share api: use default permission of no permission is given

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
Bjoern Schiessle 2017-12-01 14:49:35 +01:00 committed by Roeland Jago Douma
parent 7741429229
commit ebb15283a6
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 35 additions and 28 deletions

View File

@ -35,8 +35,10 @@ use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController; use OCP\AppFramework\OCSController;
use OCP\Constants;
use OCP\Files\Node; use OCP\Files\Node;
use OCP\Files\NotFoundException; use OCP\Files\NotFoundException;
use OCP\IConfig;
use OCP\IGroupManager; use OCP\IGroupManager;
use OCP\IL10N; use OCP\IL10N;
use OCP\IUserManager; use OCP\IUserManager;
@ -75,6 +77,8 @@ class ShareAPIController extends OCSController {
private $l; private $l;
/** @var \OCP\Files\Node */ /** @var \OCP\Files\Node */
private $lockedNode; private $lockedNode;
/** @var IConfig */
private $config;
/** /**
* Share20OCS constructor. * Share20OCS constructor.
@ -88,6 +92,7 @@ class ShareAPIController extends OCSController {
* @param IURLGenerator $urlGenerator * @param IURLGenerator $urlGenerator
* @param string $userId * @param string $userId
* @param IL10N $l10n * @param IL10N $l10n
* @param IConfig $config
*/ */
public function __construct( public function __construct(
$appName, $appName,
@ -98,7 +103,8 @@ class ShareAPIController extends OCSController {
IRootFolder $rootFolder, IRootFolder $rootFolder,
IURLGenerator $urlGenerator, IURLGenerator $urlGenerator,
$userId, $userId,
IL10N $l10n IL10N $l10n,
IConfig $config
) { ) {
parent::__construct($appName, $request); parent::__construct($appName, $request);
@ -110,6 +116,7 @@ class ShareAPIController extends OCSController {
$this->urlGenerator = $urlGenerator; $this->urlGenerator = $urlGenerator;
$this->currentUser = $userId; $this->currentUser = $userId;
$this->l = $l10n; $this->l = $l10n;
$this->config = $config;
} }
/** /**
@ -318,7 +325,7 @@ class ShareAPIController extends OCSController {
*/ */
public function createShare( public function createShare(
$path = null, $path = null,
$permissions = \OCP\Constants::PERMISSION_ALL, $permissions = null,
$shareType = -1, $shareType = -1,
$shareWith = null, $shareWith = null,
$publicUpload = 'false', $publicUpload = 'false',
@ -327,6 +334,10 @@ class ShareAPIController extends OCSController {
) { ) {
$share = $this->shareManager->newShare(); $share = $this->shareManager->newShare();
if ($permissions === null) {
$permissions = $this->config->getAppValue('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL);
}
// Verify path // Verify path
if ($path === null) { if ($path === null) {
throw new OCSNotFoundException($this->l->t('Please specify a file or folder path')); throw new OCSNotFoundException($this->l->t('Please specify a file or folder path'));
@ -347,17 +358,17 @@ class ShareAPIController extends OCSController {
throw new OCSNotFoundException($this->l->t('Could not create share')); throw new OCSNotFoundException($this->l->t('Could not create share'));
} }
if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) { if ($permissions < 0 || $permissions > Constants::PERMISSION_ALL) {
throw new OCSNotFoundException($this->l->t('invalid permissions')); throw new OCSNotFoundException($this->l->t('invalid permissions'));
} }
// Shares always require read permissions // Shares always require read permissions
$permissions |= \OCP\Constants::PERMISSION_READ; $permissions |= Constants::PERMISSION_READ;
if ($path instanceof \OCP\Files\File) { if ($path instanceof \OCP\Files\File) {
// Single file shares should never have delete or create permissions // Single file shares should never have delete or create permissions
$permissions &= ~\OCP\Constants::PERMISSION_DELETE; $permissions &= ~Constants::PERMISSION_DELETE;
$permissions &= ~\OCP\Constants::PERMISSION_CREATE; $permissions &= ~Constants::PERMISSION_CREATE;
} }
/* /*
@ -414,13 +425,13 @@ class ShareAPIController extends OCSController {
} }
$share->setPermissions( $share->setPermissions(
\OCP\Constants::PERMISSION_READ | Constants::PERMISSION_READ |
\OCP\Constants::PERMISSION_CREATE | Constants::PERMISSION_CREATE |
\OCP\Constants::PERMISSION_UPDATE | Constants::PERMISSION_UPDATE |
\OCP\Constants::PERMISSION_DELETE Constants::PERMISSION_DELETE
); );
} else { } else {
$share->setPermissions(\OCP\Constants::PERMISSION_READ); $share->setPermissions(Constants::PERMISSION_READ);
} }
// Set password // Set password
@ -447,13 +458,9 @@ class ShareAPIController extends OCSController {
$share->setPermissions($permissions); $share->setPermissions($permissions);
} else if ($shareType === \OCP\Share::SHARE_TYPE_EMAIL) { } else if ($shareType === \OCP\Share::SHARE_TYPE_EMAIL) {
if ($share->getNodeType() === 'file') { if ($share->getNodeType() === 'file') {
$share->setPermissions(\OCP\Constants::PERMISSION_READ); $share->setPermissions(Constants::PERMISSION_READ);
} else { } else {
$share->setPermissions( $share->setPermissions($permissions);
\OCP\Constants::PERMISSION_READ |
\OCP\Constants::PERMISSION_CREATE |
\OCP\Constants::PERMISSION_UPDATE |
\OCP\Constants::PERMISSION_DELETE);
} }
$share->setSharedWith($shareWith); $share->setSharedWith($shareWith);
} else if ($shareType === \OCP\Share::SHARE_TYPE_CIRCLE) { } else if ($shareType === \OCP\Share::SHARE_TYPE_CIRCLE) {
@ -698,23 +705,23 @@ class ShareAPIController extends OCSController {
$newPermissions = null; $newPermissions = null;
if ($publicUpload === 'true') { if ($publicUpload === 'true') {
$newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE; $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
} else if ($publicUpload === 'false') { } else if ($publicUpload === 'false') {
$newPermissions = \OCP\Constants::PERMISSION_READ; $newPermissions = Constants::PERMISSION_READ;
} }
if ($permissions !== null) { if ($permissions !== null) {
$newPermissions = (int)$permissions; $newPermissions = (int)$permissions;
$newPermissions = $newPermissions & ~\OCP\Constants::PERMISSION_SHARE; $newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE;
} }
if ($newPermissions !== null && if ($newPermissions !== null &&
!in_array($newPermissions, [ !in_array($newPermissions, [
\OCP\Constants::PERMISSION_READ, Constants::PERMISSION_READ,
\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE, // legacy Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE, // legacy
\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE, // correct Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE, // correct
\OCP\Constants::PERMISSION_CREATE, // hidden file list Constants::PERMISSION_CREATE, // hidden file list
\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE, // allow to edit single files Constants::PERMISSION_READ | Constants::PERMISSION_UPDATE, // allow to edit single files
]) ])
) { ) {
throw new OCSBadRequestException($this->l->t('Can\'t change permissions for public share links')); throw new OCSBadRequestException($this->l->t('Can\'t change permissions for public share links'));
@ -722,9 +729,9 @@ class ShareAPIController extends OCSController {
if ( if (
// legacy // legacy
$newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) || $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE) ||
// correct // correct
$newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE) $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE)
) { ) {
if (!$this->shareManager->shareApiLinkAllowPublicUpload()) { if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator')); throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
@ -735,7 +742,7 @@ class ShareAPIController extends OCSController {
} }
// normalize to correct public upload permissions // normalize to correct public upload permissions
$newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE; $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
} }
if ($newPermissions !== null) { if ($newPermissions !== null) {