From 8213d5df4f40410f851da31082bbb1fb8d84dd1e Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Thu, 25 Feb 2016 20:22:35 +0100 Subject: [PATCH] Do not allow sharing of the root folder Sharing of the users root folder should not be allowed as it is very weird UX. Also many of our clients have no proper way of displaying this. Added unit test Also added intergration tests to make sure we won't allow it in the future. --- build/integration/features/sharing-v1.feature | 8 +++++ lib/private/share20/manager.php | 5 ++++ tests/lib/share20/managertest.php | 29 +++++++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/build/integration/features/sharing-v1.feature b/build/integration/features/sharing-v1.feature index e16de8b6b1..462915cf5b 100644 --- a/build/integration/features/sharing-v1.feature +++ b/build/integration/features/sharing-v1.feature @@ -506,3 +506,11 @@ Feature: sharing And file "myfile.txt" of user "user0" is shared with user "user1" When User "user1" uploads file "data/textfile.txt" to "/myfile.txt" Then the HTTP status code should be "204" + + Scenario: Don't allow sharing of the root + Given user "user0" exists + And As an "user0" + When creating a share with + | path | / | + | shareType | 3 | + Then the OCS status code should be "403" \ No newline at end of file diff --git a/lib/private/share20/manager.php b/lib/private/share20/manager.php index 9b33e94755..9fe3375747 100644 --- a/lib/private/share20/manager.php +++ b/lib/private/share20/manager.php @@ -197,6 +197,11 @@ class Manager implements IManager { throw new \InvalidArgumentException('Path should be either a file or a folder'); } + // And you can't share your rootfolder + if ($this->rootFolder->getUserFolder($share->getSharedBy())->isSubNode($share->getNode()) === false) { + throw new \InvalidArgumentException('You can\'t share your root folder'); + } + // Check if we actually have share permissions if (!$share->getNode()->isShareable()) { $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]); diff --git a/tests/lib/share20/managertest.php b/tests/lib/share20/managertest.php index c41f075439..df688f782c 100644 --- a/tests/lib/share20/managertest.php +++ b/tests/lib/share20/managertest.php @@ -677,6 +677,9 @@ class ManagerTest extends \Test\TestCase { ['group0', true], ])); + $userFolder = $this->getMock('\OCP\Files\Folder'); + $this->rootFolder->method('getUserFolder')->willReturn($userFolder); + try { $this->invokePrivate($this->manager, 'generalCreateChecks', [$share]); $thrown = false; @@ -691,6 +694,32 @@ class ManagerTest extends \Test\TestCase { $this->assertSame($exception, $thrown); } + /** + * @expectedException \InvalidArgumentException + * @expectedExceptionMessage You can't share your root folder + */ + public function testGeneralCheckShareRoot() { + $thrown = null; + + $this->userManager->method('userExists')->will($this->returnValueMap([ + ['user0', true], + ['user1', true], + ])); + + $userFolder = $this->getMock('\OCP\Files\Folder'); + $userFolder->method('isSubNode')->with($userFolder)->willReturn(false); + $this->rootFolder->method('getUserFolder')->willReturn($userFolder); + + $share = $this->manager->newShare(); + + $share->setShareType(\OCP\Share::SHARE_TYPE_USER) + ->setSharedWith('user0') + ->setSharedBy('user1') + ->setNode($userFolder); + + $this->invokePrivate($this->manager, 'generalCreateChecks', [$share]); + } + /** * @expectedException \OCP\Share\Exceptions\GenericShareException * @expectedExceptionMessage Expiration date is in the past