Commit Graph

72 Commits

Author SHA1 Message Date
Daniel Calviño Sánchez 0599536c82 Remove unneeded calls to "ShareManager::shareProviderExists()"
"ShareManager::getSharesBy()" already checks if the share provider
exists before returning the shares and, if the provider does not exist,
it returns an empty array. Therefore it is not needed to explicitly
check if the provider exists or not.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-10-25 21:39:49 +02:00
John Molakvoæ (skjnldsv) ff895abac0
Fix shares read permissions
A user with reshare permissions on a file is now able to get any share
of that file (just like the owner).

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 21:40:30 +02:00
John Molakvoæ (skjnldsv) b1069b29fa
Add checks for whether a user with access to a share can delete it
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 19:25:11 +02:00
John Molakvoæ (skjnldsv) f02cff1304
Extract check for whether a user with access to a share can edit it
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 19:25:11 +02:00
John Molakvoæ (skjnldsv) c49469c4d8
Prevent non owners to update others link shares
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 08:19:07 +02:00
John Molakvoæ (skjnldsv) c8d50538b8
Use same settings for mail share as link shares
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 08:19:07 +02:00
Joas Schilling 858b18e34a
Bye Spreed namespace, hello Talk!
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-05 15:32:58 +02:00
Joas Schilling 85a80b05ac
Unify the permission checking in one place only
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-03 16:34:00 +02:00
Joas Schilling 7aa26b28a8
Correctly check share permissions when updating a re-sub-share
Before this change the node you shared was checked for permissions.
This works when you reshare the folder that was shared with you.
However when you reshared a subfolder (e.g. as public link),
you could afterwards update the permissions and grant
create+update permissions although the share you receive was read-only.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-06-27 15:27:30 +02:00
Maxence Lange 749fdab3b0 do not returns shared_with === currentUser
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-04-01 11:17:05 -01:00
Maxence Lange 0166990f01 fixing share format
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-03-31 10:40:14 -01:00
Maxence Lange efbadf0cf2 issue during last push
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-03-31 10:40:14 -01:00
Maxence Lange 44c1feb938 returns reshares in API
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-03-31 10:40:14 -01:00
Joas Schilling ee545d6840
Fix typo in "incoming"
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-12-05 11:27:38 +01:00
Roeland Jago Douma a343a60a68
Handle permission in update of share better
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-20 09:42:01 +01:00
Daniel Calviño Sánchez b2cc2d6023 Add "password" parameter to the response data of link shares
Due to legacy reasons the password of link shares was returned in the
"share_with" and "share_with_displayname" parameters of the response
data. Now a proper "password" parameter is returned too; the old
"share_with" and "share_with_displayname" parameters are kept, although
deprecated, and they will be removed in a future version of Nextcloud.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-11-06 23:48:28 +01:00
Roeland Jago Douma 72b7c9ffa0
Merge pull request #12105 from nextcloud/using-resharing-right-to-display-shares
Shares are displayed to users with resharing rights
2018-11-04 21:08:11 +01:00
Maxence Lange 0fc8a0f58e
user can have his resharing rights revoked, yet seeing created shares
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:10:49 +01:00
Maxence Lange 236a293f6a
check parents resharing rights
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:10:48 +01:00
Maxence Lange 275cea5d9c
limit to circles moderator
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:09:28 +01:00
Maxence Lange 72ad2d60b5
display shares to circles moderator
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:09:28 +01:00
Maxence Lange 68c44bb642
shares are displayed to users with resharing rights
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:09:26 +01:00
Daniel Calviño Sánchez adf80aa8b3 Add sending the password by Talk for a link share to ShareAPIController
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-11-02 01:57:48 +01:00
Bjoern Schiessle 5e90711600 allow to update lables for public link shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-01 02:18:55 +01:00
Bjoern Schiessle f377a61f90 allow to add labels to shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-01 02:15:07 +01:00
Bjoern Schiessle d0411b2369
allow to create multiple link shares via share api
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-31 06:55:52 +01:00
Roeland Jago Douma abbb946bbb Propegate hide download state in share provider
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-30 15:18:55 +01:00
Joas Schilling ea21aa3f7a
Use numeric placeholders if there are multiple, so that RTL languages can operate better
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 14:32:14 +02:00
Roeland Jago Douma 13b1cd5cb8
Allow userId to be null
Fixes #10852

A quick hack. Still ensures some type safety however now also accepts
null. Else we'd need to add a whole new layer of middlewares.

This can only happen when a guest user wants to access a controller that
requries the user_id.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-04 13:04:58 +02:00
Daniel Calviño Sánchez e2e6f23b67 Suppress Phan warnings about calling undeclared class methods
The DeletedShareAPIController and ShareAPIController helpers for room
shares are defined in Talk, so the classes do not exist when Talk is not
installed. Due to this when the object returned by "getRoomShareHelper"
is used Phan complains that the class is not declared.

This is not a problem, though, because when the class is not available
"getRoomShareHelper" throws an exception, which is then caught where
that method was called. Therefore now those warnings from Phan are
suppressed (it would be better to use "@phan-suppress-next-line"
instead, but it is not yet available in our Phan version).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-08-08 14:25:44 +02:00
Daniel Calviño Sánchez 4ed7131e26 Add support for room shares to ShareAPIController
In some cases, the ShareAPIController requires explicit handling of each
type of share (for example, to format a share for a DataResponse). Room
shares are implemented in an external app (Nextcloud Talk), so in order
to keep the controller as isolated as possible from room share specifics
all that explicit handling is done in a helper class provided by the
Talk app.

In other cases it is just enough to call the share manager specifying a
room share type; note that the share manager is guarded against share
types for which there is no provider, so it is not necessary to
explicitly check that before passing room shares to the share manager.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-08-08 14:25:43 +02:00
Daniel Calviño Sánchez 7849630cef Add support for sending the password by Talk to ShareAPIController
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-07-24 14:04:17 +02:00
Bjoern Schiessle 72d2455577
return the as well note if we fetch a share
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-07-21 15:02:19 +02:00
Bjoern Schiessle a93f2a648b
allow to add a personal note to a share
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-07-21 15:02:18 +02:00
Morris Jobke 82021b2b1b
Merge pull request #5280 from nextcloud/shared-with-display-name
sharedWithDisplayName & sharedWithAvatar
2018-07-13 17:29:57 +02:00
Daniel Calviño Sánchez 243df99fcf Fix formatting of email and circle shares
Due to a misplaced "||" instead of "===" the condition was always met,
so every share type in the conditional chain after the remote and remote
group shares was formatted as a remote/remote group share.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-07-12 21:24:55 +02:00
Bjoern Schiessle b23032e4c5
implement federated group shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-07-11 10:11:44 +02:00
John Molakvoæ (skjnldsv) 3b835d8076
Js magic for deleted shares
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-05 12:43:57 +02:00
Daniel Calviño Sánchez 6cb2cb33ac Fix getting the information of group share as a sharee
When the receiver of a group share modifies it (for example, by moving
it to a different folder) the original share is not modified, but a
"ghost" share that keeps track of the changes made by that specific user
is used instead.

By default, the method "getShareById" in the share provider returns the
share from the point of view of the sharer, but it can be used too to
get the share from the point of view of a sharee by providing the
"recipient" parameter (and if the sharee is not found then the share is
returned from the point of view of the sharer).

The "ShareAPIController" always formats the share from the point of view
of the current user, but when getting the information of a specific
share the "recipient" parameter was not given, so it was always returned
from the point of view of the sharer, even if the current user was a
sharee. Now the "recipient" parameter is set to the current user, and
thus the information of the share is returned from the point of view of
the current user, be it the sharer or a sharee.

Note that this special behaviour of "getShareById" happens only with
group shares; with other types of shares the share is the same for the
sharer and the sharee, and thus the parameter is ignored; it was added
for them too just for consistency.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-06-29 08:20:19 +02:00
Maxence Lange 0009adae80 SharedWithDisplayName + SharedWithAvatar
Signed-off-by: Maxence Lange <maxence@nextcloud.com>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-05-21 01:24:45 +02:00
Roeland Jago Douma 4d5a2cce8d
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-24 08:07:25 +02:00
Roeland Jago Douma 3b34a77c58
Make the ShareAPIController strict
Fixes #9279

With types we can force php to not cast a full nummeric user to an int.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-23 20:31:57 +02:00
Roeland Jago Douma d6cda3f2a6
When formatting a share node an Empty target is invalid
Fixes #9028

For federated shares the share table holds no target information (since
it is on the other server). So when a node is actually invalid and not
found we should not display it anymore in the shared with sections etc
and thus throw the proper exceptions.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-04 11:33:05 +02:00
Daniel Calviño Sánchez 2c073dc53d Set "share_with" field to the ID of the circle
When a share is shared with a circle the "share_with" field returned by
the API endpoint was always set to the name of the circle. However, the
name is not enough to identify a circle. The Circles app now provides
the ID of the circle in the "shared with" field of a Share, so this
commit modifies the API endpoint to set the "share_with" field to the ID
of the circle when provided by the Circles app.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-16 04:58:00 +01:00
Bjoern Schiessle ebb15283a6
share api: use default permission of no permission is given
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-02-27 12:29:25 +01:00
Morris Jobke 2a38605545
Properly log the full exception instead of only the message
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-23 10:57:21 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
blizzz 2060ff591b Merge pull request #6120 from nextcloud/public_upload_share_api_fix
Public upload share permission handling
2017-09-04 12:43:02 +02:00
Roeland Jago Douma eea7de4c9f
Correctly format OCS response with favorites
The helper funtion did not handle the response correctly and basically
only returned the last share with tags.

This is a simple rewrite. That is still understandable. Loops maybe more
than strictly required. But preformance is not the issue here.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-29 12:03:13 +02:00
Roeland Jago Douma 82791b7b06
Public upload share permission handling
If you set the permissions on a public share the SHARE permission makes
no sense. So instead of throwing a warning. Just filter out the share
permission.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-16 21:17:26 +02:00