mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[stable9] Backport files drop feature

This commit is contained in:
Lukas Reschke 2016-06-11 11:25:45 +02:00
parent 96c3a3a647
commit 68c38ae8c2
No known key found for this signature in database
GPG Key ID: 9AB0ADB949B6898C
15 changed files with 392 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/dav/appinfo/v1/publicwebdav.php
View File

@ -59,6 +59,7 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func
$rootShare = \OCP\Share::resolveReShare($share);
$owner = $rootShare['uid_owner'];
$isWritable = $share['permissions'] & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE);
$isReadable = $share['permissions'] & \OCP\Constants::PERMISSION_READ;
$fileId = $share['file_source'];
if (!$isWritable) {
@ -66,6 +67,9 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func
return new \OC\Files\Storage\Wrapper\PermissionsMask(array('storage' => $storage, 'mask' => \OCP\Constants::PERMISSION_READ + \OCP\Constants::PERMISSION_SHARE));
});
}
if (!$isReadable) {
return false;
}
OC_Util::setupFS($owner);
$ownerView = \OC\Files\Filesystem::getView();

24
apps/files/ajax/upload.php
View File

@ -161,6 +161,15 @@ if (\OC\Files\Filesystem::isValidPath($dir) === true) {
$resolution = null;
}
if(isset($_POST['dirToken'])) {
// If it is a read only share the resolution will always be autorename
$shareManager = \OC::$server->getShareManager();
$share = $shareManager->getShareByToken((string)$_POST['dirToken']);
if (!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
$resolution = 'autorename';
}
}
// target directory for when uploading folders
$relativePath = '';
if(!empty($_POST['file_directory'])) {
@ -247,6 +256,21 @@ if (\OC\Files\Filesystem::isValidPath($dir) === true) {
}
if ($error === false) {
// Do not leak file information if it is a read-only share
if(isset($_POST['dirToken'])) {
$shareManager = \OC::$server->getShareManager();
$share = $shareManager->getShareByToken((string)$_POST['dirToken']);
if (!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
$newResults = [];
foreach($result as $singleResult) {
$fileName = $singleResult['originalname'];
$newResults['filename'] = $fileName;
$newResults['mimetype'] = \OC::$server->getMimeTypeDetector()->detectPath($fileName);
}
$result = $newResults;
}
}
OCP\JSON::encodedPrint($result);
} else {
OCP\JSON::error(array(array('data' => array_merge(array('message' => $error, 'code' => $errorCode), $storageStats))));

6
apps/files_sharing/ajax/publicpreview.php
View File

@ -42,6 +42,12 @@ if($token === ''){
}
$linkedItem = \OCP\Share::getShareByToken($token);
$shareManager = \OC::$server->getShareManager();
$share = $shareManager->getShareByToken($token);
if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
OCP\JSON::error(array('data' => 'Share is not readable.'));
exit();
}
if($linkedItem === false || ($linkedItem['item_type'] !== 'file' && $linkedItem['item_type'] !== 'folder')) {
\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);

9
apps/files_sharing/ajax/shareinfo.php
View File

@ -62,6 +62,15 @@ if (!$isWritable) {
$rootInfo = \OC\Files\Filesystem::getFileInfo($path);
$rootView = new \OC\Files\View('');
$shareManager = \OC::$server->getShareManager();
$share = $shareManager->getShareByToken($token);
$sharePermissions= (int)$share->getPermissions();
if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
OCP\JSON::error(array('data' => 'Share is not readable.'));
exit();
}
/**
* @param \OCP\Files\FileInfo $dir
* @param \OC\Files\View $view

1
apps/files_sharing/api/share20ocs.php
View File

@ -584,6 +584,7 @@ class Share20OCS {
if ($newPermissions !== null &&
$newPermissions !== \OCP\Constants::PERMISSION_READ &&
$newPermissions !== (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) &&
$newPermissions !== (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) {
return new \OC_OCS_Result(null, 400, 'can\'t change permission for public link share');
}

59
apps/files_sharing/css/public.css
View File

@ -158,3 +158,62 @@ thead {
opacity: 1;
cursor: pointer;
}
#public-upload .avatardiv {
margin: 0 auto;
}
#public-upload #emptycontent h2 {
margin: 10px 0 5px 0;
}
#public-upload #emptycontent h2+p {
margin-bottom: 30px;
}
#public-upload #emptycontent .icon-folder {
height: 16px;
width: 16px;
background-size: 16px;
display: inline-block;
vertical-align: text-top;
margin-bottom: 0;
margin-right: 5px;
opacity: 1;
}
#public-upload #emptycontent .button {
background-size: 16px;
height: 16px;
width: 16px;
background-position: 16px;
opacity: .7;
font-size: 20px;
margin: 20px;
padding: 10px 20px;
padding-left: 42px;
font-weight: normal;
}
#public-upload #emptycontent ul {
width: 160px;
margin: 5px auto;
text-align: left;
}
#public-upload #emptycontent li {
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
padding: 7px 0;
}
#public-upload #emptycontent li img {
vertical-align: text-bottom;
margin-right: 5px;
}
#public-upload li span.icon-loading-small {
padding-left: 18px;
margin-right: 7px;
}

80
apps/files_sharing/js/files_drop.js Normal file
View File

@ -0,0 +1,80 @@
/*
* Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
*
* This file is licensed under the Affero General Public License version 3
* or later.
*
* See the COPYING-README file.
*
*/
(function ($) {
var Drop = {
initialize: function () {
$(document).bind('drop dragover', function (e) {
// Prevent the default browser drop action:
e.preventDefault();
});
$('#public-upload').fileupload({
url: OC.linkTo('files', 'ajax/upload.php'),
dataType: 'json',
dropZone: $('#public-upload'),
formData: {
dirToken: $('#sharingToken').val()
},
add: function(e, data) {
var errors = [];
if(data.files[0]['size'] && data.files[0]['size'] > $('#maxFilesizeUpload').val()) {
errors.push('File is too big');
}
$('#drop-upload-done-indicator').addClass('hidden');
$('#drop-upload-progress-indicator').removeClass('hidden');
_.each(data['files'], function(file) {
if(errors.length === 0) {
$('#public-upload ul').append('<li data-toggle="tooltip" title="'+escapeHTML(file.name)+'" data-name="'+escapeHTML(file.name)+'"><span class="icon-loading-small"></span> '+escapeHTML(file.name)+'</li>');
$('[data-toggle="tooltip"]').tooltip();
data.submit();
} else {
OC.Notification.showTemporary(OC.L10N.translate('files_sharing', 'Could not upload "{filename}"', {filename: file.name}));
$('#public-upload ul').append('<li data-toggle="tooltip" title="'+escapeHTML(file.name)+'" data-name="'+escapeHTML(file.name)+'"><img src="'+OC.imagePath('core', 'actions/error.svg')+'"/> '+escapeHTML(file.name)+'</li>');
$('[data-toggle="tooltip"]').tooltip();
}
});
},
success: function (response) {
if(response.status !== 'error') {
var mimeTypeUrl = OC.MimeType.getIconUrl(response['mimetype']);
$('#public-upload ul li[data-name="' + escapeHTML(response['filename']) + '"]').html('<img src="' + escapeHTML(mimeTypeUrl) + '"/> ' + escapeHTML(response['filename']));
$('[data-toggle="tooltip"]').tooltip();
}
},
progressall: function (e, data) {
var progress = parseInt(data.loaded / data.total * 100, 10);
if(progress === 100) {
$('#drop-upload-done-indicator').removeClass('hidden');
$('#drop-upload-progress-indicator').addClass('hidden');
} else {
$('#drop-upload-done-indicator').addClass('hidden');
$('#drop-upload-progress-indicator').removeClass('hidden');
}
}
});
$('#public-upload .button.icon-upload').click(function(e) {
e.preventDefault();
$('#public-upload #emptycontent input').focus().trigger('click');
});
}
};
$(document).ready(function() {
if($('#upload-only-interface').val() === "1") {
$('.avatardiv').avatar($('#sharingUserId').val(), 128, true);
}
OCA.Files_Sharing_Drop = Drop;
OCA.Files_Sharing_Drop.initialize();
});
})(jQuery);

10
apps/files_sharing/lib/controllers/sharecontroller.php
View File

@ -307,6 +307,7 @@ class ShareController extends Controller {
$shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize());
// Show file list
$hideFileList = false;
if ($share->getNode() instanceof \OCP\Files\Folder) {
$shareTmpl['dir'] = $rootFolder->getRelativePath($path->getPath());
@ -322,12 +323,14 @@ class ShareController extends Controller {
$uploadLimit = Util::uploadLimit();
$maxUploadFilesize = min($freeSpace, $uploadLimit);
$hideFileList = $share->getPermissions() & \OCP\Constants::PERMISSION_READ ? false : true;
$folder = new Template('files', 'list', '');
$folder->assign('dir', $rootFolder->getRelativePath($path->getPath()));
$folder->assign('dirToken', $token);
$folder->assign('permissions', \OCP\Constants::PERMISSION_READ);
$folder->assign('isPublic', true);
$folder->assign('hideFileList', $hideFileList);
$folder->assign('publicUploadEnabled', 'no');
$folder->assign('uploadMaxFilesize', $maxUploadFilesize);
$folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
@ -338,6 +341,8 @@ class ShareController extends Controller {
$shareTmpl['folder'] = $folder->fetchPage();
}
$shareTmpl['hideFileList'] = $hideFileList;
$shareTmpl['shareOwner'] = $this->userManager->get($share->getShareOwner())->getDisplayName();
$shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', array('token' => $token));
$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
$shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true);
@ -360,12 +365,15 @@ class ShareController extends Controller {
* @param string $files
* @param string $path
* @param string $downloadStartSecret
* @return void|RedirectResponse
* @return void|OCP\AppFramework\Http\Response
*/
public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
\OC_User::setIncognitoMode(true);
$share = $this->shareManager->getShareByToken($token);
if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
return new OCP\AppFramework\Http\DataResponse('Share is read-only');
}
// Share is password protected - check whether the user is permitted to access the share
if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {

85
apps/files_sharing/templates/public.php
View File

@ -8,8 +8,8 @@ OCP\Util::addStyle('files_sharing', 'mobile');
OCP\Util::addScript('files_sharing', 'public');
OCP\Util::addScript('files', 'fileactions');
OCP\Util::addScript('files', 'fileactionsmenu');
OCP\Util::addScript('files', 'jquery.iframe-transport');
OCP\Util::addScript('files', 'jquery.fileupload');
OCP\Util::addScript('files_sharing', 'files_drop');
// JS required for folders
OCP\Util::addStyle('files', 'files');
@ -33,6 +33,7 @@ $thumbSize = 1024;
<div id="notification" style="display: none;"></div>
</div>
<input type="hidden" id="sharingUserId" value="<?php p($_['owner']) ?>">
<input type="hidden" id="filesApp" name="filesApp" value="1">
<input type="hidden" id="isPublic" name="isPublic" value="1">
<input type="hidden" name="dir" value="<?php p($_['dir']) ?>" id="dir">
@ -42,7 +43,16 @@ $thumbSize = 1024;
<input type="hidden" name="mimetype" value="<?php p($_['mimetype']) ?>" id="mimetype">
<input type="hidden" name="previewSupported" value="<?php p($_['previewSupported'] ? 'true' : 'false'); ?>" id="previewSupported">
<input type="hidden" name="mimetypeIcon" value="<?php p(\OC::$server->getMimeTypeDetector()->mimeTypeIcon($_['mimetype'])); ?>" id="mimetypeIcon">
<input type="hidden" name="filesize" value="<?php p($_['nonHumanFileSize']); ?>" id="filesize">
<?php
$upload_max_filesize = OC::$server->getIniWrapper()->getBytes('upload_max_filesize');
$post_max_size = OC::$server->getIniWrapper()->getBytes('post_max_size');
$maxUploadFilesize = min($upload_max_filesize, $post_max_size);
?>
<input type="hidden" name="maxFilesizeUpload" value="<?php p($maxUploadFilesize); ?>" id="maxFilesizeUpload">
<?php if (!isset($_['hideFileList']) || (isset($_['hideFileList']) && $_['hideFileList'] === false)): ?>
<input type="hidden" name="filesize" value="<?php p($_['nonHumanFileSize']); ?>" id="filesize">
<?php endif; ?>
<input type="hidden" name="maxSizeAnimateGif" value="<?php p($_['maxSizeAnimateGif']); ?>" id="maxSizeAnimateGif">
@ -56,11 +66,11 @@ $thumbSize = 1024;
<div class="header-appname-container">
<h1 class="header-appname">
<?php
if(OC_Util::getEditionString() === '') {
p($theme->getName());
} else {
print_unescaped($theme->getHTMLName());
}
if(OC_Util::getEditionString() === '') {
p($theme->getName());
} else {
print_unescaped($theme->getHTMLName());
}
?>
</h1>
</div>
@ -69,25 +79,28 @@ $thumbSize = 1024;
<div class="header-right">
<span id="details">
<?php
if ($_['server2serversharing']) {
?>
<span id="save" data-protected="<?php p($_['protected']) ?>"
data-owner-display-name="<?php p($_['displayName']) ?>" data-owner="<?php p($_['owner']) ?>" data-name="<?php p($_['filename']) ?>">
<button id="save-button"><?php p($l->t('Add to your Nextcloud')) ?></button>
<form class="save-form hidden" action="#">
<input type="text" id="remote_address" placeholder="example.com/owncloud"/>
<button id="save-button-confirm" class="icon-confirm svg" disabled></button>
</form>
</span>
if (!isset($_['hideFileList']) || (isset($_['hideFileList']) && $_['hideFileList'] === false)) {
if ($_['server2serversharing']) {
?>
<span id="save" data-protected="<?php p($_['protected']) ?>"
data-owner-display-name="<?php p($_['displayName']) ?>" data-owner="<?php p($_['owner']) ?>" data-name="<?php p($_['filename']) ?>">
<button id="save-button"><?php p($l->t('Add to your ownCloud')) ?></button>
<form class="save-form hidden" action="#">
<input type="text" id="remote_address" placeholder="example.com/owncloud"/>
<button id="save-button-confirm" class="icon-confirm svg" disabled></button>
</form>
</span>
<?php } ?>
<a href="<?php p($_['downloadURL']); ?>" id="download" class="button">
<img class="svg" alt="" src="<?php print_unescaped(image_path("core", "actions/download.svg")); ?>"/>
<span id="download-text"><?php p($l->t('Download'))?></span>
</a>
<?php } ?>
<a href="<?php p($_['downloadURL']); ?>" id="download" class="button">
<img class="svg" alt="" src="<?php print_unescaped(image_path("core", "actions/download.svg")); ?>"/>
<span id="download-text"><?php p($l->t('Download'))?></span>
</a>
</span>
</div>
</div></header>
</div></header>
<div id="content-wrapper">
<?php if (!isset($_['hideFileList']) || (isset($_['hideFileList']) && $_['hideFileList'] === false)) { ?>
<div id="content">
<div id="preview">
<?php if (isset($_['folder'])): ?>
@ -95,7 +108,7 @@ $thumbSize = 1024;
<?php else: ?>
<?php if ($_['previewEnabled'] && substr($_['mimetype'], 0, strpos($_['mimetype'], '/')) == 'video'): ?>
<div id="imgframe">
<video tabindex="0" controls="" preload="none">
<video tabindex="0" controls="" preload="none" style="max-width: <?php p($_['previewMaxX']); ?>px; max-height: <?php p($_['previewMaxY']); ?>px">
<source src="<?php p($_['downloadURL']); ?>" type="<?php p($_['mimetype']); ?>" />
</video>
</div>
@ -115,10 +128,34 @@ $thumbSize = 1024;
</div>
<?php endif; ?>
</div>
<?php } else { ?>
<input type="hidden" id="upload-only-interface" value="1"/>
<div id="public-upload">
<div id="emptycontent" class="">
<div id="displayavatar"><div class="avatardiv"></div></div>
<h2><?php p($l->t('Upload files to %s', [$_['shareOwner']])) ?></h2>
<p><span class="icon-folder"></span> <?php p($_['filename']) ?></p>
<input type="file" name="files[]" class="hidden" multiple>
<a href="#" class="button icon-upload"><?php p($l->t('Select or drop files')) ?></a>
<div id="drop-upload-progress-indicator" style="padding-top: 25px;" class="hidden"><?php p($l->t('Uploading files…')) ?></div>
<div id="drop-upload-done-indicator" style="padding-top: 25px;" class="hidden"><?php p($l->t('Uploaded files:')) ?></div>
<ul>
</ul>
</div>
</div>
<?php } ?>
</div>
<?php if (!isset($_['hideFileList']) || (isset($_['hideFileList']) && $_['hideFileList'] !== true)): ?>
<input type="hidden" name="dir" id="dir" value="" />
<div class="hiddenuploadfield">
<input type="file" id="file_upload_start" class="hiddenuploadfield" name="files[]"
data-url="<?php print_unescaped(OCP\Util::linkTo('files', 'ajax/upload.php')); ?>" />
</div>
<?php endif; ?>
<footer>
<p class="info">
<?php print_unescaped($theme->getLongFooter()); ?>
</p>
</footer>
</div>
</div>

64
apps/files_sharing/tests/controller/sharecontroller.php
View File

@ -1,8 +1,9 @@
<?php
/**
* @author Björn Schießle <bjoern@schiessle.org>
* @author Georg Ehrke <georg@owncloud.com>
* @author Joas Schilling <nickvergessen@owncloud.com>
* @author Lukas Reschke <lukas@owncloud.com>
* @author Lukas Reschke <lukas@statuscode.ch>
* @author Morris Jobke <hey@morrisjobke.de>
* @author Robin Appelman <icewind@owncloud.com>
* @author Roeland Jago Douma <rullzer@owncloud.com>
@ -26,9 +27,12 @@
*
*/
namespace OCA\Files_Sharing\Controllers;
namespace OCA\Files_Sharing\Tests\Controllers;
use OC\Files\Filesystem;
use OCA\FederatedFileSharing\FederatedShareProvider;
use OCA\Files_Sharing\Controllers\ShareController;
use OCP\AppFramework\Http\DataResponse;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\AppFramework\Http\NotFoundResponse;
use OCP\AppFramework\Http\RedirectResponse;
@ -66,8 +70,11 @@ class ShareControllerTest extends \Test\TestCase {
private $shareManager;
/** @var IUserManager | \PHPUnit_Framework_MockObject_MockObject */
private $userManager;
/** @var FederatedShareProvider | \PHPUnit_Framework_MockObject_MockObject */
private $federatedShareProvider;
protected function setUp() {
parent::setUp();
$this->appName = 'files_sharing';
$this->shareManager = $this->getMockBuilder('\OC\Share20\Manager')->disableOriginalConstructor()->getMock();
@ -76,6 +83,12 @@ class ShareControllerTest extends \Test\TestCase {
$this->previewManager = $this->getMock('\OCP\IPreview');
$this->config = $this->getMock('\OCP\IConfig');
$this->userManager = $this->getMock('\OCP\IUserManager');
$this->federatedShareProvider = $this->getMockBuilder('OCA\FederatedFileSharing\FederatedShareProvider')
->disableOriginalConstructor()->getMock();
$this->federatedShareProvider->expects($this->any())
->method('isOutgoingServer2serverShareEnabled')->willReturn(true);
$this->federatedShareProvider->expects($this->any())
->method('isIncomingServer2serverShareEnabled')->willReturn(true);
$this->shareController = new \OCA\Files_Sharing\Controllers\ShareController(
$this->appName,
@ -88,7 +101,8 @@ class ShareControllerTest extends \Test\TestCase {
$this->shareManager,
$this->session,
$this->previewManager,
$this->getMock('\OCP\Files\IRootFolder')
$this->getMock('\OCP\Files\IRootFolder'),
$this->federatedShareProvider
);
@ -116,6 +130,7 @@ class ShareControllerTest extends \Test\TestCase {
// Set old user
\OC_User::setUserId($this->oldUser);
\OC_Util::setupFS($this->oldUser);
parent::tearDown();
}
public function testShowAuthenticateNotAuthenticated() {
@ -173,7 +188,7 @@ class ShareControllerTest extends \Test\TestCase {
$this->assertEquals($expectedResponse, $response);
}
public function testAutehnticateInvalidToken() {
public function testAuthenticateInvalidToken() {
$this->shareManager
->expects($this->once())
->method('getShareByToken')
@ -247,11 +262,11 @@ class ShareControllerTest extends \Test\TestCase {
->method('access')
->with($this->callback(function(array $data) {
return $data['itemType'] === 'file' &&
$data['itemSource'] === 100 &&
$data['uidOwner'] === 'initiator' &&
$data['token'] === 'token' &&
$data['errorCode'] === 403 &&
$data['errorMessage'] === 'Wrong password';
$data['itemSource'] === 100 &&
$data['uidOwner'] === 'initiator' &&
$data['token'] === 'token' &&
$data['errorCode'] === 403 &&
$data['errorMessage'] === 'Wrong password';
}));
$response = $this->shareController->authenticate('token', 'invalidpassword');
@ -323,6 +338,8 @@ class ShareControllerTest extends \Test\TestCase {
[
['max_filesize_animated_gifs_public_sharing', 10, 10],
['enable_previews', true, true],
['preview_max_x', 1024, 1024],
['preview_max_y', 1024, 1024],
]
);
$shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10);
@ -354,6 +371,8 @@ class ShareControllerTest extends \Test\TestCase {
'maxSizeAnimateGif' => 10,
'previewSupported' => true,
'previewEnabled' => true,
'hideFileList' => false,
'shareOwner' => 'ownerDisplay'
);
$csp = new \OCP\AppFramework\Http\ContentSecurityPolicy();
@ -412,10 +431,13 @@ class ShareControllerTest extends \Test\TestCase {
$this->shareController->showShare('token');
}
public function testDownloadShare() {
$share = $this->getMock('\OCP\Share\IShare');
$share->method('getPassword')->willReturn('password');
$share
->expects($this->once())
->method('getPermissions')
->willReturn(\OCP\Constants::PERMISSION_READ);
$this->shareManager
->expects($this->once())
@ -434,4 +456,24 @@ class ShareControllerTest extends \Test\TestCase {
$this->assertEquals($expectedResponse, $response);
}
}
public function testDownloadShareWithCreateOnlyShare() {
$share = $this->getMock('\OCP\Share\IShare');
$share->method('getPassword')->willReturn('password');
$share
->expects($this->once())
->method('getPermissions')
->willReturn(\OCP\Constants::PERMISSION_CREATE);
$this->shareManager
->expects($this->once())
->method('getShareByToken')
->with('validtoken')
->willReturn($share);
// Test with a password protected share and no authentication
$response = $this->shareController->downloadShare('validtoken');
$expectedResponse = new DataResponse('Share is read-only');
$this->assertEquals($expectedResponse, $response);
}
}

3
core/controller/avatarcontroller.php
View File

@ -85,7 +85,7 @@ class AvatarController extends Controller {
IL10N $l10n,
IUserManager $userManager,
IUserSession $userSession,
Folder $userFolder,
Folder $userFolder = null,
ILogger $logger) {
parent::__construct($appName, $request);
@ -101,6 +101,7 @@ class AvatarController extends Controller {
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
*
* @param string $userId
* @param int $size

124
core/js/sharedialoglinkshareview.js
View File

@ -24,30 +24,31 @@
'<br />' +
'<label for="linkText-{{cid}}" class="hidden-visually">{{urlLabel}}</label>' +
'<input id="linkText-{{cid}}" class="linkText {{#unless isLinkShare}}hidden{{/unless}}" type="text" readonly="readonly" value="{{shareLinkURL}}" />' +
' {{#if showPasswordCheckBox}}' +
'<input type="checkbox" name="showPassword" id="showPassword-{{cid}}" class="checkbox showPasswordCheckbox" {{#if isPasswordSet}}checked="checked"{{/if}} value="1" />' +
'<label for="showPassword-{{cid}}">{{enablePasswordLabel}}</label>' +
' {{/if}}' +
'<div id="linkPass" class="linkPass {{#unless isPasswordSet}}hidden{{/unless}}">' +
' <label for="linkPassText-{{cid}}" class="hidden-visually">{{passwordLabel}}</label>' +
' <input id="linkPassText-{{cid}}" class="linkPassText" type="password" placeholder="{{passwordPlaceholder}}" />' +
' <span class="icon-loading-small hidden"></span>' +
'</div>' +
' {{#if publicUpload}}' +
'<div id="allowPublicUploadWrapper">' +
' <span class="icon-loading-small hidden"></span>' +
' <input type="checkbox" value="1" name="allowPublicUpload" id="sharingDialogAllowPublicUpload-{{cid}}" class="checkbox publicUploadCheckbox" {{{publicUploadChecked}}} />' +
'<label for="sharingDialogAllowPublicUpload-{{cid}}">{{publicUploadLabel}}</label>' +
'</div>' +
'{{#if hideFileList}}' +
'<div id="hideFileListWrapper">' +
' <span class="icon-loading-small hidden"></span>' +
' <input type="checkbox" value="1" name="hideFileList" id="sharingDialogHideFileList-{{cid}}" class="checkbox hideFileListCheckbox" {{{hideFileListChecked}}} />' +
'<label for="sharingDialogHideFileList-{{cid}}">{{hideFileListLabel}}</label>' +
'</div>' +
'{{/if}}' +
' {{/if}}' +
' {{#if mailPublicNotificationEnabled}}' +
'<form id="emailPrivateLink" class="emailPrivateLinkForm">' +
' <input id="email" class="emailField" value="{{email}}" placeholder="{{mailPrivatePlaceholder}}" type="text" />' +
' <input id="emailButton" class="emailButton" type="submit" value="{{mailButtonText}}" />' +
'</form>' +
' {{#if showPasswordCheckBox}}' +
'<input type="checkbox" name="showPassword" id="showPassword-{{cid}}" class="checkbox showPasswordCheckbox" {{#if isPasswordSet}}checked="checked"{{/if}} value="1" />' +
'<label for="showPassword-{{cid}}">{{enablePasswordLabel}}</label>' +
' {{/if}}' +
'<div id="linkPass" class="linkPass {{#unless isPasswordSet}}hidden{{/unless}}">' +
' <label for="linkPassText-{{cid}}" class="hidden-visually">{{passwordLabel}}</label>' +
' <input id="linkPassText-{{cid}}" class="linkPassText" type="password" placeholder="{{passwordPlaceholder}}" />' +
' <span class="icon-loading-small hidden"></span>' +
'</div>' +
'{{else}}' +
// FIXME: this doesn't belong in this view
// FIXME: this doesn't belong in this view
'{{#if noSharingPlaceholder}}<input id="shareWith-{{cid}}" class="shareWithField" type="text" placeholder="{{noSharingPlaceholder}}" disabled="disabled"/>{{/if}}' +
'{{/if}}'
;
@ -76,12 +77,12 @@
showLink: true,
events: {
'submit .emailPrivateLinkForm': '_onEmailPrivateLink',
'focusout input.linkPassText': 'onPasswordEntered',
'keyup input.linkPassText': 'onPasswordKeyUp',
'click .linkCheckbox': 'onLinkCheckBoxChange',
'click .linkText': 'onLinkTextClick',
'change .publicUploadCheckbox': 'onAllowPublicUploadChange',
'change .hideFileListCheckbox': 'onHideFileListChange',
'click .showPasswordCheckbox': 'onShowPasswordClick'
},
@ -100,6 +101,10 @@
view.render();
});
this.model.on('change:hideFileListStatus', function() {
view.render();
});
this.model.on('change:linkShare', function() {
view.render();
});
@ -112,12 +117,12 @@
_.bindAll(
this,
'_onEmailPrivateLink',
'onLinkCheckBoxChange',
'onPasswordEntered',
'onPasswordKeyUp',
'onLinkTextClick',
'onShowPasswordClick',
'onHideFileListChange',
'onAllowPublicUploadChange'
);
},
@ -218,38 +223,23 @@
});
},
_onEmailPrivateLink: function(event) {
event.preventDefault();
onHideFileListChange: function () {
var $checkbox = this.$('.hideFileListCheckbox');
$checkbox.siblings('.icon-loading-small').removeClass('hidden').addClass('inlineblock');
var $emailField = this.$el.find('.emailField');
var $emailButton = this.$el.find('.emailButton');
var email = $emailField.val();
if (email !== '') {
$emailField.prop('disabled', true);
$emailButton.prop('disabled', true);
$emailField.val(t('core', 'Sending ...'));
this.model.sendEmailPrivateLink(email).done(function() {
$emailField.css('font-weight', 'bold').val(t('core','Email sent'));
setTimeout(function() {
$emailField.val('');
$emailField.css('font-weight', 'normal');
$emailField.prop('disabled', false);
$emailButton.prop('disabled', false);
}, 2000);
}).fail(function() {
$emailField.val(email);
$emailField.css('font-weight', 'normal');
$emailField.prop('disabled', false);
$emailButton.prop('disabled', false);
});
var permissions = OC.PERMISSION_UPDATE | OC.PERMISSION_CREATE | OC.PERMISSION_READ;
if ($checkbox.is(':checked')) {
permissions = OC.PERMISSION_UPDATE | OC.PERMISSION_CREATE;
}
return false;
this.model.saveLinkShare({
permissions: permissions
});
},
render: function() {
var linkShareTemplate = this.template();
var resharingAllowed = this.model.sharePermissionPossible();
var email = this.$el.find('.emailField').val();
if(!resharingAllowed
|| !this.showLink
@ -274,15 +264,23 @@
publicUploadChecked = 'checked="checked"';
}
var hideFileList = publicUploadChecked;
var hideFileListChecked = '';
if(this.model.isHideFileListSet()) {
hideFileListChecked = 'checked="checked"';
}
var isLinkShare = this.model.get('linkShare').isLinkShare;
var isPasswordSet = !!this.model.get('linkShare').password;
var showPasswordCheckBox = isLinkShare
&& ( !this.configModel.get('enforcePasswordForPublicLink')
|| !this.model.get('linkShare').password);
|| !this.model.get('linkShare').password);
this.$el.html(linkShareTemplate({
cid: this.cid,
shareAllowed: true,
hideFileList: hideFileList,
isLinkShare: isLinkShare,
shareLinkURL: this.model.get('linkShare').link,
linkShareLabel: t('core', 'Share link'),
@ -294,46 +292,14 @@
showPasswordCheckBox: showPasswordCheckBox,
publicUpload: publicUpload && isLinkShare,
publicUploadChecked: publicUploadChecked,
hideFileListChecked: hideFileListChecked,
publicUploadLabel: t('core', 'Allow editing'),
hideFileListLabel: t('core', 'Hide file listing'),
mailPublicNotificationEnabled: isLinkShare && this.configModel.isMailPublicNotificationEnabled(),
mailPrivatePlaceholder: t('core', 'Email link to person'),
mailButtonText: t('core', 'Send'),
email: email
mailButtonText: t('core', 'Send')
}));
var $emailField = this.$el.find('.emailField');
if (isLinkShare && $emailField.length !== 0) {
$emailField.autocomplete({
minLength: 1,
source: function (search, response) {
$.get(
OC.generateUrl('core/ajax/share.php'), {
fetch: 'getShareWithEmail',
search: search.term
}, function(result) {
if (result.status == 'success' && result.data.length > 0) {
response(result.data);
}
});
},
select: function( event, item ) {
$emailField.val(item.item.email);
return false;
}
})
.data("ui-autocomplete")._renderItem = function( ul, item ) {
return $('<li>')
.append('<a>' + escapeHTML(item.displayname) + "<br>" + escapeHTML(item.email) + '</a>' )
.appendTo( ul );
};
}
// TODO drop with IE8 drop
if($('html').hasClass('ie8')) {
this.$el.find('#linkPassText').removeAttr('placeholder');
this.$el.find('#linkPassText').val('');
}
this.delegateEvents();
return this;
@ -354,4 +320,4 @@
OC.Share.ShareDialogLinkShareView = ShareDialogLinkShareView;
})();
})();

64
core/js/shareitemmodel.js
View File

@ -154,21 +154,17 @@
// Default permissions are Edit (CRUD) and Share
// Check if these permissions are possible
var permissions = OC.PERMISSION_READ;
if (shareType === OC.Share.SHARE_TYPE_REMOTE) {
permissions = OC.PERMISSION_CREATE | OC.PERMISSION_UPDATE | OC.PERMISSION_READ;
} else {
if (this.updatePermissionPossible()) {
permissions = permissions | OC.PERMISSION_UPDATE;
}
if (this.createPermissionPossible()) {
permissions = permissions | OC.PERMISSION_CREATE;
}
if (this.deletePermissionPossible()) {
permissions = permissions | OC.PERMISSION_DELETE;
}
if (this.configModel.get('isResharingAllowed') && (this.sharePermissionPossible())) {
permissions = permissions | OC.PERMISSION_SHARE;
}
if (this.updatePermissionPossible()) {
permissions = permissions | OC.PERMISSION_UPDATE;
}
if (this.createPermissionPossible()) {
permissions = permissions | OC.PERMISSION_CREATE;
}
if (this.deletePermissionPossible()) {
permissions = permissions | OC.PERMISSION_DELETE;
}
if (this.configModel.get('isResharingAllowed') && (this.sharePermissionPossible())) {
permissions = permissions | OC.PERMISSION_SHARE;
}
attributes.permissions = permissions;
@ -276,6 +272,13 @@
return this.get('allowPublicUploadStatus');
},
/**
* @returns {boolean}
*/
isHideFileListSet: function() {
return this.get('hideFileListStatus');
},
/**
* @returns {boolean}
*/
@ -411,12 +414,6 @@
if(!_.isObject(share)) {
throw "Unknown Share";
}
if( share.share_type === OC.Share.SHARE_TYPE_REMOTE
&& ( permission === OC.PERMISSION_SHARE
|| permission === OC.PERMISSION_DELETE))
{
return false;
}
return (share.permissions & permission) === permission;
},
@ -487,7 +484,7 @@
} else {
deferred.resolve();
}
});
});
return deferred.promise();
},
@ -557,8 +554,8 @@
*/
editPermissionPossible: function() {
return this.createPermissionPossible()
|| this.updatePermissionPossible()
|| this.deletePermissionPossible();
|| this.updatePermissionPossible()
|| this.deletePermissionPossible();
},
/**
@ -566,8 +563,8 @@
*/
hasEditPermission: function(shareIndex) {
return this.hasCreatePermission(shareIndex)
|| this.hasUpdatePermission(shareIndex)
|| this.hasDeletePermission(shareIndex);
|| this.hasUpdatePermission(shareIndex)
|| this.hasDeletePermission(shareIndex);
},
_getUrl: function(base, params) {
@ -695,6 +692,16 @@
});
}
var hideFileListStatus = false;
if(!_.isUndefined(data.shares)) {
$.each(data.shares, function (key, value) {
if (value.share_type === OC.Share.SHARE_TYPE_LINK) {
hideFileListStatus = (value.permissions & OC.PERMISSION_READ) ? false : true;
return true;
}
});
}
/** @type {OC.Share.Types.ShareInfo[]} **/
var shares = _.map(data.shares, function(share) {
// properly parse some values because sometimes the server
@ -767,7 +774,8 @@
shares: shares,
linkShare: linkShare,
permissions: permissions,
allowPublicUploadStatus: allowPublicUploadStatus
allowPublicUploadStatus: allowPublicUploadStatus,
hideFileListStatus: hideFileListStatus
};
},
@ -793,4 +801,4 @@
});
OC.Share.ShareItemModel = ShareItemModel;
})();
})();

5
lib/private/share20/manager.php
View File

@ -233,8 +233,9 @@ class Manager implements IManager {
throw new GenericShareException($message_t, $message_t, 404);
}
// Check that read permissions are always set
if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
// Link shares are allowed to have no read permissions to allow upload to hidden folders
if ($share->getShareType() !== \OCP\Share::SHARE_TYPE_LINK &&
($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
throw new \InvalidArgumentException('Shares need at least read permissions');
}
}

1
tests/lib/share20/managertest.php
View File

@ -670,7 +670,6 @@ class ManagerTest extends \Test\TestCase {
$data[] = [$this->createShare(null, \OCP\Share::SHARE_TYPE_USER, $allPermssions, $user2, $user0, $user0, 30, null, null), 'Shares need at least read permissions', true];
$data[] = [$this->createShare(null, \OCP\Share::SHARE_TYPE_GROUP, $allPermssions, $group0, $user0, $user0, 2, null, null), 'Shares need at least read permissions', true];
$data[] = [$this->createShare(null, \OCP\Share::SHARE_TYPE_LINK, $allPermssions, null, $user0, $user0, 16, null, null), 'Shares need at least read permissions', true];
$data[] = [$this->createShare(null, \OCP\Share::SHARE_TYPE_USER, $allPermssions, $user2, $user0, $user0, 31, null, null), null, false];
$data[] = [$this->createShare(null, \OCP\Share::SHARE_TYPE_GROUP, $allPermssions, $group0, $user0, $user0, 3, null, null), null, false];