Added tests about permissions and public upload #26639
Conversation
|
@SergioBertolinSG, thanks for your PR! By analyzing the history of the files in this pull request, we identified @rullzer, @PVince81 and @MorrisJobke to be potential reviewers. |
| And group "new-group" exists | ||
| And user "user0" belongs to group "new-group" | ||
| And user "user1" belongs to group "new-group" | ||
| And Assure user "user0" is subadmin of group "new-group" |
There was a problem hiding this comment.
Perhaps not, it comes from here #25542 (comment)
| | shareType | 3 | | ||
| | publicUpload | false | | ||
| When Updating last share with | ||
| | publicUpload | true | |
There was a problem hiding this comment.
This looks legitimate. At line 1002 the share is read-write so it's acceptable that the recipient can also make the link share read-write.
Did you mean to make the local share read-only ?
There was a problem hiding this comment.
Yes, you're right. I'll change it.
|
Pfff, this API thing is a real mess. Some checks are done in the share manager, others are done only in the OCS controller... |
|
Basically the @SergioBertolinSG can we also have integration tests for creating link shares as reshares for a read-write and read-only received share ? |
|
Debugging in the But weird thing that this check is correct when creating shares... |
|
Ok, got it. The problem is as follows: the
So need to look into whether we need to "fix" the node in the share manager, or adjust the node in the OCS controller code. It looks like the logic would let us discard the permissions validation logic from the OCS controller and only rely on the one in the manager, which would be ideal. |
|
Looks like for the share manager we need to somehow try and get the node with the POV of the user who is specified in "getSharedBy()" instead of relying on the node that was specified in the share itself as it might be inaccurate. |
|
Some POC here: fe38088 Would be good to add many more integration tests to make sure everything is covered (including reshare-creation perm denied) |
You mean without permission to share? |
I didn't mean that. But you're right that it needs to be added as well. |
|
For now I'll focus on the quick fix. The clean but more risky fix will be done for 9.2 separately: #26684 (more risky because it will affect more cases that we need to make sure we cover as well) |
PVince81
force-pushed
the
integration-tests-modifying-permissions
branch
from
fe38088 to
2ba0f9a
Compare
| | shareType | 3 | | ||
| | publicUpload | false | | ||
| When Updating last share with | ||
| | publicUpload | true | |
There was a problem hiding this comment.
Can we also have the same tests with the "permissions" attribute ? @SergioBertolinSG
With sharing permission, these cases are covered in Without sharing permissions there is 'Scenario: User is not allowed to reshare file' and 'Scenario: User is not allowed to reshare file with more permissions'. They reshare like regular shares, Do we need different tests using public links shares? |
Yes, that would be good as it's a slightly different code path. |
…e enough permisssions
|
Seems Jenkins env is broken, I resubmit the PR with your commits squashed here: #26691 |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Test for owncloud/QA#301
And a current failing case. cc @PVince81