Skip to content

[stable23] take permissions from multiple paths into account for share permissions #31846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
PVince81 merged 1 commit into from
Apr 13, 2022
Merged

[stable23] take permissions from multiple paths into account for share permissions #31846

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 22 additions & 11 deletions apps/files_sharing/lib/Controller/ShareAPIController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
*/
namespace OCA\Files_Sharing\Controller;

use OC\Files\FileInfo;
use OCA\Files_Sharing\Exceptions\SharingRightsException;
use OCA\Files_Sharing\External\Storage;
use OCA\Files\Helper;
Expand Down Expand Up @@ -468,12 +469,22 @@ public function createShare(

$userFolder = $this->rootFolder->getUserFolder($this->currentUser);
try {
$path = $userFolder->get($path);
/** @var \OC\Files\Node\Node $node */
$node = $userFolder->get($path);
} catch (NotFoundException $e) {
throw new OCSNotFoundException($this->l->t('Wrong path, file/folder doesn\'t exist'));
}

$share->setNode($path);
// a user can have access to a file through different paths, with differing permissions
// combine all permissions to determine if the user can share this file
$nodes = $userFolder->getById($node->getId());
foreach ($nodes as $nodeById) {
/** @var FileInfo $fileInfo */
$fileInfo = $node->getFileInfo();
$fileInfo['permissions'] |= $nodeById->getPermissions();
}

$share->setNode($node);

try {
$this->lock($share->getNode());
Expand All @@ -488,7 +499,7 @@ public function createShare(
// Shares always require read permissions
$permissions |= Constants::PERMISSION_READ;

if ($path instanceof \OCP\Files\File) {
if ($node instanceof \OCP\Files\File) {
// Single file shares should never have delete or create permissions
$permissions &= ~Constants::PERMISSION_DELETE;
$permissions &= ~Constants::PERMISSION_CREATE;
Expand All @@ -499,8 +510,8 @@ public function createShare(
* We check the permissions via webdav. But the permissions of the mount point
* do not equal the share permissions. Here we fix that for federated mounts.
*/
if ($path->getStorage()->instanceOfStorage(Storage::class)) {
$permissions &= ~($permissions & ~$path->getPermissions());
if ($node->getStorage()->instanceOfStorage(Storage::class)) {
$permissions &= ~($permissions & ~$node->getPermissions());
}

if ($shareType === IShare::TYPE_USER) {
Expand Down Expand Up @@ -536,7 +547,7 @@ public function createShare(
}

// Public upload can only be set for folders
if ($path instanceof \OCP\Files\File) {
if ($node instanceof \OCP\Files\File) {
throw new OCSNotFoundException($this->l->t('Public upload is only possible for publicly shared folders'));
}

Expand Down Expand Up @@ -572,7 +583,7 @@ public function createShare(

if ($sendPasswordByTalk === 'true') {
if (!$this->appManager->isEnabledForUser('spreed')) {
throw new OCSForbiddenException($this->l->t('Sharing %s sending the password by Nextcloud Talk failed because Nextcloud Talk is not enabled', [$path->getPath()]));
throw new OCSForbiddenException($this->l->t('Sharing %s sending the password by Nextcloud Talk failed because Nextcloud Talk is not enabled', [$node->getPath()]));
}

$share->setSendPasswordByTalk(true);
Expand All @@ -589,7 +600,7 @@ public function createShare(
}
} elseif ($shareType === IShare::TYPE_REMOTE) {
if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$path->getPath(), $shareType]));
throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
}

if ($shareWith === null) {
Expand All @@ -608,7 +619,7 @@ public function createShare(
}
} elseif ($shareType === IShare::TYPE_REMOTE_GROUP) {
if (!$this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$path->getPath(), $shareType]));
throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
}

if ($shareWith === null) {
Expand Down Expand Up @@ -642,13 +653,13 @@ public function createShare(
try {
$this->getRoomShareHelper()->createShare($share, $shareWith, $permissions, $expireDate);
} catch (QueryException $e) {
throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$path->getPath()]));
throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
}
} elseif ($shareType === IShare::TYPE_DECK) {
try {
$this->getDeckShareHelper()->createShare($share, $shareWith, $permissions, $expireDate);
} catch (QueryException $e) {
throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$path->getPath()]));
throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
}
} else {
throw new OCSBadRequestException($this->l->t('Unknown share type'));
Expand Down
44 changes: 44 additions & 0 deletions apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1619,6 +1619,8 @@ public function testCreateShareInvalidPermissions() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$path->expects($this->once())
->method('lock')
Expand Down Expand Up @@ -1651,6 +1653,8 @@ public function testCreateShareUserNoShareWith() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$path->expects($this->once())
->method('lock')
Expand Down Expand Up @@ -1683,6 +1687,8 @@ public function testCreateShareUserNoValidShareWith() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);
$path->expects($this->once())
->method('lock')
->with(\OCP\Lock\ILockingProvider::LOCK_SHARED);
Expand Down Expand Up @@ -1733,6 +1739,8 @@ public function testCreateShareUser() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$this->userManager->method('userExists')->with('validUser')->willReturn(true);

Expand Down Expand Up @@ -1787,6 +1795,8 @@ public function testCreateShareGroupNoValidShareWith() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$path->expects($this->once())
->method('lock')
Expand Down Expand Up @@ -1844,6 +1854,8 @@ public function testCreateShareGroup() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$this->groupManager->method('groupExists')->with('validGroup')->willReturn(true);

Expand Down Expand Up @@ -1896,6 +1908,8 @@ public function testCreateShareGroupNotAllowed() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$this->groupManager->method('groupExists')->with('validGroup')->willReturn(true);

Expand Down Expand Up @@ -1926,6 +1940,8 @@ public function testCreateShareLinkNoLinksAllowed() {
$path->method('getStorage')->willReturn($storage);
$this->rootFolder->method('getUserFolder')->with($this->currentUser)->willReturnSelf();
$this->rootFolder->method('get')->with('valid-path')->willReturn($path);
$this->rootFolder->method('getById')
->willReturn([]);

$this->shareManager->method('newShare')->willReturn(\OC::$server->getShareManager()->newShare());

Expand All @@ -1945,6 +1961,8 @@ public function testCreateShareLinkNoPublicUpload() {
$path->method('getStorage')->willReturn($storage);
$this->rootFolder->method('getUserFolder')->with($this->currentUser)->willReturnSelf();
$this->rootFolder->method('get')->with('valid-path')->willReturn($path);
$this->rootFolder->method('getById')
->willReturn([]);

$this->shareManager->method('newShare')->willReturn(\OC::$server->getShareManager()->newShare());
$this->shareManager->method('shareApiAllowLinks')->willReturn(true);
Expand All @@ -1965,6 +1983,8 @@ public function testCreateShareLinkPublicUploadFile() {
$path->method('getStorage')->willReturn($storage);
$this->rootFolder->method('getUserFolder')->with($this->currentUser)->willReturnSelf();
$this->rootFolder->method('get')->with('valid-path')->willReturn($path);
$this->rootFolder->method('getById')
->willReturn([]);

$this->shareManager->method('newShare')->willReturn(\OC::$server->getShareManager()->newShare());
$this->shareManager->method('shareApiAllowLinks')->willReturn(true);
Expand All @@ -1984,6 +2004,8 @@ public function testCreateShareLinkPublicUploadFolder() {
$path->method('getStorage')->willReturn($storage);
$this->rootFolder->method('getUserFolder')->with($this->currentUser)->willReturnSelf();
$this->rootFolder->method('get')->with('valid-path')->willReturn($path);
$this->rootFolder->method('getById')
->willReturn([]);

$this->shareManager->method('newShare')->willReturn(\OC::$server->getShareManager()->newShare());
$this->shareManager->method('shareApiAllowLinks')->willReturn(true);
Expand Down Expand Up @@ -2018,6 +2040,8 @@ public function testCreateShareLinkPassword() {
$path->method('getStorage')->willReturn($storage);
$this->rootFolder->method('getUserFolder')->with($this->currentUser)->willReturnSelf();
$this->rootFolder->method('get')->with('valid-path')->willReturn($path);
$this->rootFolder->method('getById')
->willReturn([]);

$this->shareManager->method('newShare')->willReturn(\OC::$server->getShareManager()->newShare());
$this->shareManager->method('shareApiAllowLinks')->willReturn(true);
Expand Down Expand Up @@ -2052,6 +2076,8 @@ public function testCreateShareLinkSendPasswordByTalk() {
$path->method('getStorage')->willReturn($storage);
$this->rootFolder->method('getUserFolder')->with($this->currentUser)->willReturnSelf();
$this->rootFolder->method('get')->with('valid-path')->willReturn($path);
$this->rootFolder->method('getById')
->willReturn([]);

$this->shareManager->method('newShare')->willReturn(\OC::$server->getShareManager()->newShare());
$this->shareManager->method('shareApiAllowLinks')->willReturn(true);
Expand Down Expand Up @@ -2094,6 +2120,8 @@ public function testCreateShareLinkSendPasswordByTalkWithTalkDisabled() {
$path->method('getPath')->willReturn('valid-path');
$this->rootFolder->method('getUserFolder')->with($this->currentUser)->willReturnSelf();
$this->rootFolder->method('get')->with('valid-path')->willReturn($path);
$this->rootFolder->method('getById')
->willReturn([]);

$this->shareManager->method('newShare')->willReturn(\OC::$server->getShareManager()->newShare());
$this->shareManager->method('shareApiAllowLinks')->willReturn(true);
Expand Down Expand Up @@ -2127,6 +2155,8 @@ public function testCreateShareValidExpireDate() {
$path->method('getStorage')->willReturn($storage);
$this->rootFolder->method('getUserFolder')->with($this->currentUser)->willReturnSelf();
$this->rootFolder->method('get')->with('valid-path')->willReturn($path);
$this->rootFolder->method('getById')
->willReturn([]);

$this->shareManager->method('newShare')->willReturn(\OC::$server->getShareManager()->newShare());
$this->shareManager->method('shareApiAllowLinks')->willReturn(true);
Expand Down Expand Up @@ -2168,6 +2198,8 @@ public function testCreateShareInvalidExpireDate() {
$path->method('getStorage')->willReturn($storage);
$this->rootFolder->method('getUserFolder')->with($this->currentUser)->willReturnSelf();
$this->rootFolder->method('get')->with('valid-path')->willReturn($path);
$this->rootFolder->method('getById')
->willReturn([]);

$this->shareManager->method('newShare')->willReturn(\OC::$server->getShareManager()->newShare());
$this->shareManager->method('shareApiAllowLinks')->willReturn(true);
Expand Down Expand Up @@ -2216,6 +2248,8 @@ public function testCreateShareRemote() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$this->userManager->method('userExists')->with('validUser')->willReturn(true);

Expand Down Expand Up @@ -2286,6 +2320,8 @@ public function testCreateShareRemoteGroup() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$this->userManager->method('userExists')->with('validUser')->willReturn(true);

Expand Down Expand Up @@ -2338,6 +2374,8 @@ public function testCreateShareRoom() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$path->expects($this->once())
->method('lock')
Expand Down Expand Up @@ -2421,6 +2459,8 @@ public function testCreateShareRoomHelperNotAvailable() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$path->expects($this->once())
->method('lock')
Expand Down Expand Up @@ -2461,6 +2501,8 @@ public function testCreateShareRoomHelperThrowException() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$path->expects($this->once())
->method('lock')
Expand Down Expand Up @@ -2541,6 +2583,8 @@ public function testCreateReshareOfFederatedMountNoDeletePermissions() {
->method('get')
->with('valid-path')
->willReturn($path);
$userFolder->method('getById')
->willReturn([]);

$this->userManager->method('userExists')->with('validUser')->willReturn(true);

Expand Down