Commit Graph

121 Commits

Author SHA1 Message Date
John Molakvoæ (skjnldsv) ff895abac0
Fix shares read permissions
A user with reshare permissions on a file is now able to get any share
of that file (just like the owner).

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 21:40:30 +02:00
John Molakvoæ (skjnldsv) b1069b29fa
Add checks for whether a user with access to a share can delete it
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 19:25:11 +02:00
John Molakvoæ (skjnldsv) f02cff1304
Extract check for whether a user with access to a share can edit it
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 19:25:11 +02:00
John Molakvoæ (skjnldsv) c49469c4d8
Prevent non owners to update others link shares
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 08:19:07 +02:00
John Molakvoæ (skjnldsv) c8d50538b8
Use same settings for mail share as link shares
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-04 08:19:07 +02:00
Joas Schilling 858b18e34a
Bye Spreed namespace, hello Talk!
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-09-05 15:32:58 +02:00
Joas Schilling 85a80b05ac
Unify the permission checking in one place only
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-03 16:34:00 +02:00
Joas Schilling 7aa26b28a8
Correctly check share permissions when updating a re-sub-share
Before this change the node you shared was checked for permissions.
This works when you reshare the folder that was shared with you.
However when you reshared a subfolder (e.g. as public link),
you could afterwards update the permissions and grant
create+update permissions although the share you receive was read-only.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-06-27 15:27:30 +02:00
Maxence Lange 749fdab3b0 do not returns shared_with === currentUser
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-04-01 11:17:05 -01:00
Maxence Lange 0166990f01 fixing share format
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-03-31 10:40:14 -01:00
Maxence Lange efbadf0cf2 issue during last push
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-03-31 10:40:14 -01:00
Maxence Lange 44c1feb938 returns reshares in API
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-03-31 10:40:14 -01:00
Joas Schilling ee545d6840
Fix typo in "incoming"
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-12-05 11:27:38 +01:00
Roeland Jago Douma a343a60a68
Handle permission in update of share better
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-20 09:42:01 +01:00
Daniel Calviño Sánchez b2cc2d6023 Add "password" parameter to the response data of link shares
Due to legacy reasons the password of link shares was returned in the
"share_with" and "share_with_displayname" parameters of the response
data. Now a proper "password" parameter is returned too; the old
"share_with" and "share_with_displayname" parameters are kept, although
deprecated, and they will be removed in a future version of Nextcloud.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-11-06 23:48:28 +01:00
Roeland Jago Douma 72b7c9ffa0
Merge pull request #12105 from nextcloud/using-resharing-right-to-display-shares
Shares are displayed to users with resharing rights
2018-11-04 21:08:11 +01:00
Maxence Lange 0fc8a0f58e
user can have his resharing rights revoked, yet seeing created shares
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:10:49 +01:00
Maxence Lange 236a293f6a
check parents resharing rights
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:10:48 +01:00
Maxence Lange 275cea5d9c
limit to circles moderator
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:09:28 +01:00
Maxence Lange 72ad2d60b5
display shares to circles moderator
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:09:28 +01:00
Maxence Lange 68c44bb642
shares are displayed to users with resharing rights
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-11-02 12:09:26 +01:00
Daniel Calviño Sánchez adf80aa8b3 Add sending the password by Talk for a link share to ShareAPIController
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-11-02 01:57:48 +01:00
Bjoern Schiessle 5e90711600 allow to update lables for public link shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-01 02:18:55 +01:00
Bjoern Schiessle f377a61f90 allow to add labels to shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-11-01 02:15:07 +01:00
Bjoern Schiessle d0411b2369
allow to create multiple link shares via share api
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-31 06:55:52 +01:00
Roeland Jago Douma abbb946bbb Propegate hide download state in share provider
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-30 15:18:55 +01:00
Joas Schilling ea21aa3f7a
Use numeric placeholders if there are multiple, so that RTL languages can operate better
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 14:32:14 +02:00
Roeland Jago Douma 13b1cd5cb8
Allow userId to be null
Fixes #10852

A quick hack. Still ensures some type safety however now also accepts
null. Else we'd need to add a whole new layer of middlewares.

This can only happen when a guest user wants to access a controller that
requries the user_id.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-04 13:04:58 +02:00
Daniel Calviño Sánchez e2e6f23b67 Suppress Phan warnings about calling undeclared class methods
The DeletedShareAPIController and ShareAPIController helpers for room
shares are defined in Talk, so the classes do not exist when Talk is not
installed. Due to this when the object returned by "getRoomShareHelper"
is used Phan complains that the class is not declared.

This is not a problem, though, because when the class is not available
"getRoomShareHelper" throws an exception, which is then caught where
that method was called. Therefore now those warnings from Phan are
suppressed (it would be better to use "@phan-suppress-next-line"
instead, but it is not yet available in our Phan version).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-08-08 14:25:44 +02:00
Daniel Calviño Sánchez 4ed7131e26 Add support for room shares to ShareAPIController
In some cases, the ShareAPIController requires explicit handling of each
type of share (for example, to format a share for a DataResponse). Room
shares are implemented in an external app (Nextcloud Talk), so in order
to keep the controller as isolated as possible from room share specifics
all that explicit handling is done in a helper class provided by the
Talk app.

In other cases it is just enough to call the share manager specifying a
room share type; note that the share manager is guarded against share
types for which there is no provider, so it is not necessary to
explicitly check that before passing room shares to the share manager.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-08-08 14:25:43 +02:00
Daniel Calviño Sánchez 7849630cef Add support for sending the password by Talk to ShareAPIController
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-07-24 14:04:17 +02:00
Bjoern Schiessle 72d2455577
return the as well note if we fetch a share
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-07-21 15:02:19 +02:00
Bjoern Schiessle a93f2a648b
allow to add a personal note to a share
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-07-21 15:02:18 +02:00
Morris Jobke 82021b2b1b
Merge pull request #5280 from nextcloud/shared-with-display-name
sharedWithDisplayName & sharedWithAvatar
2018-07-13 17:29:57 +02:00
Daniel Calviño Sánchez 243df99fcf Fix formatting of email and circle shares
Due to a misplaced "||" instead of "===" the condition was always met,
so every share type in the conditional chain after the remote and remote
group shares was formatted as a remote/remote group share.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-07-12 21:24:55 +02:00
Bjoern Schiessle b23032e4c5
implement federated group shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-07-11 10:11:44 +02:00
John Molakvoæ (skjnldsv) 3b835d8076
Js magic for deleted shares
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-05 12:43:57 +02:00
Daniel Calviño Sánchez 6cb2cb33ac Fix getting the information of group share as a sharee
When the receiver of a group share modifies it (for example, by moving
it to a different folder) the original share is not modified, but a
"ghost" share that keeps track of the changes made by that specific user
is used instead.

By default, the method "getShareById" in the share provider returns the
share from the point of view of the sharer, but it can be used too to
get the share from the point of view of a sharee by providing the
"recipient" parameter (and if the sharee is not found then the share is
returned from the point of view of the sharer).

The "ShareAPIController" always formats the share from the point of view
of the current user, but when getting the information of a specific
share the "recipient" parameter was not given, so it was always returned
from the point of view of the sharer, even if the current user was a
sharee. Now the "recipient" parameter is set to the current user, and
thus the information of the share is returned from the point of view of
the current user, be it the sharer or a sharee.

Note that this special behaviour of "getShareById" happens only with
group shares; with other types of shares the share is the same for the
sharer and the sharee, and thus the parameter is ignored; it was added
for them too just for consistency.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-06-29 08:20:19 +02:00
Maxence Lange 0009adae80 SharedWithDisplayName + SharedWithAvatar
Signed-off-by: Maxence Lange <maxence@nextcloud.com>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-05-21 01:24:45 +02:00
Roeland Jago Douma 4d5a2cce8d
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-24 08:07:25 +02:00
Roeland Jago Douma 3b34a77c58
Make the ShareAPIController strict
Fixes #9279

With types we can force php to not cast a full nummeric user to an int.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-23 20:31:57 +02:00
Roeland Jago Douma d6cda3f2a6
When formatting a share node an Empty target is invalid
Fixes #9028

For federated shares the share table holds no target information (since
it is on the other server). So when a node is actually invalid and not
found we should not display it anymore in the shared with sections etc
and thus throw the proper exceptions.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-04 11:33:05 +02:00
Daniel Calviño Sánchez 2c073dc53d Set "share_with" field to the ID of the circle
When a share is shared with a circle the "share_with" field returned by
the API endpoint was always set to the name of the circle. However, the
name is not enough to identify a circle. The Circles app now provides
the ID of the circle in the "shared with" field of a Share, so this
commit modifies the API endpoint to set the "share_with" field to the ID
of the circle when provided by the Circles app.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-16 04:58:00 +01:00
Bjoern Schiessle ebb15283a6
share api: use default permission of no permission is given
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-02-27 12:29:25 +01:00
Morris Jobke 2a38605545
Properly log the full exception instead of only the message
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-23 10:57:21 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
blizzz 2060ff591b Merge pull request #6120 from nextcloud/public_upload_share_api_fix
Public upload share permission handling
2017-09-04 12:43:02 +02:00
Roeland Jago Douma eea7de4c9f
Correctly format OCS response with favorites
The helper funtion did not handle the response correctly and basically
only returned the last share with tags.

This is a simple rewrite. That is still understandable. Loops maybe more
than strictly required. But preformance is not the issue here.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-29 12:03:13 +02:00
Roeland Jago Douma 82791b7b06
Public upload share permission handling
If you set the permissions on a public share the SHARE permission makes
no sense. So instead of throwing a warning. Just filter out the share
permission.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-16 21:17:26 +02:00
Lukas Reschke d8ec399454
Run phan over code base
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 10:28:11 +02:00
Maxence Lange 6e7be6acfd upstream
Signed-off-by: Maxence Lange <maxence@nextcloud.com>
2017-07-11 13:21:24 +02:00
Michael Jobst 81b1dc4930
share api expanded by tags (#26583)
* share api expanded by tags

* Modified files_sharing JS Unit tests

* modified tests. renamed request parameter. refactoring

* Update Share20OCS.php

Added missing function description

* Update Helper.php

Added missing function description

* Update Helper.php

implicit boolean conversion to !empty()

* Update Share20OCSTest.php

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 11:54:13 -05:00
Bjoern Schiessle 3323d01db1
update unit tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-07 15:43:59 +02:00
Bjoern Schiessle b84fd7c361
set expire date for all share types
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:29:32 +02:00
Bjoern Schiessle c191173d59
allow password protected mail shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:29:32 +02:00
Bjoern Schiessle 0d5147bd49
add new password column to the share table in order to set passwords for share by mails
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:20:49 +02:00
Joas Schilling 35f6b8716e Merge pull request #3884 from nextcloud/downstream-26956
Skip null groups in group manager
2017-03-20 12:27:38 +01:00
Maxence Lange 69694012ab shares-circles
Signed-off-by: Maxence Lange <maxence@nextcloud.com>
2017-03-17 18:48:33 -01:00
Vincent Petry 377fdf3860
Skip null groups in group manager (#26871) (#26956)
* Skip null groups in group manager (#26871)

* Skip null groups in group manager

* Also skip null groups in group manager's search function

* Add more group null checks in sharing code

* Add unit tests for null group safety in group manager

* Add unit tests for sharing code null group checks

* Added tests for null groups handling in sharing code

* Ignore moveShare optional repair in mount provider

In some cases, data is inconsistent in the oc_share table due to legacy
data. The mount provider might attempt to make it consistent but if the
target group does not exist any more it cannot work. In such case we
simply ignore the exception as it is not critical. Keeping the
exception would break user accounts as they would be unable to use
their filesystem.

* Adjust null group handing + tests

* Fix new group manager tests

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-17 00:07:03 -06:00
Bjoern Schiessle 92d7dd4781
allow editing single files shared as public link
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-24 13:41:27 +01:00
Vincent Petry 14256d631c
Use group display name in sharing API + UI 2016-12-22 18:35:32 +01:00
Roeland Jago Douma 965981486f
Fixes not allowed increasing of link share permissions
Fixes the following:

1. user0 shares folder with user1 (RO but with sharing permissions)
2. user1 shares by link
3. user1 send 'publicUpload=true' OCS request to the link share

before this increased the permissions of the link share. Which should
not happen.

now: API reponds with an error that the permissions can't be increased.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-13 20:29:34 +01:00
Morris Jobke ffebc050d0 Merge pull request #1887 from nextcloud/downstream-26370
Added functions to check etag of elements - integration tests
2016-11-02 14:57:45 +01:00
Roeland Jago Douma e5bc45c349
Fix OCS API to be able to remove group shares from self as recipient
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-02 08:49:58 +01:00
Bjoern Schiessle 6d7520b1e2
unit tests updated and new added
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:41 +01:00
Bjoern Schiessle 561dd80d57
don't show 'notify by mail' option or permissions not available for mail shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:41 +01:00
Bjoern Schiessle 8c8a019b7e
show correct display name if we have the user in one of our address books
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:40 +01:00
Bjoern Schiessle 77f74b9780
handle case if no share-by-mail share provider is loaded
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:40 +01:00
Bjoern Schiessle 96c40d14a1
update permissions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:51:11 +01:00
Bjoern Schiessle a17c6a485d
add share by mail share provider
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:51:11 +01:00
Roeland Jago Douma ea07bbc562
Move Share20OCS to ShareAPIController
It was already a controller just still residing in its old location.

* Moved ShareAPIController to user plain userID instead of user object
* Moved Share20OCS to ShareAPIController
* Removed initisation of class from Application.php and leave it to the
AppFramework
* Fixed tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 09:52:34 +02:00