Merge pull request #22660 from owncloud/fix_22656

Do not allow sharing of the users root folder
This commit is contained in:
Thomas Müller 2016-02-26 10:49:12 +01:00
commit 62d7885c3b
3 changed files with 42 additions and 0 deletions

View File

@ -506,3 +506,11 @@ Feature: sharing
And file "myfile.txt" of user "user0" is shared with user "user1"
When User "user1" uploads file "data/textfile.txt" to "/myfile.txt"
Then the HTTP status code should be "204"
Scenario: Don't allow sharing of the root
Given user "user0" exists
And As an "user0"
When creating a share with
| path | / |
| shareType | 3 |
Then the OCS status code should be "403"

View File

@ -197,6 +197,11 @@ class Manager implements IManager {
throw new \InvalidArgumentException('Path should be either a file or a folder');
}
// And you can't share your rootfolder
if ($this->rootFolder->getUserFolder($share->getSharedBy())->isSubNode($share->getNode()) === false) {
throw new \InvalidArgumentException('You can\'t share your root folder');
}
// Check if we actually have share permissions
if (!$share->getNode()->isShareable()) {
$message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]);

View File

@ -677,6 +677,9 @@ class ManagerTest extends \Test\TestCase {
['group0', true],
]));
$userFolder = $this->getMock('\OCP\Files\Folder');
$this->rootFolder->method('getUserFolder')->willReturn($userFolder);
try {
$this->invokePrivate($this->manager, 'generalCreateChecks', [$share]);
$thrown = false;
@ -691,6 +694,32 @@ class ManagerTest extends \Test\TestCase {
$this->assertSame($exception, $thrown);
}
/**
* @expectedException \InvalidArgumentException
* @expectedExceptionMessage You can't share your root folder
*/
public function testGeneralCheckShareRoot() {
$thrown = null;
$this->userManager->method('userExists')->will($this->returnValueMap([
['user0', true],
['user1', true],
]));
$userFolder = $this->getMock('\OCP\Files\Folder');
$userFolder->method('isSubNode')->with($userFolder)->willReturn(false);
$this->rootFolder->method('getUserFolder')->willReturn($userFolder);
$share = $this->manager->newShare();
$share->setShareType(\OCP\Share::SHARE_TYPE_USER)
->setSharedWith('user0')
->setSharedBy('user1')
->setNode($userFolder);
$this->invokePrivate($this->manager, 'generalCreateChecks', [$share]);
}
/**
* @expectedException \OCP\Share\Exceptions\GenericShareException
* @expectedExceptionMessage Expiration date is in the past