mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #22660 from owncloud/fix_22656 

Do not allow sharing of the users root folder
This commit is contained in:
Thomas Müller 2016-02-26 10:49:12 +01:00
parent e9237dd83c 8213d5df4f
commit 62d7885c3b
3 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
build/integration/features/sharing-v1.feature
View File

@ -506,3 +506,11 @@ Feature: sharing
And file "myfile.txt" of user "user0" is shared with user "user1" And file "myfile.txt" of user "user0" is shared with user "user1"
When User "user1" uploads file "data/textfile.txt" to "/myfile.txt" When User "user1" uploads file "data/textfile.txt" to "/myfile.txt"
Then the HTTP status code should be "204" Then the HTTP status code should be "204"
Scenario: Don't allow sharing of the root
Given user "user0" exists
And As an "user0"
When creating a share with
| path | / |
| shareType | 3 |
Then the OCS status code should be "403"

5
lib/private/share20/manager.php
View File

@ -197,6 +197,11 @@ class Manager implements IManager {
throw new \InvalidArgumentException('Path should be either a file or a folder'); throw new \InvalidArgumentException('Path should be either a file or a folder');
} }
// And you can't share your rootfolder
if ($this->rootFolder->getUserFolder($share->getSharedBy())->isSubNode($share->getNode()) === false) {
throw new \InvalidArgumentException('You can\'t share your root folder');
}
// Check if we actually have share permissions // Check if we actually have share permissions
if (!$share->getNode()->isShareable()) { if (!$share->getNode()->isShareable()) {
$message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]); $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]);

29
tests/lib/share20/managertest.php
View File

@ -677,6 +677,9 @@ class ManagerTest extends \Test\TestCase {
['group0', true], ['group0', true],
])); ]));
$userFolder = $this->getMock('\OCP\Files\Folder');
$this->rootFolder->method('getUserFolder')->willReturn($userFolder);
try { try {
$this->invokePrivate($this->manager, 'generalCreateChecks', [$share]); $this->invokePrivate($this->manager, 'generalCreateChecks', [$share]);
$thrown = false; $thrown = false;
@ -691,6 +694,32 @@ class ManagerTest extends \Test\TestCase {
$this->assertSame($exception, $thrown); $this->assertSame($exception, $thrown);
} }
/**
* @expectedException \InvalidArgumentException
* @expectedExceptionMessage You can't share your root folder
*/
public function testGeneralCheckShareRoot() {
$thrown = null;
$this->userManager->method('userExists')->will($this->returnValueMap([
['user0', true],
['user1', true],
]));
$userFolder = $this->getMock('\OCP\Files\Folder');
$userFolder->method('isSubNode')->with($userFolder)->willReturn(false);
$this->rootFolder->method('getUserFolder')->willReturn($userFolder);
$share = $this->manager->newShare();
$share->setShareType(\OCP\Share::SHARE_TYPE_USER)
->setSharedWith('user0')
->setSharedBy('user1')
->setNode($userFolder);
$this->invokePrivate($this->manager, 'generalCreateChecks', [$share]);
}
/** /**
* @expectedException \OCP\Share\Exceptions\GenericShareException * @expectedException \OCP\Share\Exceptions\GenericShareException
* @expectedExceptionMessage Expiration date is in the past * @expectedExceptionMessage Expiration date is in the past