From 68c44bb6427632e237792bd75d874be4b4562f3f Mon Sep 17 00:00:00 2001 From: Maxence Lange Date: Mon, 29 Oct 2018 10:03:52 +0100 Subject: shares are displayed to users with resharing rights Signed-off-by: Maxence Lange --- .../lib/Controller/ShareAPIController.php | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'apps/files_sharing/lib') diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index 61fad5d2b14..fc03a357f35 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -720,14 +720,23 @@ class ShareAPIController extends OCSController { } $formatted = []; + $resharingRight = false; foreach ($shares as $share) { try { $formatted[] = $this->formatShare($share, $path); + if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share)) { + $resharingRight = true; + } + } catch (NotFoundException $e) { //Ignore share } } + if (!$resharingRight) { + $formatted = []; + } + if ($include_tags) { $formatted = Helper::populateTags($formatted, 'file_source', \OC::$server->getTagManager()); } @@ -1102,4 +1111,33 @@ class ShareAPIController extends OCSController { return $this->serverContainer->query('\OCA\Spreed\Share\Helper\ShareAPIController'); } + + + /** + * Returns if we can find resharing rights in an IShare object for a specific user. + * + * @param string $userId + * @param IShare $share + * @return bool + */ + private function shareProviderResharingRights(string $userId, IShare $share): bool { + if ($share->getShareOwner() === $userId) { + return true; + } + + if ((\OCP\Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) { + return false; + } + + if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && $share->getSharedWith() === $userId) { + return true; + } + + if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP && $this->groupManager->isInGroup($userId, $share->getSharedWith())) { + return true; + } + + return false; + } + } -- cgit v1.2.3 From 72ad2d60b576f182d152735e749aa7e27ff05919 Mon Sep 17 00:00:00 2001 From: Maxence Lange Date: Tue, 30 Oct 2018 09:58:43 +0100 Subject: display shares to circles moderator Signed-off-by: Maxence Lange --- .../lib/Controller/ShareAPIController.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'apps/files_sharing/lib') diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index fc03a357f35..0e53863f9b5 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -240,6 +240,9 @@ class ShareAPIController extends OCSController { $shareWithStart = ($hasCircleId? strrpos($share->getSharedWith(), '[') + 1: 0); $shareWithLength = ($hasCircleId? -1: strpos($share->getSharedWith(), ' ')); + if (is_bool($shareWithLength)) { + $shareWithLength = -1; + } $result['share_with'] = substr($share->getSharedWith(), $shareWithStart, $shareWithLength); } else if ($share->getShareType() === Share::SHARE_TYPE_ROOM) { $result['share_with'] = $share->getSharedWith(); @@ -1137,6 +1140,25 @@ class ShareAPIController extends OCSController { return true; } + if ($share->getShareType() === \OCP\Share::SHARE_TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles') && + class_exists('\OCA\Circles\Api\v1\Circles')) { + $hasCircleId = (substr($share->getSharedWith(), -1) === ']'); + $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0); + $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' ')); + if (is_bool($shareWithLength)) { + $shareWithLength = -1; + } + $sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength); + try { + $member = \OCA\Circles\Api\v1\Circles::getMember($sharedWith, $userId, 1); + if ($member->getLevel() > 0) { + return true; + } + } catch (QueryException $e) { + return false; + } + } + return false; } -- cgit v1.2.3 From 275cea5d9ceee3236b28df8bda0ba520ffe38db5 Mon Sep 17 00:00:00 2001 From: Maxence Lange Date: Tue, 30 Oct 2018 10:02:38 +0100 Subject: limit to circles moderator Signed-off-by: Maxence Lange --- apps/files_sharing/lib/Controller/ShareAPIController.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'apps/files_sharing/lib') diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index 0e53863f9b5..86481131334 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -1151,9 +1151,10 @@ class ShareAPIController extends OCSController { $sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength); try { $member = \OCA\Circles\Api\v1\Circles::getMember($sharedWith, $userId, 1); - if ($member->getLevel() > 0) { + if ($member->getLevel() >= 4) { return true; } + return false; } catch (QueryException $e) { return false; } -- cgit v1.2.3 From 236a293f6a8b983ee832151c592a4e469ed0621e Mon Sep 17 00:00:00 2001 From: Maxence Lange Date: Thu, 1 Nov 2018 13:41:19 +0100 Subject: check parents resharing rights Signed-off-by: Maxence Lange --- .../lib/Controller/ShareAPIController.php | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'apps/files_sharing/lib') diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index 86481131334..b5c833a6f96 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -39,7 +39,6 @@ use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCSController; use OCP\AppFramework\QueryException; use OCP\Constants; -use OCP\Files\Folder; use OCP\Files\Node; use OCP\Files\NotFoundException; use OCP\IConfig; @@ -727,11 +726,10 @@ class ShareAPIController extends OCSController { foreach ($shares as $share) { try { $formatted[] = $this->formatShare($share, $path); - if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share)) { + if ($path !== null && !$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) { $resharingRight = true; } - - } catch (NotFoundException $e) { + } catch (\Exception $e) { //Ignore share } } @@ -1119,15 +1117,25 @@ class ShareAPIController extends OCSController { /** * Returns if we can find resharing rights in an IShare object for a specific user. * + * @suppress PhanUndeclaredClassMethod + * * @param string $userId * @param IShare $share + * @param Node $node * @return bool + * @throws NotFoundException + * @throws \OCP\Files\InvalidPathException */ - private function shareProviderResharingRights(string $userId, IShare $share): bool { + private function shareProviderResharingRights(string $userId, IShare $share, Node $node): bool { if ($share->getShareOwner() === $userId) { return true; } + // we check that current user have parent resharing rights on the current file + if (($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) { + return true; + } + if ((\OCP\Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) { return false; } @@ -1141,7 +1149,7 @@ class ShareAPIController extends OCSController { } if ($share->getShareType() === \OCP\Share::SHARE_TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles') && - class_exists('\OCA\Circles\Api\v1\Circles')) { + class_exists('\OCA\Circles\Api\v1\Circles')) { $hasCircleId = (substr($share->getSharedWith(), -1) === ']'); $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0); $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' ')); -- cgit v1.2.3 From 0fc8a0f58eebc9bdac5544c114517f397838b38e Mon Sep 17 00:00:00 2001 From: Maxence Lange Date: Thu, 1 Nov 2018 15:01:01 +0100 Subject: user can have his resharing rights revoked, yet seeing created shares Signed-off-by: Maxence Lange --- .../lib/Controller/ShareAPIController.php | 19 +++++++++++++------ apps/files_sharing/tests/ApiTest.php | 10 ++++++---- 2 files changed, 19 insertions(+), 10 deletions(-) (limited to 'apps/files_sharing/lib') diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php index b5c833a6f96..04c72b459b4 100644 --- a/apps/files_sharing/lib/Controller/ShareAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareAPIController.php @@ -721,12 +721,18 @@ class ShareAPIController extends OCSController { $shares = array_merge($shares, $federatedShares); } - $formatted = []; + $formatted = $miniFormatted = []; $resharingRight = false; foreach ($shares as $share) { + /** @var IShare $share */ try { - $formatted[] = $this->formatShare($share, $path); - if ($path !== null && !$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) { + $format = $this->formatShare($share, $path); + $formatted[] = $format; + if ($share->getSharedBy() === $this->currentUser) { + $miniFormatted[] = $format; + } + + if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) { $resharingRight = true; } } catch (\Exception $e) { @@ -735,7 +741,7 @@ class ShareAPIController extends OCSController { } if (!$resharingRight) { - $formatted = []; + $formatted = $miniFormatted; } if ($include_tags) { @@ -1126,13 +1132,14 @@ class ShareAPIController extends OCSController { * @throws NotFoundException * @throws \OCP\Files\InvalidPathException */ - private function shareProviderResharingRights(string $userId, IShare $share, Node $node): bool { + private function shareProviderResharingRights(string $userId, IShare $share, $node): bool { + if ($share->getShareOwner() === $userId) { return true; } // we check that current user have parent resharing rights on the current file - if (($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) { + if ($node !== null && ($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) { return true; } diff --git a/apps/files_sharing/tests/ApiTest.php b/apps/files_sharing/tests/ApiTest.php index 0616daed62d..e3d0b2dbcdb 100644 --- a/apps/files_sharing/tests/ApiTest.php +++ b/apps/files_sharing/tests/ApiTest.php @@ -811,9 +811,10 @@ class ApiTest extends TestCase { $result1 = $ocs->getShares('false','false','false', $this->subfolder); $ocs->cleanup(); - // test should return one share within $this->folder +// // test should return 2 shares within $this->folder, as the viewer have resharing rights: +// // one from the owner, the second from the reshare $data1 = $result1->getData(); - $this->assertCount(1, $data1); + $this->assertCount(2, $data1); $s1 = reset($data1); //$request = $this->createRequest(['path' => $this->folder.$this->subfolder]); @@ -821,9 +822,10 @@ class ApiTest extends TestCase { $result2 = $ocs->getShares('false', 'false', 'false', $this->folder . $this->subfolder); $ocs->cleanup(); - // test should return one share within $this->folder +// // test should return 2 shares within $this->folder, as the viewer have resharing rights: +// // one from the owner, the second from the reshare $data2 = $result2->getData(); - $this->assertCount(1, $data2); + $this->assertCount(2, $data2); $s2 = reset($data2); $this->assertEquals($this->subfolder, $s1['path']); -- cgit v1.2.3