Fixes not allowed increasing of link share permissions
Fixes the following: 1. user0 shares folder with user1 (RO but with sharing permissions) 2. user1 shares by link 3. user1 send 'publicUpload=true' OCS request to the link share before this increased the permissions of the link share. Which should not happen. now: API reponds with an error that the permissions can't be increased. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
150b86a7db
commit
965981486f
|
@ -692,6 +692,7 @@ class ShareAPIController extends OCSController {
|
||||||
|
|
||||||
if ($newPermissions !== null) {
|
if ($newPermissions !== null) {
|
||||||
$share->setPermissions($newPermissions);
|
$share->setPermissions($newPermissions);
|
||||||
|
$permissions = $newPermissions;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($expireDate === '') {
|
if ($expireDate === '') {
|
||||||
|
|
|
@ -1205,7 +1205,7 @@ class ShareAPIControllerTest extends \Test\TestCase {
|
||||||
public function testUpdateLinkShareClear() {
|
public function testUpdateLinkShareClear() {
|
||||||
$ocs = $this->mockFormatShare();
|
$ocs = $this->mockFormatShare();
|
||||||
|
|
||||||
$node = $this->getMockBuilder('\OCP\Files\Folder')->getMock();
|
$node = $this->getMockBuilder(Folder::class)->getMock();
|
||||||
$share = $this->newShare();
|
$share = $this->newShare();
|
||||||
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
|
$share->setPermissions(\OCP\Constants::PERMISSION_ALL)
|
||||||
->setSharedBy($this->currentUser)
|
->setSharedBy($this->currentUser)
|
||||||
|
@ -1229,6 +1229,9 @@ class ShareAPIControllerTest extends \Test\TestCase {
|
||||||
})
|
})
|
||||||
)->will($this->returnArgument(0));
|
)->will($this->returnArgument(0));
|
||||||
|
|
||||||
|
$this->shareManager->method('getSharedWith')
|
||||||
|
->willReturn([]);
|
||||||
|
|
||||||
$expected = new DataResponse(null);
|
$expected = new DataResponse(null);
|
||||||
$result = $ocs->updateShare(42, null, '', 'false', '');
|
$result = $ocs->updateShare(42, null, '', 'false', '');
|
||||||
|
|
||||||
|
@ -1261,6 +1264,9 @@ class ShareAPIControllerTest extends \Test\TestCase {
|
||||||
})
|
})
|
||||||
)->will($this->returnArgument(0));
|
)->will($this->returnArgument(0));
|
||||||
|
|
||||||
|
$this->shareManager->method('getSharedWith')
|
||||||
|
->willReturn([]);
|
||||||
|
|
||||||
$expected = new DataResponse(null);
|
$expected = new DataResponse(null);
|
||||||
$result = $ocs->updateShare(42, null, 'password', 'true', '2000-01-01');
|
$result = $ocs->updateShare(42, null, 'password', 'true', '2000-01-01');
|
||||||
|
|
||||||
|
@ -1483,6 +1489,9 @@ class ShareAPIControllerTest extends \Test\TestCase {
|
||||||
})
|
})
|
||||||
)->will($this->returnArgument(0));
|
)->will($this->returnArgument(0));
|
||||||
|
|
||||||
|
$this->shareManager->method('getSharedWith')
|
||||||
|
->willReturn([]);
|
||||||
|
|
||||||
$expected = new DataResponse(null);
|
$expected = new DataResponse(null);
|
||||||
$result = $ocs->updateShare(42, null, null, 'true', null);
|
$result = $ocs->updateShare(42, null, null, 'true', null);
|
||||||
|
|
||||||
|
@ -1633,6 +1642,52 @@ class ShareAPIControllerTest extends \Test\TestCase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testUpdateShareCannotIncreasePermissionsLinkShare() {
|
||||||
|
$ocs = $this->mockFormatShare();
|
||||||
|
|
||||||
|
$folder = $this->createMock(Folder::class);
|
||||||
|
|
||||||
|
$share = \OC::$server->getShareManager()->newShare();
|
||||||
|
$share
|
||||||
|
->setId(42)
|
||||||
|
->setSharedBy($this->currentUser)
|
||||||
|
->setShareOwner('anotheruser')
|
||||||
|
->setShareType(\OCP\Share::SHARE_TYPE_LINK)
|
||||||
|
->setPermissions(\OCP\Constants::PERMISSION_READ)
|
||||||
|
->setNode($folder);
|
||||||
|
|
||||||
|
// note: updateShare will modify the received instance but getSharedWith will reread from the database,
|
||||||
|
// so their values will be different
|
||||||
|
$incomingShare = \OC::$server->getShareManager()->newShare();
|
||||||
|
$incomingShare
|
||||||
|
->setId(42)
|
||||||
|
->setSharedBy($this->currentUser)
|
||||||
|
->setShareOwner('anotheruser')
|
||||||
|
->setShareType(\OCP\Share::SHARE_TYPE_USER)
|
||||||
|
->setSharedWith('currentUser')
|
||||||
|
->setPermissions(\OCP\Constants::PERMISSION_READ)
|
||||||
|
->setNode($folder);
|
||||||
|
|
||||||
|
$this->shareManager->method('getShareById')->with('ocinternal:42')->willReturn($share);
|
||||||
|
|
||||||
|
$this->shareManager->expects($this->any())
|
||||||
|
->method('getSharedWith')
|
||||||
|
->will($this->returnValueMap([
|
||||||
|
['currentUser', \OCP\Share::SHARE_TYPE_USER, $share->getNode(), -1, 0, [$incomingShare]],
|
||||||
|
['currentUser', \OCP\Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0, []]
|
||||||
|
]));
|
||||||
|
|
||||||
|
$this->shareManager->expects($this->never())->method('updateShare');
|
||||||
|
$this->shareManager->method('shareApiLinkAllowPublicUpload')->willReturn(true);
|
||||||
|
|
||||||
|
try {
|
||||||
|
$ocs->updateShare(42, null, null, 'true');
|
||||||
|
$this->fail();
|
||||||
|
} catch (OCSNotFoundException $e) {
|
||||||
|
$this->assertEquals('Cannot increase permissions', $e->getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public function testUpdateShareCanIncreasePermissionsIfOwner() {
|
public function testUpdateShareCanIncreasePermissionsIfOwner() {
|
||||||
$ocs = $this->mockFormatShare();
|
$ocs = $this->mockFormatShare();
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue