When the receiver of a group share modifies it (for example, by moving
it to a different folder) the original share is not modified, but a
"ghost" share that keeps track of the changes made by that specific user
is used instead.
By default, the method "getShareById" in the share provider returns the
share from the point of view of the sharer, but it can be used too to
get the share from the point of view of a sharee by providing the
"recipient" parameter (and if the sharee is not found then the share is
returned from the point of view of the sharer).
The "ShareAPIController" always formats the share from the point of view
of the current user, but when getting the information of a specific
share the "recipient" parameter was not given, so it was always returned
from the point of view of the sharer, even if the current user was a
sharee. Now the "recipient" parameter is set to the current user, and
thus the information of the share is returned from the point of view of
the current user, be it the sharer or a sharee.
Note that this special behaviour of "getShareById" happens only with
group shares; with other types of shares the share is the same for the
sharer and the sharee, and thus the parameter is ignored; it was added
for them too just for consistency.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Now this is in core so the basics (that 99% of the app will want to
use) looks always the same.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Sometimes when we force a session regeneration we want to update the
current token for this session.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#9028
For federated shares the share table holds no target information (since
it is on the other server). So when a node is actually invalid and not
found we should not display it anymore in the shared with sections etc
and thus throw the proper exceptions.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When a share is shared with a circle the "share_with" field returned by
the API endpoint was always set to the name of the circle. However, the
name is not enough to identify a circle. The Circles app now provides
the ID of the circle in the "shared with" field of a Share, so this
commit modifies the API endpoint to set the "share_with" field to the ID
of the circle when provided by the Circles app.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Some providers had issues when using the preview link (since it was
double encoded).
Now we actually serve the max size preview so it looks better
The image isn't cropped anymore so supporting platforms can just embed
the whole image.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When sharing a folder via Facebook, WhatsApp or any other platform that makes use of OpenGraph, the display title was "Nextcloud - a safe home for all your data" and the description was the actual name of the folder. This should not be the case, so the display title has been changed to display the folder name and the description now displays the former OpenGraph title.
Signed-off-by: Sascha Sambale <mastixmc@gmail.com>
Fixing whitespaces and empty line.
however it does not dedupe (appears too complex/expensive while we don't
havve the issue currently)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
The helper funtion did not handle the response correctly and basically
only returned the last share with tags.
This is a simple rewrite. That is still understandable. Loops maybe more
than strictly required. But preformance is not the issue here.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
If you set the permissions on a public share the SHARE permission makes
no sense. So instead of throwing a warning. Just filter out the share
permission.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
check if table was updated successfully and only then send a notification
mail and return "true".
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* currently there are two ways to access default values:
OCP\Defaults or OC_Defaults (which is extended by
OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
it hard to work on theme values
* this extended the public interface with the missing
methods and uses them everywhere to only rely on the
public interface
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Skip null groups in group manager (#26871)
* Skip null groups in group manager
* Also skip null groups in group manager's search function
* Add more group null checks in sharing code
* Add unit tests for null group safety in group manager
* Add unit tests for sharing code null group checks
* Added tests for null groups handling in sharing code
* Ignore moveShare optional repair in mount provider
In some cases, data is inconsistent in the oc_share table due to legacy
data. The mount provider might attempt to make it consistent but if the
target group does not exist any more it cannot work. In such case we
simply ignore the exception as it is not critical. Keeping the
exception would break user accounts as they would be unable to use
their filesystem.
* Adjust null group handing + tests
* Fix new group manager tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
The link in the image_src link (used for previews on Social Media such as Facebook) was still using the old route. This changes it to use the new route.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Fixes the following:
1. user0 shares folder with user1 (RO but with sharing permissions)
2. user1 shares by link
3. user1 send 'publicUpload=true' OCS request to the link share
before this increased the permissions of the link share. Which should
not happen.
now: API reponds with an error that the permissions can't be increased.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The web UI now uses for PUT uploads which aren't restricted by PHP's
upload_max_filesize and post_max_size
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
email address we only return the exact match. It is highly unlikely
that the exact same email address and federated cloud id exists
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
It was already a controller just still residing in its old location.
* Moved ShareAPIController to user plain userID instead of user object
* Moved Share20OCS to ShareAPIController
* Removed initisation of class from Application.php and leave it to the
AppFramework
* Fixed tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>