Merge pull request #23918 from owncloud/cruds-for-federated-shares
bring back CRUDS permissions for federated shares
This commit is contained in:
Björn Schießle
commit
606b756a94
|
|
@ -246,6 +246,8 @@ class FilesPlugin extends ServerPlugin {
|
|||
*/
|
||||
public function handleGetProperties(PropFind $propFind, \Sabre\DAV\INode $node) {
|
||||
|
||||
$httpRequest = $this->server->httpRequest;
|
||||
|
||||
if ($node instanceof \OCA\DAV\Connector\Sabre\Node) {
|
||||
|
||||
$propFind->handle(self::FILEID_PROPERTYNAME, function() use ($node) {
|
||||
|
|
@ -265,8 +267,10 @@ class FilesPlugin extends ServerPlugin {
|
|||
return $perms;
|
||||
});
|
||||
|
||||
$propFind->handle(self::SHARE_PERMISSIONS_PROPERTYNAME, function() use ($node) {
|
||||
return $node->getSharePermissions();
|
||||
$propFind->handle(self::SHARE_PERMISSIONS_PROPERTYNAME, function() use ($node, $httpRequest) {
|
||||
return $node->getSharePermissions(
|
||||
$httpRequest->getRawServerValue('PHP_AUTH_USER')
|
||||
);
|
||||
});
|
||||
|
||||
$propFind->handle(self::GETETAG_PROPERTYNAME, function() use ($node) {
|
||||
|
|
|
|||
|
|
@ -32,6 +32,8 @@ namespace OCA\DAV\Connector\Sabre;
|
|||
|
||||
use OC\Files\Mount\MoveableMount;
|
||||
use OCA\DAV\Connector\Sabre\Exception\InvalidPath;
|
||||
use OCP\Share\Exceptions\ShareNotFound;
|
||||
use OCP\Share\IManager;
|
||||
|
||||
|
||||
abstract class Node implements \Sabre\DAV\INode {
|
||||
|
|
@ -60,16 +62,27 @@ abstract class Node implements \Sabre\DAV\INode {
|
|||
*/
|
||||
protected $info;
|
||||
|
||||
/**
|
||||
* @var IManager
|
||||
*/
|
||||
protected $shareManager;
|
||||
|
||||
/**
|
||||
* Sets up the node, expects a full path name
|
||||
*
|
||||
* @param \OC\Files\View $view
|
||||
* @param \OCP\Files\FileInfo $info
|
||||
* @param IManager $shareManager
|
||||
*/
|
||||
public function __construct($view, $info) {
|
||||
public function __construct($view, $info, IManager $shareManager = null) {
|
||||
$this->fileView = $view;
|
||||
$this->path = $this->fileView->getRelativePath($info->getPath());
|
||||
$this->info = $info;
|
||||
if ($shareManager) {
|
||||
$this->shareManager = $shareManager;
|
||||
} else {
|
||||
$this->shareManager = \OC::$server->getShareManager();
|
||||
}
|
||||
}
|
||||
|
||||
protected function refreshInfo() {
|
||||
|
|
@ -215,9 +228,21 @@ abstract class Node implements \Sabre\DAV\INode {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param string $user
|
||||
* @return int
|
||||
*/
|
||||
public function getSharePermissions() {
|
||||
public function getSharePermissions($user) {
|
||||
|
||||
// check of we access a federated share
|
||||
if ($user !== null) {
|
||||
try {
|
||||
$share = $this->shareManager->getShareByToken($user);
|
||||
return $share->getPermissions();
|
||||
} catch (ShareNotFound $e) {
|
||||
// ignore
|
||||
}
|
||||
}
|
||||
|
||||
$storage = $this->info->getStorage();
|
||||
|
||||
$path = $this->info->getInternalPath();
|
||||
|
|
|
|||
|
|
@ -23,6 +23,12 @@
|
|||
|
||||
namespace OCA\DAV\Tests\Unit\Connector\Sabre;
|
||||
|
||||
/**
|
||||
* Class Node
|
||||
*
|
||||
* @group DB
|
||||
* @package OCA\DAV\Tests\Unit\Connector\Sabre
|
||||
*/
|
||||
class Node extends \Test\TestCase {
|
||||
public function davPermissionsProvider() {
|
||||
return array(
|
||||
|
|
@ -66,52 +72,64 @@ class Node extends \Test\TestCase {
|
|||
|
||||
public function sharePermissionsProvider() {
|
||||
return [
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 1, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 3, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 5, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 7, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 9, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 11, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 13, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 15, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 17, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 19, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 21, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 23, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 25, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 27, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 29, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 30, 18],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, 31, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 1, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 3, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 5, 5],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 7, 7],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 9, 9],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 11, 11],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 13, 13],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 15, 15],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 17, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 19, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 21, 21],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 23, 23],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 25, 25],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 27, 27],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 29, 29],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 30, 30],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 31, 31],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 1, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 3, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 5, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 7, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 9, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 11, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 13, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 15, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 17, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 19, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 21, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 23, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 25, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 27, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 29, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 30, 18],
|
||||
[\OCP\Files\FileInfo::TYPE_FILE, null, 31, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 1, 1],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 3, 3],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 5, 5],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 7, 7],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 9, 9],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 11, 11],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 13, 13],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 15, 15],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 17, 17],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 19, 19],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 21, 21],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 23, 23],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 25, 25],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 27, 27],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 29, 29],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 30, 30],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, null, 31, 31],
|
||||
[\OCP\Files\FileInfo::TYPE_FOLDER, 'shareToken', 7, 7],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider sharePermissionsProvider
|
||||
*/
|
||||
public function testSharePermissions($type, $permissions, $expected) {
|
||||
public function testSharePermissions($type, $user, $permissions, $expected) {
|
||||
$storage = $this->getMock('\OCP\Files\Storage');
|
||||
$storage->method('getPermissions')->willReturn($permissions);
|
||||
|
||||
$mountpoint = $this->getMock('\OCP\Files\Mount\IMountPoint');
|
||||
$mountpoint->method('getMountPoint')->willReturn('myPath');
|
||||
$shareManager = $this->getMockBuilder('OCP\Share\IManager')->disableOriginalConstructor()->getMock();
|
||||
$share = $this->getMockBuilder('OCP\Share\IShare')->disableOriginalConstructor()->getMock();
|
||||
|
||||
if ($user === null) {
|
||||
$shareManager->expects($this->never())->method('getShareByToken');
|
||||
$share->expects($this->never())->method('getPermissions');
|
||||
} else {
|
||||
$shareManager->expects($this->once())->method('getShareByToken')->with($user)
|
||||
->willReturn($share);
|
||||
$share->expects($this->once())->method('getPermissions')->willReturn($permissions);
|
||||
}
|
||||
|
||||
$info = $this->getMockBuilder('\OC\Files\FileInfo')
|
||||
->disableOriginalConstructor()
|
||||
|
|
@ -125,6 +143,7 @@ class Node extends \Test\TestCase {
|
|||
$view = $this->getMock('\OC\Files\View');
|
||||
|
||||
$node = new \OCA\DAV\Connector\Sabre\File($view, $info);
|
||||
$this->assertEquals($expected, $node->getSharePermissions());
|
||||
$this->invokePrivate($node, 'shareManager', [$shareManager]);
|
||||
$this->assertEquals($expected, $node->getSharePermissions($user));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,20 +62,25 @@ if (!$isWritable) {
|
|||
$rootInfo = \OC\Files\Filesystem::getFileInfo($path);
|
||||
$rootView = new \OC\Files\View('');
|
||||
|
||||
$shareManager = \OC::$server->getShareManager();
|
||||
$share = $shareManager->getShareByToken($token);
|
||||
$sharePermissions= (int)$share->getPermissions();
|
||||
|
||||
/**
|
||||
* @param \OCP\Files\FileInfo $dir
|
||||
* @param \OC\Files\View $view
|
||||
* @return array
|
||||
*/
|
||||
function getChildInfo($dir, $view) {
|
||||
function getChildInfo($dir, $view, $sharePermissions) {
|
||||
$children = $view->getDirectoryContent($dir->getPath());
|
||||
$result = array();
|
||||
foreach ($children as $child) {
|
||||
$formatted = \OCA\Files\Helper::formatFileInfo($child);
|
||||
if ($child->getType() === 'dir') {
|
||||
$formatted['children'] = getChildInfo($child, $view);
|
||||
$formatted['children'] = getChildInfo($child, $view, $sharePermissions);
|
||||
}
|
||||
$formatted['mtime'] = $formatted['mtime'] / 1000;
|
||||
$formatted['permissions'] = $sharePermissions & (int)$formatted['permissions'];
|
||||
$result[] = $formatted;
|
||||
}
|
||||
return $result;
|
||||
|
|
@ -83,8 +88,11 @@ function getChildInfo($dir, $view) {
|
|||
|
||||
$result = \OCA\Files\Helper::formatFileInfo($rootInfo);
|
||||
$result['mtime'] = $result['mtime'] / 1000;
|
||||
$result['permissions'] = (int)$result['permissions'] & $sharePermissions;
|
||||
|
||||
|
||||
if ($rootInfo->getType() === 'dir') {
|
||||
$result['children'] = getChildInfo($rootInfo, $rootView);
|
||||
$result['children'] = getChildInfo($rootInfo, $rootView, $sharePermissions);
|
||||
}
|
||||
|
||||
OCP\JSON::success(array('data' => $result));
|
||||
|
|
|
|||
|
|
@ -319,5 +319,21 @@ class Storage extends DAV implements ISharedStorage {
|
|||
}
|
||||
return ($this->getPermissions($path) & \OCP\Constants::PERMISSION_SHARE);
|
||||
}
|
||||
|
||||
public function getPermissions($path) {
|
||||
$response = $this->propfind($path);
|
||||
if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) {
|
||||
$permissions = $response['{http://open-collaboration-services.org/ns}share-permissions'];
|
||||
} else {
|
||||
// use default permission if remote server doesn't provide the share permissions
|
||||
if ($this->is_dir($path)) {
|
||||
$permissions = \OCP\Constants::PERMISSION_ALL;
|
||||
} else {
|
||||
$permissions = \OCP\Constants::PERMISSION_ALL & ~\OCP\Constants::PERMISSION_CREATE;
|
||||
}
|
||||
}
|
||||
|
||||
return $permissions;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,28 +22,25 @@
|
|||
'<div class="avatar {{#if modSeed}}imageplaceholderseed{{/if}}" data-username="{{shareWith}}" {{#if modSeed}}data-seed="{{shareWith}} {{shareType}}"{{/if}}></div>' +
|
||||
'{{/if}}' +
|
||||
'<span class="has-tooltip username" title="{{shareWith}}">{{shareWithDisplayName}}</span>' +
|
||||
'{{#if mailNotificationEnabled}} {{#unless isRemoteShare}}' +
|
||||
'{{#if mailNotificationEnabled}} {{#unless isRemoteShare}}' +
|
||||
'<span class="shareOption">' +
|
||||
'<input id="mail-{{cid}}-{{shareWith}}" type="checkbox" name="mailNotification" class="mailNotification checkbox" {{#if wasMailSent}}checked="checked"{{/if}} />' +
|
||||
'<label for="mail-{{cid}}-{{shareWith}}">{{notifyByMailLabel}}</label>' +
|
||||
'</span>' +
|
||||
'{{/unless}} {{/if}}' +
|
||||
'{{#if isResharingAllowed}} {{#if sharePermissionPossible}} {{#unless isRemoteShare}}' +
|
||||
'{{#if isResharingAllowed}} {{#if sharePermissionPossible}}' +
|
||||
'<span class="shareOption">' +
|
||||
'<input id="canShare-{{cid}}-{{shareWith}}" type="checkbox" name="share" class="permissions checkbox" {{#if hasSharePermission}}checked="checked"{{/if}} data-permissions="{{sharePermission}}" />' +
|
||||
'<label for="canShare-{{cid}}-{{shareWith}}">{{canShareLabel}}</label>' +
|
||||
'</span>' +
|
||||
'{{/unless}} {{/if}} {{/if}}' +
|
||||
'{{/if}} {{/if}}' +
|
||||
'{{#if editPermissionPossible}}' +
|
||||
'<span class="shareOption">' +
|
||||
'<input id="canEdit-{{cid}}-{{shareWith}}" type="checkbox" name="edit" class="permissions checkbox" {{#if hasEditPermission}}checked="checked"{{/if}} />' +
|
||||
'<label for="canEdit-{{cid}}-{{shareWith}}">{{canEditLabel}}</label>' +
|
||||
'{{#unless isRemoteShare}}' +
|
||||
'<a href="#" class="showCruds"><img class="svg" alt="{{crudsLabel}}" src="{{triangleSImage}}"/></a>' +
|
||||
'{{/unless}}' +
|
||||
'</span>' +
|
||||
'{{/if}}' +
|
||||
'{{#unless isRemoteShare}}' +
|
||||
'<div class="cruds hidden">' +
|
||||
'{{#if createPermissionPossible}}' +
|
||||
'<span class="shareOption">' +
|
||||
|
|
@ -57,14 +54,13 @@
|
|||
'<label for="canUpdate-{{cid}}-{{shareWith}}">{{updatePermissionLabel}}</label>' +
|
||||
'</span>' +
|
||||
'{{/if}}' +
|
||||
'{{#if deletePermissionPossible}} {{#unless isRemoteShare}}' +
|
||||
'{{#if deletePermissionPossible}}' +
|
||||
'<span class="shareOption">' +
|
||||
'<input id="canDelete-{{cid}}-{{shareWith}}" type="checkbox" name="delete" class="permissions checkbox" {{#if hasDeletePermission}}checked="checked"{{/if}} data-permissions="{{deletePermission}}"/>' +
|
||||
'<label for="canDelete-{{cid}}-{{shareWith}}">{{deletePermissionLabel}}</label>' +
|
||||
'</span>' +
|
||||
'{{/unless}} {{/if}}' +
|
||||
'{{/if}}' +
|
||||
'</div>' +
|
||||
'{{/unless}}' +
|
||||
'</li>' +
|
||||
'{{/each}}' +
|
||||
'</ul>'
|
||||
|
|
@ -125,10 +121,6 @@
|
|||
shareWithDisplayName = shareWithDisplayName + " (" + t('core', 'group') + ')';
|
||||
} else if (shareType === OC.Share.SHARE_TYPE_REMOTE) {
|
||||
shareWithDisplayName = shareWithDisplayName + " (" + t('core', 'remote') + ')';
|
||||
hasPermissionOverride = {
|
||||
createPermissionPossible: true,
|
||||
updatePermissionPossible: true
|
||||
};
|
||||
}
|
||||
|
||||
return _.extend(hasPermissionOverride, {
|
||||
|
|
|
|||
|
|
@ -154,21 +154,17 @@
|
|||
// Default permissions are Edit (CRUD) and Share
|
||||
// Check if these permissions are possible
|
||||
var permissions = OC.PERMISSION_READ;
|
||||
if (shareType === OC.Share.SHARE_TYPE_REMOTE) {
|
||||
permissions = OC.PERMISSION_CREATE | OC.PERMISSION_UPDATE | OC.PERMISSION_READ;
|
||||
} else {
|
||||
if (this.updatePermissionPossible()) {
|
||||
permissions = permissions | OC.PERMISSION_UPDATE;
|
||||
}
|
||||
if (this.createPermissionPossible()) {
|
||||
permissions = permissions | OC.PERMISSION_CREATE;
|
||||
}
|
||||
if (this.deletePermissionPossible()) {
|
||||
permissions = permissions | OC.PERMISSION_DELETE;
|
||||
}
|
||||
if (this.configModel.get('isResharingAllowed') && (this.sharePermissionPossible())) {
|
||||
permissions = permissions | OC.PERMISSION_SHARE;
|
||||
}
|
||||
if (this.updatePermissionPossible()) {
|
||||
permissions = permissions | OC.PERMISSION_UPDATE;
|
||||
}
|
||||
if (this.createPermissionPossible()) {
|
||||
permissions = permissions | OC.PERMISSION_CREATE;
|
||||
}
|
||||
if (this.deletePermissionPossible()) {
|
||||
permissions = permissions | OC.PERMISSION_DELETE;
|
||||
}
|
||||
if (this.configModel.get('isResharingAllowed') && (this.sharePermissionPossible())) {
|
||||
permissions = permissions | OC.PERMISSION_SHARE;
|
||||
}
|
||||
|
||||
attributes.permissions = permissions;
|
||||
|
|
@ -411,12 +407,6 @@
|
|||
if(!_.isObject(share)) {
|
||||
throw "Unknown Share";
|
||||
}
|
||||
if( share.share_type === OC.Share.SHARE_TYPE_REMOTE
|
||||
&& ( permission === OC.PERMISSION_SHARE
|
||||
|| permission === OC.PERMISSION_DELETE))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return (share.permissions & permission) === permission;
|
||||
},
|
||||
|
||||
|
|
|
|||
|
|
@ -246,7 +246,7 @@ class DAV extends Common {
|
|||
*
|
||||
* @throws NotFound
|
||||
*/
|
||||
private function propfind($path) {
|
||||
protected function propfind($path) {
|
||||
$path = $this->cleanPath($path);
|
||||
$cachedResponse = $this->statCache->get($path);
|
||||
if ($cachedResponse === false) {
|
||||
|
|
@ -264,6 +264,7 @@ class DAV extends Common {
|
|||
'{DAV:}getcontentlength',
|
||||
'{DAV:}getcontenttype',
|
||||
'{http://owncloud.org/ns}permissions',
|
||||
'{http://open-collaboration-services.org/ns}share-permissions',
|
||||
'{DAV:}resourcetype',
|
||||
'{DAV:}getetag',
|
||||
)
|
||||
|
|
@ -741,6 +742,9 @@ class DAV extends Common {
|
|||
}
|
||||
if (!empty($etag) && $cachedData['etag'] !== $etag) {
|
||||
return true;
|
||||
} else if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) {
|
||||
$sharePermissions = (int)$response['{http://open-collaboration-services.org/ns}share-permissions'];
|
||||
return $sharePermissions !== $cachedData['permissions'];
|
||||
} else if (isset($response['{http://owncloud.org/ns}permissions'])) {
|
||||
$permissions = $this->parsePermissions($response['{http://owncloud.org/ns}permissions']);
|
||||
return $permissions !== $cachedData['permissions'];
|
||||
|
|
|
|||
Loading…
Reference in New Issue