When the Share API is disabled do not return shares
Fixes #22668 Block everything in the OCS Share API
This commit is contained in:
Roeland Jago Douma
parent
460bafea8a
commit
00f48ec37b
2 changed files with 91 additions and 1 deletions
|
|
@ -161,6 +161,10 @@ class Share20OCS {
|
|||
* @return \OC_OCS_Result
|
||||
*/
|
||||
public function getShare($id) {
|
||||
if (!$this->shareManager->shareApiEnabled()) {
|
||||
return new \OC_OCS_Result(null, 404, 'Share API is disabled');
|
||||
}
|
||||
|
||||
try {
|
||||
$share = $this->getShareById($id);
|
||||
} catch (ShareNotFound $e) {
|
||||
|
|
@ -186,7 +190,10 @@ class Share20OCS {
|
|||
* @return \OC_OCS_Result
|
||||
*/
|
||||
public function deleteShare($id) {
|
||||
// Try both our default and our federated provider
|
||||
if (!$this->shareManager->shareApiEnabled()) {
|
||||
return new \OC_OCS_Result(null, 404, 'Share API is disabled');
|
||||
}
|
||||
|
||||
try {
|
||||
$share = $this->getShareById($id);
|
||||
} catch (ShareNotFound $e) {
|
||||
|
|
@ -208,6 +215,10 @@ class Share20OCS {
|
|||
public function createShare() {
|
||||
$share = $this->shareManager->newShare();
|
||||
|
||||
if (!$this->shareManager->shareApiEnabled()) {
|
||||
return new \OC_OCS_Result(null, 404, 'Share API is disabled');
|
||||
}
|
||||
|
||||
// Verify path
|
||||
$path = $this->request->getParam('path', null);
|
||||
if ($path === null) {
|
||||
|
|
@ -421,6 +432,10 @@ class Share20OCS {
|
|||
* @return \OC_OCS_Result
|
||||
*/
|
||||
public function getShares() {
|
||||
if (!$this->shareManager->shareApiEnabled()) {
|
||||
return new \OC_OCS_Result();
|
||||
}
|
||||
|
||||
$sharedWithMe = $this->request->getParam('shared_with_me', null);
|
||||
$reshares = $this->request->getParam('reshares', null);
|
||||
$subfiles = $this->request->getParam('subfiles');
|
||||
|
|
@ -478,6 +493,10 @@ class Share20OCS {
|
|||
* @return \OC_OCS_Result
|
||||
*/
|
||||
public function updateShare($id) {
|
||||
if (!$this->shareManager->shareApiEnabled()) {
|
||||
return new \OC_OCS_Result(null, 404, 'Share API is disabled');
|
||||
}
|
||||
|
||||
try {
|
||||
$share = $this->getShareById($id);
|
||||
} catch (ShareNotFound $e) {
|
||||
|
|
|
|||
|
|
@ -65,6 +65,10 @@ class Share20OCSTest extends \Test\TestCase {
|
|||
$this->shareManager = $this->getMockBuilder('OCP\Share\IManager')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$this->shareManager
|
||||
->expects($this->any())
|
||||
->method('shareApiEnabled')
|
||||
->willReturn(true);
|
||||
$this->groupManager = $this->getMock('OCP\IGroupManager');
|
||||
$this->userManager = $this->getMock('OCP\IUserManager');
|
||||
$this->request = $this->getMock('OCP\IRequest');
|
||||
|
|
@ -1827,7 +1831,74 @@ class Share20OCSTest extends \Test\TestCase {
|
|||
} catch (NotFoundException $e) {
|
||||
$this->assertTrue($exception);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return Share20OCS
|
||||
*/
|
||||
public function getOcsDisabledAPI() {
|
||||
$shareManager = $this->getMockBuilder('OCP\Share\IManager')
|
||||
->disableOriginalConstructor()
|
||||
->getMock();
|
||||
$shareManager
|
||||
->expects($this->any())
|
||||
->method('shareApiEnabled')
|
||||
->willReturn(false);
|
||||
|
||||
return new Share20OCS(
|
||||
$shareManager,
|
||||
$this->groupManager,
|
||||
$this->userManager,
|
||||
$this->request,
|
||||
$this->rootFolder,
|
||||
$this->urlGenerator,
|
||||
$this->currentUser
|
||||
);
|
||||
}
|
||||
|
||||
public function testGetShareApiDisabled() {
|
||||
$ocs = $this->getOcsDisabledAPI();
|
||||
|
||||
$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
|
||||
$result = $ocs->getShare('my:id');
|
||||
|
||||
$this->assertEquals($expected, $result);
|
||||
}
|
||||
|
||||
public function testDeleteShareApiDisabled() {
|
||||
$ocs = $this->getOcsDisabledAPI();
|
||||
|
||||
$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
|
||||
$result = $ocs->deleteShare('my:id');
|
||||
|
||||
$this->assertEquals($expected, $result);
|
||||
}
|
||||
|
||||
|
||||
public function testCreateShareApiDisabled() {
|
||||
$ocs = $this->getOcsDisabledAPI();
|
||||
|
||||
$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
|
||||
$result = $ocs->createShare();
|
||||
|
||||
$this->assertEquals($expected, $result);
|
||||
}
|
||||
|
||||
public function testGetSharesApiDisabled() {
|
||||
$ocs = $this->getOcsDisabledAPI();
|
||||
|
||||
$expected = new \OC_OCS_Result();
|
||||
$result = $ocs->getShares();
|
||||
|
||||
$this->assertEquals($expected, $result);
|
||||
}
|
||||
|
||||
public function testUpdateShareApiDisabled() {
|
||||
$ocs = $this->getOcsDisabledAPI();
|
||||
|
||||
$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
|
||||
$result = $ocs->updateShare('my:id');
|
||||
|
||||
$this->assertEquals($expected, $result);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue