When a user has an active session only the apps that are enabled for the
user are initially loaded. In order to cache the routes the routes for
all apps are loaded, but routes defined in routes.php are taken into
account only if the app was already loaded. Therefore, when the routes
were cached in a request by a user with an active session only the
routes for apps enabled for that user were cached, and those routes were
used by any other user, independently of which apps they had access to.
To solve that now all the enabled apps are explicitly loaded before
caching the routes.
Note that this did not affect routes defined using annotations on the
controller files; in that case the loaded routes do not depend on the
previously loaded apps, as it explicitly checks all the enabled apps.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The "sharebymail" app is enabled by default, so it needs to be enabled
once the scenario ends as other scenarios could expect that the app is
enabled. To solve that now a special step is added that records the
enabled state of the given app and restores it once the scenario ends.
This step only restores the state of already installed apps. If an app
is installed during the test it will not be neither disabled nor
uninstalled after the test ends. Therefore, at least for now, it is
necessary to explicitly call the step to record the app to be restored,
rather than automatically keeping track of the changes in the enabled
state of the apps during the scenario.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The OCS endpoint expects either an int or an array for "shareType".
However, when using "getRowsHash()" only a single key is taken into
account, so instead of:
| shareType[] | 0 |
| shareType[] | 4 |
the share types are provided in a single row like:
| shareTypes | 0 4 |
and then converted to "shareType[]=0&shareType[]=4" when sending the
request.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This allows the admin to control the behavior whether link shares with
READ permissions should be extended to also gain SHARE permissions,
allowing users (public share receivers) to add the share to their cloud.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
The Theming app injects the stylesheets for the different themes in the
"<header>" element of the page, and those stylesheets are then loaded by
the browser from a "Controller" (a plain "Controller", not an
"OCSController"). The stylesheets, in turn, may also get some images
(like the background) also from the "Controller".
When handling a request to "index.php" it is checked whether the user is
logged in and, if not, a login is tried. A disabled user is explicitly
seen as not logged in, so a login is always tried in that case, but
disabled users are also explicitly prevented to log in, so the login
also fails. Due to that trying to get any of the themed stylesheets or
images with a disabled account (to be able to show the "Account
disabled" error page) fails with an HTTP status 401.
To solve that, and to avoid touching this basic logic as much as
possible, the login exception is now ignored (if the user is disabled)
for some specific requests to the Theming app.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
`GET` should be allowed even without Ajax header to allow downloading files,
or show files in the viewer. All other requests could be guarded, but this should not.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
As the external storage uses the Nextcloud server itself the number of
workers of the PHP process running the Nextcloud server had to be
increased. Otherwise if a request is sent for the external storage while
handling a request from the integration tests a deadlock would occur.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
