Check if user has permission to create such a tag
Fixes https://github.com/owncloud/core/issues/22512
This commit is contained in:
parent
c13259cf9e
commit
3bd95cca6b
|
@ -93,7 +93,11 @@ class Server {
|
||||||
$this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
|
$this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
|
||||||
|
|
||||||
// system tags plugins
|
// system tags plugins
|
||||||
$this->server->addPlugin(new \OCA\DAV\SystemTag\SystemTagPlugin(\OC::$server->getSystemTagManager()));
|
$this->server->addPlugin(new \OCA\DAV\SystemTag\SystemTagPlugin(
|
||||||
|
\OC::$server->getSystemTagManager(),
|
||||||
|
\OC::$server->getGroupManager(),
|
||||||
|
\OC::$server->getUserSession()
|
||||||
|
));
|
||||||
|
|
||||||
// comments plugin
|
// comments plugin
|
||||||
$this->server->addPlugin(new \OCA\DAV\Comments\CommentsPlugin(
|
$this->server->addPlugin(new \OCA\DAV\Comments\CommentsPlugin(
|
||||||
|
|
|
@ -103,6 +103,7 @@ class SystemTagNode implements \Sabre\DAV\INode {
|
||||||
* @param bool $userVisible user visible
|
* @param bool $userVisible user visible
|
||||||
* @param bool $userAssignable user assignable
|
* @param bool $userAssignable user assignable
|
||||||
* @throws NotFound whenever the given tag id does not exist
|
* @throws NotFound whenever the given tag id does not exist
|
||||||
|
* @throws Forbidden whenever there is no permission to update said tag
|
||||||
* @throws Conflict whenever a tag already exists with the given attributes
|
* @throws Conflict whenever a tag already exists with the given attributes
|
||||||
*/
|
*/
|
||||||
public function update($name, $userVisible, $userAssignable) {
|
public function update($name, $userVisible, $userAssignable) {
|
||||||
|
|
|
@ -21,6 +21,8 @@
|
||||||
*/
|
*/
|
||||||
namespace OCA\DAV\SystemTag;
|
namespace OCA\DAV\SystemTag;
|
||||||
|
|
||||||
|
use OCP\IGroupManager;
|
||||||
|
use OCP\IUserSession;
|
||||||
use Sabre\DAV\Exception\NotFound;
|
use Sabre\DAV\Exception\NotFound;
|
||||||
use Sabre\DAV\PropFind;
|
use Sabre\DAV\PropFind;
|
||||||
use Sabre\DAV\PropPatch;
|
use Sabre\DAV\PropPatch;
|
||||||
|
@ -61,12 +63,26 @@ class SystemTagPlugin extends \Sabre\DAV\ServerPlugin {
|
||||||
protected $tagManager;
|
protected $tagManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* System tags plugin
|
* @var IUserSession
|
||||||
*
|
|
||||||
* @param ISystemTagManager $tagManager tag manager
|
|
||||||
*/
|
*/
|
||||||
public function __construct(ISystemTagManager $tagManager) {
|
protected $userSession;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var IGroupManager
|
||||||
|
*/
|
||||||
|
protected $groupManager;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param ISystemTagManager $tagManager tag manager
|
||||||
|
* @param IGroupManager $groupManager
|
||||||
|
* @param IUserSession $userSession
|
||||||
|
*/
|
||||||
|
public function __construct(ISystemTagManager $tagManager,
|
||||||
|
IGroupManager $groupManager,
|
||||||
|
IUserSession $userSession) {
|
||||||
$this->tagManager = $tagManager;
|
$this->tagManager = $tagManager;
|
||||||
|
$this->userSession = $userSession;
|
||||||
|
$this->groupManager = $groupManager;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -163,6 +179,13 @@ class SystemTagPlugin extends \Sabre\DAV\ServerPlugin {
|
||||||
if (isset($data['userAssignable'])) {
|
if (isset($data['userAssignable'])) {
|
||||||
$userAssignable = (bool)$data['userAssignable'];
|
$userAssignable = (bool)$data['userAssignable'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if($userVisible === false || $userAssignable === false) {
|
||||||
|
if(!$this->userSession->isLoggedIn() || !$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {
|
||||||
|
throw new BadRequest('Not sufficient permissions');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return $this->tagManager->createTag($tagName, $userVisible, $userAssignable);
|
return $this->tagManager->createTag($tagName, $userVisible, $userAssignable);
|
||||||
} catch (TagAlreadyExistsException $e) {
|
} catch (TagAlreadyExistsException $e) {
|
||||||
|
|
|
@ -22,6 +22,8 @@
|
||||||
namespace OCA\DAV\Tests\Unit\SystemTag;
|
namespace OCA\DAV\Tests\Unit\SystemTag;
|
||||||
|
|
||||||
use OC\SystemTag\SystemTag;
|
use OC\SystemTag\SystemTag;
|
||||||
|
use OCP\IGroupManager;
|
||||||
|
use OCP\IUserSession;
|
||||||
use OCP\SystemTag\TagAlreadyExistsException;
|
use OCP\SystemTag\TagAlreadyExistsException;
|
||||||
|
|
||||||
class SystemTagPlugin extends \Test\TestCase {
|
class SystemTagPlugin extends \Test\TestCase {
|
||||||
|
@ -46,6 +48,16 @@ class SystemTagPlugin extends \Test\TestCase {
|
||||||
*/
|
*/
|
||||||
private $tagManager;
|
private $tagManager;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var IGroupManager
|
||||||
|
*/
|
||||||
|
private $groupManager;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var IUserSession
|
||||||
|
*/
|
||||||
|
private $userSession;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var \OCA\DAV\SystemTag\SystemTagPlugin
|
* @var \OCA\DAV\SystemTag\SystemTagPlugin
|
||||||
*/
|
*/
|
||||||
|
@ -60,8 +72,14 @@ class SystemTagPlugin extends \Test\TestCase {
|
||||||
$this->server = new \Sabre\DAV\Server($this->tree);
|
$this->server = new \Sabre\DAV\Server($this->tree);
|
||||||
|
|
||||||
$this->tagManager = $this->getMock('\OCP\SystemTag\ISystemTagManager');
|
$this->tagManager = $this->getMock('\OCP\SystemTag\ISystemTagManager');
|
||||||
|
$this->groupManager = $this->getMock('\OCP\IGroupManager');
|
||||||
|
$this->userSession = $this->getMock('\OCP\IUserSession');
|
||||||
|
|
||||||
$this->plugin = new \OCA\DAV\SystemTag\SystemTagPlugin($this->tagManager);
|
$this->plugin = new \OCA\DAV\SystemTag\SystemTagPlugin(
|
||||||
|
$this->tagManager,
|
||||||
|
$this->groupManager,
|
||||||
|
$this->userSession
|
||||||
|
);
|
||||||
$this->plugin->initialize($this->server);
|
$this->plugin->initialize($this->server);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -153,7 +171,204 @@ class SystemTagPlugin extends \Test\TestCase {
|
||||||
$this->assertEquals(200, $result[self::USERVISIBLE_PROPERTYNAME]);
|
$this->assertEquals(200, $result[self::USERVISIBLE_PROPERTYNAME]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \Sabre\DAV\Exception\BadRequest
|
||||||
|
* @expectedExceptionMessage Not sufficient permissions
|
||||||
|
*/
|
||||||
|
public function testCreateNotAssignableTagAsRegularUser() {
|
||||||
|
$user = $this->getMock('\OCP\IUser');
|
||||||
|
$user->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('admin');
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isLoggedIn')
|
||||||
|
->willReturn(true);
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getUser')
|
||||||
|
->willReturn($user);
|
||||||
|
$this->groupManager
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isAdmin')
|
||||||
|
->with('admin')
|
||||||
|
->willReturn(false);
|
||||||
|
|
||||||
|
$requestData = json_encode([
|
||||||
|
'name' => 'Test',
|
||||||
|
'userVisible' => true,
|
||||||
|
'userAssignable' => false,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$node = $this->getMockBuilder('\OCA\DAV\SystemTag\SystemTagsByIdCollection')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->tagManager->expects($this->never())
|
||||||
|
->method('createTag');
|
||||||
|
|
||||||
|
$this->tree->expects($this->any())
|
||||||
|
->method('getNodeForPath')
|
||||||
|
->with('/systemtags')
|
||||||
|
->will($this->returnValue($node));
|
||||||
|
|
||||||
|
$request = $this->getMockBuilder('Sabre\HTTP\RequestInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getPath')
|
||||||
|
->will($this->returnValue('/systemtags'));
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getBodyAsString')
|
||||||
|
->will($this->returnValue($requestData));
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getHeader')
|
||||||
|
->with('Content-Type')
|
||||||
|
->will($this->returnValue('application/json'));
|
||||||
|
|
||||||
|
$this->plugin->httpPost($request, $response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \Sabre\DAV\Exception\BadRequest
|
||||||
|
* @expectedExceptionMessage Not sufficient permissions
|
||||||
|
*/
|
||||||
|
public function testCreateInvisibleTagAsRegularUser() {
|
||||||
|
$user = $this->getMock('\OCP\IUser');
|
||||||
|
$user->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('admin');
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isLoggedIn')
|
||||||
|
->willReturn(true);
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getUser')
|
||||||
|
->willReturn($user);
|
||||||
|
$this->groupManager
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isAdmin')
|
||||||
|
->with('admin')
|
||||||
|
->willReturn(false);
|
||||||
|
|
||||||
|
$requestData = json_encode([
|
||||||
|
'name' => 'Test',
|
||||||
|
'userVisible' => false,
|
||||||
|
'userAssignable' => true,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$node = $this->getMockBuilder('\OCA\DAV\SystemTag\SystemTagsByIdCollection')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->tagManager->expects($this->never())
|
||||||
|
->method('createTag');
|
||||||
|
|
||||||
|
$this->tree->expects($this->any())
|
||||||
|
->method('getNodeForPath')
|
||||||
|
->with('/systemtags')
|
||||||
|
->will($this->returnValue($node));
|
||||||
|
|
||||||
|
$request = $this->getMockBuilder('Sabre\HTTP\RequestInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getPath')
|
||||||
|
->will($this->returnValue('/systemtags'));
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getBodyAsString')
|
||||||
|
->will($this->returnValue($requestData));
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getHeader')
|
||||||
|
->with('Content-Type')
|
||||||
|
->will($this->returnValue('application/json'));
|
||||||
|
|
||||||
|
$this->plugin->httpPost($request, $response);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testCreateTagInByIdCollectionAsRegularUser() {
|
||||||
|
$systemTag = new SystemTag(1, 'Test', true, false);
|
||||||
|
|
||||||
|
$requestData = json_encode([
|
||||||
|
'name' => 'Test',
|
||||||
|
'userVisible' => true,
|
||||||
|
'userAssignable' => true,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$node = $this->getMockBuilder('\OCA\DAV\SystemTag\SystemTagsByIdCollection')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$this->tagManager->expects($this->once())
|
||||||
|
->method('createTag')
|
||||||
|
->with('Test', true, true)
|
||||||
|
->will($this->returnValue($systemTag));
|
||||||
|
|
||||||
|
$this->tree->expects($this->any())
|
||||||
|
->method('getNodeForPath')
|
||||||
|
->with('/systemtags')
|
||||||
|
->will($this->returnValue($node));
|
||||||
|
|
||||||
|
$request = $this->getMockBuilder('Sabre\HTTP\RequestInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
$response = $this->getMockBuilder('Sabre\HTTP\ResponseInterface')
|
||||||
|
->disableOriginalConstructor()
|
||||||
|
->getMock();
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getPath')
|
||||||
|
->will($this->returnValue('/systemtags'));
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getBodyAsString')
|
||||||
|
->will($this->returnValue($requestData));
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getHeader')
|
||||||
|
->with('Content-Type')
|
||||||
|
->will($this->returnValue('application/json'));
|
||||||
|
|
||||||
|
$request->expects($this->once())
|
||||||
|
->method('getUrl')
|
||||||
|
->will($this->returnValue('http://example.com/dav/systemtags'));
|
||||||
|
|
||||||
|
$response->expects($this->once())
|
||||||
|
->method('setHeader')
|
||||||
|
->with('Content-Location', 'http://example.com/dav/systemtags/1');
|
||||||
|
|
||||||
|
$this->plugin->httpPost($request, $response);
|
||||||
|
}
|
||||||
|
|
||||||
public function testCreateTagInByIdCollection() {
|
public function testCreateTagInByIdCollection() {
|
||||||
|
$user = $this->getMock('\OCP\IUser');
|
||||||
|
$user->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('admin');
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isLoggedIn')
|
||||||
|
->willReturn(true);
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getUser')
|
||||||
|
->willReturn($user);
|
||||||
|
$this->groupManager
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isAdmin')
|
||||||
|
->with('admin')
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
$systemTag = new SystemTag(1, 'Test', true, false);
|
$systemTag = new SystemTag(1, 'Test', true, false);
|
||||||
|
|
||||||
$requestData = json_encode([
|
$requestData = json_encode([
|
||||||
|
@ -214,6 +429,24 @@ class SystemTagPlugin extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testCreateTagInMappingCollection() {
|
public function testCreateTagInMappingCollection() {
|
||||||
|
$user = $this->getMock('\OCP\IUser');
|
||||||
|
$user->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('admin');
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isLoggedIn')
|
||||||
|
->willReturn(true);
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getUser')
|
||||||
|
->willReturn($user);
|
||||||
|
$this->groupManager
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isAdmin')
|
||||||
|
->with('admin')
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
$systemTag = new SystemTag(1, 'Test', true, false);
|
$systemTag = new SystemTag(1, 'Test', true, false);
|
||||||
|
|
||||||
$requestData = json_encode([
|
$requestData = json_encode([
|
||||||
|
@ -307,9 +540,27 @@ class SystemTagPlugin extends \Test\TestCase {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider nodeClassProvider
|
* @dataProvider nodeClassProvider
|
||||||
* @expectedException Sabre\DAV\Exception\Conflict
|
* @expectedException \Sabre\DAV\Exception\Conflict
|
||||||
*/
|
*/
|
||||||
public function testCreateTagConflict($nodeClass) {
|
public function testCreateTagConflict($nodeClass) {
|
||||||
|
$user = $this->getMock('\OCP\IUser');
|
||||||
|
$user->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('admin');
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isLoggedIn')
|
||||||
|
->willReturn(true);
|
||||||
|
$this->userSession
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getUser')
|
||||||
|
->willReturn($user);
|
||||||
|
$this->groupManager
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isAdmin')
|
||||||
|
->with('admin')
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
$requestData = json_encode([
|
$requestData = json_encode([
|
||||||
'name' => 'Test',
|
'name' => 'Test',
|
||||||
'userVisible' => true,
|
'userVisible' => true,
|
||||||
|
|
Loading…
Reference in New Issue