Merge pull request #2120 from nextcloud/stable9_2100

[stable9] Fixes not allowed increasing of link share permissions
This commit is contained in:
Morris Jobke 2016-11-17 21:38:56 +01:00 committed by GitHub
commit 8468d7af8b
2 changed files with 61 additions and 1 deletions

View File

@ -611,6 +611,7 @@ class Share20OCS {
if ($newPermissions !== null) {
$share->setPermissions($newPermissions);
$permissions = $newPermissions;
}
if ($expireDate === '') {

View File

@ -1189,13 +1189,17 @@ class Share20OCSTest extends \Test\TestCase {
public function testUpdateLinkShareClear() {
$ocs = $this->mockFormatShare();
$node = $this->getMockBuilder('OCP\Files\Folder')
->getMock();
$share = \OC::$server->getShareManager()->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
->setSharedBy($this->currentUser->getUID())
->setShareType(\OCP\Share::SHARE_TYPE_LINK)
->setPassword('password')
->setExpirationDate(new \DateTime())
->setPermissions(\OCP\Constants::PERMISSION_ALL);
->setPermissions(\OCP\Constants::PERMISSION_ALL)
->setNode($node);
$this->request
->method('getParam')
@ -1207,6 +1211,9 @@ class Share20OCSTest extends \Test\TestCase {
$this->shareManager->method('getShareById')->with('ocinternal:42')->willReturn($share);
$this->shareManager->method('getSharedWith')
->willReturn([]);
$this->shareManager->expects($this->once())->method('updateShare')->with(
$this->callback(function (\OCP\Share\IShare $share) {
return $share->getPermissions() === \OCP\Constants::PERMISSION_READ &&
@ -1244,6 +1251,9 @@ class Share20OCSTest extends \Test\TestCase {
$this->shareManager->method('getShareById')->with('ocinternal:42')->willReturn($share);
$this->shareManager->method('shareApiLinkAllowPublicUpload')->willReturn(true);
$this->shareManager->method('getSharedWith')
->willReturn([]);
$this->shareManager->expects($this->once())->method('updateShare')->with(
$this->callback(function (\OCP\Share\IShare $share) {
$date = new \DateTime('2000-01-01');
@ -1284,6 +1294,9 @@ class Share20OCSTest extends \Test\TestCase {
$this->shareManager->method('getShareById')->with('ocinternal:42')->willReturn($share);
$this->shareManager->method('shareApiLinkAllowPublicUpload')->willReturn(true);
$this->shareManager->method('getSharedWith')
->willReturn([]);
$expected = new \OC_OCS_Result(null, 400, 'Invalid date. Format must be YYYY-MM-DD');
$result = $ocs->updateShare(42);
@ -1448,6 +1461,9 @@ class Share20OCSTest extends \Test\TestCase {
$this->shareManager->method('getShareById')->with('ocinternal:42')->willReturn($share);
$this->shareManager->method('shareApiLinkAllowPublicUpload')->willReturn(true);
$this->shareManager->method('getSharedWith')
->willReturn([]);
$this->shareManager->expects($this->once())->method('updateShare')->with(
$this->callback(function (\OCP\Share\IShare $share) use ($date) {
return $share->getPermissions() === \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_DELETE &&
@ -1625,6 +1641,49 @@ class Share20OCSTest extends \Test\TestCase {
$this->assertEquals($expected->getData(), $result->getData());
}
public function testUpdateShareCannotIncreasePermissionsLinkShare() {
$ocs = $this->mockFormatShare();
$folder = $this->getMockBuilder('OCP\Files\Folder')
->getMock();
$share = \OC::$server->getShareManager()->newShare();
$share
->setId(42)
->setSharedBy($this->currentUser->getUID())
->setShareOwner('anotheruser')
->setShareType(\OCP\Share::SHARE_TYPE_LINK)
->setPermissions(\OCP\Constants::PERMISSION_READ)
->setNode($folder);
// note: updateShare will modify the received instance but getSharedWith will reread from the database,
// so their values will be different
$incomingShare = \OC::$server->getShareManager()->newShare();
$incomingShare
->setId(42)
->setSharedBy($this->currentUser->getUID())
->setShareOwner('anotheruser')
->setShareType(\OCP\Share::SHARE_TYPE_USER)
->setSharedWith('currentUser')
->setPermissions(\OCP\Constants::PERMISSION_READ)
->setNode($folder);
$this->shareManager->method('getShareById')->with('ocinternal:42')->willReturn($share);
$this->shareManager->expects($this->any())
->method('getSharedWith')
->will($this->returnValueMap([
['currentUser', \OCP\Share::SHARE_TYPE_USER, $share->getNode(), -1, 0, [$incomingShare]],
['currentUser', \OCP\Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0, []]
]));
$this->shareManager->expects($this->never())->method('updateShare');
$this->shareManager->method('shareApiLinkAllowPublicUpload')->willReturn(true);
$this->request
->method('getParam')
->will($this->returnValueMap([
['publicUpload', null, 'true'],
]));
$expected = new \OC_OCS_Result(null, 404, 'Cannot increase permissions');
$result = $ocs->updateShare(42);
$this->assertEquals($expected->getMeta(), $result->getMeta());
$this->assertEquals($expected->getData(), $result->getData());
}
public function testUpdateShareCanIncreasePermissionsIfOwner() {
$ocs = $this->mockFormatShare();