From 68c44bb6427632e237792bd75d874be4b4562f3f Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Mon, 29 Oct 2018 10:03:52 +0100
Subject: shares are displayed to users with resharing rights

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 .../lib/Controller/ShareAPIController.php          | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'apps')

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 61fad5d2b14..fc03a357f35 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -720,14 +720,23 @@ class ShareAPIController extends OCSController {
 		}
 
 		$formatted = [];
+		$resharingRight = false;
 		foreach ($shares as $share) {
 			try {
 				$formatted[] = $this->formatShare($share, $path);
+				if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share)) {
+					$resharingRight = true;
+				}
+
 			} catch (NotFoundException $e) {
 				//Ignore share
 			}
 		}
 
+		if (!$resharingRight) {
+			$formatted = [];
+		}
+
 		if ($include_tags) {
 			$formatted = Helper::populateTags($formatted, 'file_source', \OC::$server->getTagManager());
 		}
@@ -1102,4 +1111,33 @@ class ShareAPIController extends OCSController {
 
 		return $this->serverContainer->query('\OCA\Spreed\Share\Helper\ShareAPIController');
 	}
+
+
+	/**
+	 * Returns if we can find resharing rights in an IShare object for a specific user.
+	 *
+	 * @param string $userId
+	 * @param IShare $share
+	 * @return bool
+	 */
+	private function shareProviderResharingRights(string $userId, IShare $share): bool {
+		if ($share->getShareOwner() === $userId) {
+			return true;
+		}
+
+		if ((\OCP\Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) {
+			return false;
+		}
+
+		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && $share->getSharedWith() === $userId) {
+			return true;
+		}
+
+		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP && $this->groupManager->isInGroup($userId, $share->getSharedWith())) {
+			return true;
+		}
+
+		return false;
+	}
+
 }
-- 
cgit v1.2.3


From 72ad2d60b576f182d152735e749aa7e27ff05919 Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Tue, 30 Oct 2018 09:58:43 +0100
Subject: display shares to circles moderator

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 .../lib/Controller/ShareAPIController.php          | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'apps')

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index fc03a357f35..0e53863f9b5 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -240,6 +240,9 @@ class ShareAPIController extends OCSController {
 
 			$shareWithStart = ($hasCircleId? strrpos($share->getSharedWith(), '[') + 1: 0);
 			$shareWithLength = ($hasCircleId? -1: strpos($share->getSharedWith(), ' '));
+			if (is_bool($shareWithLength)) {
+				$shareWithLength = -1;
+			}
 			$result['share_with'] = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
 		} else if ($share->getShareType() === Share::SHARE_TYPE_ROOM) {
 			$result['share_with'] = $share->getSharedWith();
@@ -1137,6 +1140,25 @@ class ShareAPIController extends OCSController {
 			return true;
 		}
 
+		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles') &&
+		class_exists('\OCA\Circles\Api\v1\Circles')) {
+			$hasCircleId = (substr($share->getSharedWith(), -1) === ']');
+			$shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
+			$shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
+			if (is_bool($shareWithLength)) {
+				$shareWithLength = -1;
+			}
+			$sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
+			try {
+				$member = \OCA\Circles\Api\v1\Circles::getMember($sharedWith, $userId, 1);
+				if ($member->getLevel() > 0) {
+					return true;
+				}
+			} catch (QueryException $e) {
+				return false;
+			}
+		}
+
 		return false;
 	}
 
-- 
cgit v1.2.3


From 275cea5d9ceee3236b28df8bda0ba520ffe38db5 Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Tue, 30 Oct 2018 10:02:38 +0100
Subject: limit to circles moderator

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 apps/files_sharing/lib/Controller/ShareAPIController.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'apps')

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 0e53863f9b5..86481131334 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -1151,9 +1151,10 @@ class ShareAPIController extends OCSController {
 			$sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
 			try {
 				$member = \OCA\Circles\Api\v1\Circles::getMember($sharedWith, $userId, 1);
-				if ($member->getLevel() > 0) {
+				if ($member->getLevel() >= 4) {
 					return true;
 				}
+				return false;
 			} catch (QueryException $e) {
 				return false;
 			}
-- 
cgit v1.2.3


From 236a293f6a8b983ee832151c592a4e469ed0621e Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Thu, 1 Nov 2018 13:41:19 +0100
Subject: check parents resharing rights

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 .../lib/Controller/ShareAPIController.php            | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'apps')

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index 86481131334..b5c833a6f96 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -39,7 +39,6 @@ use OCP\AppFramework\OCS\OCSNotFoundException;
 use OCP\AppFramework\OCSController;
 use OCP\AppFramework\QueryException;
 use OCP\Constants;
-use OCP\Files\Folder;
 use OCP\Files\Node;
 use OCP\Files\NotFoundException;
 use OCP\IConfig;
@@ -727,11 +726,10 @@ class ShareAPIController extends OCSController {
 		foreach ($shares as $share) {
 			try {
 				$formatted[] = $this->formatShare($share, $path);
-				if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share)) {
+				if ($path !== null && !$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) {
 					$resharingRight = true;
 				}
-
-			} catch (NotFoundException $e) {
+			} catch (\Exception $e) {
 				//Ignore share
 			}
 		}
@@ -1119,15 +1117,25 @@ class ShareAPIController extends OCSController {
 	/**
 	 * Returns if we can find resharing rights in an IShare object for a specific user.
 	 *
+	 * @suppress PhanUndeclaredClassMethod
+	 *
 	 * @param string $userId
 	 * @param IShare $share
+	 * @param Node $node
 	 * @return bool
+	 * @throws NotFoundException
+	 * @throws \OCP\Files\InvalidPathException
 	 */
-	private function shareProviderResharingRights(string $userId, IShare $share): bool {
+	private function shareProviderResharingRights(string $userId, IShare $share, Node $node): bool {
 		if ($share->getShareOwner() === $userId) {
 			return true;
 		}
 
+		// we check that current user have parent resharing rights on the current file
+		if (($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) {
+			return true;
+		}
+
 		if ((\OCP\Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) {
 			return false;
 		}
@@ -1141,7 +1149,7 @@ class ShareAPIController extends OCSController {
 		}
 
 		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles') &&
-		class_exists('\OCA\Circles\Api\v1\Circles')) {
+			class_exists('\OCA\Circles\Api\v1\Circles')) {
 			$hasCircleId = (substr($share->getSharedWith(), -1) === ']');
 			$shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
 			$shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
-- 
cgit v1.2.3


From 0fc8a0f58eebc9bdac5544c114517f397838b38e Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Thu, 1 Nov 2018 15:01:01 +0100
Subject: user can have his resharing rights revoked, yet seeing created shares

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 .../lib/Controller/ShareAPIController.php             | 19 +++++++++++++------
 apps/files_sharing/tests/ApiTest.php                  | 10 ++++++----
 2 files changed, 19 insertions(+), 10 deletions(-)

(limited to 'apps')

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index b5c833a6f96..04c72b459b4 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -721,12 +721,18 @@ class ShareAPIController extends OCSController {
 			$shares = array_merge($shares, $federatedShares);
 		}
 
-		$formatted = [];
+		$formatted = $miniFormatted = [];
 		$resharingRight = false;
 		foreach ($shares as $share) {
+			/** @var IShare $share */
 			try {
-				$formatted[] = $this->formatShare($share, $path);
-				if ($path !== null && !$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) {
+				$format = $this->formatShare($share, $path);
+				$formatted[] = $format;
+				if ($share->getSharedBy() === $this->currentUser) {
+					$miniFormatted[] = $format;
+				}
+
+				if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) {
 					$resharingRight = true;
 				}
 			} catch (\Exception $e) {
@@ -735,7 +741,7 @@ class ShareAPIController extends OCSController {
 		}
 
 		if (!$resharingRight) {
-			$formatted = [];
+			$formatted = $miniFormatted;
 		}
 
 		if ($include_tags) {
@@ -1126,13 +1132,14 @@ class ShareAPIController extends OCSController {
 	 * @throws NotFoundException
 	 * @throws \OCP\Files\InvalidPathException
 	 */
-	private function shareProviderResharingRights(string $userId, IShare $share, Node $node): bool {
+	private function shareProviderResharingRights(string $userId, IShare $share, $node): bool {
+
 		if ($share->getShareOwner() === $userId) {
 			return true;
 		}
 
 		// we check that current user have parent resharing rights on the current file
-		if (($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) {
+		if ($node !== null && ($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) {
 			return true;
 		}
 
diff --git a/apps/files_sharing/tests/ApiTest.php b/apps/files_sharing/tests/ApiTest.php
index 0616daed62d..e3d0b2dbcdb 100644
--- a/apps/files_sharing/tests/ApiTest.php
+++ b/apps/files_sharing/tests/ApiTest.php
@@ -811,9 +811,10 @@ class ApiTest extends TestCase {
 		$result1 = $ocs->getShares('false','false','false', $this->subfolder);
 		$ocs->cleanup();
 
-		// test should return one share within $this->folder
+//		// test should return 2 shares within $this->folder, as the viewer have resharing rights:
+//		// one from the owner, the second from the reshare
 		$data1 = $result1->getData();
-		$this->assertCount(1, $data1);
+		$this->assertCount(2, $data1);
 		$s1 = reset($data1);
 
 		//$request = $this->createRequest(['path' => $this->folder.$this->subfolder]);
@@ -821,9 +822,10 @@ class ApiTest extends TestCase {
 		$result2 = $ocs->getShares('false', 'false', 'false', $this->folder . $this->subfolder);
 		$ocs->cleanup();
 
-		// test should return one share within $this->folder
+//		// test should return 2 shares within $this->folder, as the viewer have resharing rights:
+//		// one from the owner, the second from the reshare
 		$data2 = $result2->getData();
-		$this->assertCount(1, $data2);
+		$this->assertCount(2, $data2);
 		$s2 = reset($data2);
 
 		$this->assertEquals($this->subfolder, $s1['path']);
-- 
cgit v1.2.3


From 77b95ccd12bb946cba96486d859b8241649868ca Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Thu, 1 Nov 2018 16:46:38 +0100
Subject: revert tests

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 apps/files_sharing/tests/ApiTest.php         | 10 ++++------
 lib/private/Share20/DefaultShareProvider.php | 12 +++++++-----
 2 files changed, 11 insertions(+), 11 deletions(-)

(limited to 'apps')

diff --git a/apps/files_sharing/tests/ApiTest.php b/apps/files_sharing/tests/ApiTest.php
index e3d0b2dbcdb..0616daed62d 100644
--- a/apps/files_sharing/tests/ApiTest.php
+++ b/apps/files_sharing/tests/ApiTest.php
@@ -811,10 +811,9 @@ class ApiTest extends TestCase {
 		$result1 = $ocs->getShares('false','false','false', $this->subfolder);
 		$ocs->cleanup();
 
-//		// test should return 2 shares within $this->folder, as the viewer have resharing rights:
-//		// one from the owner, the second from the reshare
+		// test should return one share within $this->folder
 		$data1 = $result1->getData();
-		$this->assertCount(2, $data1);
+		$this->assertCount(1, $data1);
 		$s1 = reset($data1);
 
 		//$request = $this->createRequest(['path' => $this->folder.$this->subfolder]);
@@ -822,10 +821,9 @@ class ApiTest extends TestCase {
 		$result2 = $ocs->getShares('false', 'false', 'false', $this->folder . $this->subfolder);
 		$ocs->cleanup();
 
-//		// test should return 2 shares within $this->folder, as the viewer have resharing rights:
-//		// one from the owner, the second from the reshare
+		// test should return one share within $this->folder
 		$data2 = $result2->getData();
-		$this->assertCount(2, $data2);
+		$this->assertCount(1, $data2);
 		$s2 = reset($data2);
 
 		$this->assertEquals($this->subfolder, $s1['path']);
diff --git a/lib/private/Share20/DefaultShareProvider.php b/lib/private/Share20/DefaultShareProvider.php
index 53fd1728b81..3bdbc69e897 100644
--- a/lib/private/Share20/DefaultShareProvider.php
+++ b/lib/private/Share20/DefaultShareProvider.php
@@ -617,10 +617,10 @@ class DefaultShareProvider implements IShareProvider {
 		/**
 		 * Reshares for this user are shares where they are the owner.
 		 */
-		if ($node === null) {
-			if ($reshares === false) {
-				$qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)));
-			} else {
+		if ($reshares === false) {
+			$qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)));
+		} else {
+			if ($node === null) {
 				$qb->andWhere(
 					$qb->expr()->orX(
 						$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
@@ -628,7 +628,9 @@ class DefaultShareProvider implements IShareProvider {
 					)
 				);
 			}
-		} else {
+		}
+
+		if ($node !== null) {
 			$qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
 		}
 
-- 
cgit v1.2.3