Merge pull request #16837 from nextcloud/backport/16820/16

[stable16] Change access handling of projects
This commit is contained in:
Roeland Jago Douma 2019-08-28 20:34:03 +02:00 committed by GitHub
commit 11bb942483
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 78 additions and 4 deletions

View file

@ -1022,6 +1022,7 @@ return array(
'OC\\Repair\\NC15\\SetVcardDatabaseUID' => $baseDir . '/lib/private/Repair/NC15/SetVcardDatabaseUID.php', 'OC\\Repair\\NC15\\SetVcardDatabaseUID' => $baseDir . '/lib/private/Repair/NC15/SetVcardDatabaseUID.php',
'OC\\Repair\\NC16\\AddClenupLoginFlowV2BackgroundJob' => $baseDir . '/lib/private/Repair/NC16/AddClenupLoginFlowV2BackgroundJob.php', 'OC\\Repair\\NC16\\AddClenupLoginFlowV2BackgroundJob' => $baseDir . '/lib/private/Repair/NC16/AddClenupLoginFlowV2BackgroundJob.php',
'OC\\Repair\\NC16\\CleanupCardDAVPhotoCache' => $baseDir . '/lib/private/Repair/NC16/CleanupCardDAVPhotoCache.php', 'OC\\Repair\\NC16\\CleanupCardDAVPhotoCache' => $baseDir . '/lib/private/Repair/NC16/CleanupCardDAVPhotoCache.php',
'OC\\Repair\\NC16\\ClearCollectionsAccessCache' => $baseDir . '/lib/private/Repair/NC16/ClearCollectionsAccessCache.php',
'OC\\Repair\\NC16\\RemoveCypressFiles' => $baseDir . '/lib/private/Repair/NC16/RemoveCypressFiles.php', 'OC\\Repair\\NC16\\RemoveCypressFiles' => $baseDir . '/lib/private/Repair/NC16/RemoveCypressFiles.php',
'OC\\Repair\\OldGroupMembershipShares' => $baseDir . '/lib/private/Repair/OldGroupMembershipShares.php', 'OC\\Repair\\OldGroupMembershipShares' => $baseDir . '/lib/private/Repair/OldGroupMembershipShares.php',
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => $baseDir . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php', 'OC\\Repair\\Owncloud\\DropAccountTermsTable' => $baseDir . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php',

View file

@ -1052,6 +1052,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\Repair\\NC15\\SetVcardDatabaseUID' => __DIR__ . '/../../..' . '/lib/private/Repair/NC15/SetVcardDatabaseUID.php', 'OC\\Repair\\NC15\\SetVcardDatabaseUID' => __DIR__ . '/../../..' . '/lib/private/Repair/NC15/SetVcardDatabaseUID.php',
'OC\\Repair\\NC16\\AddClenupLoginFlowV2BackgroundJob' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/AddClenupLoginFlowV2BackgroundJob.php', 'OC\\Repair\\NC16\\AddClenupLoginFlowV2BackgroundJob' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/AddClenupLoginFlowV2BackgroundJob.php',
'OC\\Repair\\NC16\\CleanupCardDAVPhotoCache' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/CleanupCardDAVPhotoCache.php', 'OC\\Repair\\NC16\\CleanupCardDAVPhotoCache' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/CleanupCardDAVPhotoCache.php',
'OC\\Repair\\NC16\\ClearCollectionsAccessCache' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/ClearCollectionsAccessCache.php',
'OC\\Repair\\NC16\\RemoveCypressFiles' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/RemoveCypressFiles.php', 'OC\\Repair\\NC16\\RemoveCypressFiles' => __DIR__ . '/../../..' . '/lib/private/Repair/NC16/RemoveCypressFiles.php',
'OC\\Repair\\OldGroupMembershipShares' => __DIR__ . '/../../..' . '/lib/private/Repair/OldGroupMembershipShares.php', 'OC\\Repair\\OldGroupMembershipShares' => __DIR__ . '/../../..' . '/lib/private/Repair/OldGroupMembershipShares.php',
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php', 'OC\\Repair\\Owncloud\\DropAccountTermsTable' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php',

View file

@ -353,12 +353,15 @@ class Manager implements IManager {
return $access; return $access;
} }
$access = false; $access = null;
// Access is granted when a user can access all resources
foreach ($collection->getResources() as $resource) { foreach ($collection->getResources() as $resource) {
if ($resource->canAccess($user)) { if (!$resource->canAccess($user)) {
$access = true; $access = false;
break; break;
} }
$access = true;
} }
$this->cacheAccessForCollection($collection, $user, $access); $this->cacheAccessForCollection($collection, $user, $access);
@ -461,6 +464,14 @@ class Manager implements IManager {
} }
} }
public function invalidateAccessCacheForAllCollections(): void {
$query = $this->connection->getQueryBuilder();
$query->delete(self::TABLE_ACCESS_CACHE)
->where($query->expr()->neq('collection_id', $query->createNamedParameter(0)));
$query->execute();
}
public function invalidateAccessCacheForCollection(ICollection $collection): void { public function invalidateAccessCacheForCollection(ICollection $collection): void {
$query = $this->connection->getQueryBuilder(); $query = $this->connection->getQueryBuilder();

View file

@ -45,6 +45,7 @@ use OC\Repair\NC14\RepairPendingCronJobs;
use OC\Repair\NC15\SetVcardDatabaseUID; use OC\Repair\NC15\SetVcardDatabaseUID;
use OC\Repair\NC16\AddClenupLoginFlowV2BackgroundJob; use OC\Repair\NC16\AddClenupLoginFlowV2BackgroundJob;
use OC\Repair\NC16\CleanupCardDAVPhotoCache; use OC\Repair\NC16\CleanupCardDAVPhotoCache;
use OC\Repair\NC16\ClearCollectionsAccessCache;
use OC\Repair\NC16\RemoveCypressFiles; use OC\Repair\NC16\RemoveCypressFiles;
use OC\Repair\OldGroupMembershipShares; use OC\Repair\OldGroupMembershipShares;
use OC\Repair\Owncloud\DropAccountTermsTable; use OC\Repair\Owncloud\DropAccountTermsTable;
@ -58,6 +59,7 @@ use OC\Template\JSCombiner;
use OC\Template\SCSSCacher; use OC\Template\SCSSCacher;
use OCP\AppFramework\QueryException; use OCP\AppFramework\QueryException;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Collaboration\Resources\IManager;
use OCP\Migration\IOutput; use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep; use OCP\Migration\IRepairStep;
use Symfony\Component\EventDispatcher\EventDispatcherInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@ -156,6 +158,7 @@ class Repair implements IOutput {
new CleanupCardDAVPhotoCache(\OC::$server->getConfig(), \OC::$server->getAppDataDir('dav-photocache'), \OC::$server->getLogger()), new CleanupCardDAVPhotoCache(\OC::$server->getConfig(), \OC::$server->getAppDataDir('dav-photocache'), \OC::$server->getLogger()),
new AddClenupLoginFlowV2BackgroundJob(\OC::$server->getJobList()), new AddClenupLoginFlowV2BackgroundJob(\OC::$server->getJobList()),
new RemoveLinkShares(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig(), \OC::$server->getGroupManager(), \OC::$server->getNotificationManager(), \OC::$server->query(ITimeFactory::class)), new RemoveLinkShares(\OC::$server->getDatabaseConnection(), \OC::$server->getConfig(), \OC::$server->getGroupManager(), \OC::$server->getNotificationManager(), \OC::$server->query(ITimeFactory::class)),
new ClearCollectionsAccessCache(\OC::$server->getConfig(), \OC::$server->query(IManager::class)),
\OC::$server->query(RemoveCypressFiles::class), \OC::$server->query(RemoveCypressFiles::class),
]; ];
} }

View file

@ -0,0 +1,58 @@
<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2019 Joas Schilling <coding@schilljs.com>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OC\Repair\NC16;
use OC\Collaboration\Resources\Manager;
use OCP\Collaboration\Resources\IManager;
use OCP\IConfig;
use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep;
class ClearCollectionsAccessCache implements IRepairStep {
/** @var IConfig */
private $config;
/** @var IManager|Manager */
private $manager;
public function __construct(IConfig $config, IManager $manager) {
$this->config = $config;
$this->manager = $manager;
}
public function getName(): string {
return 'Clear access cache of projects';
}
private function shouldRun(): bool {
$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0');
return version_compare($versionFromBeforeUpdate, '16.0.4.2', '<=');
}
public function run(IOutput $output): void {
if ($this->shouldRun()) {
$this->manager->invalidateAccessCacheForAllCollections();
}
}
}

View file

@ -29,7 +29,7 @@
// between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel // between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel
// when updating major/minor version number. // when updating major/minor version number.
$OC_Version = array(16, 0, 4, 1); $OC_Version = array(16, 0, 4, 2);
// The human readable string // The human readable string
$OC_VersionString = '16.0.4'; $OC_VersionString = '16.0.4';