Merge pull request #2103 from nextcloud/groupfolder-encryption-23

PVince81 · web-flow · commit ec00cf382284 · 2022-09-28T18:41:45.000+02:00
[stable23] allow enabling encryption for groupfolders
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
@@ -76,6 +76,7 @@ public function register(IRegistrationContext $context): void {
 			};
 			$config = $c->get(IConfig::class);
 			$allowRootShare = $config->getAppValue('groupfolders', 'allow_root_share', 'true') === 'true';
+			$enableEncryption = $config->getAppValue('groupfolders', 'enable_encryption', 'false') === 'true';
 
 			return new MountProvider(
 				$c->getServer()->getGroupManager(),
@@ -87,7 +88,8 @@ public function register(IRegistrationContext $context): void {
 				$c->get(ISession::class),
 				$c->get(IMountProviderCollection::class),
 				$c->get(IDBConnection::class),
-				$allowRootShare
+				$allowRootShare,
+				$enableEncryption
 			);
 		});
 
diff --git a/lib/Mount/GroupFolderNoEncryptionStorage.php b/lib/Mount/GroupFolderNoEncryptionStorage.php
@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2022 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\GroupFolders\Mount;
+
+use OCP\Files\Storage\IDisableEncryptionStorage;
+
+class GroupFolderNoEncryptionStorage extends GroupFolderStorage implements IDisableEncryptionStorage {
+}
diff --git a/lib/Mount/GroupFolderStorage.php b/lib/Mount/GroupFolderStorage.php
@@ -30,7 +30,7 @@
 use OCP\IUser;
 use OCP\IUserSession;
 
-class GroupFolderStorage extends Quota implements IDisableEncryptionStorage {
+class GroupFolderStorage extends Quota {
 	/** @var int */
 	private $folderId;
 
diff --git a/lib/Mount/GroupMountPoint.php b/lib/Mount/GroupMountPoint.php
@@ -36,17 +36,6 @@ public function getMountType() {
 		return 'group';
 	}
 
-	public function getOption($name, $default) {
-		$options = $this->getOptions();
-		return isset($options[$name]) ? $options[$name] : $default;
-	}
-
-	public function getOptions() {
-		$options = parent::getOptions();
-		$options['encrypt'] = false;
-		return $options;
-	}
-
 	public function getFolderId(): int {
 		return $this->folderId;
 	}
diff --git a/lib/Mount/MountProvider.php b/lib/Mount/MountProvider.php
@@ -69,6 +69,9 @@ class MountProvider implements IMountProvider {
 	private $connection;
 	private $allowRootShare;
 
+	/** @var bool */
+	private $enableEncryption;
+
 	public function __construct(
 		IGroupManager $groupProvider,
 		FolderManager $folderManager,
@@ -79,7 +82,8 @@ public function __construct(
 		ISession $session,
 		IMountProviderCollection $mountProviderCollection,
 		IDBConnection $connection,
-		bool $allowRootShare
+		bool $allowRootShare,
+		bool $enableEncryption
 	) {
 		$this->groupProvider = $groupProvider;
 		$this->folderManager = $folderManager;
@@ -91,6 +95,7 @@ public function __construct(
 		$this->mountProviderCollection = $mountProviderCollection;
 		$this->connection = $connection;
 		$this->allowRootShare = $allowRootShare;
+		$this->enableEncryption = $enableEncryption;
 	}
 
 	/**
@@ -189,14 +194,25 @@ public function getMount(int $id, string $mountPoint, int $permissions, int $quo
 			'storage' => $storage,
 			'root' => $rootPath
 		]);
-		$quotaStorage = new GroupFolderStorage([
-			'storage' => $baseStorage,
-			'quota' => $quota,
-			'folder_id' => $id,
-			'rootCacheEntry' => $cacheEntry,
-			'userSession' => $this->userSession,
-			'mountOwner' => $user,
-		]);
+		if ($this->enableEncryption) {
+			$quotaStorage = new GroupFolderStorage([
+				'storage' => $baseStorage,
+				'quota' => $quota,
+				'folder_id' => $id,
+				'rootCacheEntry' => $cacheEntry,
+				'userSession' => $this->userSession,
+				'mountOwner' => $user,
+			]);
+		} else {
+			$quotaStorage = new GroupFolderNoEncryptionStorage([
+				'storage' => $baseStorage,
+				'quota' => $quota,
+				'folder_id' => $id,
+				'rootCacheEntry' => $cacheEntry,
+				'userSession' => $this->userSession,
+				'mountOwner' => $user,
+			]);
+		}
 		$maskedStore = new PermissionsMask([
 			'storage' => $quotaStorage,
 			'mask' => $permissions
