upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-02 13:31:14 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Fix copy in view-only mode

Browse source 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
This commit is contained in:
Vincent Petry 2022-08-26 10:30:26 +02:00 committed by backportbot-nextcloud[bot]
parent 04fac4f540
commit 15416e7305
4 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apps/dav/lib/DAV/ViewOnlyPlugin.php
View file

@ -57,6 +57,7 @@ class ViewOnlyPlugin extends ServerPlugin {
//priority 90 to make sure the plugin is called before
//Sabre\DAV\CorePlugin::httpGet
$this->server->on('method:GET', [$this, 'checkViewOnly'], 90);
$this->server->on('method:COPY', [$this, 'checkViewOnly'], 90);
}
/**

BIN
build/composer Executable file
View file

Binary file not shown.

2
build/integration/features/bootstrap/Sharing.php
View file

@ -440,7 +440,7 @@ trait Sharing {
}
/**
* @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with group "([^"]*)"( with permissions ([\d]*))( view-only)?$/
* @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with group "([^"]*)"( with permissions ([\d]*))?( view-only)?$/
*
* @param string $filepath
* @param string $user

20
build/integration/sharing_features/sharing-v1-part2.feature
View file

@ -1187,4 +1187,24 @@ Feature: sharing
When As an "user1"
And Downloading file "/sharedviewonly/document.odt"
Then the HTTP status code should be "403"
Scenario: Cannot copy a file when it's shared view-only
Given user "user0" exists
And user "user1" exists
And User "user0" moves file "/textfile0.txt" to "/document.odt"
And file "document.odt" of user "user0" is shared with user "user1" view-only
And user "user1" accepts last share
When User "user1" copies file "/document.odt" to "/copyforbidden.odt"
Then the HTTP status code should be "403"
Scenario: Cannot copy a file when its parent is shared view-only
Given user "user0" exists
And user "user1" exists
And User "user0" created a folder "/sharedviewonly"
And User "user0" moves file "/textfile0.txt" to "/sharedviewonly/document.odt"
And folder "sharedviewonly" of user "user0" is shared with user "user1" view-only
And user "user1" accepts last share
When User "user1" copies file "/sharedviewonly/document.odt" to "/copyforbidden.odt"
Then the HTTP status code should be "403"
# See sharing-v1-part3.feature