[Sharing 2.0] Move authentication to the OCS API
This commit is contained in:
Roeland Jago Douma
parent
a2b8483779
commit
ab02b5c36e
3 changed files with 146 additions and 61 deletions
|
|
@ -41,7 +41,8 @@ class OCSShareWrapper {
|
|||
\OC::$server->getUserManager(),
|
||||
\OC::$server->getRequest(),
|
||||
\OC::$server->getUserFolder(),
|
||||
\OC::$server->getURLGenerator());
|
||||
\OC::$server->getURLGenerator(),
|
||||
\OC::$server->getUserSession()->getUser());
|
||||
}
|
||||
|
||||
public function getAllShares($params) {
|
||||
|
|
|
|||
|
|
@ -22,35 +22,52 @@ namespace OCA\Files_Sharing\API;
|
|||
|
||||
use OC\Share20\IShare;
|
||||
|
||||
use OCP\IGroupManager;
|
||||
use OCP\IUserManager;
|
||||
use OCP\IRequest;
|
||||
use OCP\Files\Folder;
|
||||
use OCP\IURLGenerator;
|
||||
use OCP\IUser;
|
||||
|
||||
class Share20OCS {
|
||||
|
||||
/** @var \OC\Share20\Manager */
|
||||
private $shareManager;
|
||||
|
||||
/** @var \OCP\IGroupManager */
|
||||
/** @var IGroupManager */
|
||||
private $groupManager;
|
||||
|
||||
/** @var \OCP\IUserManager */
|
||||
/** @var IUserManager */
|
||||
private $userManager;
|
||||
|
||||
/** @var \OCP\IRequest */
|
||||
/** @var IRequest */
|
||||
private $request;
|
||||
|
||||
/** @var \OCP\Files\Folder */
|
||||
/** @var Folder */
|
||||
private $userFolder;
|
||||
|
||||
public function __construct(\OC\Share20\Manager $shareManager,
|
||||
\OCP\IGroupManager $groupManager,
|
||||
\OCP\IUserManager $userManager,
|
||||
\OCP\IRequest $request,
|
||||
\OCP\Files\Folder $userFolder,
|
||||
\OCP\IURLGenerator $urlGenerator) {
|
||||
/** @var IUrlGenerator */
|
||||
private $urlGenerator;
|
||||
|
||||
/** @var IUser */
|
||||
private $currentUser;
|
||||
|
||||
public function __construct(
|
||||
\OC\Share20\Manager $shareManager,
|
||||
\OCP\IGroupManager $groupManager,
|
||||
\OCP\IUserManager $userManager,
|
||||
\OCP\IRequest $request,
|
||||
\OCP\Files\Folder $userFolder,
|
||||
\OCP\IURLGenerator $urlGenerator,
|
||||
\OCP\IUser $currentUser
|
||||
) {
|
||||
$this->shareManager = $shareManager;
|
||||
$this->userManager = $userManager;
|
||||
$this->groupManager = $groupManager;
|
||||
$this->request = $request;
|
||||
$this->userFolder = $userFolder;
|
||||
$this->urlGenerator = $urlGenerator;
|
||||
$this->currentUser = $currentUser;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -131,8 +148,12 @@ class Share20OCS {
|
|||
return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.');
|
||||
}
|
||||
|
||||
$share = $this->formatShare($share);
|
||||
return new \OC_OCS_Result($share);
|
||||
if ($this->canAccessShare($share)) {
|
||||
$share = $this->formatShare($share);
|
||||
return new \OC_OCS_Result($share);
|
||||
} else {
|
||||
return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -156,6 +177,10 @@ class Share20OCS {
|
|||
\OCA\Files_Sharing\API\Local::deleteShare(['id' => $id]);
|
||||
}
|
||||
|
||||
if (!$this->canAccessShare($share)) {
|
||||
return new \OC_OCS_Result(null, 404, 'could not delete share');
|
||||
}
|
||||
|
||||
try {
|
||||
$this->shareManager->deleteShare($share);
|
||||
} catch (\OC\Share20\Exception\BackendError $e) {
|
||||
|
|
@ -164,4 +189,30 @@ class Share20OCS {
|
|||
|
||||
return new \OC_OCS_Result();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param IShare $share
|
||||
* @return bool
|
||||
*/
|
||||
protected function canAccessShare(IShare $share) {
|
||||
// Owner of the file and the sharer of the file can always get share
|
||||
if ($share->getShareOwner() === $this->currentUser ||
|
||||
$share->getSharedBy() === $this->currentUser
|
||||
) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// If the share is shared with you (or a group you are a member of)
|
||||
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER &&
|
||||
$share->getSharedWith() === $this->currentUser) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP &&
|
||||
$share->getSharedWith()->inGroup($this->currentUser)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,28 +20,38 @@
|
|||
*/
|
||||
namespace OCA\Files_Sharing\Tests\API;
|
||||
|
||||
use OC\Share20\IShare;
|
||||
use OCA\Files_Sharing\API\Share20OCS;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\IUserManager;
|
||||
use OCP\IRequest;
|
||||
use OCP\Files\Folder;
|
||||
use OCP\IURLGenerator;
|
||||
use OCP\IUser;
|
||||
|
||||
class Share20OCSTest extends \Test\TestCase {
|
||||
|
||||
/** @var \OC\Share20\Manager */
|
||||
private $shareManager;
|
||||
|
||||
/** @var \OCP\IGroupManager */
|
||||
/** @var IGroupManager */
|
||||
private $groupManager;
|
||||
|
||||
/** @var \OCP\IUserManager */
|
||||
/** @var IUserManager */
|
||||
private $userManager;
|
||||
|
||||
/** @var \OCP\IRequest */
|
||||
/** @var IRequest */
|
||||
private $request;
|
||||
|
||||
/** @var \OCP\Files\Folder */
|
||||
/** @var Folder */
|
||||
private $userFolder;
|
||||
|
||||
/** @var \OCP\IURLGenerator */
|
||||
/** @var IURLGenerator */
|
||||
private $urlGenerator;
|
||||
|
||||
/** @var IUser */
|
||||
private $currentUser;
|
||||
|
||||
/** @var Share20OCS */
|
||||
private $ocs;
|
||||
|
||||
|
|
@ -54,13 +64,17 @@ class Share20OCSTest extends \Test\TestCase {
|
|||
$this->request = $this->getMock('OCP\IRequest');
|
||||
$this->userFolder = $this->getMock('OCP\Files\Folder');
|
||||
$this->urlGenerator = $this->getMock('OCP\IURLGenerator');
|
||||
$this->currentUser = $this->getMock('OCP\IUser');
|
||||
|
||||
$this->ocs = new Share20OCS($this->shareManager,
|
||||
$this->groupManager,
|
||||
$this->userManager,
|
||||
$this->request,
|
||||
$this->userFolder,
|
||||
$this->urlGenerator);
|
||||
$this->ocs = new Share20OCS(
|
||||
$this->shareManager,
|
||||
$this->groupManager,
|
||||
$this->userManager,
|
||||
$this->request,
|
||||
$this->userFolder,
|
||||
$this->urlGenerator,
|
||||
$this->currentUser
|
||||
);
|
||||
}
|
||||
|
||||
public function testDeleteShareShareNotFound() {
|
||||
|
|
@ -76,6 +90,7 @@ class Share20OCSTest extends \Test\TestCase {
|
|||
|
||||
public function testDeleteShareCouldNotDelete() {
|
||||
$share = $this->getMock('OC\Share20\IShare');
|
||||
$share->method('getShareOwner')->willReturn($this->currentUser);
|
||||
$this->shareManager
|
||||
->expects($this->once())
|
||||
->method('getShareById')
|
||||
|
|
@ -94,6 +109,7 @@ class Share20OCSTest extends \Test\TestCase {
|
|||
|
||||
public function testDeleteShare() {
|
||||
$share = $this->getMock('OC\Share20\IShare');
|
||||
$share->method('getSharedBy')->willReturn($this->currentUser);
|
||||
$this->shareManager
|
||||
->expects($this->once())
|
||||
->method('getShareById')
|
||||
|
|
@ -244,42 +260,6 @@ class Share20OCSTest extends \Test\TestCase {
|
|||
];
|
||||
$data[] = [$share, $expected];
|
||||
|
||||
// Folder shared with remote
|
||||
$share = $this->createShare(101,
|
||||
\OCP\Share::SHARE_TYPE_REMOTE,
|
||||
'user@remote.com',
|
||||
$owner,
|
||||
$folder,
|
||||
4,
|
||||
5,
|
||||
null,
|
||||
6,
|
||||
'target',
|
||||
0);
|
||||
$expected = [
|
||||
'id' => 101,
|
||||
'share_type' => \OCP\Share::SHARE_TYPE_REMOTE,
|
||||
'share_with' => 'user@remote.com',
|
||||
'share_with_displayname' => 'user@remote.com',
|
||||
'uid_owner' => 'ownerId',
|
||||
'displayname_owner' => 'ownerDisplay',
|
||||
'item_type' => 'folder',
|
||||
'item_source' => 2,
|
||||
'file_source' => 2,
|
||||
'file_target' => 'target',
|
||||
'file_parent' => 3,
|
||||
'token' => null,
|
||||
'expiration' => null,
|
||||
'permissions' => 4,
|
||||
'stime' => 5,
|
||||
'parent' => 6,
|
||||
'storage_id' => 'STORAGE',
|
||||
'path' => 'folder',
|
||||
'storage' => null, // HACK around static function
|
||||
'mail_send' => 0,
|
||||
];
|
||||
$data[] = [$share, $expected];
|
||||
|
||||
// File shared by link with Expire
|
||||
$expire = \DateTime::createFromFormat('Y-m-d h:i:s', '2000-01-02 01:02:03');
|
||||
$share = $this->createShare(101,
|
||||
|
|
@ -327,6 +307,20 @@ class Share20OCSTest extends \Test\TestCase {
|
|||
* @dataProvider dataGetShare
|
||||
*/
|
||||
public function testGetShare(\OC\Share20\IShare $share, array $result) {
|
||||
$ocs = $this->getMockBuilder('OCA\Files_Sharing\API\Share20OCS')
|
||||
->setConstructorArgs([
|
||||
$this->shareManager,
|
||||
$this->groupManager,
|
||||
$this->userManager,
|
||||
$this->request,
|
||||
$this->userFolder,
|
||||
$this->urlGenerator,
|
||||
$this->currentUser
|
||||
])->setMethods(['canAccessShare'])
|
||||
->getMock();
|
||||
|
||||
$ocs->method('canAccessShare')->willReturn(true);
|
||||
|
||||
$this->shareManager
|
||||
->expects($this->once())
|
||||
->method('getShareById')
|
||||
|
|
@ -342,5 +336,44 @@ class Share20OCSTest extends \Test\TestCase {
|
|||
->willReturn('url');
|
||||
|
||||
$expected = new \OC_OCS_Result($result);
|
||||
$this->assertEquals($expected->getData(), $this->ocs->getShare($share->getId())->getData()); }
|
||||
$this->assertEquals($expected->getData(), $ocs->getShare($share->getId())->getData());
|
||||
}
|
||||
|
||||
public function testCanAccessShare() {
|
||||
$share = $this->getMock('OC\Share20\IShare');
|
||||
$share->method('getShareOwner')->willReturn($this->currentUser);
|
||||
$this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));
|
||||
|
||||
$share = $this->getMock('OC\Share20\IShare');
|
||||
$share->method('getSharedBy')->willReturn($this->currentUser);
|
||||
$this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));
|
||||
|
||||
$share = $this->getMock('OC\Share20\IShare');
|
||||
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_USER);
|
||||
$share->method('getSharedWith')->willReturn($this->currentUser);
|
||||
$this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));
|
||||
|
||||
$share = $this->getMock('OC\Share20\IShare');
|
||||
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_USER);
|
||||
$share->method('getSharedWith')->willReturn($this->getMock('OCP\IUser'));
|
||||
$this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));
|
||||
|
||||
$share = $this->getMock('OC\Share20\IShare');
|
||||
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_GROUP);
|
||||
$group = $this->getMock('OCP\IGroup');
|
||||
$group->method('inGroup')->with($this->currentUser)->willReturn(true);
|
||||
$share->method('getSharedWith')->willReturn($group);
|
||||
$this->assertTrue($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));
|
||||
|
||||
$share = $this->getMock('OC\Share20\IShare');
|
||||
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_GROUP);
|
||||
$group = $this->getMock('OCP\IGroup');
|
||||
$group->method('inGroup')->with($this->currentUser)->willReturn(false);
|
||||
$share->method('getSharedWith')->willReturn($group);
|
||||
$this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));
|
||||
|
||||
$share = $this->getMock('OC\Share20\IShare');
|
||||
$share->method('getShareType')->willReturn(\OCP\Share::SHARE_TYPE_LINK);
|
||||
$this->assertFalse($this->invokePrivate($this->ocs, 'canAccessShare', [$share]));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue