863 lines
26 KiB
PHP
863 lines
26 KiB
PHP
<?php
|
|
/**
|
|
* @copyright Copyright (c) 2018 Bjoern Schiessle <bjoern@schiessle.org>
|
|
*
|
|
* @author Bjoern Schiessle <bjoern@schiessle.org>
|
|
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
* @author Maxence Lange <maxence@artificial-owl.com>
|
|
* @author Roeland Jago Douma <roeland@famdouma.nl>
|
|
*
|
|
* @license GNU AGPL version 3 or any later version
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
namespace OCA\FederatedFileSharing\OCM;
|
|
|
|
use OC\AppFramework\Http;
|
|
use OC\Files\Filesystem;
|
|
use OCA\FederatedFileSharing\AddressHandler;
|
|
use OCA\FederatedFileSharing\FederatedShareProvider;
|
|
use OCA\Files_Sharing\Activity\Providers\RemoteShares;
|
|
use OCP\Activity\IManager as IActivityManager;
|
|
use OCP\App\IAppManager;
|
|
use OCP\Constants;
|
|
use OCP\Federation\Exceptions\ActionNotSupportedException;
|
|
use OCP\Federation\Exceptions\AuthenticationFailedException;
|
|
use OCP\Federation\Exceptions\BadRequestException;
|
|
use OCP\Federation\Exceptions\ProviderCouldNotAddShareException;
|
|
use OCP\Federation\ICloudFederationFactory;
|
|
use OCP\Federation\ICloudFederationProvider;
|
|
use OCP\Federation\ICloudFederationProviderManager;
|
|
use OCP\Federation\ICloudFederationShare;
|
|
use OCP\Federation\ICloudIdManager;
|
|
use OCP\Files\NotFoundException;
|
|
use OCP\IDBConnection;
|
|
use OCP\IGroupManager;
|
|
use OCP\ILogger;
|
|
use OCP\IURLGenerator;
|
|
use OCP\IUserManager;
|
|
use OCP\Notification\IManager as INotificationManager;
|
|
use OCP\Share;
|
|
use OCP\Share\Exceptions\ShareNotFound;
|
|
use OCP\Share\IManager;
|
|
use OCP\Share\IShare;
|
|
use OCP\Util;
|
|
|
|
class CloudFederationProviderFiles implements ICloudFederationProvider {
|
|
|
|
/** @var IAppManager */
|
|
private $appManager;
|
|
|
|
/** @var FederatedShareProvider */
|
|
private $federatedShareProvider;
|
|
|
|
/** @var AddressHandler */
|
|
private $addressHandler;
|
|
|
|
/** @var ILogger */
|
|
private $logger;
|
|
|
|
/** @var IUserManager */
|
|
private $userManager;
|
|
|
|
/** @var IManager */
|
|
private $shareManager;
|
|
|
|
/** @var ICloudIdManager */
|
|
private $cloudIdManager;
|
|
|
|
/** @var IActivityManager */
|
|
private $activityManager;
|
|
|
|
/** @var INotificationManager */
|
|
private $notificationManager;
|
|
|
|
/** @var IURLGenerator */
|
|
private $urlGenerator;
|
|
|
|
/** @var ICloudFederationFactory */
|
|
private $cloudFederationFactory;
|
|
|
|
/** @var ICloudFederationProviderManager */
|
|
private $cloudFederationProviderManager;
|
|
|
|
/** @var IDBConnection */
|
|
private $connection;
|
|
|
|
/** @var IGroupManager */
|
|
private $groupManager;
|
|
|
|
/**
|
|
* CloudFederationProvider constructor.
|
|
*
|
|
* @param IAppManager $appManager
|
|
* @param FederatedShareProvider $federatedShareProvider
|
|
* @param AddressHandler $addressHandler
|
|
* @param ILogger $logger
|
|
* @param IUserManager $userManager
|
|
* @param IManager $shareManager
|
|
* @param ICloudIdManager $cloudIdManager
|
|
* @param IActivityManager $activityManager
|
|
* @param INotificationManager $notificationManager
|
|
* @param IURLGenerator $urlGenerator
|
|
* @param ICloudFederationFactory $cloudFederationFactory
|
|
* @param ICloudFederationProviderManager $cloudFederationProviderManager
|
|
* @param IDBConnection $connection
|
|
* @param IGroupManager $groupManager
|
|
*/
|
|
public function __construct(IAppManager $appManager,
|
|
FederatedShareProvider $federatedShareProvider,
|
|
AddressHandler $addressHandler,
|
|
ILogger $logger,
|
|
IUserManager $userManager,
|
|
IManager $shareManager,
|
|
ICloudIdManager $cloudIdManager,
|
|
IActivityManager $activityManager,
|
|
INotificationManager $notificationManager,
|
|
IURLGenerator $urlGenerator,
|
|
ICloudFederationFactory $cloudFederationFactory,
|
|
ICloudFederationProviderManager $cloudFederationProviderManager,
|
|
IDBConnection $connection,
|
|
IGroupManager $groupManager
|
|
) {
|
|
$this->appManager = $appManager;
|
|
$this->federatedShareProvider = $federatedShareProvider;
|
|
$this->addressHandler = $addressHandler;
|
|
$this->logger = $logger;
|
|
$this->userManager = $userManager;
|
|
$this->shareManager = $shareManager;
|
|
$this->cloudIdManager = $cloudIdManager;
|
|
$this->activityManager = $activityManager;
|
|
$this->notificationManager = $notificationManager;
|
|
$this->urlGenerator = $urlGenerator;
|
|
$this->cloudFederationFactory = $cloudFederationFactory;
|
|
$this->cloudFederationProviderManager = $cloudFederationProviderManager;
|
|
$this->connection = $connection;
|
|
$this->groupManager = $groupManager;
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getShareType() {
|
|
return 'file';
|
|
}
|
|
|
|
/**
|
|
* share received from another server
|
|
*
|
|
* @param ICloudFederationShare $share
|
|
* @return string provider specific unique ID of the share
|
|
*
|
|
* @throws ProviderCouldNotAddShareException
|
|
* @throws \OCP\AppFramework\QueryException
|
|
* @throws \OC\HintException
|
|
* @since 14.0.0
|
|
*/
|
|
public function shareReceived(ICloudFederationShare $share) {
|
|
|
|
if (!$this->isS2SEnabled(true)) {
|
|
throw new ProviderCouldNotAddShareException('Server does not support federated cloud sharing', '', Http::STATUS_SERVICE_UNAVAILABLE);
|
|
}
|
|
|
|
$protocol = $share->getProtocol();
|
|
if ($protocol['name'] !== 'webdav') {
|
|
throw new ProviderCouldNotAddShareException('Unsupported protocol for data exchange.', '', Http::STATUS_NOT_IMPLEMENTED);
|
|
}
|
|
|
|
list($ownerUid, $remote) = $this->addressHandler->splitUserRemote($share->getOwner());
|
|
// for backward compatibility make sure that the remote url stored in the
|
|
// database ends with a trailing slash
|
|
if (substr($remote, -1) !== '/') {
|
|
$remote = $remote . '/';
|
|
}
|
|
|
|
$token = $share->getShareSecret();
|
|
$name = $share->getResourceName();
|
|
$owner = $share->getOwnerDisplayName();
|
|
$sharedBy = $share->getSharedByDisplayName();
|
|
$shareWith = $share->getShareWith();
|
|
$remoteId = $share->getProviderId();
|
|
$sharedByFederatedId = $share->getSharedBy();
|
|
$ownerFederatedId = $share->getOwner();
|
|
$shareType = $this->mapShareTypeToNextcloud($share->getShareType());
|
|
|
|
// if no explicit information about the person who created the share was send
|
|
// we assume that the share comes from the owner
|
|
if ($sharedByFederatedId === null) {
|
|
$sharedBy = $owner;
|
|
$sharedByFederatedId = $ownerFederatedId;
|
|
}
|
|
|
|
if ($remote && $token && $name && $owner && $remoteId && $shareWith) {
|
|
|
|
if (!Util::isValidFileName($name)) {
|
|
throw new ProviderCouldNotAddShareException('The mountpoint name contains invalid characters.', '', Http::STATUS_BAD_REQUEST);
|
|
}
|
|
|
|
// FIXME this should be a method in the user management instead
|
|
if ($shareType === Share::SHARE_TYPE_USER) {
|
|
$this->logger->debug('shareWith before, ' . $shareWith, ['app' => 'files_sharing']);
|
|
Util::emitHook(
|
|
'\OCA\Files_Sharing\API\Server2Server',
|
|
'preLoginNameUsedAsUserName',
|
|
['uid' => &$shareWith]
|
|
);
|
|
$this->logger->debug('shareWith after, ' . $shareWith, ['app' => 'files_sharing']);
|
|
|
|
if (!$this->userManager->userExists($shareWith)) {
|
|
throw new ProviderCouldNotAddShareException('User does not exists', '',Http::STATUS_BAD_REQUEST);
|
|
}
|
|
|
|
\OC_Util::setupFS($shareWith);
|
|
}
|
|
|
|
if ($shareType === Share::SHARE_TYPE_GROUP && !$this->groupManager->groupExists($shareWith)) {
|
|
throw new ProviderCouldNotAddShareException('Group does not exists', '',Http::STATUS_BAD_REQUEST);
|
|
}
|
|
|
|
$externalManager = new \OCA\Files_Sharing\External\Manager(
|
|
\OC::$server->getDatabaseConnection(),
|
|
Filesystem::getMountManager(),
|
|
Filesystem::getLoader(),
|
|
\OC::$server->getHTTPClientService(),
|
|
\OC::$server->getNotificationManager(),
|
|
\OC::$server->query(\OCP\OCS\IDiscoveryService::class),
|
|
\OC::$server->getCloudFederationProviderManager(),
|
|
\OC::$server->getCloudFederationFactory(),
|
|
\OC::$server->getGroupManager(),
|
|
\OC::$server->getUserManager(),
|
|
$shareWith
|
|
);
|
|
|
|
try {
|
|
$externalManager->addShare($remote, $token, '', $name, $owner, $shareType,false, $shareWith, $remoteId);
|
|
$shareId = \OC::$server->getDatabaseConnection()->lastInsertId('*PREFIX*share_external');
|
|
|
|
if ($shareType === Share::SHARE_TYPE_USER) {
|
|
$event = $this->activityManager->generateEvent();
|
|
$event->setApp('files_sharing')
|
|
->setType('remote_share')
|
|
->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_RECEIVED, [$ownerFederatedId, trim($name, '/')])
|
|
->setAffectedUser($shareWith)
|
|
->setObject('remote_share', (int)$shareId, $name);
|
|
\OC::$server->getActivityManager()->publish($event);
|
|
$this->notifyAboutNewShare($shareWith, $shareId, $ownerFederatedId, $sharedByFederatedId, $name, $sharedBy, $owner);
|
|
} else {
|
|
$groupMembers = $this->groupManager->get($shareWith)->getUsers();
|
|
foreach ($groupMembers as $user) {
|
|
$event = $this->activityManager->generateEvent();
|
|
$event->setApp('files_sharing')
|
|
->setType('remote_share')
|
|
->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_RECEIVED, [$ownerFederatedId, trim($name, '/')])
|
|
->setAffectedUser($user->getUID())
|
|
->setObject('remote_share', (int)$shareId, $name);
|
|
\OC::$server->getActivityManager()->publish($event);
|
|
$this->notifyAboutNewShare($user->getUID(), $shareId, $ownerFederatedId, $sharedByFederatedId, $name, $sharedBy, $owner);
|
|
}
|
|
}
|
|
return $shareId;
|
|
} catch (\Exception $e) {
|
|
$this->logger->logException($e, [
|
|
'message' => 'Server can not add remote share.',
|
|
'level' => ILogger::ERROR,
|
|
'app' => 'files_sharing'
|
|
]);
|
|
throw new ProviderCouldNotAddShareException('internal server error, was not able to add share from ' . $remote, '', HTTP::STATUS_INTERNAL_SERVER_ERROR);
|
|
}
|
|
}
|
|
|
|
throw new ProviderCouldNotAddShareException('server can not add remote share, missing parameter', '', HTTP::STATUS_BAD_REQUEST);
|
|
|
|
}
|
|
|
|
/**
|
|
* notification received from another server
|
|
*
|
|
* @param string $notificationType (e.g. SHARE_ACCEPTED)
|
|
* @param string $providerId id of the share
|
|
* @param array $notification payload of the notification
|
|
* @return array data send back to the sender
|
|
*
|
|
* @throws ActionNotSupportedException
|
|
* @throws AuthenticationFailedException
|
|
* @throws BadRequestException
|
|
* @throws \OC\HintException
|
|
* @since 14.0.0
|
|
*/
|
|
public function notificationReceived($notificationType, $providerId, array $notification) {
|
|
|
|
switch ($notificationType) {
|
|
case 'SHARE_ACCEPTED':
|
|
return $this->shareAccepted($providerId, $notification);
|
|
case 'SHARE_DECLINED':
|
|
return $this->shareDeclined($providerId, $notification);
|
|
case 'SHARE_UNSHARED':
|
|
return $this->unshare($providerId, $notification);
|
|
case 'REQUEST_RESHARE':
|
|
return $this->reshareRequested($providerId, $notification);
|
|
case 'RESHARE_UNDO':
|
|
return $this->undoReshare($providerId, $notification);
|
|
case 'RESHARE_CHANGE_PERMISSION':
|
|
return $this->updateResharePermissions($providerId, $notification);
|
|
}
|
|
|
|
|
|
throw new BadRequestException([$notificationType]);
|
|
}
|
|
|
|
/**
|
|
* map OCM share type (strings) to Nextcloud internal share types (integer)
|
|
*
|
|
* @param string $shareType
|
|
* @return int
|
|
*/
|
|
private function mapShareTypeToNextcloud($shareType) {
|
|
$result = Share::SHARE_TYPE_USER;
|
|
if ($shareType === 'group') {
|
|
$result = Share::SHARE_TYPE_GROUP;
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* notify user about new federated share
|
|
*
|
|
* @param $shareWith
|
|
* @param $shareId
|
|
* @param $ownerFederatedId
|
|
* @param $sharedByFederatedId
|
|
* @param $name
|
|
*/
|
|
private function notifyAboutNewShare($shareWith, $shareId, $ownerFederatedId, $sharedByFederatedId, $name, $sharedBy, $owner) {
|
|
$notification = $this->notificationManager->createNotification();
|
|
$notification->setApp('files_sharing')
|
|
->setUser($shareWith)
|
|
->setDateTime(new \DateTime())
|
|
->setObject('remote_share', $shareId)
|
|
->setSubject('remote_share', [$ownerFederatedId, $sharedByFederatedId, trim($name, '/'), $sharedBy, $owner]);
|
|
|
|
$declineAction = $notification->createAction();
|
|
$declineAction->setLabel('decline')
|
|
->setLink($this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', 'ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/' . $shareId)), 'DELETE');
|
|
$notification->addAction($declineAction);
|
|
|
|
$acceptAction = $notification->createAction();
|
|
$acceptAction->setLabel('accept')
|
|
->setLink($this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkTo('', 'ocs/v2.php/apps/files_sharing/api/v1/remote_shares/pending/' . $shareId)), 'POST');
|
|
$notification->addAction($acceptAction);
|
|
|
|
$this->notificationManager->notify($notification);
|
|
}
|
|
|
|
/**
|
|
* process notification that the recipient accepted a share
|
|
*
|
|
* @param string $id
|
|
* @param array $notification
|
|
* @return array
|
|
* @throws ActionNotSupportedException
|
|
* @throws AuthenticationFailedException
|
|
* @throws BadRequestException
|
|
* @throws \OC\HintException
|
|
*/
|
|
private function shareAccepted($id, array $notification) {
|
|
|
|
if (!$this->isS2SEnabled()) {
|
|
throw new ActionNotSupportedException('Server does not support federated cloud sharing');
|
|
}
|
|
|
|
if (!isset($notification['sharedSecret'])) {
|
|
throw new BadRequestException(['sharedSecret']);
|
|
}
|
|
|
|
$token = $notification['sharedSecret'];
|
|
|
|
$share = $this->federatedShareProvider->getShareById($id);
|
|
|
|
$this->verifyShare($share, $token);
|
|
$this->executeAcceptShare($share);
|
|
if ($share->getShareOwner() !== $share->getSharedBy()) {
|
|
list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedBy());
|
|
$remoteId = $this->federatedShareProvider->getRemoteId($share);
|
|
$notification = $this->cloudFederationFactory->getCloudFederationNotification();
|
|
$notification->setMessage(
|
|
'SHARE_ACCEPTED',
|
|
'file',
|
|
$remoteId,
|
|
[
|
|
'sharedSecret' => $token,
|
|
'message' => 'Recipient accepted the re-share'
|
|
]
|
|
|
|
);
|
|
$this->cloudFederationProviderManager->sendNotification($remote, $notification);
|
|
|
|
}
|
|
|
|
return [];
|
|
}
|
|
|
|
/**
|
|
* @param IShare $share
|
|
* @throws ShareNotFound
|
|
*/
|
|
protected function executeAcceptShare(IShare $share) {
|
|
try {
|
|
$fileId = (int)$share->getNode()->getId();
|
|
list($file, $link) = $this->getFile($this->getCorrectUid($share), $fileId);
|
|
} catch (\Exception $e) {
|
|
throw new ShareNotFound();
|
|
}
|
|
|
|
$event = $this->activityManager->generateEvent();
|
|
$event->setApp('files_sharing')
|
|
->setType('remote_share')
|
|
->setAffectedUser($this->getCorrectUid($share))
|
|
->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_ACCEPTED, [$share->getSharedWith(), [$fileId => $file]])
|
|
->setObject('files', $fileId, $file)
|
|
->setLink($link);
|
|
$this->activityManager->publish($event);
|
|
}
|
|
|
|
/**
|
|
* process notification that the recipient declined a share
|
|
*
|
|
* @param string $id
|
|
* @param array $notification
|
|
* @return array
|
|
* @throws ActionNotSupportedException
|
|
* @throws AuthenticationFailedException
|
|
* @throws BadRequestException
|
|
* @throws ShareNotFound
|
|
* @throws \OC\HintException
|
|
*
|
|
*/
|
|
protected function shareDeclined($id, array $notification) {
|
|
|
|
if (!$this->isS2SEnabled()) {
|
|
throw new ActionNotSupportedException('Server does not support federated cloud sharing');
|
|
}
|
|
|
|
if (!isset($notification['sharedSecret'])) {
|
|
throw new BadRequestException(['sharedSecret']);
|
|
}
|
|
|
|
$token = $notification['sharedSecret'];
|
|
|
|
$share = $this->federatedShareProvider->getShareById($id);
|
|
|
|
$this->verifyShare($share, $token);
|
|
|
|
if ($share->getShareOwner() !== $share->getSharedBy()) {
|
|
list(, $remote) = $this->addressHandler->splitUserRemote($share->getSharedBy());
|
|
$remoteId = $this->federatedShareProvider->getRemoteId($share);
|
|
$notification = $this->cloudFederationFactory->getCloudFederationNotification();
|
|
$notification->setMessage(
|
|
'SHARE_DECLINED',
|
|
'file',
|
|
$remoteId,
|
|
[
|
|
'sharedSecret' => $token,
|
|
'message' => 'Recipient declined the re-share'
|
|
]
|
|
|
|
);
|
|
$this->cloudFederationProviderManager->sendNotification($remote, $notification);
|
|
}
|
|
|
|
$this->executeDeclineShare($share);
|
|
|
|
return [];
|
|
|
|
}
|
|
|
|
/**
|
|
* delete declined share and create a activity
|
|
*
|
|
* @param IShare $share
|
|
* @throws ShareNotFound
|
|
*/
|
|
protected function executeDeclineShare(IShare $share) {
|
|
$this->federatedShareProvider->removeShareFromTable($share);
|
|
|
|
try {
|
|
$fileId = (int)$share->getNode()->getId();
|
|
list($file, $link) = $this->getFile($this->getCorrectUid($share), $fileId);
|
|
} catch (\Exception $e) {
|
|
throw new ShareNotFound();
|
|
}
|
|
|
|
$event = $this->activityManager->generateEvent();
|
|
$event->setApp('files_sharing')
|
|
->setType('remote_share')
|
|
->setAffectedUser($this->getCorrectUid($share))
|
|
->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_DECLINED, [$share->getSharedWith(), [$fileId => $file]])
|
|
->setObject('files', $fileId, $file)
|
|
->setLink($link);
|
|
$this->activityManager->publish($event);
|
|
|
|
}
|
|
|
|
/**
|
|
* received the notification that the owner unshared a file from you
|
|
*
|
|
* @param string $id
|
|
* @param array $notification
|
|
* @return array
|
|
* @throws AuthenticationFailedException
|
|
* @throws BadRequestException
|
|
*/
|
|
private function undoReshare($id, array $notification) {
|
|
if (!isset($notification['sharedSecret'])) {
|
|
throw new BadRequestException(['sharedSecret']);
|
|
}
|
|
$token = $notification['sharedSecret'];
|
|
|
|
$share = $this->federatedShareProvider->getShareById($id);
|
|
|
|
$this->verifyShare($share, $token);
|
|
$this->federatedShareProvider->removeShareFromTable($share);
|
|
return [];
|
|
}
|
|
|
|
/**
|
|
* unshare file from self
|
|
*
|
|
* @param string $id
|
|
* @param array $notification
|
|
* @return array
|
|
* @throws ActionNotSupportedException
|
|
* @throws BadRequestException
|
|
*/
|
|
private function unshare($id, array $notification) {
|
|
|
|
if (!$this->isS2SEnabled(true)) {
|
|
throw new ActionNotSupportedException("incoming shares disabled!");
|
|
}
|
|
|
|
if (!isset($notification['sharedSecret'])) {
|
|
throw new BadRequestException(['sharedSecret']);
|
|
}
|
|
$token = $notification['sharedSecret'];
|
|
|
|
$qb = $this->connection->getQueryBuilder();
|
|
$qb->select('*')
|
|
->from('share_external')
|
|
->where(
|
|
$qb->expr()->andX(
|
|
$qb->expr()->eq('remote_id', $qb->createNamedParameter($id)),
|
|
$qb->expr()->eq('share_token', $qb->createNamedParameter($token))
|
|
)
|
|
);
|
|
|
|
$result = $qb->execute();
|
|
$share = $result->fetch();
|
|
$result->closeCursor();
|
|
|
|
if ($token && $id && !empty($share)) {
|
|
|
|
$remote = $this->cleanupRemote($share['remote']);
|
|
|
|
$owner = $this->cloudIdManager->getCloudId($share['owner'], $remote);
|
|
$mountpoint = $share['mountpoint'];
|
|
$user = $share['user'];
|
|
|
|
$qb = $this->connection->getQueryBuilder();
|
|
$qb->delete('share_external')
|
|
->where(
|
|
$qb->expr()->andX(
|
|
$qb->expr()->eq('remote_id', $qb->createNamedParameter($id)),
|
|
$qb->expr()->eq('share_token', $qb->createNamedParameter($token))
|
|
)
|
|
);
|
|
|
|
$qb->execute();
|
|
|
|
// delete all child in case of a group share
|
|
$qb = $this->connection->getQueryBuilder();
|
|
$qb->delete('share_external')
|
|
->where($qb->expr()->eq('parent', $qb->createNamedParameter((int)$share['id'])));
|
|
$qb->execute();
|
|
|
|
if ((int)$share['share_type'] === Share::SHARE_TYPE_USER) {
|
|
if ($share['accepted']) {
|
|
$path = trim($mountpoint, '/');
|
|
} else {
|
|
$path = trim($share['name'], '/');
|
|
}
|
|
$notification = $this->notificationManager->createNotification();
|
|
$notification->setApp('files_sharing')
|
|
->setUser($share['user'])
|
|
->setObject('remote_share', (int)$share['id']);
|
|
$this->notificationManager->markProcessed($notification);
|
|
|
|
$event = $this->activityManager->generateEvent();
|
|
$event->setApp('files_sharing')
|
|
->setType('remote_share')
|
|
->setSubject(RemoteShares::SUBJECT_REMOTE_SHARE_UNSHARED, [$owner->getId(), $path])
|
|
->setAffectedUser($user)
|
|
->setObject('remote_share', (int)$share['id'], $path);
|
|
\OC::$server->getActivityManager()->publish($event);
|
|
}
|
|
}
|
|
|
|
return [];
|
|
}
|
|
|
|
private function cleanupRemote($remote) {
|
|
$remote = substr($remote, strpos($remote, '://') + 3);
|
|
|
|
return rtrim($remote, '/');
|
|
}
|
|
|
|
/**
|
|
* recipient of a share request to re-share the file with another user
|
|
*
|
|
* @param string $id
|
|
* @param array $notification
|
|
* @return array
|
|
* @throws AuthenticationFailedException
|
|
* @throws BadRequestException
|
|
* @throws ProviderCouldNotAddShareException
|
|
* @throws ShareNotFound
|
|
*/
|
|
protected function reshareRequested($id, array $notification) {
|
|
|
|
if (!isset($notification['sharedSecret'])) {
|
|
throw new BadRequestException(['sharedSecret']);
|
|
}
|
|
$token = $notification['sharedSecret'];
|
|
|
|
if (!isset($notification['shareWith'])) {
|
|
throw new BadRequestException(['shareWith']);
|
|
}
|
|
$shareWith = $notification['shareWith'];
|
|
|
|
if (!isset($notification['senderId'])) {
|
|
throw new BadRequestException(['senderId']);
|
|
}
|
|
$senderId = $notification['senderId'];
|
|
|
|
$share = $this->federatedShareProvider->getShareById($id);
|
|
// don't allow to share a file back to the owner
|
|
try {
|
|
list($user, $remote) = $this->addressHandler->splitUserRemote($shareWith);
|
|
$owner = $share->getShareOwner();
|
|
$currentServer = $this->addressHandler->generateRemoteURL();
|
|
if ($this->addressHandler->compareAddresses($user, $remote, $owner, $currentServer)) {
|
|
throw new ProviderCouldNotAddShareException('Resharing back to the owner is not allowed: ' . $id);
|
|
}
|
|
} catch (\Exception $e) {
|
|
throw new ProviderCouldNotAddShareException($e->getMessage());
|
|
}
|
|
|
|
$this->verifyShare($share, $token);
|
|
|
|
// check if re-sharing is allowed
|
|
if ($share->getPermissions() & Constants::PERMISSION_SHARE) {
|
|
// the recipient of the initial share is now the initiator for the re-share
|
|
$share->setSharedBy($share->getSharedWith());
|
|
$share->setSharedWith($shareWith);
|
|
$result = $this->federatedShareProvider->create($share);
|
|
$this->federatedShareProvider->storeRemoteId((int)$result->getId(), $senderId);
|
|
return ['token' => $result->getToken(), 'providerId' => $result->getId()];
|
|
} else {
|
|
throw new ProviderCouldNotAddShareException('resharing not allowed for share: ' . $id);
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* update permission of a re-share so that the share dialog shows the right
|
|
* permission if the owner or the sender changes the permission
|
|
*
|
|
* @param string $id
|
|
* @param array $notification
|
|
* @return array
|
|
* @throws AuthenticationFailedException
|
|
* @throws BadRequestException
|
|
*/
|
|
protected function updateResharePermissions($id, array $notification) {
|
|
|
|
if (!isset($notification['sharedSecret'])) {
|
|
throw new BadRequestException(['sharedSecret']);
|
|
}
|
|
$token = $notification['sharedSecret'];
|
|
|
|
if (!isset($notification['permission'])) {
|
|
throw new BadRequestException(['permission']);
|
|
}
|
|
$ocmPermissions = $notification['permission'];
|
|
|
|
$share = $this->federatedShareProvider->getShareById($id);
|
|
|
|
$ncPermission = $this->ocmPermissions2ncPermissions($ocmPermissions);
|
|
|
|
$this->verifyShare($share, $token);
|
|
$this->updatePermissionsInDatabase($share, $ncPermission);
|
|
|
|
return [];
|
|
}
|
|
|
|
/**
|
|
* translate OCM Permissions to Nextcloud permissions
|
|
*
|
|
* @param array $ocmPermissions
|
|
* @return int
|
|
* @throws BadRequestException
|
|
*/
|
|
protected function ocmPermissions2ncPermissions(array $ocmPermissions) {
|
|
$ncPermissions = 0;
|
|
foreach($ocmPermissions as $permission) {
|
|
switch (strtolower($permission)) {
|
|
case 'read':
|
|
$ncPermissions += Constants::PERMISSION_READ;
|
|
break;
|
|
case 'write':
|
|
$ncPermissions += Constants::PERMISSION_CREATE + Constants::PERMISSION_UPDATE;
|
|
break;
|
|
case 'share':
|
|
$ncPermissions += Constants::PERMISSION_SHARE;
|
|
break;
|
|
default:
|
|
throw new BadRequestException(['permission']);
|
|
}
|
|
|
|
}
|
|
|
|
return $ncPermissions;
|
|
}
|
|
|
|
/**
|
|
* update permissions in database
|
|
*
|
|
* @param IShare $share
|
|
* @param int $permissions
|
|
*/
|
|
protected function updatePermissionsInDatabase(IShare $share, $permissions) {
|
|
$query = $this->connection->getQueryBuilder();
|
|
$query->update('share')
|
|
->where($query->expr()->eq('id', $query->createNamedParameter($share->getId())))
|
|
->set('permissions', $query->createNamedParameter($permissions))
|
|
->execute();
|
|
}
|
|
|
|
|
|
/**
|
|
* get file
|
|
*
|
|
* @param string $user
|
|
* @param int $fileSource
|
|
* @return array with internal path of the file and a absolute link to it
|
|
*/
|
|
private function getFile($user, $fileSource) {
|
|
\OC_Util::setupFS($user);
|
|
|
|
try {
|
|
$file = Filesystem::getPath($fileSource);
|
|
} catch (NotFoundException $e) {
|
|
$file = null;
|
|
}
|
|
$args = Filesystem::is_dir($file) ? ['dir' => $file] : ['dir' => dirname($file), 'scrollto' => $file];
|
|
$link = Util::linkToAbsolute('files', 'index.php', $args);
|
|
|
|
return [$file, $link];
|
|
|
|
}
|
|
|
|
/**
|
|
* check if we are the initiator or the owner of a re-share and return the correct UID
|
|
*
|
|
* @param IShare $share
|
|
* @return string
|
|
*/
|
|
protected function getCorrectUid(IShare $share) {
|
|
if ($this->userManager->userExists($share->getShareOwner())) {
|
|
return $share->getShareOwner();
|
|
}
|
|
|
|
return $share->getSharedBy();
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* check if we got the right share
|
|
*
|
|
* @param IShare $share
|
|
* @param string $token
|
|
* @return bool
|
|
* @throws AuthenticationFailedException
|
|
*/
|
|
protected function verifyShare(IShare $share, $token) {
|
|
if (
|
|
$share->getShareType() === FederatedShareProvider::SHARE_TYPE_REMOTE &&
|
|
$share->getToken() === $token
|
|
) {
|
|
return true;
|
|
}
|
|
|
|
if ($share->getShareType() === IShare::TYPE_CIRCLE) {
|
|
try {
|
|
$knownShare = $this->shareManager->getShareByToken($token);
|
|
if ($knownShare->getId() === $share->getId()) {
|
|
return true;
|
|
}
|
|
} catch (ShareNotFound $e) {
|
|
}
|
|
}
|
|
|
|
throw new AuthenticationFailedException();
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* check if server-to-server sharing is enabled
|
|
*
|
|
* @param bool $incoming
|
|
* @return bool
|
|
*/
|
|
private function isS2SEnabled($incoming = false) {
|
|
|
|
$result = $this->appManager->isEnabledForUser('files_sharing');
|
|
|
|
if ($incoming) {
|
|
$result = $result && $this->federatedShareProvider->isIncomingServer2serverShareEnabled();
|
|
} else {
|
|
$result = $result && $this->federatedShareProvider->isOutgoingServer2serverShareEnabled();
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
|
|
/**
|
|
* get the supported share types, e.g. "user", "group", etc.
|
|
*
|
|
* @return array
|
|
*
|
|
* @since 14.0.0
|
|
*/
|
|
public function getSupportedShareTypes() {
|
|
return ['user', 'group'];
|
|
}
|
|
}
|