Merge pull request #22660 from owncloud/fix_22656

Do not allow sharing of the users root folder
2016-02-26 10:49:12 +01:00 · 2016-02-26 10:49:12 +01:00 · 62d7885c3b
parent e9237dd83c 8213d5df4f
commit 62d7885c3b
3 changed files with 42 additions and 0 deletions
--- a/build/integration/features/sharing-v1.feature
+++ b/build/integration/features/sharing-v1.feature
@ -506,3 +506,11 @@ Feature: sharing
    And file "myfile.txt" of user "user0" is shared with user "user1"
    When User "user1" uploads file "data/textfile.txt" to "/myfile.txt"
    Then the HTTP status code should be "204"
+
+  Scenario: Don't allow sharing of the root
+    Given user "user0" exists
+    And As an "user0"
+    When creating a share with
+      | path | / |
+      | shareType | 3 |
+    Then the OCS status code should be "403"
--- a/lib/private/share20/manager.php
+++ b/lib/private/share20/manager.php
@ -197,6 +197,11 @@ class Manager implements IManager {
 			throw new \InvalidArgumentException('Path should be either a file or a folder');
 		}

+		// And you can't share your rootfolder
+		if ($this->rootFolder->getUserFolder($share->getSharedBy())->isSubNode($share->getNode()) === false) {
+			throw new \InvalidArgumentException('You can\'t share your root folder');
+		}
+
 		// Check if we actually have share permissions
 		if (!$share->getNode()->isShareable()) {
 			$message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]);
--- a/tests/lib/share20/managertest.php
+++ b/tests/lib/share20/managertest.php
@ -677,6 +677,9 @@ class ManagerTest extends \Test\TestCase {
 			['group0', true],
 		]));

+		$userFolder = $this->getMock('\OCP\Files\Folder');
+		$this->rootFolder->method('getUserFolder')->willReturn($userFolder);
+
 		try {
 			$this->invokePrivate($this->manager, 'generalCreateChecks', [$share]);
 			$thrown = false;
@ -691,6 +694,32 @@ class ManagerTest extends \Test\TestCase {
 		$this->assertSame($exception, $thrown);
 	}

+	/**
+	 * @expectedException \InvalidArgumentException
+	 * @expectedExceptionMessage You can't share your root folder
+	 */
+	public function testGeneralCheckShareRoot() {
+		$thrown = null;
+
+		$this->userManager->method('userExists')->will($this->returnValueMap([
+			['user0', true],
+			['user1', true],
+		]));
+
+		$userFolder = $this->getMock('\OCP\Files\Folder');
+		$userFolder->method('isSubNode')->with($userFolder)->willReturn(false);
+		$this->rootFolder->method('getUserFolder')->willReturn($userFolder);
+
+		$share = $this->manager->newShare();
+
+		$share->setShareType(\OCP\Share::SHARE_TYPE_USER)
+			->setSharedWith('user0')
+			->setSharedBy('user1')
+			->setNode($userFolder);
+
+		$this->invokePrivate($this->manager, 'generalCreateChecks', [$share]);
+	}
+
 	/**
 	 * @expectedException \OCP\Share\Exceptions\GenericShareException
 	 * @expectedExceptionMessage Expiration date is in the past