From 560779d1bef4d6d3163dc61cdf0c5f336972ff55 Mon Sep 17 00:00:00 2001 From: nfebe Date: Fri, 17 Oct 2025 11:21:12 +0200 Subject: [PATCH] refactor: Separate concerns in link sharing checks Following https://github.com/nextcloud/server/pull/55811 split `shareApiAllowLinks()` into two dedicated methods to improve clarity and separation of concerns: - `isLinkSharingEnabled()`: Checks if link sharing is globally enabled - `canUserCreateLinkShares()`: Checks if a user can create link shares (considers both global settings and group restrictions) The original shareApiAllowLinks() is now deprecated and acts as a wrapper to maintain backward compatibility. --- apps/files_sharing/lib/Capabilities.php | 2 +- lib/private/Share20/Manager.php | 59 ++++++++++++++++++------- lib/public/Share/IManager.php | 20 +++++++++ 3 files changed, 64 insertions(+), 17 deletions(-) diff --git a/apps/files_sharing/lib/Capabilities.php b/apps/files_sharing/lib/Capabilities.php index 06aa1271c8f..d1b75cd0a99 100644 --- a/apps/files_sharing/lib/Capabilities.php +++ b/apps/files_sharing/lib/Capabilities.php @@ -106,7 +106,7 @@ class Capabilities implements ICapability { $res['api_enabled'] = true; $public = []; - $public['enabled'] = $this->shareManager->shareApiAllowLinks(); + $public['enabled'] = $this->shareManager->canUserCreateLinkShares(); if ($public['enabled']) { $public['password'] = []; $public['password']['enforced'] = $this->shareManager->shareApiLinkEnforcePassword(); diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 74bd888fbc7..15a14af5c9f 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -559,7 +559,7 @@ class Manager implements IManager { */ protected function linkCreateChecks(IShare $share) { // Are link shares allowed? - if (!$this->shareApiAllowLinks()) { + if (!$this->canUserCreateLinkShares()) { throw new \Exception($this->l->t('Link sharing is not allowed')); } @@ -1413,7 +1413,7 @@ class Manager implements IManager { } $share = null; try { - if ($this->shareApiAllowLinks(checkGroupExclusion: false)) { + if ($this->isLinkSharingEnabled()) { $provider = $this->factory->getProviderForType(IShare::TYPE_LINK); $share = $provider->getShareByToken($token); } @@ -1739,29 +1739,56 @@ class Manager implements IManager { return $this->config->getAppValue('core', 'shareapi_enabled', 'yes') === 'yes'; } + /** + * Check if public link sharing is enabled globally + * + * @return bool + * @since 33.0.0 + */ + public function isLinkSharingEnabled(): bool { + return $this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes'; + } + + /** + * Check if a specific user can create public link shares + * + * This considers both global settings and user-specific group restrictions + * + * @param string|null $userId The user ID to check, or null for current user + * @return bool + * @since 33.0.0 + */ + public function canUserCreateLinkShares(?string $userId = null): bool { + if (!$this->isLinkSharingEnabled()) { + return false; + } + + $user = $userId ? $this->userManager->get($userId) : $this->userSession->getUser(); + if (!$user) { + return true; + } + + $excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]')); + if ($excludedGroups) { + $userGroups = $this->groupManager->getUserGroupIds($user); + return !(bool)array_intersect($excludedGroups, $userGroups); + } + + return true; + } + /** * Is public link sharing enabled * * @param bool $checkGroupExclusion Whether to check the current user's group exclusions * @return bool + * @deprecated 33.0.0 Use isLinkSharingEnabled() or canUserCreateLinkShares() instead */ public function shareApiAllowLinks(bool $checkGroupExclusion = true) { - if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') { - return false; - } - if ($checkGroupExclusion) { - $user = $this->userSession->getUser(); - if ($user) { - $excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]')); - if ($excludedGroups) { - $userGroups = $this->groupManager->getUserGroupIds($user); - return !(bool)array_intersect($excludedGroups, $userGroups); - } - } + return $this->canUserCreateLinkShares(); } - - return true; + return $this->isLinkSharingEnabled(); } /** diff --git a/lib/public/Share/IManager.php b/lib/public/Share/IManager.php index f65f7a4c56b..b1d703cd399 100644 --- a/lib/public/Share/IManager.php +++ b/lib/public/Share/IManager.php @@ -295,11 +295,31 @@ interface IManager { */ public function shareApiEnabled(); + /** + * Check if public link sharing is enabled globally + * + * @return bool + * @since 33.0.0 + */ + public function isLinkSharingEnabled(): bool; + + /** + * Check if a specific user can create public link shares + * + * This considers both global settings and user-specific group restrictions + * + * @param string|null $userId The user ID to check, or null for current user + * @return bool + * @since 33.0.0 + */ + public function canUserCreateLinkShares(?string $userId = null): bool; + /** * Is public link sharing enabled * * @return bool * @since 9.0.0 + * @deprecated 33.0.0 Use isLinkSharingEnabled() or canUserCreateLinkShares() instead */ public function shareApiAllowLinks();