From 0fa9f3049f20ee4d573a6c615ebf9e7ecf7abdd1 Mon Sep 17 00:00:00 2001
From: Corentin Damman <c.damman@intopix.com>
Date: Fri, 16 Sep 2022 17:43:01 +0200
Subject: feat(files_sharing): allow to specify allowed groups to share instead
 of excluded groups

Relates to #3387

Signed-off-by: Corentin Damman <c.damman@intopix.com>
---
 lib/private/Share20/ShareDisableChecker.php | 32 +++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

(limited to 'lib/private/Share20')

diff --git a/lib/private/Share20/ShareDisableChecker.php b/lib/private/Share20/ShareDisableChecker.php
index 9d0c2b8c2b4..1e72ce84a59 100644
--- a/lib/private/Share20/ShareDisableChecker.php
+++ b/lib/private/Share20/ShareDisableChecker.php
@@ -35,7 +35,9 @@ class ShareDisableChecker {
 			return $this->sharingDisabledForUsersCache[$userId];
 		}
 
-		if ($this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') {
+		$excludeGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no');
+
+		if ($excludeGroups && $excludeGroups !== 'no') {
 			$groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
 			$excludedGroups = json_decode($groupsList);
 			if (is_null($excludedGroups)) {
@@ -48,14 +50,28 @@ class ShareDisableChecker {
 				return false;
 			}
 			$usersGroups = $this->groupManager->getUserGroupIds($user);
-			if (!empty($usersGroups)) {
-				$remainingGroups = array_diff($usersGroups, $excludedGroups);
-				// if the user is only in groups which are disabled for sharing then
-				// sharing is also disabled for the user
-				if (empty($remainingGroups)) {
-					$this->sharingDisabledForUsersCache[$userId] = true;
-					return true;
+			if ($excludeGroups !== 'allow') {
+				if (!empty($usersGroups)) {
+					$remainingGroups = array_diff($usersGroups, $excludedGroups);
+					// if the user is only in groups which are disabled for sharing then
+					// sharing is also disabled for the user
+					if (empty($remainingGroups)) {
+						$this->sharingDisabledForUsersCache[$userId] = true;
+						return true;
+					}
+				}
+			} else {
+				if (!empty($usersGroups)) {
+					$remainingGroups = array_intersect($usersGroups, $excludedGroups);
+					// if the user is in any group which is allowed for sharing then
+					// sharing is also allowed for the user
+					if (!empty($remainingGroups)) {
+						$this->sharingDisabledForUsersCache[$userId] = false;
+						return false;
+					}
 				}
+				$this->sharingDisabledForUsersCache[$userId] = true;
+				return true;
 			}
 		}
 
-- 
cgit v1.2.3