upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Enforcing permission during resharing

Browse source 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
This commit is contained in:
Carl Schwan 2022-07-15 14:52:04 +02:00
parent bbb5043c07
commit ab1a20522b
No known key found for this signature in database
GPG key ID: C3AA6B3A5EFA7AC5
4 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
apps/files_sharing/lib/Controller/ShareAPIController.php
View file

@ -524,6 +524,15 @@ class ShareAPIController extends OCSController {
$permissions &= ~($permissions & ~$node->getPermissions());
}
if ($share->getNode()->getStorage()->instanceOfStorage(SharedStorage::class)) {
/** @var \OCA\Files_Sharing\SharedStorage $storage */
$inheritedAttributes = $share->getNode()->getStorage()->getShare()->getAttributes();
if ($inheritedAttributes !== null && $inheritedAttributes->getAttribute('permissions', 'download') === false) {
$share->setHideDownload(true);
}
}
if ($shareType === IShare::TYPE_USER) {
// Valid user is required to share
if ($shareWith === null || !$this->userManager->userExists($shareWith)) {
@ -550,14 +559,6 @@ class ShareAPIController extends OCSController {
throw new OCSNotFoundException($this->l->t('Public link sharing is disabled by the administrator'));
}
if ($share->getNode()->getStorage()->instanceOfStorage(SharedStorage::class)) {
/** @var \OCA\Files_Sharing\SharedStorage $storage */
$inheritedAttributes = $share->getNode()->getStorage()->getShare()->getAttributes();
if ($inheritedAttributes !== null && $inheritedAttributes->getAttribute('permissions', 'download') === false) {
$share->setHideDownload(true);
}
}
if ($publicUpload === 'true') {
// Check if public upload is allowed
if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {

1
apps/files_sharing/src/components/SharingEntryLink.vue
View file

@ -697,6 +697,7 @@ export default {
shareType: ShareTypes.SHARE_TYPE_LINK,
password: share.password,
expireDate: share.expireDate,
attributes: JSON.stringify(this.fileInfo.shareAttributes),
// we do not allow setting the publicUpload
// before the share creation.
// Todo: We also need to fix the createShare method in

1
apps/files_sharing/src/components/SharingInput.vue
View file

@ -478,6 +478,7 @@ export default {
shareWith: value.shareWith,
password,
permissions: this.fileInfo.sharePermissions & OC.getCapabilities().files_sharing.default_permissions,
attributes: JSON.stringify(this.fileInfo.shareAttributes),
})
// If we had a password, we need to show it to the user as it was generated

5
apps/files_sharing/src/mixins/ShareRequests.js
View file

@ -47,12 +47,13 @@ export default {
* @param {boolean} [data.sendPasswordByTalk=false] send the password via a talk conversation
* @param {string} [data.expireDate=''] expire the shareautomatically after
* @param {string} [data.label=''] custom label
* @param {string} [data.attributes=null] Share attributes encoded as json
* @return {Share} the new share
* @throws {Error}
*/
async createShare({ path, permissions, shareType, shareWith, publicUpload, password, sendPasswordByTalk, expireDate, label }) {
async createShare({ path, permissions, shareType, shareWith, publicUpload, password, sendPasswordByTalk, expireDate, label, attributes }) {
try {
const request = await axios.post(shareUrl, { path, permissions, shareType, shareWith, publicUpload, password, sendPasswordByTalk, expireDate, label })
const request = await axios.post(shareUrl, { path, permissions, shareType, shareWith, publicUpload, password, sendPasswordByTalk, expireDate, label, attributes })
if (!request?.data?.ocs) {
throw request
}