From 00f48ec37ba90254aca4643b2627bb2ffc7bd1fb Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <rullzer@owncloud.com>
Date: Fri, 26 Feb 2016 14:58:41 +0100
Subject: [PATCH] When the Share API is disabled do not return shares

Fixes #22668

Block everything in the OCS Share API
---
 apps/files_sharing/api/share20ocs.php         | 21 +++++-
 .../tests/api/share20ocstest.php              | 71 +++++++++++++++++++
 2 files changed, 91 insertions(+), 1 deletion(-)

diff --git a/apps/files_sharing/api/share20ocs.php b/apps/files_sharing/api/share20ocs.php
index 5a2af48d6f..efdd9ecb30 100644
--- a/apps/files_sharing/api/share20ocs.php
+++ b/apps/files_sharing/api/share20ocs.php
@@ -161,6 +161,10 @@ class Share20OCS {
 	 * @return \OC_OCS_Result
 	 */
 	public function getShare($id) {
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		}
+
 		try {
 			$share = $this->getShareById($id);
 		} catch (ShareNotFound $e) {
@@ -186,7 +190,10 @@ class Share20OCS {
 	 * @return \OC_OCS_Result
 	 */
 	public function deleteShare($id) {
-		// Try both our default and our federated provider
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		}
+
 		try {
 			$share = $this->getShareById($id);
 		} catch (ShareNotFound $e) {
@@ -208,6 +215,10 @@ class Share20OCS {
 	public function createShare() {
 		$share = $this->shareManager->newShare();
 
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		}
+
 		// Verify path
 		$path = $this->request->getParam('path', null);
 		if ($path === null) {
@@ -421,6 +432,10 @@ class Share20OCS {
 	 * @return \OC_OCS_Result
 	 */
 	public function getShares() {
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result();
+		}
+
 		$sharedWithMe = $this->request->getParam('shared_with_me', null);
 		$reshares = $this->request->getParam('reshares', null);
 		$subfiles = $this->request->getParam('subfiles');
@@ -478,6 +493,10 @@ class Share20OCS {
 	 * @return \OC_OCS_Result
 	 */
 	public function updateShare($id) {
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		}
+
 		try {
 			$share = $this->getShareById($id);
 		} catch (ShareNotFound $e) {
diff --git a/apps/files_sharing/tests/api/share20ocstest.php b/apps/files_sharing/tests/api/share20ocstest.php
index a2c70d7673..f641f683e7 100644
--- a/apps/files_sharing/tests/api/share20ocstest.php
+++ b/apps/files_sharing/tests/api/share20ocstest.php
@@ -65,6 +65,10 @@ class Share20OCSTest extends \Test\TestCase {
 		$this->shareManager = $this->getMockBuilder('OCP\Share\IManager')
 			->disableOriginalConstructor()
 			->getMock();
+		$this->shareManager
+			->expects($this->any())
+			->method('shareApiEnabled')
+			->willReturn(true);
 		$this->groupManager = $this->getMock('OCP\IGroupManager');
 		$this->userManager = $this->getMock('OCP\IUserManager');
 		$this->request = $this->getMock('OCP\IRequest');
@@ -1827,7 +1831,74 @@ class Share20OCSTest extends \Test\TestCase {
 		} catch (NotFoundException $e) {
 			$this->assertTrue($exception);
 		}
+	}
+
+	/**
+	 * @return Share20OCS
+	 */
+	public function getOcsDisabledAPI() {
+		$shareManager = $this->getMockBuilder('OCP\Share\IManager')
+			->disableOriginalConstructor()
+			->getMock();
+		$shareManager
+			->expects($this->any())
+			->method('shareApiEnabled')
+			->willReturn(false);
+
+		return new Share20OCS(
+			$shareManager,
+			$this->groupManager,
+			$this->userManager,
+			$this->request,
+			$this->rootFolder,
+			$this->urlGenerator,
+			$this->currentUser
+		);
+	}
+
+	public function testGetShareApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
+
+		$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		$result = $ocs->getShare('my:id');
+
+		$this->assertEquals($expected, $result);
+	}
+
+	public function testDeleteShareApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
+
+		$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		$result = $ocs->deleteShare('my:id');
+
+		$this->assertEquals($expected, $result);
+	}
 
 
+	public function testCreateShareApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
+
+		$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		$result = $ocs->createShare();
+
+		$this->assertEquals($expected, $result);
+	}
+
+	public function testGetSharesApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
+
+		$expected = new \OC_OCS_Result();
+		$result = $ocs->getShares();
+
+		$this->assertEquals($expected, $result);
+	}
+
+	public function testUpdateShareApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
+
+		$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		$result = $ocs->updateShare('my:id');
+
+		$this->assertEquals($expected, $result);
 	}
 }