look for correct OCM permissions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle
parent
086e7a0aa2
commit
cdf8abb060
|
|
@ -33,6 +33,7 @@
|
|||
namespace OCA\DAV\Connector\Sabre;
|
||||
|
||||
use OC\AppFramework\Http\Request;
|
||||
use OCP\Constants;
|
||||
use OCP\Files\ForbiddenException;
|
||||
use OCP\IPreview;
|
||||
use Sabre\DAV\Exception\Forbidden;
|
||||
|
|
@ -57,6 +58,7 @@ class FilesPlugin extends ServerPlugin {
|
|||
const INTERNAL_FILEID_PROPERTYNAME = '{http://owncloud.org/ns}fileid';
|
||||
const PERMISSIONS_PROPERTYNAME = '{http://owncloud.org/ns}permissions';
|
||||
const SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-collaboration-services.org/ns}share-permissions';
|
||||
const OCM_SHARE_PERMISSIONS_PROPERTYNAME = '{http://open-cloud-mesh.org/ns}share-permissions';
|
||||
const DOWNLOADURL_PROPERTYNAME = '{http://owncloud.org/ns}downloadURL';
|
||||
const SIZE_PROPERTYNAME = '{http://owncloud.org/ns}size';
|
||||
const GETETAG_PROPERTYNAME = '{DAV:}getetag';
|
||||
|
|
@ -149,6 +151,7 @@ class FilesPlugin extends ServerPlugin {
|
|||
$server->protectedProperties[] = self::INTERNAL_FILEID_PROPERTYNAME;
|
||||
$server->protectedProperties[] = self::PERMISSIONS_PROPERTYNAME;
|
||||
$server->protectedProperties[] = self::SHARE_PERMISSIONS_PROPERTYNAME;
|
||||
$server->protectedProperties[] = self::OCM_SHARE_PERMISSIONS_PROPERTYNAME;
|
||||
$server->protectedProperties[] = self::SIZE_PROPERTYNAME;
|
||||
$server->protectedProperties[] = self::DOWNLOADURL_PROPERTYNAME;
|
||||
$server->protectedProperties[] = self::OWNER_ID_PROPERTYNAME;
|
||||
|
|
@ -318,6 +321,14 @@ class FilesPlugin extends ServerPlugin {
|
|||
);
|
||||
});
|
||||
|
||||
$propFind->handle(self::OCM_SHARE_PERMISSIONS_PROPERTYNAME, function() use ($node, $httpRequest) {
|
||||
$ncPermissions = $node->getSharePermissions(
|
||||
$httpRequest->getRawServerValue('PHP_AUTH_USER')
|
||||
);
|
||||
$ocmPermissions = $this->ncPermissions2ocmPermissions($ncPermissions);
|
||||
return json_encode($ocmPermissions);
|
||||
});
|
||||
|
||||
$propFind->handle(self::GETETAG_PROPERTYNAME, function() use ($node) {
|
||||
return $node->getETag();
|
||||
});
|
||||
|
|
@ -394,6 +405,33 @@ class FilesPlugin extends ServerPlugin {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* translate Nextcloud permissions to OCM Permissions
|
||||
*
|
||||
* @param $ncPermissions
|
||||
* @return array
|
||||
*/
|
||||
protected function ncPermissions2ocmPermissions($ncPermissions) {
|
||||
|
||||
$ocmPermissions = [];
|
||||
|
||||
if ($ncPermissions & Constants::PERMISSION_SHARE) {
|
||||
$ocmPermissions[] = 'share';
|
||||
}
|
||||
|
||||
if ($ncPermissions & Constants::PERMISSION_READ) {
|
||||
$ocmPermissions[] = 'read';
|
||||
}
|
||||
|
||||
if (($ncPermissions & Constants::PERMISSION_CREATE) ||
|
||||
($ncPermissions & Constants::PERMISSION_UPDATE)) {
|
||||
$ocmPermissions[] = 'write';
|
||||
}
|
||||
|
||||
return $ocmPermissions;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Update ownCloud-specific properties
|
||||
*
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ use OC\Files\Storage\DAV;
|
|||
use OC\ForbiddenException;
|
||||
use OCA\Files_Sharing\ISharedStorage;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\Constants;
|
||||
use OCP\Federation\ICloudId;
|
||||
use OCP\Files\NotFoundException;
|
||||
use OCP\Files\StorageInvalidException;
|
||||
|
|
@ -347,20 +348,20 @@ class Storage extends DAV implements ISharedStorage {
|
|||
if (\OCP\Util::isSharingDisabledForUser() || !\OC\Share\Share::isResharingAllowed()) {
|
||||
return false;
|
||||
}
|
||||
return ($this->getPermissions($path) & \OCP\Constants::PERMISSION_SHARE);
|
||||
return ($this->getPermissions($path) & Constants::PERMISSION_SHARE);
|
||||
}
|
||||
|
||||
public function getPermissions($path) {
|
||||
$response = $this->propfind($path);
|
||||
// old federated sharing permissions
|
||||
if (isset($response['{http://open-collaboration-services.org/ns}share-permissions'])) {
|
||||
$permissions = $response['{http://open-collaboration-services.org/ns}share-permissions'];
|
||||
} else if (isset($response['{http://open-cloud-mesh.org/ns}share-permissions'])) {
|
||||
// permissions provided by the OCM API
|
||||
$permissions = $this->ocmPermissions2ncPermissions($response['{http://open-collaboration-services.org/ns}share-permissions']);
|
||||
} else {
|
||||
// use default permission if remote server doesn't provide the share permissions
|
||||
if ($this->is_dir($path)) {
|
||||
$permissions = \OCP\Constants::PERMISSION_ALL;
|
||||
} else {
|
||||
$permissions = \OCP\Constants::PERMISSION_ALL & ~\OCP\Constants::PERMISSION_CREATE;
|
||||
}
|
||||
$permissions = $this->getDefaultPermissions($path);
|
||||
}
|
||||
|
||||
return $permissions;
|
||||
|
|
@ -369,4 +370,53 @@ class Storage extends DAV implements ISharedStorage {
|
|||
public function needsPartFile() {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* translate OCM Permissions to Nextcloud permissions
|
||||
*
|
||||
* @param string $ocmPermissions json encoded OCM permissions
|
||||
* @param string $path path to file
|
||||
* @return int
|
||||
*/
|
||||
protected function ocmPermissions2ncPermissions($ocmPermissions, $path) {
|
||||
try {
|
||||
$ocmPermissions = json_decode($ocmPermissions);
|
||||
$ncPermissions = 0;
|
||||
foreach($ocmPermissions as $permission) {
|
||||
switch (strtolower($permission)) {
|
||||
case 'read':
|
||||
$ncPermissions += Constants::PERMISSION_READ;
|
||||
break;
|
||||
case 'write':
|
||||
$ncPermissions += Constants::PERMISSION_CREATE + Constants::PERMISSION_UPDATE;
|
||||
break;
|
||||
case 'share':
|
||||
$ncPermissions += Constants::PERMISSION_SHARE;
|
||||
break;
|
||||
default:
|
||||
throw new \Exception();
|
||||
}
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
$ncPermissions = $this->getDefaultPermissions($path);
|
||||
}
|
||||
|
||||
return $ncPermissions;
|
||||
}
|
||||
|
||||
/**
|
||||
* calculate default permissions in case no permissions are provided
|
||||
*
|
||||
* @param $path
|
||||
* @return int
|
||||
*/
|
||||
protected function getDefaultPermissions($path) {
|
||||
if ($this->is_dir($path)) {
|
||||
$permissions = Constants::PERMISSION_ALL;
|
||||
} else {
|
||||
$permissions = Constants::PERMISSION_ALL & ~Constants::PERMISSION_CREATE;
|
||||
}
|
||||
|
||||
return $permissions;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ class CloudFederationShare implements ICloudFederationShare {
|
|||
'name' => 'webdav',
|
||||
'options' => [
|
||||
'sharedSecret' => $sharedSecret,
|
||||
'permissions' => '{http://open-collaboration-services.org/ns}share-permissions'
|
||||
'permissions' => '{http://open-cloud-mesh.org/ns}share-permissions'
|
||||
]
|
||||
]);
|
||||
$this->setShareType($shareType);
|
||||
|
|
|
|||
Loading…
Reference in New Issue