look for correct OCM permissions

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2018-06-25 11:14:26 +02:00
parent 086e7a0aa2
commit cdf8abb060
No known key found for this signature in database
GPG Key ID: 2378A753E2BF04F6
3 changed files with 95 additions and 7 deletions

View File

@ -33,6 +33,7 @@
namespace OCA\DAV\Connector\Sabre; namespace OCA\DAV\Connector\Sabre;
use OC\AppFramework\Http\Request; use OC\AppFramework\Http\Request;
use OCP\Constants;
use OCP\Files\ForbiddenException; use OCP\Files\ForbiddenException;
use OCP\IPreview; use OCP\IPreview;
use Sabre\DAV\Exception\Forbidden; use Sabre\DAV\Exception\Forbidden;
@ -57,6 +58,7 @@ class FilesPlugin extends ServerPlugin {
const INTERNAL_FILEID_PROPERTYNAME = '{http://owncloud.org/ns}fileid'; const INTERNAL_FILEID_PROPERTYNAME = '{http://owncloud.org/ns}fileid';
const PERMISSIONS_PROPERTYNAME = '{http://owncloud.org/ns}permissions'; const PERMISSIONS_PROPERTYNAME = '{http://owncloud.org/ns}permissions';
const SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-collaboration-services.org/ns}share-permissions'; const SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-collaboration-services.org/ns}share-permissions';
const OCM_SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-cloud-mesh.org/ns}share-permissions';
const DOWNLOADURL_PROPERTYNAME = '{http://owncloud.org/ns}downloadURL'; const DOWNLOADURL_PROPERTYNAME = '{http://owncloud.org/ns}downloadURL';
const SIZE_PROPERTYNAME = '{http://owncloud.org/ns}size'; const SIZE_PROPERTYNAME = '{http://owncloud.org/ns}size';
const GETETAG_PROPERTYNAME = '{DAV:}getetag'; const GETETAG_PROPERTYNAME = '{DAV:}getetag';
@ -149,6 +151,7 @@ class FilesPlugin extends ServerPlugin {
$server->protectedProperties[] = self::INTERNAL_FILEID_PROPERTYNAME; $server->protectedProperties[] = self::INTERNAL_FILEID_PROPERTYNAME;
$server->protectedProperties[] = self::PERMISSIONS_PROPERTYNAME; $server->protectedProperties[] = self::PERMISSIONS_PROPERTYNAME;
$server->protectedProperties[] = self::SHARE_PERMISSIONS_PROPERTYNAME; $server->protectedProperties[] = self::SHARE_PERMISSIONS_PROPERTYNAME;
$server->protectedProperties[] = self::OCM_SHARE_PERMISSIONS_PROPERTYNAME;
$server->protectedProperties[] = self::SIZE_PROPERTYNAME; $server->protectedProperties[] = self::SIZE_PROPERTYNAME;
$server->protectedProperties[] = self::DOWNLOADURL_PROPERTYNAME; $server->protectedProperties[] = self::DOWNLOADURL_PROPERTYNAME;
$server->protectedProperties[] = self::OWNER_ID_PROPERTYNAME; $server->protectedProperties[] = self::OWNER_ID_PROPERTYNAME;
@ -318,6 +321,14 @@ class FilesPlugin extends ServerPlugin {
); );
}); });
$propFind->handle(self::OCM_SHARE_PERMISSIONS_PROPERTYNAME, function() use ($node, $httpRequest) {
$ncPermissions = $node->getSharePermissions(
$httpRequest->getRawServerValue('PHP_AUTH_USER')
);
$ocmPermissions = $this->ncPermissions2ocmPermissions($ncPermissions);
return json_encode($ocmPermissions);
});
$propFind->handle(self::GETETAG_PROPERTYNAME, function() use ($node) { $propFind->handle(self::GETETAG_PROPERTYNAME, function() use ($node) {
return $node->getETag(); return $node->getETag();
}); });
@ -394,6 +405,33 @@ class FilesPlugin extends ServerPlugin {
} }
} }
/**
* translate Nextcloud permissions to OCM Permissions
*
* @param $ncPermissions
* @return array
*/
protected function ncPermissions2ocmPermissions($ncPermissions) {
$ocmPermissions = [];
if ($ncPermissions & Constants::PERMISSION_SHARE) {
$ocmPermissions[] = 'share';
}
if ($ncPermissions & Constants::PERMISSION_READ) {
$ocmPermissions[] = 'read';
}
if (($ncPermissions & Constants::PERMISSION_CREATE) ||
($ncPermissions & Constants::PERMISSION_UPDATE)) {
$ocmPermissions[] = 'write';
}
return $ocmPermissions;
}
/** /**
* Update ownCloud-specific properties * Update ownCloud-specific properties
* *

View File

@ -36,6 +36,7 @@ use OC\Files\Storage\DAV;
use OC\ForbiddenException; use OC\ForbiddenException;
use OCA\Files_Sharing\ISharedStorage; use OCA\Files_Sharing\ISharedStorage;
use OCP\AppFramework\Http; use OCP\AppFramework\Http;
use OCP\Constants;
use OCP\Federation\ICloudId; use OCP\Federation\ICloudId;
use OCP\Files\NotFoundException; use OCP\Files\NotFoundException;
use OCP\Files\StorageInvalidException; use OCP\Files\StorageInvalidException;
@ -347,20 +348,20 @@ class Storage extends DAV implements ISharedStorage {
if (\OCP\Util::isSharingDisabledForUser() || !\OC\Share\Share::isResharingAllowed()) { if (\OCP\Util::isSharingDisabledForUser() || !\OC\Share\Share::isResharingAllowed()) {
return false; return false;
} }
return ($this->getPermissions($path) & \OCP\Constants::PERMISSION_SHARE); return ($this->getPermissions($path) & Constants::PERMISSION_SHARE);
} }
public function getPermissions($path) { public function getPermissions($path) {
$response = $this->propfind($path); $response = $this->propfind($path);
// old federated sharing permissions
if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) { if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) {
$permissions = $response['{http://open-collaboration-services.org/ns}share-permissions']; $permissions = $response['{http://open-collaboration-services.org/ns}share-permissions'];
} else if (isset($response['{http://open-cloud-mesh.org/ns}share-permissions'])) {
// permissions provided by the OCM API
$permissions = $this->ocmPermissions2ncPermissions($response['{http://open-collaboration-services.org/ns}share-permissions']);
} else { } else {
// use default permission if remote server doesn't provide the share permissions // use default permission if remote server doesn't provide the share permissions
if ($this->is_dir($path)) { $permissions = $this->getDefaultPermissions($path);
$permissions = \OCP\Constants::PERMISSION_ALL;
} else {
$permissions = \OCP\Constants::PERMISSION_ALL & ~\OCP\Constants::PERMISSION_CREATE;
}
} }
return $permissions; return $permissions;
@ -369,4 +370,53 @@ class Storage extends DAV implements ISharedStorage {
public function needsPartFile() { public function needsPartFile() {
return false; return false;
} }
/**
* translate OCM Permissions to Nextcloud permissions
*
* @param string $ocmPermissions json encoded OCM permissions
* @param string $path path to file
* @return int
*/
protected function ocmPermissions2ncPermissions($ocmPermissions, $path) {
try {
$ocmPermissions = json_decode($ocmPermissions);
$ncPermissions = 0;
foreach($ocmPermissions as $permission) {
switch (strtolower($permission)) {
case 'read':
$ncPermissions += Constants::PERMISSION_READ;
break;
case 'write':
$ncPermissions += Constants::PERMISSION_CREATE + Constants::PERMISSION_UPDATE;
break;
case 'share':
$ncPermissions += Constants::PERMISSION_SHARE;
break;
default:
throw new \Exception();
}
}
} catch (\Exception $e) {
$ncPermissions = $this->getDefaultPermissions($path);
}
return $ncPermissions;
}
/**
* calculate default permissions in case no permissions are provided
*
* @param $path
* @return int
*/
protected function getDefaultPermissions($path) {
if ($this->is_dir($path)) {
$permissions = Constants::PERMISSION_ALL;
} else {
$permissions = Constants::PERMISSION_ALL & ~Constants::PERMISSION_CREATE;
}
return $permissions;
}
} }

View File

@ -78,7 +78,7 @@ class CloudFederationShare implements ICloudFederationShare {
'name' => 'webdav', 'name' => 'webdav',
'options' => [ 'options' => [
'sharedSecret' => $sharedSecret, 'sharedSecret' => $sharedSecret,
'permissions' => '{http://open-collaboration-services.org/ns}share-permissions' 'permissions' => '{http://open-cloud-mesh.org/ns}share-permissions'
] ]
]); ]);
$this->setShareType($shareType); $this->setShareType($shareType);