check parents resharing rights

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
This commit is contained in:
Maxence Lange 2018-11-01 13:41:19 +01:00 committed by Julius Härtl
parent 2a17811caf
commit 236a293f6a
No known key found for this signature in database
GPG key ID: 4C614C6ED2CDE6DF

View file

@ -39,7 +39,6 @@ use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController; use OCP\AppFramework\OCSController;
use OCP\AppFramework\QueryException; use OCP\AppFramework\QueryException;
use OCP\Constants; use OCP\Constants;
use OCP\Files\Folder;
use OCP\Files\Node; use OCP\Files\Node;
use OCP\Files\NotFoundException; use OCP\Files\NotFoundException;
use OCP\IConfig; use OCP\IConfig;
@ -727,11 +726,10 @@ class ShareAPIController extends OCSController {
foreach ($shares as $share) { foreach ($shares as $share) {
try { try {
$formatted[] = $this->formatShare($share, $path); $formatted[] = $this->formatShare($share, $path);
if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share)) { if ($path !== null && !$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) {
$resharingRight = true; $resharingRight = true;
} }
} catch (\Exception $e) {
} catch (NotFoundException $e) {
//Ignore share //Ignore share
} }
} }
@ -1119,15 +1117,25 @@ class ShareAPIController extends OCSController {
/** /**
* Returns if we can find resharing rights in an IShare object for a specific user. * Returns if we can find resharing rights in an IShare object for a specific user.
* *
* @suppress PhanUndeclaredClassMethod
*
* @param string $userId * @param string $userId
* @param IShare $share * @param IShare $share
* @param Node $node
* @return bool * @return bool
* @throws NotFoundException
* @throws \OCP\Files\InvalidPathException
*/ */
private function shareProviderResharingRights(string $userId, IShare $share): bool { private function shareProviderResharingRights(string $userId, IShare $share, Node $node): bool {
if ($share->getShareOwner() === $userId) { if ($share->getShareOwner() === $userId) {
return true; return true;
} }
// we check that current user have parent resharing rights on the current file
if (($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) {
return true;
}
if ((\OCP\Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) { if ((\OCP\Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) {
return false; return false;
} }
@ -1141,7 +1149,7 @@ class ShareAPIController extends OCSController {
} }
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles') && if ($share->getShareType() === \OCP\Share::SHARE_TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles') &&
class_exists('\OCA\Circles\Api\v1\Circles')) { class_exists('\OCA\Circles\Api\v1\Circles')) {
$hasCircleId = (substr($share->getSharedWith(), -1) === ']'); $hasCircleId = (substr($share->getSharedWith(), -1) === ']');
$shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0); $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
$shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' ')); $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));