diff --git a/apps/files_sharing/lib/API/Share20OCS.php b/apps/files_sharing/lib/API/Share20OCS.php index 4c6b5f2942c9..9280124d99a6 100644 --- a/apps/files_sharing/lib/API/Share20OCS.php +++ b/apps/files_sharing/lib/API/Share20OCS.php @@ -645,6 +645,7 @@ public function updateShare($id) { if ($newPermissions !== null) { $share->setPermissions($newPermissions); + $permissions = $newPermissions; } if ($expireDate === '') { diff --git a/apps/files_sharing/tests/API/Share20OCSTest.php b/apps/files_sharing/tests/API/Share20OCSTest.php index 048f8e9c8372..ed4718ab4b87 100644 --- a/apps/files_sharing/tests/API/Share20OCSTest.php +++ b/apps/files_sharing/tests/API/Share20OCSTest.php @@ -1303,6 +1303,7 @@ public function testUpdateLinkShareClear() { $share = $this->newShare(); $share->setPermissions(\OCP\Constants::PERMISSION_ALL) ->setSharedBy($this->currentUser->getUID()) + ->setShareOwner($this->currentUser->getUID()) ->setShareType(Share::SHARE_TYPE_LINK) ->setPassword('password') ->setExpirationDate(new \DateTime()) @@ -1349,6 +1350,7 @@ public function testUpdateLinkShareSet() { $share = \OC::$server->getShareManager()->newShare(); $share->setPermissions(\OCP\Constants::PERMISSION_ALL) ->setSharedBy($this->currentUser->getUID()) + ->setShareOwner($this->currentUser->getUID()) ->setShareType(Share::SHARE_TYPE_LINK) ->setNode($folder); @@ -1392,6 +1394,7 @@ public function testUpdateLinkShareEnablePublicUpload($params) { $share = \OC::$server->getShareManager()->newShare(); $share->setPermissions(\OCP\Constants::PERMISSION_ALL) ->setSharedBy($this->currentUser->getUID()) + ->setShareOwner($this->currentUser->getUID()) ->setShareType(Share::SHARE_TYPE_LINK) ->setPassword('password') ->setNode($folder); @@ -1627,6 +1630,7 @@ public function testUpdateLinkSharePublicUploadDoesNotChangeOther() { $share = \OC::$server->getShareManager()->newShare(); $share->setPermissions(\OCP\Constants::PERMISSION_ALL) ->setSharedBy($this->currentUser->getUID()) + ->setShareOwner($this->currentUser->getUID()) ->setShareType(Share::SHARE_TYPE_LINK) ->setPassword('password') ->setExpirationDate($date) @@ -1819,6 +1823,59 @@ public function testUpdateShareCannotIncreasePermissions() { $this->assertEquals($expected->getData(), $result->getData()); } + /** + * @dataProvider publicUploadParamsProvider + */ + public function testUpdateShareCannotIncreasePermissionsPublicLink($params) { + $ocs = $this->mockFormatShare(); + + $date = new \DateTime('2000-01-01'); + + $folder = $this->createMock('\OCP\Files\Folder'); + + $share = \OC::$server->getShareManager()->newShare(); + $share + ->setId(42) + ->setSharedBy('anotheruser') + ->setShareOwner('anotheruser') + ->setShareType(Share::SHARE_TYPE_USER) + ->setSharedWith($this->currentUser->getUID()) + ->setPermissions(\OCP\Constants::PERMISSION_READ) + ->setNode($folder); + + $linkShare = \OC::$server->getShareManager()->newShare(); + $linkShare + ->setId(43) + ->setSharedBy($this->currentUser->getUID()) + ->setShareOwner('anotheruser') + ->setShareType(Share::SHARE_TYPE_LINK) + ->setToken('dummy') + ->setPermissions(\OCP\Constants::PERMISSION_READ) + ->setNode($folder); + + $this->request + ->method('getParam') + ->will($this->returnValueMap($params)); + + $this->shareManager->method('getShareById')->with('ocinternal:43')->willReturn($linkShare); + $this->shareManager->method('shareApiLinkAllowPublicUpload')->willReturn(true); + + $this->shareManager->expects($this->any()) + ->method('getSharedWith') + ->will($this->returnValueMap([ + [$this->currentUser->getUID(), Share::SHARE_TYPE_USER, $share->getNode(), -1, 0, [$share]], + [$this->currentUser->getUID(), Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0, []], + ])); + + $this->shareManager->expects($this->never())->method('updateShare'); + + $expected = new \OC\OCS\Result(null, 404, 'Cannot increase permissions'); + $result = $ocs->updateShare(43); + + $this->assertEquals($expected->getMeta(), $result->getMeta()); + $this->assertEquals($expected->getData(), $result->getData()); + } + public function testUpdateShareCanIncreasePermissionsIfOwner() { $ocs = $this->mockFormatShare(); diff --git a/build/integration/features/sharing-v1.feature b/build/integration/features/sharing-v1.feature index 4f1b52ea0a6b..489b707e5eb6 100644 --- a/build/integration/features/sharing-v1.feature +++ b/build/integration/features/sharing-v1.feature @@ -976,3 +976,118 @@ Feature: sharing Then etag of element "/" of user "user1" has changed And etag of element "/PARENT" of user "user0" has not changed + Scenario: Increasing permissions is allowed for owner + Given As an "admin" + And user "user0" exists + And user "user1" exists + And group "new-group" exists + And user "user0" belongs to group "new-group" + And user "user1" belongs to group "new-group" + And Assure user "user0" is subadmin of group "new-group" + And As an "user0" + And folder "/FOLDER" of user "user0" is shared with group "new-group" + And Updating last share with + | permissions | 0 | + When Updating last share with + | permissions | 31 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: Adding public upload to a read only shared folder as recipient is not allowed + Given As an "admin" + And user "user0" exists + And user "user1" exists + And As an "user0" + And user "user0" created a folder "/test" + And folder "/test" of user "user0" is shared with user "user1" with permissions 17 + And As an "user1" + And creating a share with + | path | /test | + | shareType | 3 | + | publicUpload | false | + When Updating last share with + | publicUpload | true | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: Adding public upload to a shared folder as recipient is allowed with permissions + Given As an "admin" + And user "user0" exists + And user "user1" exists + And As an "user0" + And user "user0" created a folder "/test" + And folder "/test" of user "user0" is shared with user "user1" with permissions 31 + And As an "user1" + And creating a share with + | path | /test | + | shareType | 3 | + | publicUpload | false | + When Updating last share with + | publicUpload | true | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: Adding public upload to a read only shared folder as recipient is not allowed + Given As an "admin" + And user "user0" exists + And user "user1" exists + And As an "user0" + And user "user0" created a folder "/test" + And folder "/test" of user "user0" is shared with user "user1" with permissions 17 + And As an "user1" + And creating a share with + | path | /test | + | shareType | 3 | + | permissions | 1 | + When Updating last share with + | permissions | 15 | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: Adding public upload to a shared folder as recipient is allowed with permissions + Given As an "admin" + And user "user0" exists + And user "user1" exists + And As an "user0" + And user "user0" created a folder "/test" + And folder "/test" of user "user0" is shared with user "user1" with permissions 31 + And As an "user1" + And creating a share with + | path | /test | + | shareType | 3 | + | permissions | 1 | + When Updating last share with + | permissions | 15 | + Then the OCS status code should be "100" + And the HTTP status code should be "200" + + Scenario: resharing using a public link with read only permissions is not allowed + Given As an "admin" + And user "user0" exists + And user "user1" exists + And As an "user0" + And user "user0" created a folder "/test" + And folder "/test" of user "user0" is shared with user "user1" with permissions 1 + And As an "user1" + And creating a share with + | path | /test | + | shareType | 3 | + | publicUpload | false | + Then the OCS status code should be "404" + And the HTTP status code should be "200" + + Scenario: resharing using a public link with read and write permissions only is not allowed + Given As an "admin" + And user "user0" exists + And user "user1" exists + And As an "user0" + And user "user0" created a folder "/test" + And folder "/test" of user "user0" is shared with user "user1" with permissions 15 + And As an "user1" + And creating a share with + | path | /test | + | shareType | 3 | + | publicUpload | false | + Then the OCS status code should be "404" + And the HTTP status code should be "200" +