add "hide file list" option

apps/dav/appinfo/v1/publicwebdav.php

@@ -67,8 +67,13 @@
 	$share = $authBackend->getShare();
 	$owner = $share->getShareOwner();
 	$isWritable = $share->getPermissions() & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE);
+	$isReadable = $share->getPermissions() & \OCP\Constants::PERMISSION_READ;
 	$fileId = $share->getNodeId();
 
+	if (!$isReadable) {
+		return false;
+	}
+
 	if (!$isWritable) {
 		\OC\Files\Filesystem::addStorageWrapper('readonly', function ($mountPoint, $storage) {
 			return new \OC\Files\Storage\Wrapper\PermissionsMask(array('storage' => $storage, 'mask' => \OCP\Constants::PERMISSION_READ + \OCP\Constants::PERMISSION_SHARE));

apps/files/ajax/upload.php

@@ -161,6 +161,15 @@
 			$resolution = null;
 		}
 
+		if(isset($_POST['dirToken'])) {
+			// If it is a read only share the resolution will always be autorename
+			$shareManager = \OC::$server->getShareManager();
+			$share = $shareManager->getShareByToken((string)$_POST['dirToken']);
+			if (!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+				$resolution = 'autorename';
+			}
+		}
+
 		// target directory for when uploading folders
 		$relativePath = '';
 		if(!empty($_POST['file_directory'])) {
@@ -247,6 +256,20 @@
 }
 
 if ($error === false) {
+	// Do not leak file information if it is a read-only share
+	if(isset($_POST['dirToken'])) {
+		$shareManager = \OC::$server->getShareManager();
+		$share = $shareManager->getShareByToken((string)$_POST['dirToken']);
+		if (!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+			$newResults = [];
+			foreach($result as $singleResult) {
+				$fileName = $singleResult['originalname'];
+				$newResults['filename'] = $fileName;
+				$newResults['mimetype'] = \OC::$server->getMimeTypeDetector()->detectPath($fileName);
+			}
+			$result = $newResults;
+		}
+	}
 	OCP\JSON::encodedPrint($result);
 } else {
 	OCP\JSON::error(array(array('data' => array_merge(array('message' => $error, 'code' => $errorCode), $storageStats))));

apps/files_sharing/ajax/publicpreview.php

@@ -42,6 +42,13 @@
 }
 
 $linkedItem = \OCP\Share::getShareByToken($token);
+$shareManager = \OC::$server->getShareManager();
+$share = $shareManager->getShareByToken($token);
+if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+	OCP\JSON::error(array('data' => 'Share is not readable.'));
+	exit();
+}
+
 if($linkedItem === false || ($linkedItem['item_type'] !== 'file' && $linkedItem['item_type'] !== 'folder')) {
 	\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
 	\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);

apps/files_sharing/ajax/shareinfo.php

@@ -71,6 +71,11 @@
 $share = $shareManager->getShareByToken($token);
 $sharePermissions= (int)$share->getPermissions();
 
+if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+	OCP\JSON::error(array('data' => 'Share is not readable.'));
+	exit();
+}
+
 /**
  * @param \OCP\Files\FileInfo $dir
  * @param \OC\Files\View $view

apps/files_sharing/css/public.css

@@ -158,3 +158,62 @@ thead {
 	opacity: 1;
 	cursor: pointer;
 }
+
+#public-upload .avatardiv {
+	margin: 0 auto;
+}
+
+#public-upload #emptycontent h2 {
+	margin: 10px 0 5px 0;
+}
+
+#public-upload #emptycontent h2+p {
+	margin-bottom: 30px;
+}
+
+#public-upload #emptycontent .icon-folder {
+	height: 16px;
+	width: 16px;
+	background-size: 16px;
+	display: inline-block;
+	vertical-align: text-top;
+	margin-bottom: 0;
+	margin-right: 5px;
+	opacity: 1;
+}
+
+#public-upload #emptycontent .button {
+	background-size: 16px;
+	height: 16px;
+	width: 16px;
+	background-position: 16px;
+	opacity: .7;
+	font-size: 20px;
+	margin: 20px;
+	padding: 10px 20px;
+	padding-left: 42px;
+	font-weight: normal;
+}
+
+#public-upload #emptycontent ul {
+	width: 160px;
+	margin: 5px auto;
+	text-align: left;
+}
+
+#public-upload #emptycontent li {
+	overflow: hidden;
+	text-overflow: ellipsis;
+	white-space: nowrap;
+	padding: 7px 0;
+}
+
+#public-upload #emptycontent li img {
+	vertical-align: text-bottom;
+	margin-right: 5px;
+}
+
+#public-upload li span.icon-loading-small {
+	padding-left: 18px;
+	margin-right: 7px;
+}

apps/files_sharing/js/files_drop.js

@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2016 Lukas Reschke <[email protected]>
+ *
+ * This file is licensed under the Affero General Public License version 3
+ * or later.
+ *
+ * See the COPYING-README file.
+ *
+ */
+
+(function ($) {
+	var Drop = {
+		initialize: function () {
+			$(document).bind('drop dragover', function (e) {
+				// Prevent the default browser drop action:
+				e.preventDefault();
+			});
+			$('#public-upload').fileupload({
+				url: OC.linkTo('files', 'ajax/upload.php'),
+				dataType: 'json',
+				dropZone: $('#public-upload'),
+				formData: {
+					dirToken: $('#sharingToken').val()
+				},
+				add: function(e, data) {
+					var errors = [];
+					if(data.files[0]['size'] && data.files[0]['size'] > $('#maxFilesizeUpload').val()) {
+						errors.push('File is too big');
+					}
+
+					$('#drop-upload-done-indicator').addClass('hidden');
+					$('#drop-upload-progress-indicator').removeClass('hidden');
+					_.each(data['files'], function(file) {
+						if(errors.length === 0) {
+							$('#public-upload ul').append('<li data-toggle="tooltip" title="'+escapeHTML(file.name)+'" data-name="'+escapeHTML(file.name)+'"><span class="icon-loading-small"></span> '+escapeHTML(file.name)+'</li>');
+							$('[data-toggle="tooltip"]').tooltip();
+							data.submit();
+						} else {
+							OC.Notification.showTemporary(OC.L10N.translate('files_sharing', 'Could not upload "{filename}"', {filename: file.name}));
+							$('#public-upload ul').append('<li data-toggle="tooltip" title="'+escapeHTML(file.name)+'" data-name="'+escapeHTML(file.name)+'"><img src="'+OC.imagePath('core', 'actions/error.svg')+'"/> '+escapeHTML(file.name)+'</li>');
+							$('[data-toggle="tooltip"]').tooltip();
+						}
+					});
+				},
+				success: function (response) {
+					if(response.status !== 'error') {
+						var mimeTypeUrl = OC.MimeType.getIconUrl(response['mimetype']);
+						$('#public-upload ul li[data-name="' + escapeHTML(response['filename']) + '"]').html('<img src="' + escapeHTML(mimeTypeUrl) + '"/> ' + escapeHTML(response['filename']));
+						$('[data-toggle="tooltip"]').tooltip();
+					}
+				},
+				progressall: function (e, data) {
+					var progress = parseInt(data.loaded / data.total * 100, 10);
+					if(progress === 100) {
+						$('#drop-upload-done-indicator').removeClass('hidden');
+						$('#drop-upload-progress-indicator').addClass('hidden');
+					} else {
+						$('#drop-upload-done-indicator').addClass('hidden');
+						$('#drop-upload-progress-indicator').removeClass('hidden');
+					}
+				}
+			});
+			$('#public-upload .button.icon-upload').click(function(e) {
+				e.preventDefault();
+				$('#public-upload #emptycontent input').focus().trigger('click');
+			});
+		}
+	};
+
+	$(document).ready(function() {
+		if($('#upload-only-interface').val() === "1") {
+			$('.avatardiv').avatar($('#sharingUserId').val(), 128, true);
+		}
+
+		OCA.Files_Sharing_Drop = Drop;
+		OCA.Files_Sharing_Drop.initialize();
+	});
+
+
+})(jQuery);
+

apps/files_sharing/js/public.js

@@ -302,7 +302,7 @@ OCA.Sharing.PublicApp = {
 				$('#save-button-confirm')
 				.removeClass("icon-loading-small")
 				.addClass("icon-confirm");
-				
+
 			}
 			else {
 				$('#save-button-confirm')
@@ -314,7 +314,7 @@ OCA.Sharing.PublicApp = {
 
 		toggleLoading();
 		var location = window.location.protocol + '//' + window.location.host + OC.webroot;
-		
+
 		if(remote.substr(-1) !== '/') {
 			remote += '/'
 		};

apps/files_sharing/lib/API/Share20OCS.php

@@ -602,6 +602,7 @@ public function updateShare($id) {
 
 			if ($newPermissions !== null &&
 				$newPermissions !== \OCP\Constants::PERMISSION_READ &&
+				$newPermissions !== (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) &&
 				$newPermissions !== (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) {
 				$share->getNode()->unlock(ILockingProvider::LOCK_SHARED);
 				return new \OC_OCS_Result(null, 400, $this->l->t('Can\'t change permissions for public share links'));

apps/files_sharing/lib/Controllers/ShareController.php

@@ -49,7 +49,6 @@
 use OCP\IUserManager;
 use OCP\ISession;
 use OCP\IPreview;
-use OCA\Files_Sharing\Helper;
 use OCP\Util;
 use OCA\Files_Sharing\Activity;
 use \OCP\Files\NotFoundException;
@@ -253,6 +252,7 @@ private function validateShare(\OCP\Share\IShare $share) {
 	 * @param string $path
 	 * @return TemplateResponse|RedirectResponse
 	 * @throws NotFoundException
+	 * @throws \Exception
 	 */
 	public function showShare($token, $path = '') {
 		\OC_User::setIncognitoMode(true);
@@ -314,6 +314,7 @@ public function showShare($token, $path = '') {
 		$shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize());
 
 		// Show file list
+		$hideFileList = false;
 		if ($share->getNode() instanceof \OCP\Files\Folder) {
 			$shareTmpl['dir'] = $rootFolder->getRelativePath($path->getPath());
 
@@ -329,12 +330,14 @@ public function showShare($token, $path = '') {
 
 			$uploadLimit = Util::uploadLimit();
 			$maxUploadFilesize = min($freeSpace, $uploadLimit);
+			$hideFileList = $share->getPermissions() & \OCP\Constants::PERMISSION_READ ? false : true;
 
 			$folder = new Template('files', 'list', '');
 			$folder->assign('dir', $rootFolder->getRelativePath($path->getPath()));
 			$folder->assign('dirToken', $token);
 			$folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
 			$folder->assign('isPublic', true);
+			$folder->assign('hideFileList', $hideFileList);
 			$folder->assign('publicUploadEnabled', 'no');
 			$folder->assign('uploadMaxFilesize', $maxUploadFilesize);
 			$folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
@@ -345,6 +348,8 @@ public function showShare($token, $path = '') {
 			$shareTmpl['folder'] = $folder->fetchPage();
 		}
 
+		$shareTmpl['hideFileList'] = $hideFileList;
+		$shareTmpl['shareOwner'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
 		$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', array('token' => $token));
 		$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
 		$shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
@@ -369,13 +374,18 @@ public function showShare($token, $path = '') {
 	 * @param string $files
 	 * @param string $path
 	 * @param string $downloadStartSecret
-	 * @return void|RedirectResponse
+	 * @return void|OCP\AppFramework\Http\Response
+	 * @throws NotFoundException
 	 */
 	public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
 		\OC_User::setIncognitoMode(true);
 
 		$share = $this->shareManager->getShareByToken($token);
 
+		if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+			return new OCP\AppFramework\Http\DataResponse('Share is read-only');
+		}
+
 		// Share is password protected - check whether the user is permitted to access the share
 		if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
 			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',