mirror of
https://github.com/nextcloud/server.git
synced 2026-05-28 04:32:30 -04:00
Merge pull request #59792 from nextcloud/share-link-permissions
This commit is contained in:
Kate
GitHub
commit
47d8b2126e
5 changed files with 46 additions and 8 deletions
|
|
@ -78,6 +78,7 @@ use Psr\Log\LoggerInterface;
|
|||
class ShareAPIController extends OCSController {
|
||||
|
||||
private ?Node $lockedNode = null;
|
||||
/** @var array<bool> $trustedServerCache */
|
||||
private array $trustedServerCache = [];
|
||||
|
||||
/**
|
||||
|
|
@ -239,6 +240,10 @@ class ShareAPIController extends OCSController {
|
|||
$result['expiration'] = $expiration->format('Y-m-d H:i:s');
|
||||
}
|
||||
|
||||
$currentUserPermissions = $recipientNode?->getPermissions() ?? Constants::PERMISSION_ALL;
|
||||
$userHasEnoughPermissions = ($currentUserPermissions & $share->getPermissions()) === $share->getPermissions();
|
||||
$token = $userHasEnoughPermissions ? $share->getToken() : null;
|
||||
|
||||
if ($share->getShareType() === IShare::TYPE_USER) {
|
||||
$sharedWith = $this->userManager->get($share->getSharedWith());
|
||||
$result['share_with'] = $share->getSharedWith();
|
||||
|
|
@ -264,6 +269,7 @@ class ShareAPIController extends OCSController {
|
|||
$result['share_with'] = $share->getSharedWith();
|
||||
$result['share_with_displayname'] = $group !== null ? $group->getDisplayName() : $share->getSharedWith();
|
||||
} elseif ($share->getShareType() === IShare::TYPE_LINK) {
|
||||
$url = $token ? $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $token]) : null;
|
||||
|
||||
// "share_with" and "share_with_displayname" for passwords of link
|
||||
// shares was deprecated in Nextcloud 15, use "password" instead.
|
||||
|
|
@ -274,23 +280,23 @@ class ShareAPIController extends OCSController {
|
|||
|
||||
$result['send_password_by_talk'] = $share->getSendPasswordByTalk();
|
||||
|
||||
$result['token'] = $share->getToken();
|
||||
$result['url'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $share->getToken()]);
|
||||
$result['token'] = $token;
|
||||
$result['url'] = $url;
|
||||
} elseif ($share->getShareType() === IShare::TYPE_REMOTE) {
|
||||
$result['share_with'] = $share->getSharedWith();
|
||||
$result['share_with_displayname'] = $this->getCachedFederatedDisplayName($share->getSharedWith());
|
||||
$result['token'] = $share->getToken();
|
||||
$result['token'] = $token;
|
||||
} elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
|
||||
$result['share_with'] = $share->getSharedWith();
|
||||
$result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'CLOUD');
|
||||
$result['token'] = $share->getToken();
|
||||
$result['token'] = $token;
|
||||
} elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
|
||||
$result['share_with'] = $share->getSharedWith();
|
||||
$result['password'] = $share->getPassword();
|
||||
$result['password_expiration_time'] = $share->getPasswordExpirationTime() !== null ? $share->getPasswordExpirationTime()->format(\DateTime::ATOM) : null;
|
||||
$result['send_password_by_talk'] = $share->getSendPasswordByTalk();
|
||||
$result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'EMAIL');
|
||||
$result['token'] = $share->getToken();
|
||||
$result['token'] = $token;
|
||||
} elseif ($share->getShareType() === IShare::TYPE_CIRCLE) {
|
||||
// getSharedWith() returns either "name (type, owner)" or
|
||||
// "name (type, owner) [id]", depending on the Teams app version.
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ namespace OCA\Files_Sharing;
|
|||
* token: ?string,
|
||||
* uid_file_owner: string,
|
||||
* uid_owner: string,
|
||||
* url?: string,
|
||||
* url?: string|null,
|
||||
* }
|
||||
*
|
||||
* @psalm-type Files_SharingDeletedShare = array{
|
||||
|
|
|
|||
|
|
@ -721,7 +721,8 @@
|
|||
"type": "string"
|
||||
},
|
||||
"url": {
|
||||
"type": "string"
|
||||
"type": "string",
|
||||
"nullable": true
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -23,6 +23,36 @@ Feature: sharing
|
|||
And User "user2" should be included in the response
|
||||
And User "user3" should not be included in the response
|
||||
|
||||
Scenario: getting all shares of a file with reshares with link share with less permissions
|
||||
Given user "user0" exists
|
||||
And user "user1" exists
|
||||
When as "user0" creating a share with
|
||||
| path | textfile0.txt |
|
||||
| shareType | 0 |
|
||||
| shareWith | user1 |
|
||||
| permissions | 17 |
|
||||
Then the OCS status code should be "100"
|
||||
And the HTTP status code should be "200"
|
||||
When as "user0" creating a share with
|
||||
| path | textfile0.txt |
|
||||
| shareType | 3 |
|
||||
| permissions | 19 |
|
||||
Then the OCS status code should be "100"
|
||||
And the HTTP status code should be "200"
|
||||
And last link share can be downloaded
|
||||
When As an "user1"
|
||||
And sending "GET" to "/apps/files_sharing/api/v1/shares?reshares=true&path=textfile0 (2).txt"
|
||||
Then the OCS status code should be "100"
|
||||
And the HTTP status code should be "200"
|
||||
And User "user1" should not be included in the response
|
||||
Then the list of returned shares has 1 shares
|
||||
And share 0 is returned with
|
||||
| share_type | 3 |
|
||||
| uid_owner | user0 |
|
||||
| token | |
|
||||
| url | |
|
||||
| permissions | 19 |
|
||||
|
||||
Scenario: getting all shares of a file with a received share after revoking the resharing rights
|
||||
Given user "user0" exists
|
||||
And user "user1" exists
|
||||
|
|
|
|||
|
|
@ -2852,7 +2852,8 @@
|
|||
"type": "string"
|
||||
},
|
||||
"url": {
|
||||
"type": "string"
|
||||
"type": "string",
|
||||
"nullable": true
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue