From f5a816262c79d84c373d635fced8ca20cdd0d0ea Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <bjoern@schiessle.org>
Date: Fri, 29 Jun 2018 16:35:04 +0200
Subject: [PATCH] accept/decline group shares

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
---
 .../lib/ocm/CloudFederationProviderFiles.php  |   2 +
 .../files_sharing/lib/AppInfo/Application.php |   2 +
 apps/files_sharing/lib/External/Manager.php   | 107 +++++++++++++++---
 apps/files_sharing/lib/Hooks.php              |   2 +
 4 files changed, 98 insertions(+), 15 deletions(-)

diff --git a/apps/federatedfilesharing/lib/ocm/CloudFederationProviderFiles.php b/apps/federatedfilesharing/lib/ocm/CloudFederationProviderFiles.php
index 67866fa169..1f46c6b677 100644
--- a/apps/federatedfilesharing/lib/ocm/CloudFederationProviderFiles.php
+++ b/apps/federatedfilesharing/lib/ocm/CloudFederationProviderFiles.php
@@ -228,6 +228,8 @@ class CloudFederationProviderFiles implements ICloudFederationProvider {
 				\OC::$server->query(\OCP\OCS\IDiscoveryService::class),
 				\OC::$server->getCloudFederationProviderManager(),
 				\OC::$server->getCloudFederationFactory(),
+				\OC::$server->getGroupManager(),
+				\OC::$server->getUserManager(),
 				$shareWith
 			);
 
diff --git a/apps/files_sharing/lib/AppInfo/Application.php b/apps/files_sharing/lib/AppInfo/Application.php
index e6ab4eb2cf..a7d4755fbf 100644
--- a/apps/files_sharing/lib/AppInfo/Application.php
+++ b/apps/files_sharing/lib/AppInfo/Application.php
@@ -105,6 +105,8 @@ class Application extends App {
 				$server->query(\OCP\OCS\IDiscoveryService::class),
 				$server->getCloudFederationProviderManager(),
 				$server->getCloudFederationFactory(),
+				$server->getGroupManager(),
+				$server->getUserManager(),
 				$uid
 			);
 		});
diff --git a/apps/files_sharing/lib/External/Manager.php b/apps/files_sharing/lib/External/Manager.php
index 4875e7e26c..7b3e77771c 100644
--- a/apps/files_sharing/lib/External/Manager.php
+++ b/apps/files_sharing/lib/External/Manager.php
@@ -39,6 +39,8 @@ use OCP\Files;
 use OCP\Files\Storage\IStorageFactory;
 use OCP\Http\Client\IClientService;
 use OCP\IDBConnection;
+use OCP\IGroupManager;
+use OCP\IUserManager;
 use OCP\Notification\IManager;
 use OCP\OCS\IDiscoveryService;
 use OCP\Share;
@@ -87,6 +89,12 @@ class Manager {
 	/** @var ICloudFederationFactory */
 	private $cloudFederationFactory;
 
+	/** @var IGroupManager  */
+	private $groupManager;
+
+	/** @var IUserManager */
+	private $userManager;
+
 	/**
 	 * @param IDBConnection $connection
 	 * @param \OC\Files\Mount\Manager $mountManager
@@ -96,6 +104,8 @@ class Manager {
 	 * @param IDiscoveryService $discoveryService
 	 * @param ICloudFederationProviderManager $cloudFederationProviderManager
 	 * @param ICloudFederationFactory $cloudFederationFactory
+	 * @param IGroupManager $groupManager
+	 * @param IUserManager $userManager
 	 * @param string $uid
 	 */
 	public function __construct(IDBConnection $connection,
@@ -106,6 +116,8 @@ class Manager {
 								IDiscoveryService $discoveryService,
 								ICloudFederationProviderManager $cloudFederationProviderManager,
 								ICloudFederationFactory $cloudFederationFactory,
+								IGroupManager $groupManager,
+								IUserManager $userManager,
 								$uid) {
 		$this->connection = $connection;
 		$this->mountManager = $mountManager;
@@ -116,6 +128,8 @@ class Manager {
 		$this->discoveryService = $discoveryService;
 		$this->cloudFederationProviderManager = $cloudFederationProviderManager;
 		$this->cloudFederationFactory = $cloudFederationFactory;
+		$this->groupManager = $groupManager;
+		$this->userManager = $userManager;
 	}
 
 	/**
@@ -176,12 +190,7 @@ class Manager {
 		$mountPoint = Filesystem::normalizePath('/' . $mountPoint);
 		$hash = md5($mountPoint);
 
-		$query = $this->connection->prepare('
-				INSERT INTO `*PREFIX*share_external`
-					(`remote`, `share_token`, `password`, `name`, `owner`, `user`, `mountpoint`, `mountpoint_hash`, `accepted`, `remote_id`, `parent`, `share_type`)
-				VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-			');
-		$query->execute(array($remote, $token, $password, $name, $owner, $user, $mountPoint, $hash, $accepted, $remoteId, $parent, $shareType));
+		$this->writeShareToDb($remote, $token, $password, $name, $owner, $user, $mountPoint, $hash, $accepted, $remoteId, $parent, $shareType);
 
 		$options = array(
 			'remote'	=> $remote,
@@ -193,6 +202,32 @@ class Manager {
 		return $this->mountShare($options);
 	}
 
+	/**
+	 * write remote share to the database
+	 *
+	 * @param $remote
+	 * @param $token
+	 * @param $password
+	 * @param $name
+	 * @param $owner
+	 * @param $user
+	 * @param $mountPoint
+	 * @param $hash
+	 * @param $accepted
+	 * @param $remoteId
+	 * @param $parent
+	 * @param $shareType
+	 * @return bool
+	 */
+	private function writeShareToDb($remote, $token, $password, $name, $owner, $user, $mountPoint, $hash, $accepted, $remoteId, $parent, $shareType) {
+		$query = $this->connection->prepare('
+				INSERT INTO `*PREFIX*share_external`
+					(`remote`, `share_token`, `password`, `name`, `owner`, `user`, `mountpoint`, `mountpoint_hash`, `accepted`, `remote_id`, `parent`, `share_type`)
+				VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+			');
+		return $query->execute(array($remote, $token, $password, $name, $owner, $user, $mountPoint, $hash, $accepted, $remoteId, $parent, $shareType));
+	}
+
 	/**
 	 * get share
 	 *
@@ -201,12 +236,27 @@ class Manager {
 	 */
 	public function getShare($id) {
 		$getShare = $this->connection->prepare('
-			SELECT `id`, `remote`, `remote_id`, `share_token`, `name`, `owner`, `user`, `mountpoint`, `accepted`
+			SELECT `id`, `remote`, `remote_id`, `share_token`, `name`, `owner`, `user`, `mountpoint`, `accepted`, `parent`, `share_type`, `password`, `mountpoint_hash`
 			FROM  `*PREFIX*share_external`
-			WHERE `id` = ? AND `user` = ?');
-		$result = $getShare->execute(array($id, $this->uid));
+			WHERE `id` = ?');
+		$result = $getShare->execute(array($id));
+
+		$share = $result ? $getShare->fetch() : [];
+
+		$validShare = is_array($share) && isset($share['share_type']) && isset($share['user']);
+
+		// check if the user is allowed to access it
+		if ($validShare && (int)$share['share_type'] === Share::SHARE_TYPE_USER && $share['user'] === $this->uid) {
+			return $share;
+		} else if ($validShare && (int)$share['share_type'] === Share::SHARE_TYPE_GROUP) {
+			$user = $this->userManager->get($this->uid);
+			if ($this->groupManager->get($share['user'])->inGroup($user)) {
+				return $share;
+			}
+		}
+
+		return false;
 
-		return $result ? $getShare->fetch() : false;
 	}
 
 	/**
@@ -227,7 +277,7 @@ class Manager {
 			$mountPoint = Filesystem::normalizePath($mountPoint);
 			$hash = md5($mountPoint);
 
-			if($share['share_type'] === \OCP\Share::SHARE_TYPE_USER) {
+			if($share['share_type'] === Share::SHARE_TYPE_USER) {
 				$acceptShare = $this->connection->prepare('
 				UPDATE `*PREFIX*share_external`
 				SET `accepted` = ?,
@@ -236,6 +286,17 @@ class Manager {
 				WHERE `id` = ? AND `user` = ?');
 				$updated = $acceptShare->execute(array(1, $mountPoint, $hash, $id, $this->uid));
 			} else {
+				$result = $this->writeShareToDb(
+					$share['remote'],
+					$share['share_token'],
+					$share['password'],
+					$share['name'],
+					$share['owner'],
+					$this->uid,
+					$mountPoint, $hash, 1,
+					$share['remote_id'],
+					$id,
+					$share['share_type']);
 				// TODO group share, add additional row for the user who accepted it
 			}
 			if ($updated === true) {
@@ -260,18 +321,34 @@ class Manager {
 	public function declineShare($id) {
 
 		$share = $this->getShare($id);
+		$result = false;
 
-		if ($share) {
+		if ($share && (int)$share['share_type'] === Share::SHARE_TYPE_USER) {
 			$removeShare = $this->connection->prepare('
 				DELETE FROM `*PREFIX*share_external` WHERE `id` = ? AND `user` = ?');
 			$removeShare->execute(array($id, $this->uid));
 			$this->sendFeedbackToRemote($share['remote'], $share['share_token'], $share['remote_id'], 'decline');
 
 			$this->processNotification($id);
-			return true;
+			$result = true;
+		} else if ($share && (int)$share['share_type'] === Share::SHARE_TYPE_GROUP) {
+			$result = $this->writeShareToDb(
+				$share['remote'],
+				$share['share_token'],
+				$share['password'],
+				$share['name'],
+				$share['owner'],
+				$this->uid,
+				$share['mountpoint'],
+				$share['mountpoint_hash'],
+				0,
+				$share['remote_id'],
+				$id,
+				$share['share_type']);
+			$this->processNotification($id);
 		}
 
-		return false;
+		return $result;
 	}
 
 	/**
@@ -305,7 +382,7 @@ class Manager {
 		$federationEndpoints = $this->discoveryService->discover($remote, 'FEDERATED_SHARING');
 		$endpoint = isset($federationEndpoints['share']) ? $federationEndpoints['share'] : '/ocs/v2.php/cloud/shares';
 
-		$url = rtrim($remote, '/') . $endpoint . '/' . $remoteId . '/' . $feedback . '?format=' . \OCP\Share::RESPONSE_FORMAT;
+		$url = rtrim($remote, '/') . $endpoint . '/' . $remoteId . '/' . $feedback . '?format=' . Share::RESPONSE_FORMAT;
 		$fields = array('token' => $token);
 
 		$client = $this->clientService->newClient();
diff --git a/apps/files_sharing/lib/Hooks.php b/apps/files_sharing/lib/Hooks.php
index cd66fd7702..99e876eaaf 100644
--- a/apps/files_sharing/lib/Hooks.php
+++ b/apps/files_sharing/lib/Hooks.php
@@ -42,6 +42,8 @@ class Hooks {
 			\OC::$server->query(\OCP\OCS\IDiscoveryService::class),
 			\OC::$server->getCloudFederationProviderManager(),
 			\OC::$server->getCloudFederationFactory(),
+			\OC::$server->getGroupManager(),
+			\OC::$server->getUserManager(),
 			$params['uid']);
 
 		$manager->removeUserShares($params['uid']);