Skip to content

[stabel 14] Better check reshare permissions #16143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rullzer merged 4 commits into from
Jun 28, 2019
Merged

[stabel 14] Better check reshare permissions #16143

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d4f423d
Correctly check share permissions when updating a re-sub-share
nickvergessen Jun 21, 2019
8fb7247
Do not create folders with admin user
danxuliu Jun 21, 2019
61a9ff5
Add integration test for increasing sub reshare permissions
danxuliu Jun 21, 2019
be9d3fe
Update tests
rullzer Jun 28, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions apps/files_sharing/lib/Controller/ShareAPIController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -895,10 +895,19 @@ public function updateShare(
}

if ($permissions !== null && $share->getShareOwner() !== $this->currentUser) {
/* Check if this is an incomming share */
$incomingShares = $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_USER, $share->getNode(), -1, 0);
$incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0));
$incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_ROOM, $share->getNode(), -1, 0));
// Get the root mount point for the user and check the share permissions there
$userFolder = $this->rootFolder->getUserFolder($this->currentUser);
$userNodes = $userFolder->getById($share->getNodeId());
$userNode = array_shift($userNodes);

$userMountPointId = $userNode->getMountPoint()->getStorageRootId();
$userMountPoints = $userFolder->getById($userMountPointId);
$userMountPoint = array_shift($userMountPoints);

/* Check if this is an incoming share */
$incomingShares = $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_USER, $userMountPoint, -1, 0);
$incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_GROUP, $userMountPoint, -1, 0));
$incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser, Share::SHARE_TYPE_ROOM, $userMountPoint, -1, 0));

/** @var \OCP\Share\IShare[] $incomingShares */
if (!empty($incomingShares)) {
Expand Down
151 changes: 151 additions & 0 deletions apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\Files\File;
use OCP\Files\Folder;
use OCP\Files\Mount\IMountPoint;
use OCP\Files\Storage;
use OCP\IConfig;
use OCP\IL10N;
Expand Down Expand Up @@ -1498,6 +1499,8 @@ public function testUpdateLinkShareClear() {
$ocs = $this->mockFormatShare();

$node = $this->getMockBuilder(Folder::class)->getMock();
$node->method('getId')
->willReturn(42);
$share = $this->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
->setSharedBy($this->currentUser)
Expand All @@ -1524,6 +1527,19 @@ public function testUpdateLinkShareClear() {
$this->shareManager->method('getSharedWith')
->willReturn([]);

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$node]);
$mountPoint = $this->createMock(IMountPoint::class);
$node->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$expected = new DataResponse([]);
$result = $ocs->updateShare(42, null, '', null, 'false', '');

Expand All @@ -1535,6 +1551,8 @@ public function testUpdateLinkShareSet() {
$ocs = $this->mockFormatShare();

$folder = $this->getMockBuilder(Folder::class)->getMock();
$folder->method('getId')
->willReturn(42);

$share = \OC::$server->getShareManager()->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
Expand All @@ -1559,6 +1577,19 @@ public function testUpdateLinkShareSet() {
$this->shareManager->method('getSharedWith')
->willReturn([]);

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$folder]);
$mountPoint = $this->createMock(IMountPoint::class);
$folder->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$expected = new DataResponse([]);
$result = $ocs->updateShare(42, null, 'password', null, 'true', '2000-01-01');

Expand All @@ -1573,6 +1604,8 @@ public function testUpdateLinkShareEnablePublicUpload($permissions, $publicUploa
$ocs = $this->mockFormatShare();

$folder = $this->getMockBuilder(Folder::class)->getMock();
$folder->method('getId')
->willReturn(42);

$share = \OC::$server->getShareManager()->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
Expand All @@ -1593,6 +1626,19 @@ public function testUpdateLinkShareEnablePublicUpload($permissions, $publicUploa
})
)->will($this->returnArgument(0));

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$folder]);
$mountPoint = $this->createMock(IMountPoint::class);
$folder->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$expected = new DataResponse([]);
$result = $ocs->updateShare(42, $permissions, $password, null, $publicUpload, $expireDate);

Expand Down Expand Up @@ -1760,6 +1806,8 @@ public function testUpdateLinkSharePublicUploadDoesNotChangeOther() {
$date = new \DateTime('2000-01-01');

$folder = $this->getMockBuilder(Folder::class)->getMock();
$folder->method('getId')
->willReturn(42);

$share = \OC::$server->getShareManager()->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
Expand All @@ -1784,6 +1832,19 @@ public function testUpdateLinkSharePublicUploadDoesNotChangeOther() {
$this->shareManager->method('getSharedWith')
->willReturn([]);

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$folder]);
$mountPoint = $this->createMock(IMountPoint::class);
$folder->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$expected = new DataResponse([]);
$result = $ocs->updateShare(42, null, null, null, 'true', null);

Expand All @@ -1797,6 +1858,8 @@ public function testUpdateLinkSharePermissions() {
$date = new \DateTime('2000-01-01');

$folder = $this->getMockBuilder(Folder::class)->getMock();
$folder->method('getId')
->willReturn(42);

$share = \OC::$server->getShareManager()->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
Expand All @@ -1820,6 +1883,19 @@ public function testUpdateLinkSharePermissions() {

$this->shareManager->method('getSharedWith')->willReturn([]);

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$folder]);
$mountPoint = $this->createMock(IMountPoint::class);
$folder->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$expected = new DataResponse([]);
$result = $ocs->updateShare(42, 7, null, null, null, null);

Expand All @@ -1833,6 +1909,8 @@ public function testUpdateLinkSharePermissionsShare() {
$date = new \DateTime('2000-01-01');

$folder = $this->getMockBuilder(Folder::class)->getMock();
$folder->method('getId')
->willReturn(42);

$share = \OC::$server->getShareManager()->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
Expand All @@ -1856,6 +1934,19 @@ public function testUpdateLinkSharePermissionsShare() {

$this->shareManager->method('getSharedWith')->willReturn([]);

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$folder]);
$mountPoint = $this->createMock(IMountPoint::class);
$folder->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$expected = new DataResponse([]);
$result = $ocs->updateShare(42, 31, null, null, null, null);

Expand All @@ -1867,6 +1958,8 @@ public function testUpdateOtherPermissions() {
$ocs = $this->mockFormatShare();

$file = $this->getMockBuilder(File::class)->getMock();
$file->method('getId')
->willReturn(42);

$share = \OC::$server->getShareManager()->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
Expand All @@ -1885,6 +1978,19 @@ public function testUpdateOtherPermissions() {

$this->shareManager->method('getSharedWith')->willReturn([]);

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$file]);
$mountPoint = $this->createMock(IMountPoint::class);
$file->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$expected = new DataResponse([]);
$result = $ocs->updateShare(42, 31, null, null, null, null);

Expand All @@ -1896,6 +2002,8 @@ public function testUpdateShareCannotIncreasePermissions() {
$ocs = $this->mockFormatShare();

$folder = $this->createMock(Folder::class);
$folder->method('getId')
->willReturn(42);

$share = \OC::$server->getShareManager()->newShare();
$share
Expand Down Expand Up @@ -1935,6 +2043,19 @@ public function testUpdateShareCannotIncreasePermissions() {
['currentUser', \OCP\Share::SHARE_TYPE_ROOM, $share->getNode(), -1, 0, []]
]));

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$folder]);
$mountPoint = $this->createMock(IMountPoint::class);
$folder->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$this->shareManager->expects($this->never())->method('updateShare');

try {
Expand All @@ -1949,6 +2070,8 @@ public function testUpdateShareCannotIncreasePermissionsLinkShare() {
$ocs = $this->mockFormatShare();

$folder = $this->createMock(Folder::class);
$folder->method('getId')
->willReturn(42);

$share = \OC::$server->getShareManager()->newShare();
$share
Expand Down Expand Up @@ -1981,6 +2104,19 @@ public function testUpdateShareCannotIncreasePermissionsLinkShare() {
['currentUser', \OCP\Share::SHARE_TYPE_ROOM, $share->getNode(), -1, 0, []]
]));

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$folder]);
$mountPoint = $this->createMock(IMountPoint::class);
$folder->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$this->shareManager->expects($this->never())->method('updateShare');
$this->shareManager->method('shareApiLinkAllowPublicUpload')->willReturn(true);

Expand All @@ -1996,6 +2132,8 @@ public function testUpdateShareCannotIncreasePermissionsRoomShare() {
$ocs = $this->mockFormatShare();

$folder = $this->createMock(Folder::class);
$folder->method('getId')
->willReturn(42);

$share = \OC::$server->getShareManager()->newShare();
$share
Expand Down Expand Up @@ -2045,6 +2183,19 @@ function ($id) use ($share) {
['currentUser', \OCP\Share::SHARE_TYPE_ROOM, $share->getNode(), -1, 0, [$incomingShare]]
]));

$userFolder = $this->createMock(Folder::class);
$this->rootFolder->method('getUserFolder')
->with($this->currentUser)
->willReturn($userFolder);
$userFolder->method('getById')
->with(42)
->willReturn([$folder]);
$mountPoint = $this->createMock(IMountPoint::class);
$folder->method('getMountPoint')
->willReturn($mountPoint);
$mountPoint->method('getStorageRootId')
->willReturn(42);

$this->shareManager->expects($this->never())->method('updateShare');

try {
Expand Down
22 changes: 22 additions & 0 deletions build/integration/features/sharing-v1-part2.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,28 @@ Feature: sharing
| permissions | 31 |
Then the OCS status code should be "404"

Scenario: Do not allow sub reshare to exceed permissions
Given user "user0" exists
And user "user1" exists
And user "user2" exists
And user "user0" created a folder "/TMP"
And user "user0" created a folder "/TMP/SUB"
And As an "user0"
And creating a share with
| path | /TMP |
| shareType | 0 |
| shareWith | user1 |
| permissions | 21 |
And As an "user1"
And creating a share with
| path | /TMP/SUB |
| shareType | 0 |
| shareWith | user2 |
| permissions | 21 |
When Updating last share with
| permissions | 31 |
Then the OCS status code should be "404"

Scenario: Only allow 1 link share per file/folder
Given user "user0" exists
And As an "user0"
Expand Down
29 changes: 26 additions & 3 deletions build/integration/features/sharing-v1-part3.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -339,14 +339,16 @@ Feature: sharing

Scenario: do not allow to increase link share permissions on reshare
Given As an "admin"
And user "admin" created a folder "/TMP"
And user "user0" exists
And user "user1" exists
And user "user0" created a folder "/TMP"
And As an "user0"
And creating a share with
| path | TMP |
| shareType | 0 |
| shareWith | user0 |
| shareWith | user1 |
| permissions | 17 |
When As an "user0"
When As an "user1"
And creating a share with
| path | TMP |
| shareType | 3 |
Expand All @@ -355,6 +357,27 @@ Feature: sharing
Then the OCS status code should be "404"
And the HTTP status code should be "200"

Scenario: do not allow to increase link share permissions on sub reshare
Given As an "admin"
And user "user0" exists
And user "user1" exists
And user "user0" created a folder "/TMP"
And user "user0" created a folder "/TMP/SUB"
And As an "user0"
And creating a share with
| path | TMP |
| shareType | 0 |
| shareWith | user1 |
| permissions | 17 |
When As an "user1"
And creating a share with
| path | TMP/SUB |
| shareType | 3 |
And Updating last share with
| publicUpload | true |
Then the OCS status code should be "404"
And the HTTP status code should be "200"

Scenario: deleting file out of a share as recipient creates a backup for the owner
Given As an "admin"
And user "user0" exists
Expand Down