diff --git a/apps/files_sharing/lib/Controller/ShareesAPIController.php b/apps/files_sharing/lib/Controller/ShareesAPIController.php index 00bc85e4a969d..a854eb742c17c 100644 --- a/apps/files_sharing/lib/Controller/ShareesAPIController.php +++ b/apps/files_sharing/lib/Controller/ShareesAPIController.php @@ -50,8 +50,10 @@ use OCP\Collaboration\Collaborators\SearchResultType; use OCP\Constants; use OCP\IConfig; +use OCP\IGroupManager; use OCP\IRequest; use OCP\IURLGenerator; +use OCP\IUserManager; use OCP\Share\IManager; use OCP\Share\IShare; use function array_slice; @@ -108,6 +110,12 @@ class ShareesAPIController extends OCSController { /** @var ISearch */ private $collaboratorSearch; + /** @var IGroupManager */ + private $groupManager; + + /** @var IUserManager */ + private $userManager; + /** * @param string $UserId * @param string $appName @@ -124,7 +132,10 @@ public function __construct( IConfig $config, IURLGenerator $urlGenerator, IManager $shareManager, - ISearch $collaboratorSearch + ISearch $collaboratorSearch, + IGroupManager $groupManager, + IUserManager $userManager + ) { parent::__construct($appName, $request); $this->userId = $UserId; @@ -132,6 +143,9 @@ public function __construct( $this->urlGenerator = $urlGenerator; $this->shareManager = $shareManager; $this->collaboratorSearch = $collaboratorSearch; + $this->groupManager = $groupManager; + $this->userManager = $userManager; + } /** @@ -152,6 +166,16 @@ public function __construct( */ public function search(string $search = '', string $itemType = null, int $page = 1, int $perPage = 200, $shareType = null, bool $lookup = false): DataResponse { + // if some groups are excluded, check the user is allowed to share + if ($this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') { + $excludedGroups = (array)json_decode($this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''), true); + $usersGroups = $this->groupManager->getUserGroupIds($this->userManager->get($this->userId)); + if (array_intersect($usersGroups, $excludedGroups) === $usersGroups) { + return new DataResponse($this->result); + } + } + + // only search for string larger than a given threshold $threshold = $this->config->getSystemValueInt('sharing.minSearchStringLength', 0); if (strlen($search) < $threshold) { diff --git a/apps/files_sharing/tests/Controller/ShareesAPIControllerTest.php b/apps/files_sharing/tests/Controller/ShareesAPIControllerTest.php index 5953ab0d89022..c4517c6593c90 100644 --- a/apps/files_sharing/tests/Controller/ShareesAPIControllerTest.php +++ b/apps/files_sharing/tests/Controller/ShareesAPIControllerTest.php @@ -36,8 +36,10 @@ use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\Collaboration\Collaborators\ISearch; use OCP\IConfig; +use OCP\IGroupManager; use OCP\IRequest; use OCP\IURLGenerator; +use OCP\IUserManager; use OCP\Share\IManager; use OCP\Share\IShare; use PHPUnit\Framework\MockObject\MockObject; @@ -65,6 +67,12 @@ class ShareesAPIControllerTest extends TestCase { /** @var ISearch|MockObject */ protected $collaboratorSearch; + /** @var IGroupManager|\PHPUnit\Framework\MockObject\MockObject */ + private $groupManager; + + /** @var IUserManager|\PHPUnit\Framework\MockObject\MockObject */ + private $userManager; + protected function setUp(): void { parent::setUp(); @@ -80,6 +88,10 @@ protected function setUp(): void { $this->collaboratorSearch = $this->createMock(ISearch::class); + $this->groupManager = $this->createMock(IGroupManager::class); + + $this->userManager = $this->createMock(IUserManager::class); + $this->sharees = new ShareesAPIController( $this->uid, 'files_sharing', @@ -87,7 +99,9 @@ protected function setUp(): void { $configMock, $urlGeneratorMock, $this->shareManager, - $this->collaboratorSearch + $this->collaboratorSearch, + $this->groupManager, + $this->userManager ); } @@ -242,10 +256,12 @@ public function testSearch(array $getData, string $apiSetting, string $enumSetti /** @var IConfig|MockObject $config */ $config = $this->createMock(IConfig::class); - $config->expects($this->exactly(1)) + + $config->expects($this->exactly(2)) ->method('getAppValue') ->with($this->anything(), $this->anything(), $this->anything()) ->willReturnMap([ + ['core', 'shareapi_exclude_groups', 'no', 'no'], ['files_sharing', 'lookupServerEnabled', 'yes', 'yes'], ]); @@ -269,7 +285,9 @@ public function testSearch(array $getData, string $apiSetting, string $enumSetti $config, $urlGenerator, $this->shareManager, - $this->collaboratorSearch + $this->collaboratorSearch, + $this->groupManager, + $this->userManager ]) ->setMethods(['isRemoteSharingAllowed', 'shareProviderExists', 'isRemoteGroupSharingAllowed']) ->getMock(); @@ -345,8 +363,12 @@ public function testSearchInvalid($getData, $message) { /** @var IConfig|MockObject $config */ $config = $this->createMock(IConfig::class); - $config->expects($this->never()) - ->method('getAppValue'); + $config->expects($this->exactly(1)) + ->method('getAppValue') + ->with($this->anything(), $this->anything(), $this->anything()) + ->willReturnMap([ + ['core', 'shareapi_exclude_groups', 'no', 'no'], + ]); /** @var string */ $uid = 'test123'; @@ -364,7 +386,9 @@ public function testSearchInvalid($getData, $message) { $config, $urlGenerator, $this->shareManager, - $this->collaboratorSearch + $this->collaboratorSearch, + $this->groupManager, + $this->userManager ]) ->setMethods(['isRemoteSharingAllowed']) ->getMock();