upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-08 16:26:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

Merge pull request #32958 from nextcloud/fix/noid/permission-update-allow-public-uploads

Browse source
This commit is contained in:
Julius Härtl 2022-08-02 16:49:27 +02:00 committed by GitHub
commit 9475cc02b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/private/Share20/Manager.php
View file

@ -650,7 +650,7 @@ class Manager implements IManager {
}
// Check if public upload is allowed
if (!$this->shareApiLinkAllowPublicUpload() &&
if ($share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload() &&
($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) {
throw new \InvalidArgumentException('Public upload is not allowed');
}
@ -1544,7 +1544,7 @@ class Manager implements IManager {
* Reduce the permissions for link or email shares if public upload is not enabled
*/
if (($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL)
&& !$this->shareApiLinkAllowPublicUpload()) {
&& $share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload()) {
$share->setPermissions($share->getPermissions() & ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE));
}

29
tests/lib/Share20/ManagerTest.php
View file

@ -1915,13 +1915,31 @@ class ManagerTest extends \Test\TestCase {
}
public function testLinkCreateChecksNoPublicUpload() {
public function testFileLinkCreateChecksNoPublicUpload() {
$share = $this->manager->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
$share->setNodeType('file');
$this->config
->method('getAppValue')
->willReturnMap([
['core', 'shareapi_allow_links', 'yes', 'yes'],
['core', 'shareapi_allow_public_upload', 'yes', 'no']
]);
self::invokePrivate($this->manager, 'linkCreateChecks', [$share]);
$this->addToAssertionCount(1);
}
public function testFolderLinkCreateChecksNoPublicUpload() {
$this->expectException(\Exception::class);
$this->expectExceptionMessage('Public upload is not allowed');
$share = $this->manager->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
$share->setNodeType('folder');
$this->config
->method('getAppValue')
@ -1937,6 +1955,9 @@ class ManagerTest extends \Test\TestCase {
$share = $this->manager->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
$share->setSharedWith('sharedWith');
$folder = $this->createMock(\OC\Files\Node\Folder::class);
$share->setNode($folder);
$this->config
->method('getAppValue')
@ -1953,6 +1974,9 @@ class ManagerTest extends \Test\TestCase {
$share = $this->manager->newShare();
$share->setPermissions(\OCP\Constants::PERMISSION_READ);
$share->setSharedWith('sharedWith');
$folder = $this->createMock(\OC\Files\Node\Folder::class);
$share->setNode($folder);
$this->config
->method('getAppValue')
@ -2947,6 +2971,9 @@ class ManagerTest extends \Test\TestCase {
$share = $this->manager->newShare();
$share->setShareType(IShare::TYPE_LINK)
->setPermissions(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
$share->setSharedWith('sharedWith');
$folder = $this->createMock(\OC\Files\Node\Folder::class);
$share->setNode($folder);
$this->config
->expects($this->at(1))