Check if user has permission to create such a tag
Fixes https://github.com/owncloud/core/issues/22512
This commit is contained in:
Lukas Reschke
parent
c13259cf9e
commit
3bd95cca6b
|
|
@ -93,7 +93,11 @@ class Server {
|
|||
$this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
|
||||
|
||||
// system tags plugins
|
||||
$this->server->addPlugin(new \OCA\DAV\SystemTag\SystemTagPlugin(\OC::$server->getSystemTagManager()));
|
||||
$this->server->addPlugin(new \OCA\DAV\SystemTag\SystemTagPlugin(
|
||||
\OC::$server->getSystemTagManager(),
|
||||
\OC::$server->getGroupManager(),
|
||||
\OC::$server->getUserSession()
|
||||
));
|
||||
|
||||
// comments plugin
|
||||
$this->server->addPlugin(new \OCA\DAV\Comments\CommentsPlugin(
|
||||
|
|
|
|||
|
|
@ -103,6 +103,7 @@ class SystemTagNode implements \Sabre\DAV\INode {
|
|||
* @param bool $userVisible user visible
|
||||
* @param bool $userAssignable user assignable
|
||||
* @throws NotFound whenever the given tag id does not exist
|
||||
* @throws Forbidden whenever there is no permission to update said tag
|
||||
* @throws Conflict whenever a tag already exists with the given attributes
|
||||
*/
|
||||
public function update($name, $userVisible, $userAssignable) {
|
||||
|
|
|
|||
|
|
@ -21,6 +21,8 @@
|
|||
*/
|
||||
namespace OCA\DAV\SystemTag;
|
||||
|
||||
use OCP\IGroupManager;
|
||||
use OCP\IUserSession;
|
||||
use Sabre\DAV\Exception\NotFound;
|
||||
use Sabre\DAV\PropFind;
|
||||
use Sabre\DAV\PropPatch;
|
||||
|
|
@ -61,12 +63,26 @@ class SystemTagPlugin extends \Sabre\DAV\ServerPlugin {
|
|||
protected $tagManager;
|
||||
|
||||
/**
|
||||
* System tags plugin
|
||||
*
|
||||
* @param ISystemTagManager $tagManager tag manager
|
||||
* @var IUserSession
|
||||
*/
|
||||
public function __construct(ISystemTagManager $tagManager) {
|
||||
protected $userSession;
|
||||
|
||||
/**
|
||||
* @var IGroupManager
|
||||
*/
|
||||
protected $groupManager;
|
||||
|
||||
/**
|
||||
* @param ISystemTagManager $tagManager tag manager
|
||||
* @param IGroupManager $groupManager
|
||||
* @param IUserSession $userSession
|
||||
*/
|
||||
public function __construct(ISystemTagManager $tagManager,
|
||||
IGroupManager $groupManager,
|
||||
IUserSession $userSession) {
|
||||
$this->tagManager = $tagManager;
|
||||
$this->userSession = $userSession;
|
||||
$this->groupManager = $groupManager;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -163,6 +179,13 @@ class SystemTagPlugin extends \Sabre\DAV\ServerPlugin {
|
|||
if (isset($data['userAssignable'])) {
|
||||
$userAssignable = (bool)$data['userAssignable'];
|
||||
}
|
||||
|
||||
if($userVisible === false || $userAssignable === false) {
|
||||
if(!$this->userSession->isLoggedIn() || !$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {
|
||||
throw new BadRequest('Not sufficient permissions');
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
return $this->tagManager->createTag($tagName, $userVisible, $userAssignable);
|
||||
} catch (TagAlreadyExistsException $e) {
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@
|
|||
namespace OCA\DAV\Tests\Unit\SystemTag;
|
||||
|
||||
use OC\SystemTag\SystemTag;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\IUserSession;
|
||||
use OCP\SystemTag\TagAlreadyExistsException;
|
||||
|
||||
class SystemTagPlugin extends \Test\TestCase {
|
||||
|
|
@ -46,6 +48,16 @@ class SystemTagPlugin extends \Test\TestCase {
|
|||
*/
|
||||
private $tagManager;
|
||||
|
||||
/**
|
||||
* @var IGroupManager
|
||||
*/
|
||||
private $groupManager;
|
||||
|
||||
/**
|
||||
* @var IUserSession
|
||||
*/
|
||||
private $userSession;
|
||||
|
||||
/**
|
||||
* @var \OCA\DAV\SystemTag\SystemTagPlugin
|
||||
*/
|
||||
|
|
@ -60,8 +72,14 @@ class SystemTagPlugin extends \Test\TestCase {
|
|||
$this->server = new \Sabre\DAV\Server($this->tree);
|
||||
|
||||
$this->tagManager = $this->getMock('\OCP\SystemTag\ISystemTagManager');
|
||||
$this->groupManager = $this->getMock('\OCP\IGroupManager');
|
||||
$this->userSession = $this->getMock('\OCP\IUserSession');
|
||||
|
||||
$this->plugin = new \OCA\DAV\SystemTag\SystemTagPlugin($this->tagManager);
|
||||
$this->plugin = new \OCA\DAV\SystemTag\SystemTagPlugin(
|
||||
$this->tagManager,
|
||||
$this->groupManager,
|
||||
$this->userSession
|
||||
);
|
||||
$this->plugin->initialize($this->server);
|
||||
}
|
||||
|
||||
|
|
@ -153,7 +171,204 @@ class SystemTagPlugin extends \Test\TestCase {
|
|||
$this->assertEquals(200, $result[self::USERVISIBLE_PROPERTYNAME]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Sabre\DAV\Exception\BadRequest
|
||||
* @expectedExceptionMessage Not sufficient permissions
|
||||
*/
|
||||
public function testCreateNotAssignableTagAsRegularUser() {
|
||||
$user = $this->getMock('\OCP\IUser');
|
||||
$user->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('admin');
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('isLoggedIn')
|
||||
->willReturn(true);
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($user);
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
->method('isAdmin')
|
||||
->with('admin')
|
||||
->willReturn(false);
|
||||
|
||||
$requestData = json_encode([
|
||||
'name' => 'Test',
|
||||
'userVisible' => true,
|
||||
'userAssignable' => false,
|
||||
]);
|
||||
|
||||
$node = $this->getMockBuilder('\OCA\DAV\SystemTag\SystemTagsByIdCollection')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->tagManager->expects($this->never())
|
||||
->method('createTag');
|
||||
|
||||
$this->tree->expects($this->any())
|
||||
->method('getNodeForPath')
|
||||
->with('/systemtags')
|
||||
->will($this->returnValue($node));
|
||||
|
||||
$request = $this->getMockBuilder('Sabre\HTTP\RequestInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getPath')
|
||||
->will($this->returnValue('/systemtags'));
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getBodyAsString')
|
||||
->will($this->returnValue($requestData));
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getHeader')
|
||||
->with('Content-Type')
|
||||
->will($this->returnValue('application/json'));
|
||||
|
||||
$this->plugin->httpPost($request, $response);
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Sabre\DAV\Exception\BadRequest
|
||||
* @expectedExceptionMessage Not sufficient permissions
|
||||
*/
|
||||
public function testCreateInvisibleTagAsRegularUser() {
|
||||
$user = $this->getMock('\OCP\IUser');
|
||||
$user->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('admin');
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('isLoggedIn')
|
||||
->willReturn(true);
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($user);
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
->method('isAdmin')
|
||||
->with('admin')
|
||||
->willReturn(false);
|
||||
|
||||
$requestData = json_encode([
|
||||
'name' => 'Test',
|
||||
'userVisible' => false,
|
||||
'userAssignable' => true,
|
||||
]);
|
||||
|
||||
$node = $this->getMockBuilder('\OCA\DAV\SystemTag\SystemTagsByIdCollection')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->tagManager->expects($this->never())
|
||||
->method('createTag');
|
||||
|
||||
$this->tree->expects($this->any())
|
||||
->method('getNodeForPath')
|
||||
->with('/systemtags')
|
||||
->will($this->returnValue($node));
|
||||
|
||||
$request = $this->getMockBuilder('Sabre\HTTP\RequestInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getPath')
|
||||
->will($this->returnValue('/systemtags'));
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getBodyAsString')
|
||||
->will($this->returnValue($requestData));
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getHeader')
|
||||
->with('Content-Type')
|
||||
->will($this->returnValue('application/json'));
|
||||
|
||||
$this->plugin->httpPost($request, $response);
|
||||
}
|
||||
|
||||
public function testCreateTagInByIdCollectionAsRegularUser() {
|
||||
$systemTag = new SystemTag(1, 'Test', true, false);
|
||||
|
||||
$requestData = json_encode([
|
||||
'name' => 'Test',
|
||||
'userVisible' => true,
|
||||
'userAssignable' => true,
|
||||
]);
|
||||
|
||||
$node = $this->getMockBuilder('\OCA\DAV\SystemTag\SystemTagsByIdCollection')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->tagManager->expects($this->once())
|
||||
->method('createTag')
|
||||
->with('Test', true, true)
|
||||
->will($this->returnValue($systemTag));
|
||||
|
||||
$this->tree->expects($this->any())
|
||||
->method('getNodeForPath')
|
||||
->with('/systemtags')
|
||||
->will($this->returnValue($node));
|
||||
|
||||
$request = $this->getMockBuilder('Sabre\HTTP\RequestInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getPath')
|
||||
->will($this->returnValue('/systemtags'));
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getBodyAsString')
|
||||
->will($this->returnValue($requestData));
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getHeader')
|
||||
->with('Content-Type')
|
||||
->will($this->returnValue('application/json'));
|
||||
|
||||
$request->expects($this->once())
|
||||
->method('getUrl')
|
||||
->will($this->returnValue('http://example.com/dav/systemtags'));
|
||||
|
||||
$response->expects($this->once())
|
||||
->method('setHeader')
|
||||
->with('Content-Location', 'http://example.com/dav/systemtags/1');
|
||||
|
||||
$this->plugin->httpPost($request, $response);
|
||||
}
|
||||
|
||||
public function testCreateTagInByIdCollection() {
|
||||
$user = $this->getMock('\OCP\IUser');
|
||||
$user->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('admin');
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('isLoggedIn')
|
||||
->willReturn(true);
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($user);
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
->method('isAdmin')
|
||||
->with('admin')
|
||||
->willReturn(true);
|
||||
|
||||
$systemTag = new SystemTag(1, 'Test', true, false);
|
||||
|
||||
$requestData = json_encode([
|
||||
|
|
@ -214,6 +429,24 @@ class SystemTagPlugin extends \Test\TestCase {
|
|||
}
|
||||
|
||||
public function testCreateTagInMappingCollection() {
|
||||
$user = $this->getMock('\OCP\IUser');
|
||||
$user->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('admin');
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('isLoggedIn')
|
||||
->willReturn(true);
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($user);
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
->method('isAdmin')
|
||||
->with('admin')
|
||||
->willReturn(true);
|
||||
|
||||
$systemTag = new SystemTag(1, 'Test', true, false);
|
||||
|
||||
$requestData = json_encode([
|
||||
|
|
@ -307,9 +540,27 @@ class SystemTagPlugin extends \Test\TestCase {
|
|||
|
||||
/**
|
||||
* @dataProvider nodeClassProvider
|
||||
* @expectedException Sabre\DAV\Exception\Conflict
|
||||
* @expectedException \Sabre\DAV\Exception\Conflict
|
||||
*/
|
||||
public function testCreateTagConflict($nodeClass) {
|
||||
$user = $this->getMock('\OCP\IUser');
|
||||
$user->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('admin');
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('isLoggedIn')
|
||||
->willReturn(true);
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($user);
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
->method('isAdmin')
|
||||
->with('admin')
|
||||
->willReturn(true);
|
||||
|
||||
$requestData = json_encode([
|
||||
'name' => 'Test',
|
||||
'userVisible' => true,
|
||||
|
|
|
|||
Loading…
Reference in New Issue