mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

share api: use default permission of no permission is given 

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2017-12-01 14:49:35 +01:00 committed by Roeland Jago Douma
parent 7741429229
commit ebb15283a6
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 35 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
apps/files_sharing/lib/Controller/ShareAPIController.php
View File

@ -35,8 +35,10 @@ use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\Constants;
use OCP\Files\Node;
use OCP\Files\NotFoundException;
use OCP\IConfig;
use OCP\IGroupManager;
use OCP\IL10N;
use OCP\IUserManager;
@ -75,6 +77,8 @@ class ShareAPIController extends OCSController {
private $l;
/** @var \OCP\Files\Node */
private $lockedNode;
/** @var IConfig */
private $config;
/**
* Share20OCS constructor.
@ -88,6 +92,7 @@ class ShareAPIController extends OCSController {
* @param IURLGenerator $urlGenerator
* @param string $userId
* @param IL10N $l10n
* @param IConfig $config
*/
public function __construct(
$appName,
@ -98,7 +103,8 @@ class ShareAPIController extends OCSController {
IRootFolder $rootFolder,
IURLGenerator $urlGenerator,
$userId,
IL10N $l10n
IL10N $l10n,
IConfig $config
) {
parent::__construct($appName, $request);
@ -110,6 +116,7 @@ class ShareAPIController extends OCSController {
$this->urlGenerator = $urlGenerator;
$this->currentUser = $userId;
$this->l = $l10n;
$this->config = $config;
}
/**
@ -318,7 +325,7 @@ class ShareAPIController extends OCSController {
*/
public function createShare(
$path = null,
$permissions = \OCP\Constants::PERMISSION_ALL,
$permissions = null,
$shareType = -1,
$shareWith = null,
$publicUpload = 'false',
@ -327,6 +334,10 @@ class ShareAPIController extends OCSController {
) {
$share = $this->shareManager->newShare();
if ($permissions === null) {
$permissions = $this->config->getAppValue('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL);
}
// Verify path
if ($path === null) {
throw new OCSNotFoundException($this->l->t('Please specify a file or folder path'));
@ -347,17 +358,17 @@ class ShareAPIController extends OCSController {
throw new OCSNotFoundException($this->l->t('Could not create share'));
}
if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) {
if ($permissions < 0 || $permissions > Constants::PERMISSION_ALL) {
throw new OCSNotFoundException($this->l->t('invalid permissions'));
}
// Shares always require read permissions
$permissions |= \OCP\Constants::PERMISSION_READ;
$permissions |= Constants::PERMISSION_READ;
if ($path instanceof \OCP\Files\File) {
// Single file shares should never have delete or create permissions
$permissions &= ~\OCP\Constants::PERMISSION_DELETE;
$permissions &= ~\OCP\Constants::PERMISSION_CREATE;
$permissions &= ~Constants::PERMISSION_DELETE;
$permissions &= ~Constants::PERMISSION_CREATE;
}
/*
@ -414,13 +425,13 @@ class ShareAPIController extends OCSController {
}
$share->setPermissions(
\OCP\Constants::PERMISSION_READ |
\OCP\Constants::PERMISSION_CREATE |
\OCP\Constants::PERMISSION_UPDATE |
\OCP\Constants::PERMISSION_DELETE
Constants::PERMISSION_READ |
Constants::PERMISSION_CREATE |
Constants::PERMISSION_UPDATE |
Constants::PERMISSION_DELETE
);
} else {
$share->setPermissions(\OCP\Constants::PERMISSION_READ);
$share->setPermissions(Constants::PERMISSION_READ);
}
// Set password
@ -447,13 +458,9 @@ class ShareAPIController extends OCSController {
$share->setPermissions($permissions);
} else if ($shareType === \OCP\Share::SHARE_TYPE_EMAIL) {
if ($share->getNodeType() === 'file') {
$share->setPermissions(\OCP\Constants::PERMISSION_READ);
$share->setPermissions(Constants::PERMISSION_READ);
} else {
$share->setPermissions(
\OCP\Constants::PERMISSION_READ |
\OCP\Constants::PERMISSION_CREATE |
\OCP\Constants::PERMISSION_UPDATE |
\OCP\Constants::PERMISSION_DELETE);
$share->setPermissions($permissions);
}
$share->setSharedWith($shareWith);
} else if ($shareType === \OCP\Share::SHARE_TYPE_CIRCLE) {
@ -698,23 +705,23 @@ class ShareAPIController extends OCSController {
$newPermissions = null;
if ($publicUpload === 'true') {
$newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE;
$newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
} else if ($publicUpload === 'false') {
$newPermissions = \OCP\Constants::PERMISSION_READ;
$newPermissions = Constants::PERMISSION_READ;
}
if ($permissions !== null) {
$newPermissions = (int)$permissions;
$newPermissions = $newPermissions & ~\OCP\Constants::PERMISSION_SHARE;
$newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE;
}
if ($newPermissions !== null &&
!in_array($newPermissions, [
\OCP\Constants::PERMISSION_READ,
\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE, // legacy
\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE, // correct
\OCP\Constants::PERMISSION_CREATE, // hidden file list
\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE, // allow to edit single files
Constants::PERMISSION_READ,
Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE, // legacy
Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE, // correct
Constants::PERMISSION_CREATE, // hidden file list
Constants::PERMISSION_READ | Constants::PERMISSION_UPDATE, // allow to edit single files
])
) {
throw new OCSBadRequestException($this->l->t('Can\'t change permissions for public share links'));
@ -722,9 +729,9 @@ class ShareAPIController extends OCSController {
if (
// legacy
$newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) ||
$newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE) ||
// correct
$newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE)
$newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE)
) {
if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
@ -735,7 +742,7 @@ class ShareAPIController extends OCSController {
}
// normalize to correct public upload permissions
$newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE;
$newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
}
if ($newPermissions !== null) {