Fixes#10852
A quick hack. Still ensures some type safety however now also accepts
null. Else we'd need to add a whole new layer of middlewares.
This can only happen when a guest user wants to access a controller that
requries the user_id.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#11030
For https://github.com/orgs/nextcloud/projects/18
This template is now compiled so this no longer has to happen in the
browser. Another step towards a stricter CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
for instance if a user of an external user backend is not available
currently, the whole Files UI would be frozen.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Now that we actually check thepermissions properly we have to update the
tests.
* We checked an invalid path
* We checked from wrong permissions (files never have CREATE permissions
for example)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
isCreatable only works on folders
isUpdatable if the file is not there but it is a part file also has to
be checked on the folder
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
OCA.Sharing.SharedFileInfo was never defined and that stopped execution.
Interestingly, FF never showed me an error.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
The DeletedShareAPIController and ShareAPIController helpers for room
shares are defined in Talk, so the classes do not exist when Talk is not
installed. Due to this when the object returned by "getRoomShareHelper"
is used Phan complains that the class is not declared.
This is not a problem, though, because when the class is not available
"getRoomShareHelper" throws an exception, which is then caught where
that method was called. Therefore now those warnings from Phan are
suppressed (it would be better to use "@phan-suppress-next-line"
instead, but it is not yet available in our Phan version).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
A user can move her own shares into a received share. When that happens
she is effectively handing over the ownership of the file, so the share
needs to be updated to reflect the new owner.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The MountProvider for shares creates mount points for the files shared
with the user, which makes possible to use the received shared files and
folders as regular files and folders.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
In some cases, the DeletedShareAPIController requires explicit handling
of each type of share (for example, to format a share for a
DataResponse). Room shares are implemented in an external app (Nextcloud
Talk), so in order to keep the controller as isolated as possible from
room share specifics all that explicit handling is done in a helper
class provided by the Talk app.
In other cases it is just enough to call the share manager specifying a
room share type; note that the share manager is guarded against share
types for which there is no provider, so it is not necessary to
explicitly check that before passing room shares to the share manager.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
In some cases, the ShareAPIController requires explicit handling of each
type of share (for example, to format a share for a DataResponse). Room
shares are implemented in an external app (Nextcloud Talk), so in order
to keep the controller as isolated as possible from room share specifics
all that explicit handling is done in a helper class provided by the
Talk app.
In other cases it is just enough to call the share manager specifying a
room share type; note that the share manager is guarded against share
types for which there is no provider, so it is not necessary to
explicitly check that before passing room shares to the share manager.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Before the public share authentication page is rendered now an event to
load additional scripts is dispatched. Thanks to this any app can load
its own scripts that, when run on the browser, adjust as needed the page
generated by the server.
Note, however, that during the handling of the event apps are only able
to add scripts or styles to be loaded; they can not render arbitrary
content on the page, or change how the content is rendered by the
original template; all those changes have to be done by the scripts at
run-time.
This implies that the scripts of the apps can use only those parameters,
like the token of the share, added to the page when it is generated by
the "publicshareauth" template. Due to this, and given that the event is
being introduced to be used by Talk to inject the UI needed to request
the password for a share, the token of the share is now provided in the
generated page, just like done in the public share page.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>