate->setSubject($l->t('%1$s shared %2$s with you', [$initiatorDisplayName, $filename])); + $emailTemplate->addHeader(); + $emailTemplate->addHeading($l->t('%1$s shared %2$s with you', [$initiatorDisplayName, $filename]), false); + + if ($note !== '') { + $emailTemplate->addBodyText(htmlspecialchars($note), $note); + } + + $emailTemplate->addBodyButton( + $l->t('Open %s', [$filename]), + $link + ); + + $message->setTo([$shareWith]); + + // The "From" contains the sharers name + $instanceName = $this->defaults->getName(); + $senderName = $l->t( + '%1$s via %2$s', + [ + $initiatorDisplayName, + $instanceName, + ] + ); + $message->setFrom([\OCP\Util::getDefaultEmailAddress('noreply') => $senderName]); + + // The "Reply-To" is set to the sharer if an mail address is configured + // also the default footer contains a "Do not reply" which needs to be adjusted. + if ($initiatorUser) { + $initiatorEmail = $initiatorUser->getEMailAddress(); + if ($initiatorEmail !== null) { + $message->setReplyTo([$initiatorEmail => $initiatorDisplayName]); + $emailTemplate->addFooter($instanceName . ($this->defaults->getSlogan() !== '' ? ' - ' . $this->defaults->getSlogan() : '')); + } else { + $emailTemplate->addFooter(); + } + } else { + $emailTemplate->addFooter(); + } + + $message->useTemplate($emailTemplate); + $failedRecipients = $this->mailer->send($message); + if (!empty($failedRecipients)) { + $this->logger->error('Share notification mail could not be sent to: ' . implode(', ', $failedRecipients)); + return; + } + } + /** * send note by mail * @@ -1493,20 +1569,20 @@ class DefaultShareProvider implements IShareProvider { $initiatorUser = $this->userManager->get($initiator); $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator; $initiatorEmailAddress = ($initiatorUser instanceof IUser) ? $initiatorUser->getEMailAddress() : null; - $plainHeading = $l->t('%1$s shared »%2$s« with you and wants to add:', [$initiatorDisplayName, $filename]); - $htmlHeading = $l->t('%1$s shared »%2$s« with you and wants to add', [$initiatorDisplayName, $filename]); + $plainHeading = $l->t('%1$s shared %2$s with you and wants to add:', [$initiatorDisplayName, $filename]); + $htmlHeading = $l->t('%1$s shared %2$s with you and wants to add', [$initiatorDisplayName, $filename]); $message = $this->mailer->createMessage(); $emailTemplate = $this->mailer->createEMailTemplate('defaultShareProvider.sendNote'); - $emailTemplate->setSubject($l->t('»%s« added a note to a file shared with you', [$initiatorDisplayName])); + $emailTemplate->setSubject($l->t('%s added a note to a file shared with you', [$initiatorDisplayName])); $emailTemplate->addHeader(); $emailTemplate->addHeading($htmlHeading, $plainHeading); $emailTemplate->addBodyText(htmlspecialchars($note), $note); $link = $this->urlGenerator->linkToRouteAbsolute('files.viewcontroller.showFile', ['fileid' => $share->getNode()->getId()]); $emailTemplate->addBodyButton( - $l->t('Open »%s«', [$filename]), + $l->t('Open %s', [$filename]), $link ); @@ -1544,15 +1620,9 @@ class DefaultShareProvider implements IShareProvider { $qb->select('*') ->from('share') - ->where( - $qb->expr()->orX( - $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_USER)), - $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_GROUP)), - $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_LINK)) - ) - ); + ->where($qb->expr()->in('share_type', $qb->createNamedParameter([IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK], IQueryBuilder::PARAM_INT_ARRAY))); - $cursor = $qb->execute(); + $cursor = $qb->executeQuery(); while ($data = $cursor->fetch()) { try { $share = $this->createShare($data); @@ -1570,7 +1640,7 @@ class DefaultShareProvider implements IShareProvider { * * @return IShare the modified share */ - private function updateShareAttributes(IShare $share, ?string $data): IShare { + protected function updateShareAttributes(IShare $share, ?string $data): IShare { if ($data !== null && $data !== '') { $attributes = new ShareAttributes(); $compressedAttributes = \json_decode($data, true); @@ -1593,7 +1663,7 @@ class DefaultShareProvider implements IShareProvider { /** * Format IAttributes to database format (JSON string) */ - private function formatShareAttributes(?IAttributes $attributes): ?string { + protected function formatShareAttributes(?IAttributes $attributes): ?string { if ($attributes === null || empty($attributes->toArray())) { return null; } @@ -1603,7 +1673,7 @@ class DefaultShareProvider implements IShareProvider { $compressedAttributes[] = [ 0 => $attribute['scope'], 1 => $attribute['key'], - 2 => $attribute['enabled'] + 2 => $attribute['value'] ]; } return \json_encode($compressedAttributes); diff --git a/lib/private/Share20/Exception/BackendError.php b/lib/private/Share20/Exception/BackendError.php index b3e07495378..b2585367727 100644 --- a/lib/private/Share20/Exception/BackendError.php +++ b/lib/private/Share20/Exception/BackendError.php @@ -1,23 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20\Exception; diff --git a/lib/private/Share20/Exception/InvalidShare.php b/lib/private/Share20/Exception/InvalidShare.php index 464dc15a9f1..8756455f9d2 100644 --- a/lib/private/Share20/Exception/InvalidShare.php +++ b/lib/private/Share20/Exception/InvalidShare.php @@ -1,23 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20\Exception; diff --git a/lib/private/Share20/Exception/ProviderException.php b/lib/private/Share20/Exception/ProviderException.php index b8e15dd9db8..cb79ab884b4 100644 --- a/lib/private/Share20/Exception/ProviderException.php +++ b/lib/private/Share20/Exception/ProviderException.php @@ -1,23 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20\Exception; diff --git a/lib/private/Share20/GroupDeletedListener.php b/lib/private/Share20/GroupDeletedListener.php new file mode 100644 index 00000000000..7e1ad71c465 --- /dev/null +++ b/lib/private/Share20/GroupDeletedListener.php @@ -0,0 +1,32 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\Group\Events\GroupDeletedEvent; +use OCP\Share\IManager; + +/** + * @template-implements IEventListener<GroupDeletedEvent> + */ +class GroupDeletedListener implements IEventListener { + public function __construct( + protected IManager $shareManager, + ) { + } + + public function handle(Event $event): void { + if (!$event instanceof GroupDeletedEvent) { + return; + } + + $this->shareManager->groupDeleted($event->getGroup()->getGID()); + } +} diff --git a/lib/private/Share20/Hooks.php b/lib/private/Share20/Hooks.php deleted file mode 100644 index ae08b20fde6..00000000000 --- a/lib/private/Share20/Hooks.php +++ /dev/null @@ -1,32 +0,0 @@ -<?php -/** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * - */ -namespace OC\Share20; - -class Hooks { - public static function post_deleteUser($arguments) { - \OC::$server->getShareManager()->userDeleted($arguments['uid']); - } - - public static function post_deleteGroup($arguments) { - \OC::$server->getShareManager()->groupDeleted($arguments['gid']); - } -} diff --git a/lib/private/Share20/LegacyHooks.php b/lib/private/Share20/LegacyHooks.php index feb4604e884..d54c8e3203d 100644 --- a/lib/private/Share20/LegacyHooks.php +++ b/lib/private/Share20/LegacyHooks.php @@ -1,94 +1,63 @@ <?php + /** - * @copyright 2017, Roeland Jago Douma <roeland@famdouma.nl> - * - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Pauli Järvinen <pauli.jarvinen@gmail.com> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OC\Share20; +use OCP\EventDispatcher\IEventDispatcher; use OCP\Files\File; use OCP\Share; +use OCP\Share\Events\BeforeShareCreatedEvent; +use OCP\Share\Events\BeforeShareDeletedEvent; +use OCP\Share\Events\ShareCreatedEvent; +use OCP\Share\Events\ShareDeletedEvent; +use OCP\Share\Events\ShareDeletedFromSelfEvent; use OCP\Share\IShare; -use Symfony\Component\EventDispatcher\EventDispatcherInterface; -use Symfony\Component\EventDispatcher\GenericEvent; class LegacyHooks { - /** @var EventDispatcherInterface */ + /** @var IEventDispatcher */ private $eventDispatcher; - /** - * LegacyHooks constructor. - * - * @param EventDispatcherInterface $eventDispatcher - */ - public function __construct(EventDispatcherInterface $eventDispatcher) { + public function __construct(IEventDispatcher $eventDispatcher) { $this->eventDispatcher = $eventDispatcher; - $this->eventDispatcher->addListener('OCP\Share::preUnshare', [$this, 'preUnshare']); - $this->eventDispatcher->addListener('OCP\Share::postUnshare', [$this, 'postUnshare']); - $this->eventDispatcher->addListener('OCP\Share::postUnshareFromSelf', [$this, 'postUnshareFromSelf']); - $this->eventDispatcher->addListener('OCP\Share::preShare', [$this, 'preShare']); - $this->eventDispatcher->addListener('OCP\Share::postShare', [$this, 'postShare']); + $this->eventDispatcher->addListener(BeforeShareDeletedEvent::class, function (BeforeShareDeletedEvent $event) { + $this->preUnshare($event); + }); + $this->eventDispatcher->addListener(ShareDeletedEvent::class, function (ShareDeletedEvent $event) { + $this->postUnshare($event); + }); + $this->eventDispatcher->addListener(ShareDeletedFromSelfEvent::class, function (ShareDeletedFromSelfEvent $event) { + $this->postUnshareFromSelf($event); + }); + $this->eventDispatcher->addListener(BeforeShareCreatedEvent::class, function (BeforeShareCreatedEvent $event) { + $this->preShare($event); + }); + $this->eventDispatcher->addListener(ShareCreatedEvent::class, function (ShareCreatedEvent $event) { + $this->postShare($event); + }); } - /** - * @param GenericEvent $e - */ - public function preUnshare(GenericEvent $e) { - /** @var IShare $share */ - $share = $e->getSubject(); + public function preUnshare(BeforeShareDeletedEvent $e) { + $share = $e->getShare(); $formatted = $this->formatHookParams($share); \OC_Hook::emit(Share::class, 'pre_unshare', $formatted); } - /** - * @param GenericEvent $e - */ - public function postUnshare(GenericEvent $e) { - /** @var IShare $share */ - $share = $e->getSubject(); + public function postUnshare(ShareDeletedEvent $e) { + $share = $e->getShare(); $formatted = $this->formatHookParams($share); - - /** @var IShare[] $deletedShares */ - $deletedShares = $e->getArgument('deletedShares'); - - $formattedDeletedShares = array_map(function ($share) { - return $this->formatHookParams($share); - }, $deletedShares); - - $formatted['deletedShares'] = $formattedDeletedShares; + $formatted['deletedShares'] = [$formatted]; \OC_Hook::emit(Share::class, 'post_unshare', $formatted); } - /** - * @param GenericEvent $e - */ - public function postUnshareFromSelf(GenericEvent $e) { - /** @var IShare $share */ - $share = $e->getSubject(); + public function postUnshareFromSelf(ShareDeletedFromSelfEvent $e) { + $share = $e->getShare(); $formatted = $this->formatHookParams($share); $formatted['itemTarget'] = $formatted['fileTarget']; @@ -101,9 +70,9 @@ class LegacyHooks { // Prepare hook $shareType = $share->getShareType(); $sharedWith = ''; - if ($shareType === IShare::TYPE_USER || - $shareType === IShare::TYPE_GROUP || - $shareType === IShare::TYPE_REMOTE) { + if ($shareType === IShare::TYPE_USER + || $shareType === IShare::TYPE_GROUP + || $shareType === IShare::TYPE_REMOTE) { $sharedWith = $share->getSharedWith(); } @@ -113,7 +82,7 @@ class LegacyHooks { 'itemSource' => $share->getNodeId(), 'shareType' => $shareType, 'shareWith' => $sharedWith, - 'itemparent' => method_exists($share, 'getParent') ? $share->getParent() : '', + 'itemparent' => $share->getParent(), 'uidOwner' => $share->getSharedBy(), 'fileSource' => $share->getNodeId(), 'fileTarget' => $share->getTarget() @@ -121,9 +90,8 @@ class LegacyHooks { return $hookParams; } - public function preShare(GenericEvent $e) { - /** @var IShare $share */ - $share = $e->getSubject(); + public function preShare(BeforeShareCreatedEvent $e) { + $share = $e->getShare(); // Pre share hook $run = true; @@ -145,16 +113,15 @@ class LegacyHooks { \OC_Hook::emit(Share::class, 'pre_shared', $preHookData); if ($run === false) { - $e->setArgument('error', $error); + $e->setError($error); $e->stopPropagation(); } return $e; } - public function postShare(GenericEvent $e) { - /** @var IShare $share */ - $share = $e->getSubject(); + public function postShare(ShareCreatedEvent $e) { + $share = $e->getShare(); $postHookData = [ 'itemType' => $share->getNode() instanceof File ? 'file' : 'folder', diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 7fd99545668..28f29d6b20f 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -1,60 +1,31 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Daniel Calviño Sánchez <danxuliu@gmail.com> - * @author Daniel Kesselberg <mail@danielkesselberg.de> - * @author Jan-Christoph Borchardt <hey@jancborchardt.net> - * @author Joas Schilling <coding@schilljs.com> - * @author John Molakvoæ <skjnldsv@protonmail.com> - * @author Julius Härtl <jus@bitgrid.net> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Maxence Lange <maxence@artificial-owl.com> - * @author Maxence Lange <maxence@nextcloud.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Pauli Järvinen <pauli.jarvinen@gmail.com> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Samuel <faust64@gmail.com> - * @author szaimen <szaimen@e.mail.de> - * @author Valdnet <47037905+Valdnet@users.noreply.github.com> - * @author Vincent Petry <vincent@nextcloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20; -use OCP\Cache\CappedMemoryCache; +use OC\Core\AppInfo\ConfigLexicon; use OC\Files\Mount\MoveableMount; use OC\KnownUser\KnownUserService; use OC\Share20\Exception\ProviderException; use OCA\Files_Sharing\AppInfo\Application; -use OCA\Files_Sharing\ISharedStorage; +use OCA\Files_Sharing\SharedStorage; +use OCA\ShareByMail\ShareByMailProvider; use OCP\EventDispatcher\IEventDispatcher; use OCP\Files\File; use OCP\Files\Folder; use OCP\Files\IRootFolder; use OCP\Files\Mount\IMountManager; +use OCP\Files\Mount\IShareOwnerlessMount; use OCP\Files\Node; +use OCP\Files\NotFoundException; use OCP\HintException; +use OCP\IAppConfig; use OCP\IConfig; +use OCP\IDateTimeZone; use OCP\IGroupManager; use OCP\IL10N; use OCP\IURLGenerator; @@ -66,104 +37,59 @@ use OCP\Mail\IMailer; use OCP\Security\Events\ValidatePasswordPolicyEvent; use OCP\Security\IHasher; use OCP\Security\ISecureRandom; +use OCP\Security\PasswordContext; use OCP\Share; +use OCP\Share\Events\BeforeShareDeletedEvent; +use OCP\Share\Events\ShareAcceptedEvent; +use OCP\Share\Events\ShareCreatedEvent; +use OCP\Share\Events\ShareDeletedEvent; +use OCP\Share\Events\ShareDeletedFromSelfEvent; use OCP\Share\Exceptions\AlreadySharedException; use OCP\Share\Exceptions\GenericShareException; use OCP\Share\Exceptions\ShareNotFound; +use OCP\Share\Exceptions\ShareTokenException; use OCP\Share\IManager; use OCP\Share\IProviderFactory; use OCP\Share\IShare; use OCP\Share\IShareProvider; +use OCP\Share\IShareProviderSupportsAccept; +use OCP\Share\IShareProviderSupportsAllSharesInFolder; +use OCP\Share\IShareProviderWithNotification; use Psr\Log\LoggerInterface; -use Symfony\Component\EventDispatcher\EventDispatcherInterface; -use Symfony\Component\EventDispatcher\GenericEvent; /** * This class is the communication hub for all sharing related operations. */ class Manager implements IManager { - /** @var IProviderFactory */ - private $factory; - private LoggerInterface $logger; - /** @var IConfig */ - private $config; - /** @var ISecureRandom */ - private $secureRandom; - /** @var IHasher */ - private $hasher; - /** @var IMountManager */ - private $mountManager; - /** @var IGroupManager */ - private $groupManager; - /** @var IL10N */ - private $l; - /** @var IFactory */ - private $l10nFactory; - /** @var IUserManager */ - private $userManager; - /** @var IRootFolder */ - private $rootFolder; - /** @var CappedMemoryCache */ - private $sharingDisabledForUsersCache; - /** @var EventDispatcherInterface */ - private $legacyDispatcher; - /** @var LegacyHooks */ - private $legacyHooks; - /** @var IMailer */ - private $mailer; - /** @var IURLGenerator */ - private $urlGenerator; - /** @var \OC_Defaults */ - private $defaults; - /** @var IEventDispatcher */ - private $dispatcher; - /** @var IUserSession */ - private $userSession; - /** @var KnownUserService */ - private $knownUserService; + + private ?IL10N $l; + private LegacyHooks $legacyHooks; public function __construct( - LoggerInterface $logger, - IConfig $config, - ISecureRandom $secureRandom, - IHasher $hasher, - IMountManager $mountManager, - IGroupManager $groupManager, - IL10N $l, - IFactory $l10nFactory, - IProviderFactory $factory, - IUserManager $userManager, - IRootFolder $rootFolder, - EventDispatcherInterface $legacyDispatcher, - IMailer $mailer, - IURLGenerator $urlGenerator, - \OC_Defaults $defaults, - IEventDispatcher $dispatcher, - IUserSession $userSession, - KnownUserService $knownUserService + private LoggerInterface $logger, + private IConfig $config, + private ISecureRandom $secureRandom, + private IHasher $hasher, + private IMountManager $mountManager, + private IGroupManager $groupManager, + private IFactory $l10nFactory, + private IProviderFactory $factory, + private IUserManager $userManager, + private IRootFolder $rootFolder, + private IMailer $mailer, + private IURLGenerator $urlGenerator, + private \OC_Defaults $defaults, + private IEventDispatcher $dispatcher, + private IUserSession $userSession, + private KnownUserService $knownUserService, + private ShareDisableChecker $shareDisableChecker, + private IDateTimeZone $dateTimeZone, + private IAppConfig $appConfig, ) { - $this->logger = $logger; - $this->config = $config; - $this->secureRandom = $secureRandom; - $this->hasher = $hasher; - $this->mountManager = $mountManager; - $this->groupManager = $groupManager; - $this->l = $l; - $this->l10nFactory = $l10nFactory; - $this->factory = $factory; - $this->userManager = $userManager; - $this->rootFolder = $rootFolder; - $this->legacyDispatcher = $legacyDispatcher; - $this->sharingDisabledForUsersCache = new CappedMemoryCache(); + $this->l = $this->l10nFactory->get('lib'); // The constructor of LegacyHooks registers the listeners of share events // do not remove if those are not properly migrated - $this->legacyHooks = new LegacyHooks($this->legacyDispatcher); - $this->mailer = $mailer; - $this->urlGenerator = $urlGenerator; - $this->defaults = $defaults; - $this->dispatcher = $dispatcher; - $this->userSession = $userSession; - $this->knownUserService = $knownUserService; + $this->legacyHooks = new LegacyHooks($this->dispatcher); } /** @@ -180,13 +106,13 @@ class Manager implements IManager { * Verify if a password meets all requirements * * @param string $password - * @throws \Exception + * @throws HintException */ protected function verifyPassword($password) { if ($password === null) { // No password is set, check if this is allowed. if ($this->shareApiLinkEnforcePassword()) { - throw new \InvalidArgumentException('Passwords are enforced for link and mail shares'); + throw new \InvalidArgumentException($this->l->t('Passwords are enforced for link and mail shares')); } return; @@ -194,9 +120,11 @@ class Manager implements IManager { // Let others verify the password try { - $this->legacyDispatcher->dispatch(new ValidatePasswordPolicyEvent($password)); + $event = new ValidatePasswordPolicyEvent($password, PasswordContext::SHARING); + $this->dispatcher->dispatchTyped($event); } catch (HintException $e) { - throw new \Exception($e->getHint()); + /* Wrap in a 400 bad request error */ + throw new HintException($e->getMessage(), $e->getHint(), 400, $e); } } @@ -209,66 +137,67 @@ class Manager implements IManager { * * @suppress PhanUndeclaredClassMethod */ - protected function generalCreateChecks(IShare $share) { + protected function generalCreateChecks(IShare $share, bool $isUpdate = false) { if ($share->getShareType() === IShare::TYPE_USER) { // We expect a valid user as sharedWith for user shares if (!$this->userManager->userExists($share->getSharedWith())) { - throw new \InvalidArgumentException('SharedWith is not a valid user'); + throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid user')); } } elseif ($share->getShareType() === IShare::TYPE_GROUP) { // We expect a valid group as sharedWith for group shares if (!$this->groupManager->groupExists($share->getSharedWith())) { - throw new \InvalidArgumentException('SharedWith is not a valid group'); + throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid group')); } } elseif ($share->getShareType() === IShare::TYPE_LINK) { // No check for TYPE_EMAIL here as we have a recipient for them if ($share->getSharedWith() !== null) { - throw new \InvalidArgumentException('SharedWith should be empty'); + throw new \InvalidArgumentException($this->l->t('Share recipient should be empty')); } } elseif ($share->getShareType() === IShare::TYPE_EMAIL) { if ($share->getSharedWith() === null) { - throw new \InvalidArgumentException('SharedWith should not be empty'); + throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty')); } } elseif ($share->getShareType() === IShare::TYPE_REMOTE) { if ($share->getSharedWith() === null) { - throw new \InvalidArgumentException('SharedWith should not be empty'); + throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty')); } } elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) { if ($share->getSharedWith() === null) { - throw new \InvalidArgumentException('SharedWith should not be empty'); + throw new \InvalidArgumentException($this->l->t('Share recipient should not be empty')); } } elseif ($share->getShareType() === IShare::TYPE_CIRCLE) { $circle = \OCA\Circles\Api\v1\Circles::detailsCircle($share->getSharedWith()); if ($circle === null) { - throw new \InvalidArgumentException('SharedWith is not a valid circle'); + throw new \InvalidArgumentException($this->l->t('Share recipient is not a valid circle')); } } elseif ($share->getShareType() === IShare::TYPE_ROOM) { } elseif ($share->getShareType() === IShare::TYPE_DECK) { + } elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) { } else { // We cannot handle other types yet - throw new \InvalidArgumentException('unknown share type'); + throw new \InvalidArgumentException($this->l->t('Unknown share type')); } // Verify the initiator of the share is set if ($share->getSharedBy() === null) { - throw new \InvalidArgumentException('SharedBy should be set'); + throw new \InvalidArgumentException($this->l->t('Share initiator must be set')); } // Cannot share with yourself - if ($share->getShareType() === IShare::TYPE_USER && - $share->getSharedWith() === $share->getSharedBy()) { - throw new \InvalidArgumentException('Cannot share with yourself'); + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $share->getSharedBy()) { + throw new \InvalidArgumentException($this->l->t('Cannot share with yourself')); } // The path should be set if ($share->getNode() === null) { - throw new \InvalidArgumentException('Path should be set'); + throw new \InvalidArgumentException($this->l->t('Shared path must be set')); } // And it should be a file or a folder - if (!($share->getNode() instanceof \OCP\Files\File) && - !($share->getNode() instanceof \OCP\Files\Folder)) { - throw new \InvalidArgumentException('Path should be either a file or a folder'); + if (!($share->getNode() instanceof \OCP\Files\File) + && !($share->getNode() instanceof \OCP\Files\Folder)) { + throw new \InvalidArgumentException($this->l->t('Shared path must be either a file or a folder')); } // And you cannot share your rootfolder @@ -278,92 +207,63 @@ class Manager implements IManager { $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner()); } if ($userFolder->getId() === $share->getNode()->getId()) { - throw new \InvalidArgumentException('You cannot share your root folder'); + throw new \InvalidArgumentException($this->l->t('You cannot share your root folder')); } // Check if we actually have share permissions if (!$share->getNode()->isShareable()) { - $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getName()]); - throw new GenericShareException($message_t, $message_t, 404); + throw new GenericShareException($this->l->t('You are not allowed to share %s', [$share->getNode()->getName()]), code: 404); } // Permissions should be set if ($share->getPermissions() === null) { - throw new \InvalidArgumentException('A share requires permissions'); + throw new \InvalidArgumentException($this->l->t('Valid permissions are required for sharing')); } - $isFederatedShare = $share->getNode()->getStorage()->instanceOfStorage('\OCA\Files_Sharing\External\Storage'); - $permissions = 0; + // Permissions must be valid + if ($share->getPermissions() < 0 || $share->getPermissions() > \OCP\Constants::PERMISSION_ALL) { + throw new \InvalidArgumentException($this->l->t('Valid permissions are required for sharing')); + } - if (!$isFederatedShare && $share->getNode()->getOwner() && $share->getNode()->getOwner()->getUID() !== $share->getSharedBy()) { - $userMounts = array_filter($userFolder->getById($share->getNode()->getId()), function ($mount) { - // We need to filter since there might be other mountpoints that contain the file - // e.g. if the user has access to the same external storage that the file is originating from - return $mount->getStorage()->instanceOfStorage(ISharedStorage::class); - }); - $userMount = array_shift($userMounts); - if ($userMount === null) { - throw new GenericShareException('Could not get proper share mount for ' . $share->getNode()->getId() . '. Failing since else the next calls are called with null'); - } - $mount = $userMount->getMountPoint(); - // When it's a reshare use the parent share permissions as maximum - $userMountPointId = $mount->getStorageRootId(); - $userMountPoints = $userFolder->getById($userMountPointId); - $userMountPoint = array_shift($userMountPoints); - - if ($userMountPoint === null) { - throw new GenericShareException('Could not get proper user mount for ' . $userMountPointId . '. Failing since else the next calls are called with null'); - } - - /* Check if this is an incoming share */ - $incomingShares = $this->getSharedWith($share->getSharedBy(), IShare::TYPE_USER, $userMountPoint, -1, 0); - $incomingShares = array_merge($incomingShares, $this->getSharedWith($share->getSharedBy(), IShare::TYPE_GROUP, $userMountPoint, -1, 0)); - $incomingShares = array_merge($incomingShares, $this->getSharedWith($share->getSharedBy(), IShare::TYPE_CIRCLE, $userMountPoint, -1, 0)); - $incomingShares = array_merge($incomingShares, $this->getSharedWith($share->getSharedBy(), IShare::TYPE_ROOM, $userMountPoint, -1, 0)); - - /** @var IShare[] $incomingShares */ - if (!empty($incomingShares)) { - foreach ($incomingShares as $incomingShare) { - $permissions |= $incomingShare->getPermissions(); - } - } - } else { - /* - * Quick fix for #23536 - * Non moveable mount points do not have update and delete permissions - * while we 'most likely' do have that on the storage. - */ - $permissions = $share->getNode()->getPermissions(); - if (!($share->getNode()->getMountPoint() instanceof MoveableMount)) { - $permissions |= \OCP\Constants::PERMISSION_DELETE | \OCP\Constants::PERMISSION_UPDATE; + // Single file shares should never have delete or create permissions + if (($share->getNode() instanceof File) + && (($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_DELETE)) !== 0)) { + throw new \InvalidArgumentException($this->l->t('File shares cannot have create or delete permissions')); + } + + $permissions = 0; + $nodesForUser = $userFolder->getById($share->getNodeId()); + foreach ($nodesForUser as $node) { + if ($node->getInternalPath() === '' && !$node->getMountPoint() instanceof MoveableMount) { + // for the root of non-movable mount, the permissions we see if limited by the mount itself, + // so we instead use the "raw" permissions from the storage + $permissions |= $node->getStorage()->getPermissions(''); + } else { + $permissions |= $node->getPermissions(); } } // Check that we do not share with more permissions than we have if ($share->getPermissions() & ~$permissions) { $path = $userFolder->getRelativePath($share->getNode()->getPath()); - $message_t = $this->l->t('Cannot increase permissions of %s', [$path]); - throw new GenericShareException($message_t, $message_t, 404); + throw new GenericShareException($this->l->t('Cannot increase permissions of %s', [$path]), code: 404); } - // Check that read permissions are always set // Link shares are allowed to have no read permissions to allow upload to hidden folders $noReadPermissionRequired = $share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL; - if (!$noReadPermissionRequired && - ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { - throw new \InvalidArgumentException('Shares need at least read permissions'); + if (!$noReadPermissionRequired + && ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { + throw new \InvalidArgumentException($this->l->t('Shares need at least read permissions')); } if ($share->getNode() instanceof \OCP\Files\File) { if ($share->getPermissions() & \OCP\Constants::PERMISSION_DELETE) { - $message_t = $this->l->t('Files cannot be shared with delete permissions'); - throw new GenericShareException($message_t); + throw new GenericShareException($this->l->t('Files cannot be shared with delete permissions')); } if ($share->getPermissions() & \OCP\Constants::PERMISSION_CREATE) { - $message_t = $this->l->t('Files cannot be shared with create permissions'); - throw new GenericShareException($message_t); + throw new GenericShareException($this->l->t('Files cannot be shared with create permissions')); } } } @@ -382,26 +282,6 @@ class Manager implements IManager { $expirationDate = $share->getExpirationDate(); - if ($expirationDate !== null) { - //Make sure the expiration date is a date - $expirationDate->setTime(0, 0, 0); - - $date = new \DateTime(); - $date->setTime(0, 0, 0); - if ($date >= $expirationDate) { - $message = $this->l->t('Expiration date is in the past'); - throw new GenericShareException($message, $message, 404); - } - } - - // If expiredate is empty set a default one if there is a default - $fullId = null; - try { - $fullId = $share->getFullId(); - } catch (\UnexpectedValueException $e) { - // This is a new share - } - if ($isRemote) { $defaultExpireDate = $this->shareApiRemoteDefaultExpireDate(); $defaultExpireDays = $this->shareApiRemoteDefaultExpireDays(); @@ -413,29 +293,51 @@ class Manager implements IManager { $configProp = 'internal_defaultExpDays'; $isEnforced = $this->shareApiInternalDefaultExpireDateEnforced(); } - if ($fullId === null && $expirationDate === null && $defaultExpireDate) { - $expirationDate = new \DateTime(); - $expirationDate->setTime(0, 0, 0); - $days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays); - if ($days > $defaultExpireDays) { - $days = $defaultExpireDays; + // If $expirationDate is falsy, noExpirationDate is true and expiration not enforced + // Then skip expiration date validation as null is accepted + if (!$share->getNoExpirationDate() || $isEnforced) { + if ($expirationDate !== null) { + $expirationDate->setTimezone($this->dateTimeZone->getTimeZone()); + $expirationDate->setTime(0, 0, 0); + + $date = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $date->setTime(0, 0, 0); + if ($date >= $expirationDate) { + throw new GenericShareException($this->l->t('Expiration date is in the past'), code: 404); + } } - $expirationDate->add(new \DateInterval('P' . $days . 'D')); - } - // If we enforce the expiration date check that is does not exceed - if ($isEnforced) { - if ($expirationDate === null) { - throw new \InvalidArgumentException('Expiration date is enforced'); + // If expiredate is empty set a default one if there is a default + $fullId = null; + try { + $fullId = $share->getFullId(); + } catch (\UnexpectedValueException $e) { + // This is a new share } - $date = new \DateTime(); - $date->setTime(0, 0, 0); - $date->add(new \DateInterval('P' . $defaultExpireDays . 'D')); - if ($date < $expirationDate) { - $message = $this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $defaultExpireDays); - throw new GenericShareException($message, $message, 404); + if ($fullId === null && $expirationDate === null && $defaultExpireDate) { + $expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $expirationDate->setTime(0, 0, 0); + $days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays); + if ($days > $defaultExpireDays) { + $days = $defaultExpireDays; + } + $expirationDate->add(new \DateInterval('P' . $days . 'D')); + } + + // If we enforce the expiration date check that is does not exceed + if ($isEnforced) { + if (empty($expirationDate)) { + throw new \InvalidArgumentException($this->l->t('Expiration date is enforced')); + } + + $date = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $date->setTime(0, 0, 0); + $date->add(new \DateInterval('P' . $defaultExpireDays . 'D')); + if ($date < $expirationDate) { + throw new GenericShareException($this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $defaultExpireDays), code: 404); + } } } @@ -468,51 +370,58 @@ class Manager implements IManager { */ protected function validateExpirationDateLink(IShare $share) { $expirationDate = $share->getExpirationDate(); - - if ($expirationDate !== null) { - //Make sure the expiration date is a date - $expirationDate->setTime(0, 0, 0); - - $date = new \DateTime(); - $date->setTime(0, 0, 0); - if ($date >= $expirationDate) { - $message = $this->l->t('Expiration date is in the past'); - throw new GenericShareException($message, $message, 404); + $isEnforced = $this->shareApiLinkDefaultExpireDateEnforced(); + + // If $expirationDate is falsy, noExpirationDate is true and expiration not enforced + // Then skip expiration date validation as null is accepted + if (!($share->getNoExpirationDate() && !$isEnforced)) { + if ($expirationDate !== null) { + $expirationDate->setTimezone($this->dateTimeZone->getTimeZone()); + $expirationDate->setTime(0, 0, 0); + + $date = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $date->setTime(0, 0, 0); + if ($date >= $expirationDate) { + throw new GenericShareException($this->l->t('Expiration date is in the past'), code: 404); + } } - } - // If expiredate is empty set a default one if there is a default - $fullId = null; - try { - $fullId = $share->getFullId(); - } catch (\UnexpectedValueException $e) { - // This is a new share - } + // If expiredate is empty set a default one if there is a default + $fullId = null; + try { + $fullId = $share->getFullId(); + } catch (\UnexpectedValueException $e) { + // This is a new share + } - if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) { - $expirationDate = new \DateTime(); - $expirationDate->setTime(0, 0, 0); + if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) { + $expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $expirationDate->setTime(0, 0, 0); - $days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', $this->shareApiLinkDefaultExpireDays()); - if ($days > $this->shareApiLinkDefaultExpireDays()) { - $days = $this->shareApiLinkDefaultExpireDays(); + $days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', (string)$this->shareApiLinkDefaultExpireDays()); + if ($days > $this->shareApiLinkDefaultExpireDays()) { + $days = $this->shareApiLinkDefaultExpireDays(); + } + $expirationDate->add(new \DateInterval('P' . $days . 'D')); } - $expirationDate->add(new \DateInterval('P' . $days . 'D')); - } - // If we enforce the expiration date check that is does not exceed - if ($this->shareApiLinkDefaultExpireDateEnforced()) { - if ($expirationDate === null) { - throw new \InvalidArgumentException('Expiration date is enforced'); - } + // If we enforce the expiration date check that is does not exceed + if ($isEnforced) { + if (empty($expirationDate)) { + throw new \InvalidArgumentException($this->l->t('Expiration date is enforced')); + } - $date = new \DateTime(); - $date->setTime(0, 0, 0); - $date->add(new \DateInterval('P' . $this->shareApiLinkDefaultExpireDays() . 'D')); - if ($date < $expirationDate) { - $message = $this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $this->shareApiLinkDefaultExpireDays()); - throw new GenericShareException($message, $message, 404); + $date = new \DateTime('now', $this->dateTimeZone->getTimeZone()); + $date->setTime(0, 0, 0); + $date->add(new \DateInterval('P' . $this->shareApiLinkDefaultExpireDays() . 'D')); + if ($date < $expirationDate) { + throw new GenericShareException( + $this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $this->shareApiLinkDefaultExpireDays()), + code: 404, + ); + } } + } $accepted = true; @@ -549,9 +458,13 @@ class Manager implements IManager { $this->groupManager->getUserGroupIds($sharedBy), $this->groupManager->getUserGroupIds($sharedWith) ); + + // optional excluded groups + $excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList(); + $groups = array_diff($groups, $excludedGroups); + if (empty($groups)) { - $message_t = $this->l->t('Sharing is only allowed with group members'); - throw new \Exception($message_t); + throw new \Exception($this->l->t('Sharing is only allowed with group members')); } } @@ -574,8 +487,7 @@ class Manager implements IManager { // Identical share already exists if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) { - $message = $this->l->t('Sharing %s failed, because this item is already shared with user %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]); - throw new AlreadySharedException($message, $existingShare); + throw new AlreadySharedException($this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]), $existingShare); } // The share is already shared with this user via a group share @@ -585,8 +497,7 @@ class Manager implements IManager { $user = $this->userManager->get($share->getSharedWith()); if ($group->inGroup($user) && $existingShare->getShareOwner() !== $share->getShareOwner()) { - $message = $this->l->t('Sharing %s failed, because this item is already shared with user %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]); - throw new AlreadySharedException($message, $existingShare); + throw new AlreadySharedException($this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]), $existingShare); } } } @@ -602,15 +513,18 @@ class Manager implements IManager { protected function groupCreateChecks(IShare $share) { // Verify group shares are allowed if (!$this->allowGroupSharing()) { - throw new \Exception('Group sharing is now allowed'); + throw new \Exception($this->l->t('Group sharing is now allowed')); } // Verify if the user can share with this group if ($this->shareWithGroupMembersOnly()) { $sharedBy = $this->userManager->get($share->getSharedBy()); $sharedWith = $this->groupManager->get($share->getSharedWith()); - if (is_null($sharedWith) || !$sharedWith->inGroup($sharedBy)) { - throw new \Exception('Sharing is only allowed within your own groups'); + + // optional excluded groups + $excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList(); + if (is_null($sharedWith) || in_array($share->getSharedWith(), $excludedGroups) || !$sharedWith->inGroup($sharedBy)) { + throw new \Exception($this->l->t('Sharing is only allowed within your own groups')); } } @@ -631,7 +545,7 @@ class Manager implements IManager { } if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) { - throw new AlreadySharedException('Path is already shared with this group', $existingShare); + throw new AlreadySharedException($this->l->t('Path is already shared with this group'), $existingShare); } } } @@ -645,13 +559,13 @@ class Manager implements IManager { protected function linkCreateChecks(IShare $share) { // Are link shares allowed? if (!$this->shareApiAllowLinks()) { - throw new \Exception('Link sharing is not allowed'); + throw new \Exception($this->l->t('Link sharing is not allowed')); } // Check if public upload is allowed - if ($share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload() && - ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) { - throw new \InvalidArgumentException('Public upload is not allowed'); + if ($share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload() + && ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) { + throw new \InvalidArgumentException($this->l->t('Public upload is not allowed')); } } @@ -667,13 +581,10 @@ class Manager implements IManager { * @param IShare $share */ protected function setLinkParent(IShare $share) { - // No sense in checking if the method is not there. - if (method_exists($share, 'setParent')) { - $storage = $share->getNode()->getStorage(); - if ($storage->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) { - /** @var \OCA\Files_Sharing\SharedStorage $storage */ - $share->setParent($storage->getShareId()); - } + $storage = $share->getNode()->getStorage(); + if ($storage->instanceOfStorage(SharedStorage::class)) { + /** @var \OCA\Files_Sharing\SharedStorage $storage */ + $share->setParent((int)$storage->getShareId()); } } @@ -686,7 +597,11 @@ class Manager implements IManager { $mounts = $this->mountManager->findIn($path->getPath()); foreach ($mounts as $mount) { if ($mount->getStorage()->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) { - throw new \InvalidArgumentException('Path contains files shared with you'); + // Using a flat sharing model ensures the file owner can always see who has access. + // Allowing parent folder sharing would require tracking inherited access, which adds complexity + // and hurts performance/scalability. + // So we forbid sharing a parent folder of a share you received. + throw new \InvalidArgumentException($this->l->t('You cannot share a folder that contains other shares')); } } } @@ -700,11 +615,11 @@ class Manager implements IManager { */ protected function canShare(IShare $share) { if (!$this->shareApiEnabled()) { - throw new \Exception('Sharing is disabled'); + throw new \Exception($this->l->t('Sharing is disabled')); } if ($this->sharingDisabledForUser($share->getSharedBy())) { - throw new \Exception('Sharing is disabled for you'); + throw new \Exception($this->l->t('Sharing is disabled for you')); } } @@ -757,20 +672,16 @@ class Manager implements IManager { // Verify the expiration date $share = $this->validateExpirationDateInternal($share); } elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) { - //Verify the expiration date + // Verify the expiration date $share = $this->validateExpirationDateInternal($share); } elseif ($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL) { $this->linkCreateChecks($share); $this->setLinkParent($share); - // For now ignore a set token. - $share->setToken( - $this->secureRandom->generate( - \OC\Share\Constants::TOKEN_LENGTH, - \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE - ) - ); + $token = $this->generateToken(); + // Set the unique token + $share->setToken($token); // Verify the expiration date $share = $this->validateExpirationDateLink($share); @@ -786,18 +697,18 @@ class Manager implements IManager { } // Cannot share with the owner - if ($share->getShareType() === IShare::TYPE_USER && - $share->getSharedWith() === $share->getShareOwner()) { - throw new \InvalidArgumentException('Cannot share with the share owner'); + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $share->getShareOwner()) { + throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner')); } // Generate the target - $defaultShareFolder = $this->config->getSystemValue('share_folder', '/'); - $allowCustomShareFolder = $this->config->getSystemValueBool('sharing.allow_custom_share_folder', true); - if ($allowCustomShareFolder) { - $shareFolder = $this->config->getUserValue($share->getSharedWith(), Application::APP_ID, 'share_folder', $defaultShareFolder); - } else { - $shareFolder = $defaultShareFolder; + $shareFolder = $this->config->getSystemValue('share_folder', '/'); + if ($share->getShareType() === IShare::TYPE_USER) { + $allowCustomShareFolder = $this->config->getSystemValueBool('sharing.allow_custom_share_folder', true); + if ($allowCustomShareFolder) { + $shareFolder = $this->config->getUserValue($share->getSharedWith(), Application::APP_ID, 'share_folder', $shareFolder); + } } $target = $shareFolder . '/' . $share->getNode()->getName(); @@ -805,10 +716,10 @@ class Manager implements IManager { $share->setTarget($target); // Pre share event - $event = new GenericEvent($share); - $this->legacyDispatcher->dispatch('OCP\Share::preShare', $event); - if ($event->isPropagationStopped() && $event->hasArgument('error')) { - throw new \Exception($event->getArgument('error')); + $event = new Share\Events\BeforeShareCreatedEvent($share); + $this->dispatcher->dispatchTyped($event); + if ($event->isPropagationStopped() && $event->getError()) { + throw new \Exception($event->getError()); } $oldShare = $share; @@ -823,133 +734,35 @@ class Manager implements IManager { $share->setTarget($target); } } catch (AlreadySharedException $e) { - // if a share for the same target already exists, dont create a new one, but do trigger the hooks and notifications again + // If a share for the same target already exists, dont create a new one, + // but do trigger the hooks and notifications again + $oldShare = $share; + + // Reuse the node we already have $share = $e->getExistingShare(); + $share->setNode($oldShare->getNode()); } // Post share event - $event = new GenericEvent($share); - $this->legacyDispatcher->dispatch('OCP\Share::postShare', $event); - - $this->dispatcher->dispatchTyped(new Share\Events\ShareCreatedEvent($share)); - - if ($this->config->getSystemValueBool('sharing.enable_share_mail', true) - && $share->getShareType() === IShare::TYPE_USER) { - $mailSend = $share->getMailSend(); - if ($mailSend === true) { - $user = $this->userManager->get($share->getSharedWith()); - if ($user !== null) { - $emailAddress = $user->getEMailAddress(); - if ($emailAddress !== null && $emailAddress !== '') { - $userLang = $this->l10nFactory->getUserLanguage($user); - $l = $this->l10nFactory->get('lib', $userLang); - $this->sendMailNotification( - $l, - $share->getNode()->getName(), - $this->urlGenerator->linkToRouteAbsolute('files_sharing.Accept.accept', ['shareId' => $share->getFullId()]), - $share->getSharedBy(), - $emailAddress, - $share->getExpirationDate(), - $share->getNote() - ); - $this->logger->debug('Sent share notification to ' . $emailAddress . ' for share with ID ' . $share->getId(), ['app' => 'share']); - } else { - $this->logger->debug('Share notification not sent to ' . $share->getSharedWith() . ' because email address is not set.', ['app' => 'share']); - } + $this->dispatcher->dispatchTyped(new ShareCreatedEvent($share)); + + // Send email if needed + if ($this->config->getSystemValueBool('sharing.enable_share_mail', true)) { + if ($share->getMailSend()) { + $provider = $this->factory->getProviderForType($share->getShareType()); + if ($provider instanceof IShareProviderWithNotification) { + $provider->sendMailNotification($share); } else { - $this->logger->debug('Share notification not sent to ' . $share->getSharedWith() . ' because user could not be found.', ['app' => 'share']); + $this->logger->debug('Share notification not sent because the provider does not support it.', ['app' => 'share']); } } else { $this->logger->debug('Share notification not sent because mailsend is false.', ['app' => 'share']); } - } - - return $share; - } - - /** - * Send mail notifications - * - * This method will catch and log mail transmission errors - * - * @param IL10N $l Language of the recipient - * @param string $filename file/folder name - * @param string $link link to the file/folder - * @param string $initiator user ID of share sender - * @param string $shareWith email address of share receiver - * @param \DateTime|null $expiration - */ - protected function sendMailNotification(IL10N $l, - $filename, - $link, - $initiator, - $shareWith, - \DateTime $expiration = null, - $note = '') { - $initiatorUser = $this->userManager->get($initiator); - $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator; - - $message = $this->mailer->createMessage(); - - $emailTemplate = $this->mailer->createEMailTemplate('files_sharing.RecipientNotification', [ - 'filename' => $filename, - 'link' => $link, - 'initiator' => $initiatorDisplayName, - 'expiration' => $expiration, - 'shareWith' => $shareWith, - ]); - - $emailTemplate->setSubject($l->t('%1$s shared »%2$s« with you', [$initiatorDisplayName, $filename])); - $emailTemplate->addHeader(); - $emailTemplate->addHeading($l->t('%1$s shared »%2$s« with you', [$initiatorDisplayName, $filename]), false); - $text = $l->t('%1$s shared »%2$s« with you.', [$initiatorDisplayName, $filename]); - - if ($note !== '') { - $emailTemplate->addBodyText(htmlspecialchars($note), $note); - } - - $emailTemplate->addBodyText( - htmlspecialchars($text . ' ' . $l->t('Click the button below to open it.')), - $text - ); - $emailTemplate->addBodyButton( - $l->t('Open »%s«', [$filename]), - $link - ); - - $message->setTo([$shareWith]); - - // The "From" contains the sharers name - $instanceName = $this->defaults->getName(); - $senderName = $l->t( - '%1$s via %2$s', - [ - $initiatorDisplayName, - $instanceName, - ] - ); - $message->setFrom([\OCP\Util::getDefaultEmailAddress('noreply') => $senderName]); - - // The "Reply-To" is set to the sharer if an mail address is configured - // also the default footer contains a "Do not reply" which needs to be adjusted. - $initiatorEmail = $initiatorUser->getEMailAddress(); - if ($initiatorEmail !== null) { - $message->setReplyTo([$initiatorEmail => $initiatorDisplayName]); - $emailTemplate->addFooter($instanceName . ($this->defaults->getSlogan($l->getLanguageCode()) !== '' ? ' - ' . $this->defaults->getSlogan($l->getLanguageCode()) : '')); } else { - $emailTemplate->addFooter('', $l->getLanguageCode()); + $this->logger->debug('Share notification not sent because sharing notification emails is disabled.', ['app' => 'share']); } - $message->useTemplate($emailTemplate); - try { - $failedRecipients = $this->mailer->send($message); - if (!empty($failedRecipients)) { - $this->logger->error('Share notification mail could not be sent to: ' . implode(', ', $failedRecipients)); - return; - } - } catch (\Exception $e) { - $this->logger->error('Share notification mail could not be sent', ['exception' => $e]); - } + return $share; } /** @@ -958,42 +771,43 @@ class Manager implements IManager { * @param IShare $share * @return IShare The share object * @throws \InvalidArgumentException + * @throws HintException */ - public function updateShare(IShare $share) { + public function updateShare(IShare $share, bool $onlyValid = true) { $expirationDateUpdated = false; $this->canShare($share); try { - $originalShare = $this->getShareById($share->getFullId()); + $originalShare = $this->getShareById($share->getFullId(), onlyValid: $onlyValid); } catch (\UnexpectedValueException $e) { - throw new \InvalidArgumentException('Share does not have a full id'); + throw new \InvalidArgumentException($this->l->t('Share does not have a full ID')); } // We cannot change the share type! if ($share->getShareType() !== $originalShare->getShareType()) { - throw new \InvalidArgumentException('Cannot change share type'); + throw new \InvalidArgumentException($this->l->t('Cannot change share type')); } // We can only change the recipient on user shares - if ($share->getSharedWith() !== $originalShare->getSharedWith() && - $share->getShareType() !== IShare::TYPE_USER) { - throw new \InvalidArgumentException('Can only update recipient on user shares'); + if ($share->getSharedWith() !== $originalShare->getSharedWith() + && $share->getShareType() !== IShare::TYPE_USER) { + throw new \InvalidArgumentException($this->l->t('Can only update recipient on user shares')); } // Cannot share with the owner - if ($share->getShareType() === IShare::TYPE_USER && - $share->getSharedWith() === $share->getShareOwner()) { - throw new \InvalidArgumentException('Cannot share with the share owner'); + if ($share->getShareType() === IShare::TYPE_USER + && $share->getSharedWith() === $share->getShareOwner()) { + throw new \InvalidArgumentException($this->l->t('Cannot share with the share owner')); } - $this->generalCreateChecks($share); + $this->generalCreateChecks($share, true); if ($share->getShareType() === IShare::TYPE_USER) { $this->userCreateChecks($share); if ($share->getExpirationDate() != $originalShare->getExpirationDate()) { - //Verify the expiration date + // Verify the expiration date $this->validateExpirationDateInternal($share); $expirationDateUpdated = true; } @@ -1001,7 +815,7 @@ class Manager implements IManager { $this->groupCreateChecks($share); if ($share->getExpirationDate() != $originalShare->getExpirationDate()) { - //Verify the expiration date + // Verify the expiration date $this->validateExpirationDateInternal($share); $expirationDateUpdated = true; } @@ -1019,7 +833,7 @@ class Manager implements IManager { * Cannot enable the getSendPasswordByTalk if there is no password set */ if (empty($plainTextPassword) && $share->getSendPasswordByTalk()) { - throw new \InvalidArgumentException('Cannot enable sending the password by Talk with an empty password'); + throw new \InvalidArgumentException($this->l->t('Cannot enable sending the password by Talk with an empty password')); } /** @@ -1029,10 +843,10 @@ class Manager implements IManager { */ if (!$updatedPassword && $share->getShareType() === IShare::TYPE_EMAIL) { if (!$originalShare->getSendPasswordByTalk() && $share->getSendPasswordByTalk()) { - throw new \InvalidArgumentException('Cannot enable sending the password by Talk without setting a new password'); + throw new \InvalidArgumentException($this->l->t('Cannot enable sending the password by Talk without setting a new password')); } if ($originalShare->getSendPasswordByTalk() && !$share->getSendPasswordByTalk()) { - throw new \InvalidArgumentException('Cannot disable sending the password by Talk without setting a new password'); + throw new \InvalidArgumentException($this->l->t('Cannot disable sending the password by Talk without setting a new password')); } } @@ -1043,7 +857,7 @@ class Manager implements IManager { } } elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) { if ($share->getExpirationDate() != $originalShare->getExpirationDate()) { - //Verify the expiration date + // Verify the expiration date $this->validateExpirationDateInternal($share); $expirationDateUpdated = true; } @@ -1054,6 +868,7 @@ class Manager implements IManager { // Now update the share! $provider = $this->factory->getProviderForType($share->getShareType()); if ($share->getShareType() === IShare::TYPE_EMAIL) { + /** @var ShareByMailProvider $provider */ $share = $provider->update($share, $plainTextPassword); } else { $share = $provider->update($share); @@ -1105,20 +920,21 @@ class Manager implements IManager { * @param IShare $share * @param string $recipientId * @return IShare The share object - * @throws \InvalidArgumentException + * @throws \InvalidArgumentException Thrown if the provider does not implement `IShareProviderSupportsAccept` * @since 9.0.0 */ public function acceptShare(IShare $share, string $recipientId): IShare { [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); - if (!method_exists($provider, 'acceptShare')) { - // TODO FIX ME - throw new \InvalidArgumentException('Share provider does not support accepting'); + if (!($provider instanceof IShareProviderSupportsAccept)) { + throw new \InvalidArgumentException($this->l->t('Share provider does not support accepting')); } + /** @var IShareProvider&IShareProviderSupportsAccept $provider */ $provider->acceptShare($share, $recipientId); - $event = new GenericEvent($share); - $this->legacyDispatcher->dispatch('OCP\Share::postAcceptShare', $event); + + $event = new ShareAcceptedEvent($share); + $this->dispatcher->dispatchTyped($event); return $share; } @@ -1129,19 +945,19 @@ class Manager implements IManager { * * @param IShare $share the share to update its password. * @param IShare $originalShare the original share to compare its - * password with. + * password with. * @return boolean whether the password was updated or not. */ private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) { - $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) && - (($share->getPassword() !== null && $originalShare->getPassword() === null) || - ($share->getPassword() === null && $originalShare->getPassword() !== null) || - ($share->getPassword() !== null && $originalShare->getPassword() !== null && - !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); + $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) + && (($share->getPassword() !== null && $originalShare->getPassword() === null) + || ($share->getPassword() === null && $originalShare->getPassword() !== null) + || ($share->getPassword() !== null && $originalShare->getPassword() !== null + && !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); // Password updated. if ($passwordsAreDifferent) { - //Verify the password + // Verify the password $this->verifyPassword($share->getPassword()); // If a password is set. Hash it! @@ -1174,7 +990,7 @@ class Manager implements IManager { * Set the share's password expiration time */ private function setSharePasswordExpirationTime(IShare $share): void { - if (!$this->config->getSystemValue('sharing.enable_mail_link_password_expiration', false)) { + if (!$this->config->getSystemValueBool('sharing.enable_mail_link_password_expiration', false)) { // Sets password expiration date to NULL $share->setPasswordExpirationTime(); return; @@ -1190,7 +1006,6 @@ class Manager implements IManager { /** * Delete all the children of this share - * FIXME: remove once https://github.com/owncloud/core/pull/21660 is in * * @param IShare $share * @return IShare[] List of deleted shares @@ -1201,17 +1016,107 @@ class Manager implements IManager { $provider = $this->factory->getProviderForType($share->getShareType()); foreach ($provider->getChildren($share) as $child) { + $this->dispatcher->dispatchTyped(new BeforeShareDeletedEvent($child)); + $deletedChildren = $this->deleteChildren($child); $deletedShares = array_merge($deletedShares, $deletedChildren); $provider->delete($child); - $this->dispatcher->dispatchTyped(new Share\Events\ShareDeletedEvent($child)); + $this->dispatcher->dispatchTyped(new ShareDeletedEvent($child)); $deletedShares[] = $child; } return $deletedShares; } + /** Promote re-shares into direct shares so that target user keeps access */ + protected function promoteReshares(IShare $share): void { + try { + $node = $share->getNode(); + } catch (NotFoundException) { + /* Skip if node not found */ + return; + } + + $userIds = []; + + if ($share->getShareType() === IShare::TYPE_USER) { + $userIds[] = $share->getSharedWith(); + } elseif ($share->getShareType() === IShare::TYPE_GROUP) { + $group = $this->groupManager->get($share->getSharedWith()); + $users = $group?->getUsers() ?? []; + + foreach ($users as $user) { + /* Skip share owner */ + if ($user->getUID() === $share->getShareOwner() || $user->getUID() === $share->getSharedBy()) { + continue; + } + $userIds[] = $user->getUID(); + } + } else { + /* We only support user and group shares */ + return; + } + + $reshareRecords = []; + $shareTypes = [ + IShare::TYPE_GROUP, + IShare::TYPE_USER, + IShare::TYPE_LINK, + IShare::TYPE_REMOTE, + IShare::TYPE_EMAIL, + ]; + + foreach ($userIds as $userId) { + foreach ($shareTypes as $shareType) { + try { + $provider = $this->factory->getProviderForType($shareType); + } catch (ProviderException $e) { + continue; + } + + if ($node instanceof Folder) { + /* We need to get all shares by this user to get subshares */ + $shares = $provider->getSharesBy($userId, $shareType, null, false, -1, 0); + + foreach ($shares as $share) { + try { + $path = $share->getNode()->getPath(); + } catch (NotFoundException) { + /* Ignore share of non-existing node */ + continue; + } + if ($node->getRelativePath($path) !== null) { + /* If relative path is not null it means the shared node is the same or in a subfolder */ + $reshareRecords[] = $share; + } + } + } else { + $shares = $provider->getSharesBy($userId, $shareType, $node, false, -1, 0); + foreach ($shares as $child) { + $reshareRecords[] = $child; + } + } + } + } + + foreach ($reshareRecords as $child) { + try { + /* Check if the share is still valid (means the resharer still has access to the file through another mean) */ + $this->generalCreateChecks($child); + } catch (GenericShareException $e) { + /* The check is invalid, promote it to a direct share from the sharer of parent share */ + $this->logger->debug('Promote reshare because of exception ' . $e->getMessage(), ['exception' => $e, 'fullId' => $child->getFullId()]); + try { + $child->setSharedBy($share->getSharedBy()); + $this->updateShare($child); + } catch (GenericShareException|\InvalidArgumentException $e) { + $this->logger->warning('Failed to promote reshare because of exception ' . $e->getMessage(), ['exception' => $e, 'fullId' => $child->getFullId()]); + } + } + } + } + /** * Delete a share * @@ -1223,27 +1128,22 @@ class Manager implements IManager { try { $share->getFullId(); } catch (\UnexpectedValueException $e) { - throw new \InvalidArgumentException('Share does not have a full id'); + throw new \InvalidArgumentException($this->l->t('Share does not have a full ID')); } - $event = new GenericEvent($share); - $this->legacyDispatcher->dispatch('OCP\Share::preUnshare', $event); + $this->dispatcher->dispatchTyped(new BeforeShareDeletedEvent($share)); // Get all children and delete them as well - $deletedShares = $this->deleteChildren($share); + $this->deleteChildren($share); // Do the actual delete $provider = $this->factory->getProviderForType($share->getShareType()); $provider->delete($share); - $this->dispatcher->dispatchTyped(new Share\Events\ShareDeletedEvent($share)); + $this->dispatcher->dispatchTyped(new ShareDeletedEvent($share)); - // All the deleted shares caused by this delete - $deletedShares[] = $share; - - // Emit post hook - $event->setArgument('deletedShares', $deletedShares); - $this->legacyDispatcher->dispatch('OCP\Share::postUnshare', $event); + // Promote reshares of the deleted share + $this->promoteReshares($share); } @@ -1261,8 +1161,8 @@ class Manager implements IManager { $provider = $this->factory->getProvider($providerId); $provider->deleteFromSelf($share, $recipientId); - $event = new GenericEvent($share); - $this->legacyDispatcher->dispatch('OCP\Share::postUnshareFromSelf', $event); + $event = new ShareDeletedFromSelfEvent($share); + $this->dispatcher->dispatchTyped($event); } public function restoreShare(IShare $share, string $recipientId): IShare { @@ -1278,21 +1178,21 @@ class Manager implements IManager { public function moveShare(IShare $share, $recipientId) { if ($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL) { - throw new \InvalidArgumentException('Cannot change target of link share'); + throw new \InvalidArgumentException($this->l->t('Cannot change target of link share')); } if ($share->getShareType() === IShare::TYPE_USER && $share->getSharedWith() !== $recipientId) { - throw new \InvalidArgumentException('Invalid recipient'); + throw new \InvalidArgumentException($this->l->t('Invalid share recipient')); } if ($share->getShareType() === IShare::TYPE_GROUP) { $sharedWith = $this->groupManager->get($share->getSharedWith()); if (is_null($sharedWith)) { - throw new \InvalidArgumentException('Group "' . $share->getSharedWith() . '" does not exist'); + throw new \InvalidArgumentException($this->l->t('Group "%s" does not exist', [$share->getSharedWith()])); } $recipient = $this->userManager->get($recipientId); if (!$sharedWith->inGroup($recipient)) { - throw new \InvalidArgumentException('Invalid recipient'); + throw new \InvalidArgumentException($this->l->t('Invalid share recipient')); } } @@ -1304,28 +1204,42 @@ class Manager implements IManager { public function getSharesInFolder($userId, Folder $node, $reshares = false, $shallow = true) { $providers = $this->factory->getAllProviders(); + if (!$shallow) { + throw new \Exception('non-shallow getSharesInFolder is no longer supported'); + } - return array_reduce($providers, function ($shares, IShareProvider $provider) use ($userId, $node, $reshares, $shallow) { - $newShares = $provider->getSharesInFolder($userId, $node, $reshares, $shallow); - foreach ($newShares as $fid => $data) { - if (!isset($shares[$fid])) { - $shares[$fid] = []; - } + $isOwnerless = $node->getMountPoint() instanceof IShareOwnerlessMount; - $shares[$fid] = array_merge($shares[$fid], $data); + $shares = []; + foreach ($providers as $provider) { + if ($isOwnerless) { + // If the provider does not implement the additional interface, + // we lack a performant way of querying all shares and therefore ignore the provider. + if ($provider instanceof IShareProviderSupportsAllSharesInFolder) { + foreach ($provider->getAllSharesInFolder($node) as $fid => $data) { + $shares[$fid] ??= []; + $shares[$fid] = array_merge($shares[$fid], $data); + } + } + } else { + foreach ($provider->getSharesInFolder($userId, $node, $reshares) as $fid => $data) { + $shares[$fid] ??= []; + $shares[$fid] = array_merge($shares[$fid], $data); + } } - return $shares; - }, []); + } + + return $shares; } /** * @inheritdoc */ - public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0) { - if ($path !== null && - !($path instanceof \OCP\Files\File) && - !($path instanceof \OCP\Files\Folder)) { - throw new \InvalidArgumentException('invalid path'); + public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0, bool $onlyValid = true) { + if ($path !== null + && !($path instanceof \OCP\Files\File) + && !($path instanceof \OCP\Files\Folder)) { + throw new \InvalidArgumentException($this->l->t('Invalid path')); } try { @@ -1334,7 +1248,11 @@ class Manager implements IManager { return []; } - $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset); + if ($path?->getMountPoint() instanceof IShareOwnerlessMount) { + $shares = array_filter($provider->getSharesByPath($path), static fn (IShare $share) => $share->getShareType() === $shareType); + } else { + $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset); + } /* * Work around so we don't return expired shares but still follow @@ -1346,11 +1264,13 @@ class Manager implements IManager { while (true) { $added = 0; foreach ($shares as $share) { - try { - $this->checkExpireDate($share); - } catch (ShareNotFound $e) { - //Ignore since this basically means the share is deleted - continue; + if ($onlyValid) { + try { + $this->checkShare($share); + } catch (ShareNotFound $e) { + // Ignore since this basically means the share is deleted + continue; + } } $added++; @@ -1378,7 +1298,12 @@ class Manager implements IManager { $offset += $added; // Fetch again $limit shares - $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset); + if ($path?->getMountPoint() instanceof IShareOwnerlessMount) { + // We already fetched all shares, so end here + $shares = []; + } else { + $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset); + } // No more shares means we are done if (empty($shares)) { @@ -1406,7 +1331,7 @@ class Manager implements IManager { // remove all shares which are already expired foreach ($shares as $key => $share) { try { - $this->checkExpireDate($share); + $this->checkShare($share); } catch (ShareNotFound $e) { unset($shares[$key]); } @@ -1437,7 +1362,7 @@ class Manager implements IManager { /** * @inheritdoc */ - public function getShareById($id, $recipient = null) { + public function getShareById($id, $recipient = null, bool $onlyValid = true) { if ($id === null) { throw new ShareNotFound(); } @@ -1452,7 +1377,9 @@ class Manager implements IManager { $share = $provider->getShareById($id, $recipient); - $this->checkExpireDate($share); + if ($onlyValid) { + $this->checkShare($share); + } return $share; } @@ -1536,7 +1463,7 @@ class Manager implements IManager { throw new ShareNotFound($this->l->t('The requested share does not exist anymore')); } - $this->checkExpireDate($share); + $this->checkShare($share); /* * Reduce the permissions for link or email shares if public upload is not enabled @@ -1549,11 +1476,25 @@ class Manager implements IManager { return $share; } - protected function checkExpireDate($share) { + /** + * Check expire date and disabled owner + * + * @throws ShareNotFound + */ + protected function checkShare(IShare $share): void { if ($share->isExpired()) { $this->deleteShare($share); throw new ShareNotFound($this->l->t('The requested share does not exist anymore')); } + if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'no') === 'yes') { + $uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]); + foreach ($uids as $uid) { + $user = $this->userManager->get($uid); + if ($user?->isEnabled() === false) { + throw new ShareNotFound($this->l->t('The requested share comes from a disabled user')); + } + } + } } /** @@ -1564,14 +1505,8 @@ class Manager implements IManager { * @return bool */ public function checkPassword(IShare $share, $password) { - $passwordProtected = $share->getShareType() !== IShare::TYPE_LINK - || $share->getShareType() !== IShare::TYPE_EMAIL - || $share->getShareType() !== IShare::TYPE_CIRCLE; - if (!$passwordProtected) { - //TODO maybe exception? - return false; - } + // if there is no password on the share object / passsword is null, there is nothing to check if ($password === null || $share->getPassword() === null) { return false; } @@ -1616,8 +1551,14 @@ class Manager implements IManager { * @inheritdoc */ public function groupDeleted($gid) { - $provider = $this->factory->getProviderForType(IShare::TYPE_GROUP); - $provider->groupDeleted($gid); + foreach ([IShare::TYPE_GROUP, IShare::TYPE_REMOTE_GROUP] as $type) { + try { + $provider = $this->factory->getProviderForType($type); + } catch (ProviderException $e) { + continue; + } + $provider->groupDeleted($gid); + } $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); if ($excludedGroups === '') { @@ -1637,8 +1578,14 @@ class Manager implements IManager { * @inheritdoc */ public function userDeletedFromGroup($uid, $gid) { - $provider = $this->factory->getProviderForType(IShare::TYPE_GROUP); - $provider->userDeletedFromGroup($uid, $gid); + foreach ([IShare::TYPE_GROUP, IShare::TYPE_REMOTE_GROUP] as $type) { + try { + $provider = $this->factory->getProviderForType($type); + } catch (ProviderException $e) { + continue; + } + $provider->userDeletedFromGroup($uid, $gid); + } } /** @@ -1651,9 +1598,10 @@ class Manager implements IManager { * |-folder2 (32) * |-fileA (42) * - * fileA is shared with user1 and user1@server1 + * fileA is shared with user1 and user1@server1 and email1@maildomain1 * folder2 is shared with group2 (user4 is a member of group2) * folder1 is shared with user2 (renamed to "folder (1)") and user2@server2 + * and email2@maildomain2 * * Then the access list to '/folder1/folder2/fileA' with $currentAccess is: * [ @@ -1667,7 +1615,10 @@ class Manager implements IManager { * 'user2@server2' => ['node_id' => 23, 'token' => 'FooBaR'], * ], * public => bool - * mail => bool + * mail => [ + * 'email1@maildomain1' => ['node_id' => 42, 'token' => 'aBcDeFg'], + * 'email2@maildomain2' => ['node_id' => 23, 'token' => 'hIjKlMn'], + * ] * ] * * The access list to '/folder1/folder2/fileA' **without** $currentAccess is: @@ -1675,7 +1626,7 @@ class Manager implements IManager { * users => ['user1', 'user2', 'user4'], * remote => bool, * public => bool - * mail => bool + * mail => ['email1@maildomain1', 'email2@maildomain2'] * ] * * This is required for encryption/activity @@ -1695,9 +1646,9 @@ class Manager implements IManager { $owner = $owner->getUID(); if ($currentAccess) { - $al = ['users' => [], 'remote' => [], 'public' => false]; + $al = ['users' => [], 'remote' => [], 'public' => false, 'mail' => []]; } else { - $al = ['users' => [], 'remote' => false, 'public' => false]; + $al = ['users' => [], 'remote' => false, 'public' => false, 'mail' => []]; } if (!$this->userManager->userExists($owner)) { return $al; @@ -1706,8 +1657,7 @@ class Manager implements IManager { //Get node for the owner and correct the owner in case of external storage $userFolder = $this->rootFolder->getUserFolder($owner); if ($path->getId() !== $userFolder->getId() && !$userFolder->isSubNode($path)) { - $nodes = $userFolder->getById($path->getId()); - $path = array_shift($nodes); + $path = $userFolder->getFirstNodeById($path->getId()); if ($path === null || $path->getOwner() === null) { return []; } @@ -1828,7 +1778,7 @@ class Manager implements IManager { } } } - return $this->config->getAppValue('core', 'shareapi_enforce_links_password', 'no') === 'yes'; + return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_LINK_PASSWORD_ENFORCED); } /** @@ -1847,8 +1797,8 @@ class Manager implements IManager { * @return bool */ public function shareApiLinkDefaultExpireDateEnforced() { - return $this->shareApiLinkDefaultExpireDate() && - $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes'; + return $this->shareApiLinkDefaultExpireDate() + && $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes'; } @@ -1885,8 +1835,8 @@ class Manager implements IManager { * @return bool */ public function shareApiInternalDefaultExpireDateEnforced(): bool { - return $this->shareApiInternalDefaultExpireDate() && - $this->config->getAppValue('core', 'shareapi_enforce_internal_expire_date', 'no') === 'yes'; + return $this->shareApiInternalDefaultExpireDate() + && $this->config->getAppValue('core', 'shareapi_enforce_internal_expire_date', 'no') === 'yes'; } /** @@ -1895,8 +1845,8 @@ class Manager implements IManager { * @return bool */ public function shareApiRemoteDefaultExpireDateEnforced(): bool { - return $this->shareApiRemoteDefaultExpireDate() && - $this->config->getAppValue('core', 'shareapi_enforce_remote_expire_date', 'no') === 'yes'; + return $this->shareApiRemoteDefaultExpireDate() + && $this->config->getAppValue('core', 'shareapi_enforce_remote_expire_date', 'no') === 'yes'; } /** @@ -1936,6 +1886,21 @@ class Manager implements IManager { } /** + * If shareWithGroupMembersOnly is enabled, return an optional + * list of groups that must be excluded from the principle of + * belonging to the same group. + * + * @return array + */ + public function shareWithGroupMembersOnlyExcludeGroupsList() { + if (!$this->shareWithGroupMembersOnly()) { + return []; + } + $excludeGroups = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', ''); + return json_decode($excludeGroups, true) ?? []; + } + + /** * Check if users can share with groups * * @return bool @@ -1949,13 +1914,13 @@ class Manager implements IManager { } public function limitEnumerationToGroups(): bool { - return $this->allowEnumeration() && - $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; + return $this->allowEnumeration() + && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; } public function limitEnumerationToPhone(): bool { - return $this->allowEnumeration() && - $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; + return $this->allowEnumeration() + && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; } public function allowEnumerationFullMatch(): bool { @@ -1970,6 +1935,14 @@ class Manager implements IManager { return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes'; } + public function allowCustomTokens(): bool { + return $this->appConfig->getValueBool('core', ConfigLexicon::SHARE_CUSTOM_TOKEN); + } + + public function allowViewWithoutDownload(): bool { + return $this->appConfig->getValueBool('core', 'shareapi_allow_view_without_download', true); + } + public function currentUserCanEnumerateTargetUser(?IUser $currentUser, IUser $targetUser): bool { if ($this->allowEnumerationFullMatch()) { return true; @@ -2007,45 +1980,10 @@ class Manager implements IManager { } /** - * Copied from \OC_Util::isSharingDisabledForUser - * - * TODO: Deprecate function from OC_Util - * - * @param string $userId - * @return bool + * Check if sharing is disabled for the current user */ - public function sharingDisabledForUser($userId) { - if ($userId === null) { - return false; - } - - if (isset($this->sharingDisabledForUsersCache[$userId])) { - return $this->sharingDisabledForUsersCache[$userId]; - } - - if ($this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') { - $groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); - $excludedGroups = json_decode($groupsList); - if (is_null($excludedGroups)) { - $excludedGroups = explode(',', $groupsList); - $newValue = json_encode($excludedGroups); - $this->config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue); - } - $user = $this->userManager->get($userId); - $usersGroups = $this->groupManager->getUserGroupIds($user); - if (!empty($usersGroups)) { - $remainingGroups = array_diff($usersGroups, $excludedGroups); - // if the user is only in groups which are disabled for sharing then - // sharing is also disabled for the user - if (empty($remainingGroups)) { - $this->sharingDisabledForUsersCache[$userId] = true; - return true; - } - } - } - - $this->sharingDisabledForUsersCache[$userId] = false; - return false; + public function sharingDisabledForUser(?string $userId): bool { + return $this->shareDisableChecker->sharingDisabledForUser($userId); } /** @@ -2086,4 +2024,43 @@ class Manager implements IManager { yield from $provider->getAllShares(); } } + + public function generateToken(): string { + // Initial token length + $tokenLength = \OC\Share\Helper::getTokenLength(); + + do { + $tokenExists = false; + + for ($i = 0; $i <= 2; $i++) { + // Generate a new token + $token = $this->secureRandom->generate( + $tokenLength, + ISecureRandom::CHAR_HUMAN_READABLE, + ); + + try { + // Try to fetch a share with the generated token + $this->getShareByToken($token); + $tokenExists = true; // Token exists, we need to try again + } catch (ShareNotFound $e) { + // Token is unique, exit the loop + $tokenExists = false; + break; + } + } + + // If we've reached the maximum attempts and the token still exists, increase the token length + if ($tokenExists) { + $tokenLength++; + + // Check if the token length exceeds the maximum allowed length + if ($tokenLength > \OC\Share\Constants::MAX_TOKEN_LENGTH) { + throw new ShareTokenException('Unable to generate a unique share token. Maximum token length exceeded.'); + } + } + } while ($tokenExists); + + return $token; + } } diff --git a/lib/private/Share20/ProviderFactory.php b/lib/private/Share20/ProviderFactory.php index 16f9a17ee42..d920edfd90e 100644 --- a/lib/private/Share20/ProviderFactory.php +++ b/lib/private/Share20/ProviderFactory.php @@ -1,50 +1,21 @@ <?php + +declare(strict_types=1); + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Daniel Calviño Sánchez <danxuliu@gmail.com> - * @author Joas Schilling <coding@schilljs.com> - * @author John Molakvoæ <skjnldsv@protonmail.com> - * @author Julius Härtl <jus@bitgrid.net> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Maxence Lange <maxence@nextcloud.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Samuel <faust64@gmail.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OC\Share20; use OC\Share20\Exception\ProviderException; -use OCA\FederatedFileSharing\AddressHandler; use OCA\FederatedFileSharing\FederatedShareProvider; -use OCA\FederatedFileSharing\Notifications; -use OCA\FederatedFileSharing\TokenHandler; -use OCA\ShareByMail\Settings\SettingsManager; use OCA\ShareByMail\ShareByMailProvider; use OCA\Talk\Share\RoomShareProvider; -use OCP\Defaults; -use OCP\EventDispatcher\IEventDispatcher; -use OCP\IServerContainer; -use OCP\Share\IManager; +use OCP\App\IAppManager; +use OCP\Server; use OCP\Share\IProviderFactory; use OCP\Share\IShare; use OCP\Share\IShareProvider; @@ -56,32 +27,23 @@ use Psr\Log\LoggerInterface; * @package OC\Share20 */ class ProviderFactory implements IProviderFactory { - /** @var IServerContainer */ - private $serverContainer; - /** @var DefaultShareProvider */ - private $defaultProvider = null; - /** @var FederatedShareProvider */ - private $federatedProvider = null; - /** @var ShareByMailProvider */ - private $shareByMailProvider; - /** @var \OCA\Circles\ShareByCircleProvider */ - private $shareByCircleProvider = null; - /** @var bool */ - private $circlesAreNotAvailable = false; - /** @var \OCA\Talk\Share\RoomShareProvider */ + private ?DefaultShareProvider $defaultProvider = null; + private ?FederatedShareProvider $federatedProvider = null; + private ?ShareByMailProvider $shareByMailProvider = null; + /** + * @psalm-suppress UndefinedDocblockClass + * @var ?RoomShareProvider + */ private $roomShareProvider = null; - private $registeredShareProviders = []; + private array $registeredShareProviders = []; - private $shareProviders = []; + private array $shareProviders = []; - /** - * IProviderFactory constructor. - * - * @param IServerContainer $serverContainer - */ - public function __construct(IServerContainer $serverContainer) { - $this->serverContainer = $serverContainer; + public function __construct( + protected IAppManager $appManager, + protected LoggerInterface $logger, + ) { } public function registerProvider(string $shareProviderClass): void { @@ -90,79 +52,24 @@ class ProviderFactory implements IProviderFactory { /** * Create the default share provider. - * - * @return DefaultShareProvider */ - protected function defaultShareProvider() { - if ($this->defaultProvider === null) { - $this->defaultProvider = new DefaultShareProvider( - $this->serverContainer->getDatabaseConnection(), - $this->serverContainer->getUserManager(), - $this->serverContainer->getGroupManager(), - $this->serverContainer->getLazyRootFolder(), - $this->serverContainer->getMailer(), - $this->serverContainer->query(Defaults::class), - $this->serverContainer->getL10NFactory(), - $this->serverContainer->getURLGenerator(), - $this->serverContainer->getConfig() - ); - } - - return $this->defaultProvider; + protected function defaultShareProvider(): DefaultShareProvider { + return Server::get(DefaultShareProvider::class); } /** * Create the federated share provider - * - * @return FederatedShareProvider */ - protected function federatedShareProvider() { + protected function federatedShareProvider(): ?FederatedShareProvider { if ($this->federatedProvider === null) { /* * Check if the app is enabled */ - $appManager = $this->serverContainer->getAppManager(); - if (!$appManager->isEnabledForUser('federatedfilesharing')) { + if (!$this->appManager->isEnabledForUser('federatedfilesharing')) { return null; } - /* - * TODO: add factory to federated sharing app - */ - $l = $this->serverContainer->getL10N('federatedfilesharing'); - $addressHandler = new AddressHandler( - $this->serverContainer->getURLGenerator(), - $l, - $this->serverContainer->getCloudIdManager() - ); - $notifications = new Notifications( - $addressHandler, - $this->serverContainer->getHTTPClientService(), - $this->serverContainer->query(\OCP\OCS\IDiscoveryService::class), - $this->serverContainer->getLogger(), - $this->serverContainer->getJobList(), - \OC::$server->getCloudFederationProviderManager(), - \OC::$server->getCloudFederationFactory(), - $this->serverContainer->query(IEventDispatcher::class) - ); - $tokenHandler = new TokenHandler( - $this->serverContainer->getSecureRandom() - ); - - $this->federatedProvider = new FederatedShareProvider( - $this->serverContainer->getDatabaseConnection(), - $addressHandler, - $notifications, - $tokenHandler, - $l, - $this->serverContainer->getLogger(), - $this->serverContainer->getLazyRootFolder(), - $this->serverContainer->getConfig(), - $this->serverContainer->getUserManager(), - $this->serverContainer->getCloudIdManager(), - $this->serverContainer->getGlobalScaleConfig(), - $this->serverContainer->getCloudFederationProviderManager() - ); + $this->federatedProvider = Server::get(FederatedShareProvider::class); } return $this->federatedProvider; @@ -170,90 +77,34 @@ class ProviderFactory implements IProviderFactory { /** * Create the federated share provider - * - * @return ShareByMailProvider */ - protected function getShareByMailProvider() { + protected function getShareByMailProvider(): ?ShareByMailProvider { if ($this->shareByMailProvider === null) { /* * Check if the app is enabled */ - $appManager = $this->serverContainer->getAppManager(); - if (!$appManager->isEnabledForUser('sharebymail')) { + if (!$this->appManager->isEnabledForUser('sharebymail')) { return null; } - $settingsManager = new SettingsManager($this->serverContainer->getConfig()); - - $this->shareByMailProvider = new ShareByMailProvider( - $this->serverContainer->getConfig(), - $this->serverContainer->getDatabaseConnection(), - $this->serverContainer->getSecureRandom(), - $this->serverContainer->getUserManager(), - $this->serverContainer->getLazyRootFolder(), - $this->serverContainer->getL10N('sharebymail'), - $this->serverContainer->getLogger(), - $this->serverContainer->getMailer(), - $this->serverContainer->getURLGenerator(), - $this->serverContainer->getActivityManager(), - $settingsManager, - $this->serverContainer->query(Defaults::class), - $this->serverContainer->getHasher(), - $this->serverContainer->get(IEventDispatcher::class), - $this->serverContainer->get(IManager::class) - ); + $this->shareByMailProvider = Server::get(ShareByMailProvider::class); } return $this->shareByMailProvider; } - - /** - * Create the circle share provider - * - * @return FederatedShareProvider - * - * @suppress PhanUndeclaredClassMethod - */ - protected function getShareByCircleProvider() { - if ($this->circlesAreNotAvailable) { - return null; - } - - if (!$this->serverContainer->getAppManager()->isEnabledForUser('circles') || - !class_exists('\OCA\Circles\ShareByCircleProvider') - ) { - $this->circlesAreNotAvailable = true; - return null; - } - - if ($this->shareByCircleProvider === null) { - $this->shareByCircleProvider = new \OCA\Circles\ShareByCircleProvider( - $this->serverContainer->getDatabaseConnection(), - $this->serverContainer->getSecureRandom(), - $this->serverContainer->getUserManager(), - $this->serverContainer->getLazyRootFolder(), - $this->serverContainer->getL10N('circles'), - $this->serverContainer->getLogger(), - $this->serverContainer->getURLGenerator() - ); - } - - return $this->shareByCircleProvider; - } - /** * Create the room share provider * - * @return RoomShareProvider + * @psalm-suppress UndefinedDocblockClass + * @return ?RoomShareProvider */ protected function getRoomShareProvider() { if ($this->roomShareProvider === null) { /* * Check if the app is enabled */ - $appManager = $this->serverContainer->getAppManager(); - if (!$appManager->isEnabledForUser('spreed')) { + if (!$this->appManager->isEnabledForUser('spreed')) { return null; } @@ -261,9 +112,9 @@ class ProviderFactory implements IProviderFactory { /** * @psalm-suppress UndefinedClass */ - $this->roomShareProvider = $this->serverContainer->get(RoomShareProvider::class); + $this->roomShareProvider = Server::get(RoomShareProvider::class); } catch (\Throwable $e) { - $this->serverContainer->get(LoggerInterface::class)->error( + $this->logger->error( $e->getMessage(), ['exception' => $e] ); @@ -289,8 +140,6 @@ class ProviderFactory implements IProviderFactory { $provider = $this->federatedShareProvider(); } elseif ($id === 'ocMailShare') { $provider = $this->getShareByMailProvider(); - } elseif ($id === 'ocCircleShare') { - $provider = $this->getShareByCircleProvider(); } elseif ($id === 'ocRoomShare') { $provider = $this->getRoomShareProvider(); } @@ -298,10 +147,10 @@ class ProviderFactory implements IProviderFactory { foreach ($this->registeredShareProviders as $shareProvider) { try { /** @var IShareProvider $instance */ - $instance = $this->serverContainer->get($shareProvider); + $instance = Server::get($shareProvider); $this->shareProviders[$instance->identifier()] = $instance; } catch (\Throwable $e) { - $this->serverContainer->get(LoggerInterface::class)->error( + $this->logger->error( $e->getMessage(), ['exception' => $e] ); @@ -325,9 +174,9 @@ class ProviderFactory implements IProviderFactory { public function getProviderForType($shareType) { $provider = null; - if ($shareType === IShare::TYPE_USER || - $shareType === IShare::TYPE_GROUP || - $shareType === IShare::TYPE_LINK + if ($shareType === IShare::TYPE_USER + || $shareType === IShare::TYPE_GROUP + || $shareType === IShare::TYPE_LINK ) { $provider = $this->defaultShareProvider(); } elseif ($shareType === IShare::TYPE_REMOTE || $shareType === IShare::TYPE_REMOTE_GROUP) { @@ -335,11 +184,13 @@ class ProviderFactory implements IProviderFactory { } elseif ($shareType === IShare::TYPE_EMAIL) { $provider = $this->getShareByMailProvider(); } elseif ($shareType === IShare::TYPE_CIRCLE) { - $provider = $this->getShareByCircleProvider(); + $provider = $this->getProvider('ocCircleShare'); } elseif ($shareType === IShare::TYPE_ROOM) { $provider = $this->getRoomShareProvider(); } elseif ($shareType === IShare::TYPE_DECK) { $provider = $this->getProvider('deck'); + } elseif ($shareType === IShare::TYPE_SCIENCEMESH) { + $provider = $this->getProvider('sciencemesh'); } @@ -356,10 +207,6 @@ class ProviderFactory implements IProviderFactory { if ($shareByMail !== null) { $shares[] = $shareByMail; } - $shareByCircle = $this->getShareByCircleProvider(); - if ($shareByCircle !== null) { - $shares[] = $shareByCircle; - } $roomShare = $this->getRoomShareProvider(); if ($roomShare !== null) { $shares[] = $roomShare; @@ -368,9 +215,9 @@ class ProviderFactory implements IProviderFactory { foreach ($this->registeredShareProviders as $shareProvider) { try { /** @var IShareProvider $instance */ - $instance = $this->serverContainer->get($shareProvider); + $instance = Server::get($shareProvider); } catch (\Throwable $e) { - $this->serverContainer->get(LoggerInterface::class)->error( + $this->logger->error( $e->getMessage(), ['exception' => $e] ); diff --git a/lib/private/Share20/PublicShareTemplateFactory.php b/lib/private/Share20/PublicShareTemplateFactory.php index 222f327496a..34dd9b13b61 100644 --- a/lib/private/Share20/PublicShareTemplateFactory.php +++ b/lib/private/Share20/PublicShareTemplateFactory.php @@ -2,34 +2,18 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2023 Louis Chemineau <louis@chmn.me> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OC\Share20; use Exception; use OC\AppFramework\Bootstrap\Coordinator; use OCA\Files_Sharing\DefaultPublicShareTemplateProvider; use OCP\Server; -use OCP\Share\IShare; use OCP\Share\IPublicShareTemplateFactory; use OCP\Share\IPublicShareTemplateProvider; +use OCP\Share\IShare; class PublicShareTemplateFactory implements IPublicShareTemplateFactory { public function __construct( diff --git a/lib/private/Share20/Share.php b/lib/private/Share20/Share.php index 0a50fa0ccfb..571efc8c4be 100644 --- a/lib/private/Share20/Share.php +++ b/lib/private/Share20/Share.php @@ -1,43 +1,23 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Bjoern Schiessle <bjoern@schiessle.org> - * @author Björn Schießle <bjoern@schiessle.org> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Daniel Calviño Sánchez <danxuliu@gmail.com> - * @author Joas Schilling <coding@schilljs.com> - * @author John Molakvoæ <skjnldsv@protonmail.com> - * @author Maxence Lange <maxence@nextcloud.com> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20; -use OCP\Files\File; use OCP\Files\Cache\ICacheEntry; +use OCP\Files\File; use OCP\Files\FileInfo; use OCP\Files\IRootFolder; use OCP\Files\Node; use OCP\Files\NotFoundException; use OCP\IUserManager; +use OCP\Server; use OCP\Share\Exceptions\IllegalIDChangeException; use OCP\Share\IAttributes; +use OCP\Share\IManager; use OCP\Share\IShare; class Share implements IShare { @@ -80,38 +60,33 @@ class Share implements IShare { private $sendPasswordByTalk = false; /** @var string */ private $token; - /** @var int */ - private $parent; + private ?int $parent = null; /** @var string */ private $target; /** @var \DateTime */ private $shareTime; /** @var bool */ private $mailSend; - /** @var string */ - private $label = ''; - - /** @var IRootFolder */ - private $rootFolder; - - /** @var IUserManager */ - private $userManager; - /** @var ICacheEntry|null */ private $nodeCacheEntry; - /** @var bool */ private $hideDownload = false; + private bool $reminderSent = false; + + private string $label = ''; + private bool $noExpirationDate = false; - public function __construct(IRootFolder $rootFolder, IUserManager $userManager) { - $this->rootFolder = $rootFolder; - $this->userManager = $userManager; + public function __construct( + private IRootFolder $rootFolder, + private IUserManager $userManager, + ) { } /** * @inheritdoc */ public function setId($id) { + /** @var mixed $id Let's be safe until strong typing */ if (is_int($id)) { $id = (string)$id; } @@ -188,12 +163,12 @@ class Share implements IShare { $userFolder = $this->rootFolder->getUserFolder($this->sharedBy); } - $nodes = $userFolder->getById($this->fileId); - if (empty($nodes)) { + $node = $userFolder->getFirstNodeById($this->fileId); + if (!$node) { throw new NotFoundException('Node for share not found, fileid: ' . $this->fileId); } - $this->node = $nodes[0]; + $this->node = $node; } return $this->node; @@ -211,12 +186,16 @@ class Share implements IShare { /** * @inheritdoc */ - public function getNodeId() { + public function getNodeId(): int { if ($this->fileId === null) { $this->fileId = $this->getNode()->getId(); } - return $this->fileId; + if ($this->fileId === null) { + throw new NotFoundException('Share source not found'); + } else { + return $this->fileId; + } } /** @@ -424,9 +403,24 @@ class Share implements IShare { /** * @inheritdoc */ + public function setNoExpirationDate(bool $noExpirationDate) { + $this->noExpirationDate = $noExpirationDate; + return $this; + } + + /** + * @inheritdoc + */ + public function getNoExpirationDate(): bool { + return $this->noExpirationDate; + } + + /** + * @inheritdoc + */ public function isExpired() { - return $this->getExpirationDate() !== null && - $this->getExpirationDate() <= new \DateTime(); + return $this->getExpirationDate() !== null + && $this->getExpirationDate() <= new \DateTime(); } /** @@ -531,25 +525,12 @@ class Share implements IShare { return $this->token; } - /** - * Set the parent of this share - * - * @param int parent - * @return IShare - * @deprecated The new shares do not have parents. This is just here for legacy reasons. - */ - public function setParent($parent) { + public function setParent(int $parent): self { $this->parent = $parent; return $this; } - /** - * Get the parent of this share. - * - * @return int - * @deprecated The new shares do not have parents. This is just here for legacy reasons. - */ - public function getParent() { + public function getParent(): ?int { return $this->parent; } @@ -620,4 +601,32 @@ class Share implements IShare { public function getHideDownload(): bool { return $this->hideDownload; } + + public function setReminderSent(bool $reminderSent): IShare { + $this->reminderSent = $reminderSent; + return $this; + } + + public function getReminderSent(): bool { + return $this->reminderSent; + } + + public function canSeeContent(): bool { + $shareManager = Server::get(IManager::class); + + $allowViewWithoutDownload = $shareManager->allowViewWithoutDownload(); + // If the share manager allows viewing without download, we can always see the content. + if ($allowViewWithoutDownload) { + return true; + } + + // No "allow preview" header set, so we must check if + // the share has not explicitly disabled download permissions + $attributes = $this->getAttributes(); + if ($attributes?->getAttribute('permissions', 'download') === false) { + return false; + } + + return true; + } } diff --git a/lib/private/Share20/ShareAttributes.php b/lib/private/Share20/ShareAttributes.php index 9b97c94275d..f90fbd9c6cd 100644 --- a/lib/private/Share20/ShareAttributes.php +++ b/lib/private/Share20/ShareAttributes.php @@ -1,22 +1,9 @@ <?php + /** - * @author Piotr Mrowczynski <piotr@owncloud.com> - * - * @copyright Copyright (c) 2019, ownCloud GmbH - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2019-2022 ownCloud GmbH + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Share20; @@ -33,20 +20,20 @@ class ShareAttributes implements IAttributes { /** * @inheritdoc */ - public function setAttribute($scope, $key, $enabled) { + public function setAttribute(string $scope, string $key, mixed $value): IAttributes { if (!\array_key_exists($scope, $this->attributes)) { $this->attributes[$scope] = []; } - $this->attributes[$scope][$key] = $enabled; + $this->attributes[$scope][$key] = $value; return $this; } /** * @inheritdoc */ - public function getAttribute($scope, $key) { - if (\array_key_exists($scope, $this->attributes) && - \array_key_exists($key, $this->attributes[$scope])) { + public function getAttribute(string $scope, string $key): mixed { + if (\array_key_exists($scope, $this->attributes) + && \array_key_exists($key, $this->attributes[$scope])) { return $this->attributes[$scope][$key]; } return null; @@ -55,14 +42,14 @@ class ShareAttributes implements IAttributes { /** * @inheritdoc */ - public function toArray() { + public function toArray(): array { $result = []; foreach ($this->attributes as $scope => $keys) { - foreach ($keys as $key => $enabled) { + foreach ($keys as $key => $value) { $result[] = [ - "scope" => $scope, - "key" => $key, - "enabled" => $enabled + 'scope' => $scope, + 'key' => $key, + 'value' => $value, ]; } } diff --git a/lib/private/Share20/ShareDisableChecker.php b/lib/private/Share20/ShareDisableChecker.php new file mode 100644 index 00000000000..8cf523b8b31 --- /dev/null +++ b/lib/private/Share20/ShareDisableChecker.php @@ -0,0 +1,80 @@ +<?php + +/** + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use OCP\Cache\CappedMemoryCache; +use OCP\IConfig; +use OCP\IGroupManager; +use OCP\IUserManager; + +/** + * split of from the share manager to allow using it with minimal DI + */ +class ShareDisableChecker { + private CappedMemoryCache $sharingDisabledForUsersCache; + + public function __construct( + private IConfig $config, + private IUserManager $userManager, + private IGroupManager $groupManager, + ) { + $this->sharingDisabledForUsersCache = new CappedMemoryCache(); + } + + public function sharingDisabledForUser(?string $userId): bool { + if ($userId === null) { + return false; + } + + if (isset($this->sharingDisabledForUsersCache[$userId])) { + return $this->sharingDisabledForUsersCache[$userId]; + } + + $excludeGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no'); + + if ($excludeGroups && $excludeGroups !== 'no') { + $groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); + $excludedGroups = json_decode($groupsList); + if (is_null($excludedGroups)) { + $excludedGroups = explode(',', $groupsList); + $newValue = json_encode($excludedGroups); + $this->config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue); + } + $user = $this->userManager->get($userId); + if (!$user) { + return false; + } + $usersGroups = $this->groupManager->getUserGroupIds($user); + if ($excludeGroups !== 'allow') { + if (!empty($usersGroups)) { + $remainingGroups = array_diff($usersGroups, $excludedGroups); + // if the user is only in groups which are disabled for sharing then + // sharing is also disabled for the user + if (empty($remainingGroups)) { + $this->sharingDisabledForUsersCache[$userId] = true; + return true; + } + } + } else { + if (!empty($usersGroups)) { + $remainingGroups = array_intersect($usersGroups, $excludedGroups); + // if the user is in any group which is allowed for sharing then + // sharing is also allowed for the user + if (!empty($remainingGroups)) { + $this->sharingDisabledForUsersCache[$userId] = false; + return false; + } + } + $this->sharingDisabledForUsersCache[$userId] = true; + return true; + } + } + + $this->sharingDisabledForUsersCache[$userId] = false; + return false; + } +} diff --git a/lib/private/Share20/ShareHelper.php b/lib/private/Share20/ShareHelper.php index 3debfe185e0..3f6bab98a7f 100644 --- a/lib/private/Share20/ShareHelper.php +++ b/lib/private/Share20/ShareHelper.php @@ -1,25 +1,8 @@ <?php + /** - * @copyright Copyright (c) 2016, Roeland Jago Douma <roeland@famdouma.nl> - * - * @author Joas Schilling <coding@schilljs.com> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OC\Share20; diff --git a/lib/private/Share20/UserDeletedListener.php b/lib/private/Share20/UserDeletedListener.php new file mode 100644 index 00000000000..e0e091454b0 --- /dev/null +++ b/lib/private/Share20/UserDeletedListener.php @@ -0,0 +1,32 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OC\Share20; + +use OCP\EventDispatcher\Event; +use OCP\EventDispatcher\IEventListener; +use OCP\Share\IManager; +use OCP\User\Events\UserDeletedEvent; + +/** + * @template-implements IEventListener<UserDeletedEvent> + */ +class UserDeletedListener implements IEventListener { + public function __construct( + protected IManager $shareManager, + ) { + } + + public function handle(Event $event): void { + if (!$event instanceof UserDeletedEvent) { + return; + } + + $this->shareManager->userDeleted($event->getUser()->getUID()); + } +} diff --git a/lib/private/Share20/UserRemovedListener.php b/lib/private/Share20/UserRemovedListener.php index 3af7b5a3650..f06c945b591 100644 --- a/lib/private/Share20/UserRemovedListener.php +++ b/lib/private/Share20/UserRemovedListener.php @@ -3,25 +3,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2020 Joas Schilling <coding@schilljs.com> - * - * @author Joas Schilling <coding@schilljs.com> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OC\Share20; |