allow to access mail shares even if public links are disabled

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2017-01-04 13:33:45 +01:00
parent a45137bbca
commit 0c11209d33
No known key found for this signature in database
GPG Key ID: 2378A753E2BF04F6
3 changed files with 61 additions and 7 deletions

View File

@ -111,7 +111,9 @@ class Application extends App {
$c->query('AppName'),
$server->getConfig(),
$server->getAppManager(),
$c['ControllerMethodReflector']
$c['ControllerMethodReflector'],
$server->getShareManager(),
$server->getRequest()
);
});

View File

@ -25,6 +25,8 @@
namespace OCA\Files_Sharing\Middleware;
use OCA\Files_Sharing\Controller\ExternalSharesController;
use OCA\Files_Sharing\Controller\ShareController;
use OCP\App\IAppManager;
use OCP\AppFramework\Http\NotFoundResponse;
use OCP\AppFramework\Middleware;
@ -33,6 +35,8 @@ use OCP\IConfig;
use OCP\AppFramework\Utility\IControllerMethodReflector;
use OCA\Files_Sharing\Exceptions\S2SException;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IRequest;
use OCP\Share\IManager;
/**
* Checks whether the "sharing check" is enabled
@ -49,21 +53,32 @@ class SharingCheckMiddleware extends Middleware {
protected $appManager;
/** @var IControllerMethodReflector */
protected $reflector;
/** @var IManager */
protected $shareManager;
/** @var IRequest */
protected $request;
/***
* @param string $appName
* @param IConfig $config
* @param IAppManager $appManager
* @param IControllerMethodReflector $reflector
* @param IManager $shareManager
* @param IRequest $request
*/
public function __construct($appName,
IConfig $config,
IAppManager $appManager,
IControllerMethodReflector $reflector
IControllerMethodReflector $reflector,
IManager $shareManager,
IRequest $request
) {
$this->appName = $appName;
$this->config = $config;
$this->appManager = $appManager;
$this->reflector = $reflector;
$this->shareManager = $shareManager;
$this->request = $request;
}
/**
@ -72,18 +87,23 @@ class SharingCheckMiddleware extends Middleware {
* @param \OCP\AppFramework\Controller $controller
* @param string $methodName
* @throws NotFoundException
* @throws S2SException
*/
public function beforeController($controller, $methodName) {
if(!$this->isSharingEnabled()) {
throw new NotFoundException('Sharing is disabled.');
}
if ($controller instanceof \OCA\Files_Sharing\Controller\ExternalSharesController &&
if ($controller instanceof ExternalSharesController &&
!$this->externalSharesChecks()) {
throw new S2SException('Federated sharing not allowed');
} else if ($controller instanceof \OCA\Files_Sharing\Controller\ShareController &&
!$this->isLinkSharingEnabled()) {
throw new NotFoundException('Link sharing is disabled');
} else if ($controller instanceof ShareController) {
$token = $this->request->getParam('token');
$share = $this->shareManager->getShareByToken($token);
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK
&& !$this->isLinkSharingEnabled()) {
throw new NotFoundException('Link sharing is disabled');
}
}
}

View File

@ -34,6 +34,9 @@ use OCP\AppFramework\Utility\IControllerMethodReflector;
use OCA\Files_Sharing\Exceptions\S2SException;
use OCP\AppFramework\Http\JSONResponse;
use OCP\IConfig;
use OCP\IRequest;
use OCP\Share\IManager;
use OCP\Share\IShare;
/**
* @package OCA\Files_Sharing\Middleware\SharingCheckMiddleware
@ -50,6 +53,10 @@ class SharingCheckMiddlewareTest extends \Test\TestCase {
private $controllerMock;
/** @var IControllerMethodReflector|\PHPUnit_Framework_MockObject_MockObject */
private $reflector;
/** @var IManager | \PHPUnit_Framework_MockObject_MockObject */
private $shareManager;
/** @var IRequest | \PHPUnit_Framework_MockObject_MockObject */
private $request;
protected function setUp() {
parent::setUp();
@ -58,12 +65,16 @@ class SharingCheckMiddlewareTest extends \Test\TestCase {
$this->appManager = $this->createMock(IAppManager::class);
$this->controllerMock = $this->createMock(Controller::class);
$this->reflector = $this->createMock(IControllerMethodReflector::class);
$this->shareManager = $this->createMock(IManager::class);
$this->request = $this->createMock(IRequest::class);
$this->sharingCheckMiddleware = new SharingCheckMiddleware(
'files_sharing',
$this->config,
$this->appManager,
$this->reflector);
$this->reflector,
$this->shareManager,
$this->request);
}
public function testIsSharingEnabledWithAppEnabled() {
@ -215,6 +226,9 @@ class SharingCheckMiddlewareTest extends \Test\TestCase {
}
public function testBeforeControllerWithShareControllerWithSharingEnabled() {
$share = $this->createMock(IShare::class);
$this->appManager
->expects($this->once())
->method('isEnabledForUser')
@ -233,6 +247,13 @@ class SharingCheckMiddlewareTest extends \Test\TestCase {
->with('core', 'shareapi_allow_links', 'yes')
->will($this->returnValue('yes'));
$this->request->expects($this->once())->method('getParam')->with('token')
->willReturn('token');
$this->shareManager->expects($this->once())->method('getShareByToken')
->with('token')->willReturn($share);
$share->expects($this->once())->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_LINK);
$controller = $this->createMock(ShareController::class);
$this->sharingCheckMiddleware->beforeController($controller, 'myMethod');
@ -243,6 +264,9 @@ class SharingCheckMiddlewareTest extends \Test\TestCase {
* @expectedExceptionMessage Link sharing is disabled
*/
public function testBeforeControllerWithShareControllerWithSharingEnabledAPIDisabled() {
$share = $this->createMock(IShare::class);
$this->appManager
->expects($this->once())
->method('isEnabledForUser')
@ -251,6 +275,14 @@ class SharingCheckMiddlewareTest extends \Test\TestCase {
$controller = $this->createMock(ShareController::class);
$this->request->expects($this->once())->method('getParam')->with('token')
->willReturn('token');
$this->shareManager->expects($this->once())->method('getShareByToken')
->with('token')->willReturn($share);
$share->expects($this->once())->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_LINK);
$this->sharingCheckMiddleware->beforeController($controller, 'myMethod');
}