share api: use default permission of no permission is given
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This commit is contained in:
parent
7741429229
commit
ebb15283a6
1 changed files with 35 additions and 28 deletions
|
@ -35,8 +35,10 @@ use OCP\AppFramework\OCS\OCSException;
|
|||
use OCP\AppFramework\OCS\OCSForbiddenException;
|
||||
use OCP\AppFramework\OCS\OCSNotFoundException;
|
||||
use OCP\AppFramework\OCSController;
|
||||
use OCP\Constants;
|
||||
use OCP\Files\Node;
|
||||
use OCP\Files\NotFoundException;
|
||||
use OCP\IConfig;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\IL10N;
|
||||
use OCP\IUserManager;
|
||||
|
@ -75,6 +77,8 @@ class ShareAPIController extends OCSController {
|
|||
private $l;
|
||||
/** @var \OCP\Files\Node */
|
||||
private $lockedNode;
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
|
||||
/**
|
||||
* Share20OCS constructor.
|
||||
|
@ -88,6 +92,7 @@ class ShareAPIController extends OCSController {
|
|||
* @param IURLGenerator $urlGenerator
|
||||
* @param string $userId
|
||||
* @param IL10N $l10n
|
||||
* @param IConfig $config
|
||||
*/
|
||||
public function __construct(
|
||||
$appName,
|
||||
|
@ -98,7 +103,8 @@ class ShareAPIController extends OCSController {
|
|||
IRootFolder $rootFolder,
|
||||
IURLGenerator $urlGenerator,
|
||||
$userId,
|
||||
IL10N $l10n
|
||||
IL10N $l10n,
|
||||
IConfig $config
|
||||
) {
|
||||
parent::__construct($appName, $request);
|
||||
|
||||
|
@ -110,6 +116,7 @@ class ShareAPIController extends OCSController {
|
|||
$this->urlGenerator = $urlGenerator;
|
||||
$this->currentUser = $userId;
|
||||
$this->l = $l10n;
|
||||
$this->config = $config;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -318,7 +325,7 @@ class ShareAPIController extends OCSController {
|
|||
*/
|
||||
public function createShare(
|
||||
$path = null,
|
||||
$permissions = \OCP\Constants::PERMISSION_ALL,
|
||||
$permissions = null,
|
||||
$shareType = -1,
|
||||
$shareWith = null,
|
||||
$publicUpload = 'false',
|
||||
|
@ -327,6 +334,10 @@ class ShareAPIController extends OCSController {
|
|||
) {
|
||||
$share = $this->shareManager->newShare();
|
||||
|
||||
if ($permissions === null) {
|
||||
$permissions = $this->config->getAppValue('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL);
|
||||
}
|
||||
|
||||
// Verify path
|
||||
if ($path === null) {
|
||||
throw new OCSNotFoundException($this->l->t('Please specify a file or folder path'));
|
||||
|
@ -347,17 +358,17 @@ class ShareAPIController extends OCSController {
|
|||
throw new OCSNotFoundException($this->l->t('Could not create share'));
|
||||
}
|
||||
|
||||
if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) {
|
||||
if ($permissions < 0 || $permissions > Constants::PERMISSION_ALL) {
|
||||
throw new OCSNotFoundException($this->l->t('invalid permissions'));
|
||||
}
|
||||
|
||||
// Shares always require read permissions
|
||||
$permissions |= \OCP\Constants::PERMISSION_READ;
|
||||
$permissions |= Constants::PERMISSION_READ;
|
||||
|
||||
if ($path instanceof \OCP\Files\File) {
|
||||
// Single file shares should never have delete or create permissions
|
||||
$permissions &= ~\OCP\Constants::PERMISSION_DELETE;
|
||||
$permissions &= ~\OCP\Constants::PERMISSION_CREATE;
|
||||
$permissions &= ~Constants::PERMISSION_DELETE;
|
||||
$permissions &= ~Constants::PERMISSION_CREATE;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -414,13 +425,13 @@ class ShareAPIController extends OCSController {
|
|||
}
|
||||
|
||||
$share->setPermissions(
|
||||
\OCP\Constants::PERMISSION_READ |
|
||||
\OCP\Constants::PERMISSION_CREATE |
|
||||
\OCP\Constants::PERMISSION_UPDATE |
|
||||
\OCP\Constants::PERMISSION_DELETE
|
||||
Constants::PERMISSION_READ |
|
||||
Constants::PERMISSION_CREATE |
|
||||
Constants::PERMISSION_UPDATE |
|
||||
Constants::PERMISSION_DELETE
|
||||
);
|
||||
} else {
|
||||
$share->setPermissions(\OCP\Constants::PERMISSION_READ);
|
||||
$share->setPermissions(Constants::PERMISSION_READ);
|
||||
}
|
||||
|
||||
// Set password
|
||||
|
@ -447,13 +458,9 @@ class ShareAPIController extends OCSController {
|
|||
$share->setPermissions($permissions);
|
||||
} else if ($shareType === \OCP\Share::SHARE_TYPE_EMAIL) {
|
||||
if ($share->getNodeType() === 'file') {
|
||||
$share->setPermissions(\OCP\Constants::PERMISSION_READ);
|
||||
$share->setPermissions(Constants::PERMISSION_READ);
|
||||
} else {
|
||||
$share->setPermissions(
|
||||
\OCP\Constants::PERMISSION_READ |
|
||||
\OCP\Constants::PERMISSION_CREATE |
|
||||
\OCP\Constants::PERMISSION_UPDATE |
|
||||
\OCP\Constants::PERMISSION_DELETE);
|
||||
$share->setPermissions($permissions);
|
||||
}
|
||||
$share->setSharedWith($shareWith);
|
||||
} else if ($shareType === \OCP\Share::SHARE_TYPE_CIRCLE) {
|
||||
|
@ -698,23 +705,23 @@ class ShareAPIController extends OCSController {
|
|||
|
||||
$newPermissions = null;
|
||||
if ($publicUpload === 'true') {
|
||||
$newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE;
|
||||
$newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
|
||||
} else if ($publicUpload === 'false') {
|
||||
$newPermissions = \OCP\Constants::PERMISSION_READ;
|
||||
$newPermissions = Constants::PERMISSION_READ;
|
||||
}
|
||||
|
||||
if ($permissions !== null) {
|
||||
$newPermissions = (int)$permissions;
|
||||
$newPermissions = $newPermissions & ~\OCP\Constants::PERMISSION_SHARE;
|
||||
$newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE;
|
||||
}
|
||||
|
||||
if ($newPermissions !== null &&
|
||||
!in_array($newPermissions, [
|
||||
\OCP\Constants::PERMISSION_READ,
|
||||
\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE, // legacy
|
||||
\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE, // correct
|
||||
\OCP\Constants::PERMISSION_CREATE, // hidden file list
|
||||
\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE, // allow to edit single files
|
||||
Constants::PERMISSION_READ,
|
||||
Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE, // legacy
|
||||
Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE, // correct
|
||||
Constants::PERMISSION_CREATE, // hidden file list
|
||||
Constants::PERMISSION_READ | Constants::PERMISSION_UPDATE, // allow to edit single files
|
||||
])
|
||||
) {
|
||||
throw new OCSBadRequestException($this->l->t('Can\'t change permissions for public share links'));
|
||||
|
@ -722,9 +729,9 @@ class ShareAPIController extends OCSController {
|
|||
|
||||
if (
|
||||
// legacy
|
||||
$newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) ||
|
||||
$newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE) ||
|
||||
// correct
|
||||
$newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE)
|
||||
$newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE)
|
||||
) {
|
||||
if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
|
||||
throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
|
||||
|
@ -735,7 +742,7 @@ class ShareAPIController extends OCSController {
|
|||
}
|
||||
|
||||
// normalize to correct public upload permissions
|
||||
$newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE;
|
||||
$newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
|
||||
}
|
||||
|
||||
if ($newPermissions !== null) {
|
||||
|
|
Loading…
Reference in a new issue