allow excluding groups from creating link shares
Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
Robin Appelman
parent
b1dca57a1c
commit
0e6321957d
|
|
@ -1,5 +1,5 @@
|
|||
window.addEventListener('DOMContentLoaded', function(){
|
||||
$('#excludedGroups').each(function (index, element) {
|
||||
$('#excludedGroups,#linksExcludedGroups').each(function (index, element) {
|
||||
OC.Settings.setupGroupsSelect($(element));
|
||||
$(element).change(function(ev) {
|
||||
var groups = ev.val || [];
|
||||
|
|
|
|||
|
|
@ -64,11 +64,15 @@ class Sharing implements ISettings {
|
|||
$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
|
||||
$excludeGroupsList = !is_null(json_decode($excludedGroups))
|
||||
? implode('|', json_decode($excludedGroups, true)) : '';
|
||||
$linksExcludedGroups = $this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '');
|
||||
$linksExcludeGroupsList = !is_null(json_decode($linksExcludedGroups))
|
||||
? implode('|', json_decode($linksExcludedGroups, true)) : '';
|
||||
|
||||
$parameters = [
|
||||
// Built-In Sharing
|
||||
'allowGroupSharing' => $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes'),
|
||||
'allowLinks' => $this->config->getAppValue('core', 'shareapi_allow_links', 'yes'),
|
||||
'allowLinksExcludeGroups' => $linksExcludeGroupsList,
|
||||
'allowPublicUpload' => $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes'),
|
||||
'allowResharing' => $this->config->getAppValue('core', 'shareapi_allow_resharing', 'yes'),
|
||||
'allowShareDialogUserEnumeration' => $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes'),
|
||||
|
|
|
|||
|
|
@ -138,6 +138,14 @@
|
|||
<p class="<?php if ($_['shareAPIEnabled'] === 'no') {
|
||||
p('hidden');
|
||||
}?>">
|
||||
<p class="indent">
|
||||
<?php p($l->t('Exclude groups from creating link shares:'));?>
|
||||
</p>
|
||||
<p id="selectLinksExcludedGroups" class="indent <?php if ($_['allowLinks'] === 'no') {
|
||||
p('hidden');
|
||||
} ?>">
|
||||
<input name="shareapi_allow_links_exclude_groups" type="hidden" id="linksExcludedGroups" value="<?php p($_['allowLinksExcludeGroups']) ?>" style="width: 400px" class="noJSAutoUpdate"/>
|
||||
</p>
|
||||
<input type="checkbox" name="shareapi_allow_resharing" id="allowResharing" class="checkbox"
|
||||
value="1" <?php if ($_['allowResharing'] === 'yes') {
|
||||
print_unescaped('checked="checked"');
|
||||
|
|
@ -176,7 +184,7 @@
|
|||
} ?>">
|
||||
<input name="shareapi_exclude_groups_list" type="hidden" id="excludedGroups" value="<?php p($_['shareExcludedGroupsList']) ?>" style="width: 400px" class="noJSAutoUpdate"/>
|
||||
<br />
|
||||
<em><?php p($l->t('These groups will still be able to receive shares, but not to initiate them.')); ?></em>
|
||||
<em><?php p($l->t('These groups will still be able to receive shares, but not to initiate them.')); ?></em>
|
||||
</p>
|
||||
|
||||
<p class="<?php if ($_['shareAPIEnabled'] === 'no') {
|
||||
|
|
|
|||
|
|
@ -1234,7 +1234,8 @@ class Server extends ServerContainer implements IServerContainer {
|
|||
$c->get(IMailer::class),
|
||||
$c->get(IURLGenerator::class),
|
||||
$c->get('ThemingDefaults'),
|
||||
$c->get(IEventDispatcher::class)
|
||||
$c->get(IEventDispatcher::class),
|
||||
$c->get(IUserSession::class)
|
||||
);
|
||||
|
||||
return $manager;
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@ use OCP\ILogger;
|
|||
use OCP\IURLGenerator;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserManager;
|
||||
use OCP\IUserSession;
|
||||
use OCP\L10N\IFactory;
|
||||
use OCP\Mail\IMailer;
|
||||
use OCP\Security\Events\ValidatePasswordPolicyEvent;
|
||||
|
|
@ -104,8 +105,6 @@ class Manager implements IManager {
|
|||
private $sharingDisabledForUsersCache;
|
||||
/** @var EventDispatcherInterface */
|
||||
private $legacyDispatcher;
|
||||
/** @var LegacyHooks */
|
||||
private $legacyHooks;
|
||||
/** @var IMailer */
|
||||
private $mailer;
|
||||
/** @var IURLGenerator */
|
||||
|
|
@ -114,44 +113,26 @@ class Manager implements IManager {
|
|||
private $defaults;
|
||||
/** @var IEventDispatcher */
|
||||
private $dispatcher;
|
||||
private $userSession;
|
||||
|
||||
|
||||
/**
|
||||
* Manager constructor.
|
||||
*
|
||||
* @param ILogger $logger
|
||||
* @param IConfig $config
|
||||
* @param ISecureRandom $secureRandom
|
||||
* @param IHasher $hasher
|
||||
* @param IMountManager $mountManager
|
||||
* @param IGroupManager $groupManager
|
||||
* @param IL10N $l
|
||||
* @param IFactory $l10nFactory
|
||||
* @param IProviderFactory $factory
|
||||
* @param IUserManager $userManager
|
||||
* @param IRootFolder $rootFolder
|
||||
* @param EventDispatcherInterface $eventDispatcher
|
||||
* @param IMailer $mailer
|
||||
* @param IURLGenerator $urlGenerator
|
||||
* @param \OC_Defaults $defaults
|
||||
*/
|
||||
public function __construct(
|
||||
ILogger $logger,
|
||||
IConfig $config,
|
||||
ISecureRandom $secureRandom,
|
||||
IHasher $hasher,
|
||||
IMountManager $mountManager,
|
||||
IGroupManager $groupManager,
|
||||
IL10N $l,
|
||||
IFactory $l10nFactory,
|
||||
IProviderFactory $factory,
|
||||
IUserManager $userManager,
|
||||
IRootFolder $rootFolder,
|
||||
EventDispatcherInterface $legacyDispatcher,
|
||||
IMailer $mailer,
|
||||
IURLGenerator $urlGenerator,
|
||||
\OC_Defaults $defaults,
|
||||
IEventDispatcher $dispatcher
|
||||
ILogger $logger,
|
||||
IConfig $config,
|
||||
ISecureRandom $secureRandom,
|
||||
IHasher $hasher,
|
||||
IMountManager $mountManager,
|
||||
IGroupManager $groupManager,
|
||||
IL10N $l,
|
||||
IFactory $l10nFactory,
|
||||
IProviderFactory $factory,
|
||||
IUserManager $userManager,
|
||||
IRootFolder $rootFolder,
|
||||
EventDispatcherInterface $legacyDispatcher,
|
||||
IMailer $mailer,
|
||||
IURLGenerator $urlGenerator,
|
||||
\OC_Defaults $defaults,
|
||||
IEventDispatcher $dispatcher,
|
||||
IUserSession $userSession
|
||||
) {
|
||||
$this->logger = $logger;
|
||||
$this->config = $config;
|
||||
|
|
@ -166,11 +147,11 @@ class Manager implements IManager {
|
|||
$this->rootFolder = $rootFolder;
|
||||
$this->legacyDispatcher = $legacyDispatcher;
|
||||
$this->sharingDisabledForUsersCache = new CappedMemoryCache();
|
||||
$this->legacyHooks = new LegacyHooks($this->legacyDispatcher);
|
||||
$this->mailer = $mailer;
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
$this->defaults = $defaults;
|
||||
$this->dispatcher = $dispatcher;
|
||||
$this->userSession = $userSession;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -274,7 +255,7 @@ class Manager implements IManager {
|
|||
|
||||
// And it should be a file or a folder
|
||||
if (!($share->getNode() instanceof \OCP\Files\File) &&
|
||||
!($share->getNode() instanceof \OCP\Files\Folder)) {
|
||||
!($share->getNode() instanceof \OCP\Files\Folder)) {
|
||||
throw new \InvalidArgumentException('Path should be either a file or a folder');
|
||||
}
|
||||
|
||||
|
|
@ -422,13 +403,13 @@ class Manager implements IManager {
|
|||
}
|
||||
if ($fullId === null && $expirationDate === null && $defaultExpireDate) {
|
||||
$expirationDate = new \DateTime();
|
||||
$expirationDate->setTime(0,0,0);
|
||||
$expirationDate->setTime(0, 0, 0);
|
||||
|
||||
$days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays);
|
||||
if ($days > $defaultExpireDays) {
|
||||
$days = $defaultExpireDays;
|
||||
}
|
||||
$expirationDate->add(new \DateInterval('P'.$days.'D'));
|
||||
$expirationDate->add(new \DateInterval('P' . $days . 'D'));
|
||||
}
|
||||
|
||||
// If we enforce the expiration date check that is does not exceed
|
||||
|
|
@ -498,13 +479,13 @@ class Manager implements IManager {
|
|||
|
||||
if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) {
|
||||
$expirationDate = new \DateTime();
|
||||
$expirationDate->setTime(0,0,0);
|
||||
$expirationDate->setTime(0, 0, 0);
|
||||
|
||||
$days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', $this->shareApiLinkDefaultExpireDays());
|
||||
if ($days > $this->shareApiLinkDefaultExpireDays()) {
|
||||
$days = $this->shareApiLinkDefaultExpireDays();
|
||||
}
|
||||
$expirationDate->add(new \DateInterval('P'.$days.'D'));
|
||||
$expirationDate->add(new \DateInterval('P' . $days . 'D'));
|
||||
}
|
||||
|
||||
// If we enforce the expiration date check that is does not exceed
|
||||
|
|
@ -553,8 +534,8 @@ class Manager implements IManager {
|
|||
$sharedWith = $this->userManager->get($share->getSharedWith());
|
||||
// Verify we can share with this user
|
||||
$groups = array_intersect(
|
||||
$this->groupManager->getUserGroupIds($sharedBy),
|
||||
$this->groupManager->getUserGroupIds($sharedWith)
|
||||
$this->groupManager->getUserGroupIds($sharedBy),
|
||||
$this->groupManager->getUserGroupIds($sharedWith)
|
||||
);
|
||||
if (empty($groups)) {
|
||||
$message_t = $this->l->t('Sharing is only allowed with group members');
|
||||
|
|
@ -919,7 +900,7 @@ class Manager implements IManager {
|
|||
'%1$s via %2$s',
|
||||
[
|
||||
$initiatorDisplayName,
|
||||
$instanceName
|
||||
$instanceName,
|
||||
]
|
||||
);
|
||||
$message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]);
|
||||
|
|
@ -1102,7 +1083,7 @@ class Manager implements IManager {
|
|||
* @since 9.0.0
|
||||
*/
|
||||
public function acceptShare(IShare $share, string $recipientId): IShare {
|
||||
[$providerId, ] = $this->splitFullId($share->getFullId());
|
||||
[$providerId,] = $this->splitFullId($share->getFullId());
|
||||
$provider = $this->factory->getProvider($providerId);
|
||||
|
||||
if (!method_exists($provider, 'acceptShare')) {
|
||||
|
|
@ -1127,10 +1108,10 @@ class Manager implements IManager {
|
|||
*/
|
||||
private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) {
|
||||
$passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) &&
|
||||
(($share->getPassword() !== null && $originalShare->getPassword() === null) ||
|
||||
($share->getPassword() === null && $originalShare->getPassword() !== null) ||
|
||||
($share->getPassword() !== null && $originalShare->getPassword() !== null &&
|
||||
!$this->hasher->verify($share->getPassword(), $originalShare->getPassword())));
|
||||
(($share->getPassword() !== null && $originalShare->getPassword() === null) ||
|
||||
($share->getPassword() === null && $originalShare->getPassword() !== null) ||
|
||||
($share->getPassword() !== null && $originalShare->getPassword() !== null &&
|
||||
!$this->hasher->verify($share->getPassword(), $originalShare->getPassword())));
|
||||
|
||||
// Password updated.
|
||||
if ($passwordsAreDifferent) {
|
||||
|
|
@ -1225,7 +1206,7 @@ class Manager implements IManager {
|
|||
* @param string $recipientId
|
||||
*/
|
||||
public function deleteFromSelf(IShare $share, $recipientId) {
|
||||
[$providerId, ] = $this->splitFullId($share->getFullId());
|
||||
[$providerId,] = $this->splitFullId($share->getFullId());
|
||||
$provider = $this->factory->getProvider($providerId);
|
||||
|
||||
$provider->deleteFromSelf($share, $recipientId);
|
||||
|
|
@ -1234,7 +1215,7 @@ class Manager implements IManager {
|
|||
}
|
||||
|
||||
public function restoreShare(IShare $share, string $recipientId): IShare {
|
||||
[$providerId, ] = $this->splitFullId($share->getFullId());
|
||||
[$providerId,] = $this->splitFullId($share->getFullId());
|
||||
$provider = $this->factory->getProvider($providerId);
|
||||
|
||||
return $provider->restore($share, $recipientId);
|
||||
|
|
@ -1264,7 +1245,7 @@ class Manager implements IManager {
|
|||
}
|
||||
}
|
||||
|
||||
[$providerId, ] = $this->splitFullId($share->getFullId());
|
||||
[$providerId,] = $this->splitFullId($share->getFullId());
|
||||
$provider = $this->factory->getProvider($providerId);
|
||||
|
||||
return $provider->move($share, $recipientId);
|
||||
|
|
@ -1291,8 +1272,8 @@ class Manager implements IManager {
|
|||
*/
|
||||
public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0) {
|
||||
if ($path !== null &&
|
||||
!($path instanceof \OCP\Files\File) &&
|
||||
!($path instanceof \OCP\Files\Folder)) {
|
||||
!($path instanceof \OCP\Files\File) &&
|
||||
!($path instanceof \OCP\Files\Folder)) {
|
||||
throw new \InvalidArgumentException('invalid path');
|
||||
}
|
||||
|
||||
|
|
@ -1533,8 +1514,8 @@ class Manager implements IManager {
|
|||
*/
|
||||
public function checkPassword(IShare $share, $password) {
|
||||
$passwordProtected = $share->getShareType() !== IShare::TYPE_LINK
|
||||
|| $share->getShareType() !== IShare::TYPE_EMAIL
|
||||
|| $share->getShareType() !== IShare::TYPE_CIRCLE;
|
||||
|| $share->getShareType() !== IShare::TYPE_EMAIL
|
||||
|| $share->getShareType() !== IShare::TYPE_CIRCLE;
|
||||
if (!$passwordProtected) {
|
||||
//TODO maybe exception?
|
||||
return false;
|
||||
|
|
@ -1756,7 +1737,20 @@ class Manager implements IManager {
|
|||
* @return bool
|
||||
*/
|
||||
public function shareApiAllowLinks() {
|
||||
return $this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes';
|
||||
if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = $this->userSession->getUser();
|
||||
if ($user) {
|
||||
$excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]'));
|
||||
if ($excludedGroups) {
|
||||
$userGroups = $this->groupManager->getUserGroupIds($user);
|
||||
return !(bool)array_intersect($excludedGroups, $userGroups);
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1780,6 +1774,7 @@ class Manager implements IManager {
|
|||
/**
|
||||
* Is default link expire date enforced
|
||||
*`
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function shareApiLinkDefaultExpireDateEnforced() {
|
||||
|
|
@ -1790,6 +1785,7 @@ class Manager implements IManager {
|
|||
|
||||
/**
|
||||
* Number of default link expire days
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
public function shareApiLinkDefaultExpireDays() {
|
||||
|
|
@ -1836,6 +1832,7 @@ class Manager implements IManager {
|
|||
|
||||
/**
|
||||
* Number of default expire days
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
public function shareApiInternalDefaultExpireDays(): int {
|
||||
|
|
@ -1844,6 +1841,7 @@ class Manager implements IManager {
|
|||
|
||||
/**
|
||||
* Number of default expire days for remote shares
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
public function shareApiRemoteDefaultExpireDays(): int {
|
||||
|
|
@ -1861,6 +1859,7 @@ class Manager implements IManager {
|
|||
|
||||
/**
|
||||
* check if user can only share with group members
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function shareWithGroupMembersOnly() {
|
||||
|
|
@ -1869,6 +1868,7 @@ class Manager implements IManager {
|
|||
|
||||
/**
|
||||
* Check if users can share with groups
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function allowGroupSharing() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue