public static function deleteGroup($parameters)
{
// Check it exists
if (!OC_Group::groupExists($parameters['groupid'])) {
return 101;
} else {
if ($parameters['groupid'] == 'admin') {
// Cannot delete admin group
return 102;
} else {
if (OC_Group::deleteGroup($parameters['groupid'])) {
return 100;
} else {
return 103;
}
}
}
}
/**
* @brief Add a user to a group
* @param $uid Name of the user to add to group
* @param $gid Name of the group in which add the user
* @returns true/false
*
* Adds a user to a group.
*/
public static function addToGroup($uid, $gid)
{
// Does the user exist?
if (!OC_User::userExists($uid)) {
return false;
}
// Does the group exist?
if (!OC_Group::groupExists($gid)) {
return false;
}
// Go go go
$run = true;
OC_Hook::emit("OC_Group", "pre_addToGroup", array("run" => &$run, "uid" => $uid, "gid" => $gid));
if ($run && self::$_backend->addToGroup($uid, $gid)) {
OC_Hook::emit("OC_Group", "post_addToGroup", array("uid" => $uid, "gid" => $gid));
return true;
} else {
return false;
}
}
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$success = true;
$username = $_POST["username"];
$group = $_POST["group"];
if ($username == OC_User::getUser() && $group == "admin" && OC_User::isAdminUser($username)) {
$l = OC_L10N::get('core');
OC_JSON::error(array('data' => array('message' => $l->t('Admins can\'t remove themself from the admin group'))));
exit;
}
if (!OC_User::isAdminUser(OC_User::getUser()) && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
$l = OC_L10N::get('core');
OC_JSON::error(array('data' => array('message' => $l->t('Authentication error'))));
exit;
}
if (!OC_Group::groupExists($group)) {
OC_Group::createGroup($group);
}
$l = OC_L10N::get('settings');
$error = $l->t("Unable to add user to group %s", $group);
$action = "add";
// Toggle group
if (OC_Group::inGroup($username, $group)) {
$action = "remove";
$error = $l->t("Unable to remove user from group %s", $group);
$success = OC_Group::removeFromGroup($username, $group);
$usersInGroup = OC_Group::usersInGroup($group);
if (count($usersInGroup) == 0) {
OC_Group::deleteGroup($group);
}
} else {
/**
* creates a unique name for internal ownCloud use for groups. Don't call it directly.
* @param string $name the display name of the object
* @return string with with the name to use in ownCloud or false if unsuccessful.
*
* Instead of using this method directly, call
* createAltInternalOwnCloudName($name, false)
*
* Group names are also used as display names, so we do a sequential
* numbering, e.g. Developers_42 when there are 41 other groups called
* "Developers"
*/
private function _createAltInternalOwnCloudNameForGroups($name)
{
$query = \OCP\DB::prepare('
SELECT `owncloud_name`
FROM `' . $this->getMapTable(false) . '`
WHERE `owncloud_name` LIKE ?
');
$usedNames = array();
$res = $query->execute(array($name . '_%'));
while ($row = $res->fetchRow()) {
$usedNames[] = $row['owncloud_name'];
}
if (!$usedNames || count($usedNames) === 0) {
$lastNo = 1;
//will become name_2
} else {
natsort($usedNames);
$lastName = array_pop($usedNames);
$lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
}
$altName = $name . '_' . strval($lastNo + 1);
unset($usedNames);
$attempts = 1;
while ($attempts < 21) {
// Check to be really sure it is unique
// while loop is just a precaution. If a name is not generated within
// 20 attempts, something else is very wrong. Avoids infinite loop.
if (!\OC_Group::groupExists($altName)) {
return $altName;
}
$altName = $name . '_' . ($lastNo + $attempts);
$attempts++;
}
return false;
}
public function checkPassword($uid, $password)
{
if (!$this->db_conn) {
$this->connectdb();
}
if (!$this->db_conn) {
return false;
}
$query = 'SELECT user_login, user_pass FROM ' . self::$params['wordpress_db_prefix'] . 'users WHERE user_login = "******"', '""', $uid) . '"';
$query .= ' AND user_status = 0';
$result = $this->wp_instance->db->query($query);
if ($result && mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
$hash = $row['user_pass'];
$normalize_path = str_replace('\\', '/', OC_APP::getAppPath('user_wordpress'));
$path_array = explode('/', $normalize_path);
array_pop($path_array);
$app_folder = array_pop($path_array);
OC::$CLASSPATH['OC_wordpress'] = $app_folder . '/lib/wordpress.class.php';
require_once $app_folder . '/user_wordpress/class-phpass.php';
$wp_hasher = new WPPasswordHash(8, TRUE);
$check = $wp_hasher->CheckPassword($password, $hash);
if ($check === true) {
// Make sure the user is in the wordpress_global_group
if (self::$params['wordpress_global_group'] != '') {
if (!OC_Group::groupExists(self::$params['wordpress_global_group'])) {
OC_Group::createGroup(self::$params['wordpress_global_group']);
}
$UserblogsIds = $this->wp_instance->getUserblogsIds($uid);
if (empty($UserblogsIds)) {
// remove from group if current user has no access to Wordpress blog/site with the same role name.
OC_Group::removefromGroup($uid, self::$params['wordpress_global_group']);
} else {
OC_Group::addToGroup($uid, self::$params['wordpress_global_group']);
}
}
$this->setUserInfos($uid);
return $row['user_login'];
}
}
return false;
}
/**
* @brief Add a user to a group
* @param string $uid Name of the user to add to group
* @param string $gid Name of the group in which add the user
* @return bool
*
* Adds a user to a group.
*/
public static function addToGroup($uid, $gid)
{
// Does the group exist?
if (!OC_Group::groupExists($gid)) {
return false;
}
// Go go go
$run = true;
OC_Hook::emit("OC_Group", "pre_addToGroup", array("run" => &$run, "uid" => $uid, "gid" => $gid));
if ($run) {
$success = false;
//add the user to the all backends that have the group
foreach (self::$_usedBackends as $backend) {
if (!$backend->implementsActions(OC_GROUP_BACKEND_ADD_TO_GROUP)) {
continue;
}
if ($backend->groupExists($gid)) {
$success |= $backend->addToGroup($uid, $gid);
}
}
if ($success) {
OC_Hook::emit("OC_User", "post_addToGroup", array("uid" => $uid, "gid" => $gid));
}
return $success;
} else {
return false;
}
}
private static function update_groups($uid, $groups, $protectedGroups = array(), $just_created = false)
{
if (!$just_created) {
$old_groups = OC_Group::getUserGroups($uid);
foreach ($old_groups as $group) {
if (!in_array($group, $protectedGroups) && !in_array($group, $groups)) {
// This does not affect groups from user_group_admin
OC_Group::removeFromGroup($uid, $group);
OC_Log::write('saml', 'Removed "' . $uid . '" from the group "' . $group . '"', OC_Log::DEBUG);
}
}
}
foreach ($groups as $group) {
if (preg_match('/[^a-zA-Z0-9 _\\.@\\-\\/]/', $group)) {
OC_Log::write('saml', 'Invalid group "' . $group . '", allowed chars "a-zA-Z0-9" and "_.@-/" ', OC_Log::DEBUG);
} else {
if (!OC_Group::inGroup($uid, $group)) {
if (!OC_Group::groupExists($group)) {
if (OCP\App::isEnabled('user_group_admin')) {
OC_User_Group_Admin_Util::createHiddenGroup($group);
} else {
OC_Group::createGroup($group);
}
OC_Log::write('saml', 'New group created: ' . $group, OC_Log::DEBUG);
}
if (OCP\App::isEnabled('user_group_admin')) {
OC_User_Group_Admin_Util::addToGroup($uid, $group);
} else {
OC_Group::addToGroup($uid, $group);
}
OC_Log::write('saml', 'Added "' . $uid . '" to the group "' . $group . '"', OC_Log::DEBUG);
}
}
}
}
public function groupExists($group)
{
return OC_Group::groupExists($group);
}
exit;
}
if ($idtype == 'event' && !OC_Calendar_App::getEventObject($id)) {
OCP\JSON::error(array('message' => 'permission denied'));
exit;
}
$sharewith = $_GET['sharewith'];
$sharetype = strip_tags($_GET['sharetype']);
switch ($sharetype) {
case 'user':
case 'group':
case 'public':
break;
default:
OCP\JSON::error(array('message' => 'unexspected parameter'));
exit;
}
if ($sharetype == 'user' && !OCP\User::userExists($sharewith)) {
OCP\JSON::error(array('message' => 'user not found'));
exit;
} elseif ($sharetype == 'group' && !OC_Group::groupExists($sharewith)) {
OCP\JSON::error(array('message' => 'group not found'));
exit;
}
$success = OC_Calendar_Share::unshare(OCP\USER::getUser(), $sharewith, $sharetype, $id, $idtype == 'calendar' ? OC_Calendar_Share::CALENDAR : OC_Calendar_Share::EVENT);
if ($success) {
OCP\JSON::success();
} else {
OCP\JSON::error(array('message' => 'can not unshare'));
exit;
}
/**
* Generate a string to be used for searching for uid_shared_with that handles both users and groups
* @param $uid (Optional) The uid to get the user groups for, a gid to get the users in a group, or if not set the current user
* @return An IN operator as a string
*/
private static function getUsersAndGroups($uid = null)
{
$in = " IN(";
if (isset($uid) && OC_Group::groupExists($uid)) {
$users = OC_Group::usersInGroup($uid);
foreach ($users as $user) {
// Add a comma only if the the current element isn't the last
if ($user !== end($users)) {
$in .= "'" . $user . "@" . $uid . "', ";
} else {
$in .= "'" . $user . "@" . $uid . "'";
}
}
} else {
if (isset($uid)) {
// TODO Check if this is necessary, only constructor needs it as IN. It would be better for other queries to just return =$uid
$in .= "'" . $uid . "'";
$groups = OC_Group::getUserGroups($uid);
foreach ($groups as $group) {
$in .= ", '" . $uid . "@" . $group . "'";
}
} else {
$uid = OC_User::getUser();
$in .= "'" . $uid . "'";
$groups = OC_Group::getUserGroups($uid);
foreach ($groups as $group) {
$in .= ", '" . $uid . "@" . $group . "'";
}
}
}
$in .= ", '" . self::PUBLICLINK . "'";
$in .= ")";
return $in;
}
<?php
/**
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
$l = new OC_l10n('collaboration');
OC::$CLASSPATH['OC_Collaboration_Project'] = 'collaboration/lib/projects.php';
OC::$CLASSPATH['OC_Collaboration_Post'] = 'collaboration/lib/posts.php';
OC::$CLASSPATH['OC_Collaboration_Time'] = 'collaboration/lib/time.php';
OC::$CLASSPATH['OC_Collaboration_Comment'] = 'collaboration/lib/comments.php';
OC::$CLASSPATH['OC_Collaboration_Task'] = 'collaboration/lib/tasks.php';
OC::$CLASSPATH['OC_Collaboration_Mail'] = 'collaboration/lib/mail_templates.php';
OC::$CLASSPATH['OC_Collaboration_Hooks'] = 'collaboration/lib/hooks.php';
OC::$CLASSPATH['OC_Collaboration_Skillset'] = 'collaboration/lib/skillset.php';
OC::$CLASSPATH['OC_Collaboration_Report'] = 'collaboration/lib/reports.php';
OC::$CLASSPATH['OC_Collaboration_Calendar'] = 'collaboration/lib/calendar_support.php';
OC_Hook::connect('OC_User', 'post_deleteUser', 'OC_Collaboration_Hooks', 'notifyUserDeletion');
OC_Hook::connect('OCP\\Share', 'post_shared', 'OC_Collaboration_Hooks', 'notifyFileShare');
$gid = "Collaboration Admin";
if (!OC_Group::groupExists($gid)) {
OC_Group::createGroup($gid);
}
\OCP\App::addNavigationEntry(array('id' => 'collaboration', 'order' => 0, 'href' => \OCP\Util::linkToRoute('collaboration_route', array('rel_path' => '')), 'icon' => \OCP\Util::imagePath('collaboration', 'collaboration.svg'), 'name' => $l->t('Collaboration')));
/**
* @brief returns an internal ownCloud name for the given LDAP DN
* @param $dn the dn of the user object
* @param $ldapname optional, the display name of the object
* @param $isUser optional, wether it is a user object (otherwise group assumed)
* @returns string with with the name to use in ownCloud
*
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
*/
public function dn2ocname($dn, $ldapname = null, $isUser = true)
{
$table = $this->getMapTable($isUser);
if ($isUser) {
$fncFindMappedName = 'findMappedUser';
$nameAttribute = $this->connection->ldapUserDisplayName;
} else {
$fncFindMappedName = 'findMappedGroup';
$nameAttribute = $this->connection->ldapGroupDisplayName;
}
//let's try to retrieve the ownCloud name from the mappings table
$ocname = $this->{$fncFindMappedName}($dn);
if ($ocname) {
return $ocname;
}
//second try: get the UUID and check if it is known. Then, update the DN and return the name.
$uuid = $this->getUUID($dn);
if ($uuid) {
$query = \OCP\DB::prepare('
SELECT `owncloud_name`
FROM `' . $table . '`
WHERE `directory_uuid` = ?
');
$component = $query->execute(array($uuid))->fetchOne();
if ($component) {
$query = \OCP\DB::prepare('
UPDATE `' . $table . '`
SET `ldap_dn` = ?
WHERE `directory_uuid` = ?
');
$query->execute(array($dn, $uuid));
return $component;
}
}
if (is_null($ldapname)) {
$ldapname = $this->readAttribute($dn, $nameAttribute);
if (!isset($ldapname[0]) && empty($ldapname[0])) {
\OCP\Util::writeLog('user_ldap', 'No or empty name for ' . $dn . '.', \OCP\Util::INFO);
return false;
}
$ldapname = $ldapname[0];
}
$ldapname = $this->sanitizeUsername($ldapname);
//a new user/group! Then let's try to add it. We're shooting into the blue with the user/group name, assuming that in most cases there will not be a conflict. Otherwise an error will occur and we will continue with our second shot.
if ($isUser && !\OCP\User::userExists($ldapname) || !$isUser && !\OC_Group::groupExists($ldapname)) {
if ($this->mapComponent($dn, $ldapname, $isUser)) {
return $ldapname;
}
}
//doh! There is a conflict. We need to distinguish between users/groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this object is located.
$oc_name = $this->alternateOwnCloudName($ldapname, $dn);
if ($isUser && !\OCP\User::userExists($oc_name) || !$isUser && !\OC_Group::groupExists($oc_name)) {
if ($this->mapComponent($dn, $oc_name, $isUser)) {
return $oc_name;
}
}
//if everything else did not help..
\OCP\Util::writeLog('user_ldap', 'Could not create unique ownCloud name for ' . $dn . '.', \OCP\Util::INFO);
return false;
}
private static function ldap2ownCloudNames($ldapObjects, $isUsers)
{
if ($isUsers) {
$knownObjects = self::mappedUsers();
$nameAttribute = self::conf('ldapUserDisplayName');
} else {
$knownObjects = self::mappedGroups();
$nameAttribute = self::conf('ldapGroupDisplayName');
}
$ownCloudNames = array();
foreach ($ldapObjects as $ldapObject) {
$key = self::recursiveArraySearch($knownObjects, $ldapObject['dn']);
//everything is fine when we know the group
if ($key !== false) {
$ownCloudNames[] = $knownObjects[$key]['owncloud_name'];
continue;
}
//we do not take empty usernames
if (!isset($ldapObject[$nameAttribute]) || empty($ldapObject[$nameAttribute])) {
OCP\Util::writeLog('user_ldap', 'No or empty name for ' . $ldapObject['dn'] . ', skipping.', OCP\Util::INFO);
continue;
}
//a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict. But first make sure, that the display name contains only allowed characters.
$ocname = self::sanitizeUsername($ldapObject[$nameAttribute]);
if ($isUsers && !\OCP\User::userExists($ocname) || !$isUsers && !\OC_Group::groupExists($ocname)) {
if (self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
$ownCloudNames[] = $ocname;
continue;
}
}
//doh! There is a conflict. We need to distinguish between groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this entry is located.
$ocname = self::alternateOwnCloudName($ocname, $ldapObject['dn']);
if ($isUsers && !\OCP\User::userExists($ocname) || !$isUsers && !\OC_Group::groupExists($ocname)) {
if (self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
$ownCloudNames[] = $ocname;
continue;
}
}
//if everything else did not help..
OCP\Util::writeLog('user_ldap', 'Could not create unique ownCloud name for ' . $ldapObject['dn'] . ', skipping.', OCP\Util::INFO);
}
return $ownCloudNames;
}
function testMultiBackend()
{
$backend1 = new OC_Group_Dummy();
$backend2 = new OC_Group_Dummy();
OC_Group::useBackend($backend1);
OC_Group::useBackend($backend2);
$group1 = uniqid();
$group2 = uniqid();
OC_Group::createGroup($group1);
//groups should be added to the first registered backend
$this->assertEqual(array($group1), $backend1->getGroups());
$this->assertEqual(array(), $backend2->getGroups());
$this->assertEqual(array($group1), OC_Group::getGroups());
$this->assertTrue(OC_Group::groupExists($group1));
$this->assertFalse(OC_Group::groupExists($group2));
$backend1->createGroup($group2);
$this->assertEqual(array($group1, $group2), OC_Group::getGroups());
$this->assertTrue(OC_Group::groupExists($group1));
$this->assertTrue(OC_Group::groupExists($group2));
$user1 = uniqid();
$user2 = uniqid();
$this->assertFalse(OC_Group::inGroup($user1, $group1));
$this->assertFalse(OC_Group::inGroup($user2, $group1));
$this->assertTrue(OC_Group::addToGroup($user1, $group1));
$this->assertTrue(OC_Group::inGroup($user1, $group1));
$this->assertFalse(OC_Group::inGroup($user2, $group1));
$this->assertFalse($backend2->inGroup($user1, $group1));
$this->assertFalse(OC_Group::addToGroup($user1, $group1));
$this->assertEqual(array($user1), OC_Group::usersInGroup($group1));
$this->assertEqual(array($group1), OC_Group::getUserGroups($user1));
$this->assertEqual(array(), OC_Group::getUserGroups($user2));
OC_Group::deleteGroup($group1);
$this->assertEqual(array(), OC_Group::getUserGroups($user1));
$this->assertEqual(array(), OC_Group::usersInGroup($group1));
$this->assertFalse(OC_Group::inGroup($user1, $group1));
}
private static function updateFolder($uid_shared_with)
{
if ($uid_shared_with != self::PUBLICLINK) {
if (OC_Group::groupExists($uid_shared_with)) {
$uid_shared_with = OC_Group::usersInGroup($uid_shared_with);
// Remove the owner from the list of users in the group
$uid_shared_with = array_diff($uid_shared_with, array(OCP\USER::getUser()));
} else {
if ($uid = strstr($uid_shared_with, '@', true)) {
$uid_shared_with = array($uid);
} else {
$uid_shared_with = array($uid_shared_with);
}
}
foreach ($uid_shared_with as $uid) {
$sharedFolder = $uid . '/files/Shared';
// Update mtime of shared folder to invoke a file cache rescan
$rootView = new OC_FilesystemView('/');
$rootView->touch($sharedFolder);
}
}
}
public function testMultiBackend()
{
$userBackend = new \Test\Util\User\Dummy();
\OC_User::getManager()->registerBackend($userBackend);
$backend1 = new OC_Group_Dummy();
$backend2 = new OC_Group_Dummy();
OC_Group::useBackend($backend1);
OC_Group::useBackend($backend2);
$group1 = $this->getUniqueID();
$group2 = $this->getUniqueID();
OC_Group::createGroup($group1);
//groups should be added to the first registered backend
$this->assertEquals(array($group1), $backend1->getGroups());
$this->assertEquals(array(), $backend2->getGroups());
$this->assertEquals(array($group1), OC_Group::getGroups());
$this->assertTrue(OC_Group::groupExists($group1));
$this->assertFalse(OC_Group::groupExists($group2));
$backend1->createGroup($group2);
$this->assertEquals(array($group1, $group2), OC_Group::getGroups());
$this->assertTrue(OC_Group::groupExists($group1));
$this->assertTrue(OC_Group::groupExists($group2));
$user1 = $this->getUniqueID();
$user2 = $this->getUniqueID();
$userBackend->createUser($user1, '');
$userBackend->createUser($user2, '');
$this->assertFalse(OC_Group::inGroup($user1, $group1));
$this->assertFalse(OC_Group::inGroup($user2, $group1));
$this->assertTrue(OC_Group::addToGroup($user1, $group1));
$this->assertTrue(OC_Group::inGroup($user1, $group1));
$this->assertFalse(OC_Group::inGroup($user2, $group1));
$this->assertFalse($backend2->inGroup($user1, $group1));
OC_Group::addToGroup($user1, $group1);
$this->assertEquals(array($user1), OC_Group::usersInGroup($group1));
$this->assertEquals(array($group1), OC_Group::getUserGroups($user1));
$this->assertEquals(array(), OC_Group::getUserGroups($user2));
OC_Group::deleteGroup($group1);
$this->assertEquals(array(), OC_Group::getUserGroups($user1));
$this->assertEquals(array(), OC_Group::usersInGroup($group1));
$this->assertFalse(OC_Group::inGroup($user1, $group1));
}
/**
* Gets an array of groups and will try to add the group to OC and then add the user to the groups.
*
*/
function update_groups($uid, $groups, $protected_groups = array(), $just_created = false)
{
if (!$just_created) {
$old_groups = OC_Group::getUserGroups($uid);
foreach ($old_groups as $group) {
if (!in_array($group, $protected_groups) && !in_array($group, $groups)) {
\OC_Group::removeFromGroup($uid, $group);
\OCP\Util::writeLog('cas', 'Removed "' . $uid . '" from the group "' . $group . '"', \OCP\Util::DEBUG);
}
}
}
foreach ($groups as $group) {
if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $group)) {
\OCP\Util::writeLog('cas', 'Invalid group "' . $group . '", allowed chars "a-zA-Z0-9" and "_.@-" ', \OCP\Util::DEBUG);
} else {
if (!\OC_Group::inGroup($uid, $group)) {
if (!OC_Group::groupExists($group)) {
\OC_Group::createGroup($group);
\OCP\Util::writeLog('cas', 'New group created: ' . $group, \OCP\Util::DEBUG);
}
\OC_Group::addToGroup($uid, $group);
\OCP\Util::writeLog('cas', 'Added "' . $uid . '" to the group "' . $group . '"', \OCP\Util::DEBUG);
}
}
}
}
/**
* Share an item with a user, group, or via private link
* @param string $itemType
* @param string $itemSource
* @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @param string $shareWith User or group the item is being shared with
* @param int $permissions CRUDS
* @param null $itemSourceName
* @throws \Exception
* @internal param \OCP\Item $string type
* @internal param \OCP\Item $string source
* @internal param \OCP\SHARE_TYPE_USER $int , SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @internal param \OCP\User $string or group the item is being shared with
* @internal param \OCP\CRUDS $int permissions
* @return bool|string Returns true on success or false on failure, Returns token on success for links
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null)
{
$uidOwner = \OC_User::getUser();
$sharingPolicy = \OC_Appconfig::getValue('core', 'shareapi_share_policy', 'global');
if (is_null($itemSourceName)) {
$itemSourceName = $itemSource;
}
// verify that the file exists before we try to share it
if ($itemType === 'file' or $itemType === 'folder') {
$path = \OC\Files\Filesystem::getPath($itemSource);
if (!$path) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the file does not exist';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
// Verify share type and sharing conditions are met
if ($shareType === self::SHARE_TYPE_USER) {
if ($shareWith == $uidOwner) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the user ' . $shareWith . ' is the item owner';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
if (!\OC_User::userExists($shareWith)) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the user ' . $shareWith . ' does not exist';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
if ($sharingPolicy == 'groups_only') {
$inGroup = array_intersect(\OC_Group::getUserGroups($uidOwner), \OC_Group::getUserGroups($shareWith));
if (empty($inGroup)) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the user ' . $shareWith . ' is not a member of any groups that ' . $uidOwner . ' is a member of';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
// Check if the item source is already shared with the user, either from the same owner or a different user
if ($checkExists = self::getItems($itemType, $itemSource, self::$shareTypeUserAndGroups, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing ' . $itemSourceName . ' failed, because this item is already shared with ' . $shareWith;
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
} else {
if ($shareType === self::SHARE_TYPE_GROUP) {
if (!\OC_Group::groupExists($shareWith)) {
$message = 'Sharing ' . $itemSourceName . ' failed, because the group ' . $shareWith . ' does not exist';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
if ($sharingPolicy == 'groups_only' && !\OC_Group::inGroup($uidOwner, $shareWith)) {
$message = 'Sharing ' . $itemSourceName . ' failed, because ' . $uidOwner . ' is not a member of the group ' . $shareWith;
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
// Check if the item source is already shared with the group, either from the same owner or a different user
// The check for each user in the group is done inside the put() function
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_GROUP, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a group share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing ' . $itemSourceName . ' failed, because this item is already shared with ' . $shareWith;
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
// Convert share with into an array with the keys group and users
$group = $shareWith;
$shareWith = array();
$shareWith['group'] = $group;
$shareWith['users'] = array_diff(\OC_Group::usersInGroup($group), array($uidOwner));
} else {
if ($shareType === self::SHARE_TYPE_LINK) {
if (\OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes') == 'yes') {
// when updating a link share
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_LINK, null, $uidOwner, self::FORMAT_NONE, null, 1)) {
// remember old token
$oldToken = $checkExists['token'];
$oldPermissions = $checkExists['permissions'];
//delete the old share
self::delete($checkExists['id']);
}
// Generate hash of password - same method as user passwords
if (isset($shareWith)) {
$forcePortable = CRYPT_BLOWFISH != 1;
$hasher = new \PasswordHash(8, $forcePortable);
$shareWith = $hasher->HashPassword($shareWith . \OC_Config::getValue('passwordsalt', ''));
} else {
// reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection
if ($checkExists && (int) $permissions !== (int) $oldPermissions) {
$shareWith = $checkExists['share_with'];
}
}
// Generate token
if (isset($oldToken)) {
$token = $oldToken;
} else {
$token = \OC_Util::generateRandomBytes(self::TOKEN_LENGTH);
}
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
if ($result) {
return $token;
} else {
return false;
}
}
$message = 'Sharing ' . $itemSourceName . ' failed, because sharing with links is not allowed';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
return false;
// } else if ($shareType === self::SHARE_TYPE_CONTACT) {
// if (!\OC_App::isEnabled('contacts')) {
// $message = 'Sharing '.$itemSource.' failed, because the contacts app is not enabled';
// \OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);
// return false;
// }
// $vcard = \OC_Contacts_App::getContactVCard($shareWith);
// if (!isset($vcard)) {
// $message = 'Sharing '.$itemSource.' failed, because the contact does not exist';
// \OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);
// throw new \Exception($message);
// }
// $details = \OC_Contacts_VCard::structureContact($vcard);
// // TODO Add ownCloud user to contacts vcard
// if (!isset($details['EMAIL'])) {
// $message = 'Sharing '.$itemSource.' failed, because no email address is associated with the contact';
// \OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);
// throw new \Exception($message);
// }
// return self::shareItem($itemType, $itemSource, self::SHARE_TYPE_EMAIL, $details['EMAIL'], $permissions);
} else {
// Future share types need to include their own conditions
$message = 'Share type ' . $shareType . ' is not valid for ' . $itemSource;
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
}
// If the item is a folder, scan through the folder looking for equivalent item types
// if ($itemType == 'folder') {
// $parentFolder = self::put('folder', $itemSource, $shareType, $shareWith, $uidOwner, $permissions, true);
// if ($parentFolder && $files = \OC\Files\Filesystem::getDirectoryContent($itemSource)) {
// for ($i = 0; $i < count($files); $i++) {
// $name = substr($files[$i]['name'], strpos($files[$i]['name'], $itemSource) - strlen($itemSource));
// if ($files[$i]['mimetype'] == 'httpd/unix-directory'
// && $children = \OC\Files\Filesystem::getDirectoryContent($name, '/')
// ) {
// // Continue scanning into child folders
// array_push($files, $children);
// } else {
// // Check file extension for an equivalent item type to convert to
// $extension = strtolower(substr($itemSource, strrpos($itemSource, '.') + 1));
// foreach (self::$backends as $type => $backend) {
// if (isset($backend->dependsOn) && $backend->dependsOn == 'file' && isset($backend->supportedFileExtensions) && in_array($extension, $backend->supportedFileExtensions)) {
// $itemType = $type;
// break;
// }
// }
// // Pass on to put() to check if this item should be converted, the item won't be inserted into the database unless it can be converted
// self::put($itemType, $name, $shareType, $shareWith, $uidOwner, $permissions, $parentFolder);
// }
// }
// return true;
// }
// return false;
// } else {
// Put the item into the database
return self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, null, $itemSourceName);
// }
}
/**
* Share an item with a user, group, or via private link
* @param string $itemType
* @param string $itemSource
* @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @param string $shareWith User or group the item is being shared with
* @param int $permissions CRUDS
* @param string $itemSourceName
* @param \DateTime $expirationDate
* @return boolean|string Returns true on success or false on failure, Returns token on success for links
* @throws \Exception
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null)
{
$uidOwner = \OC_User::getUser();
$shareWithinGroupOnly = self::shareWithGroupMembersOnly();
$l = \OC_L10N::get('lib');
if (is_null($itemSourceName)) {
$itemSourceName = $itemSource;
}
// check if file can be shared
if ($itemType === 'file' or $itemType === 'folder') {
$path = \OC\Files\Filesystem::getPath($itemSource);
// verify that the file exists before we try to share it
if (!$path) {
$message = 'Sharing %s failed, because the file does not exist';
$message_t = $l->t('Sharing %s failed, because the file does not exist', array($itemSourceName));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR);
throw new \Exception($message_t);
}
// verify that the user has share permission
if (!\OC\Files\Filesystem::isSharable($path)) {
$message = 'You are not allowed to share %s';
$message_t = $l->t('You are not allowed to share %s', array($itemSourceName));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
//verify that we don't share a folder which already contains a share mount point
if ($itemType === 'folder') {
$path = '/' . $uidOwner . '/files' . \OC\Files\Filesystem::getPath($itemSource) . '/';
$mountManager = \OC\Files\Filesystem::getMountManager();
$mounts = $mountManager->findIn($path);
foreach ($mounts as $mount) {
if ($mount->getStorage()->instanceOfStorage('\\OCA\\Files_Sharing\\ISharedStorage')) {
$message = 'Sharing "' . $itemSourceName . '" failed, because it contains files shared with you!';
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message);
}
}
}
// single file shares should never have delete permissions
if ($itemType === 'file') {
$permissions = (int) $permissions & ~\OCP\PERMISSION_DELETE;
}
// Verify share type and sharing conditions are met
if ($shareType === self::SHARE_TYPE_USER) {
if ($shareWith == $uidOwner) {
$message = 'Sharing %s failed, because the user %s is the item owner';
$message_t = $l->t('Sharing %s failed, because the user %s is the item owner', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
if (!\OC_User::userExists($shareWith)) {
$message = 'Sharing %s failed, because the user %s does not exist';
$message_t = $l->t('Sharing %s failed, because the user %s does not exist', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly) {
$inGroup = array_intersect(\OC_Group::getUserGroups($uidOwner), \OC_Group::getUserGroups($shareWith));
if (empty($inGroup)) {
$message = 'Sharing %s failed, because the user ' . '%s is not a member of any groups that %s is a member of';
$message_t = $l->t('Sharing %s failed, because the user %s is not a member of any groups that %s is a member of', array($itemSourceName, $shareWith, $uidOwner));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith, $uidOwner), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
// Check if the item source is already shared with the user, either from the same owner or a different user
if ($checkExists = self::getItems($itemType, $itemSource, self::$shareTypeUserAndGroups, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
} else {
if ($shareType === self::SHARE_TYPE_GROUP) {
if (!\OC_Group::groupExists($shareWith)) {
$message = 'Sharing %s failed, because the group %s does not exist';
$message_t = $l->t('Sharing %s failed, because the group %s does not exist', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly && !\OC_Group::inGroup($uidOwner, $shareWith)) {
$message = 'Sharing %s failed, because ' . '%s is not a member of the group %s';
$message_t = $l->t('Sharing %s failed, because %s is not a member of the group %s', array($itemSourceName, $uidOwner, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $uidOwner, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
// Check if the item source is already shared with the group, either from the same owner or a different user
// The check for each user in the group is done inside the put() function
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_GROUP, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a group share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
// Convert share with into an array with the keys group and users
$group = $shareWith;
$shareWith = array();
$shareWith['group'] = $group;
$shareWith['users'] = array_diff(\OC_Group::usersInGroup($group), array($uidOwner));
} else {
if ($shareType === self::SHARE_TYPE_LINK) {
$updateExistingShare = false;
if (\OC_Appconfig::getValue('core', 'shareapi_allow_links', 'yes') == 'yes') {
// when updating a link share
// FIXME Don't delete link if we update it
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_LINK, null, $uidOwner, self::FORMAT_NONE, null, 1)) {
// remember old token
$oldToken = $checkExists['token'];
$oldPermissions = $checkExists['permissions'];
//delete the old share
Helper::delete($checkExists['id']);
$updateExistingShare = true;
}
// Generate hash of password - same method as user passwords
if (!empty($shareWith)) {
$forcePortable = CRYPT_BLOWFISH != 1;
$hasher = new \PasswordHash(8, $forcePortable);
$shareWith = $hasher->HashPassword($shareWith . \OC_Config::getValue('passwordsalt', ''));
} else {
// reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection
if ($checkExists && (int) $permissions !== (int) $oldPermissions) {
$shareWith = $checkExists['share_with'];
}
}
if (\OCP\Util::isPublicLinkPasswordRequired() && empty($shareWith)) {
$message = 'You need to provide a password to create a public link, only protected links are allowed';
$message_t = $l->t('You need to provide a password to create a public link, only protected links are allowed');
\OC_Log::write('OCP\\Share', $message, \OC_Log::ERROR);
throw new \Exception($message_t);
}
if ($updateExistingShare === false && self::isDefaultExpireDateEnabled() && empty($expirationDate)) {
$expirationDate = Helper::calcExpireDate();
}
// Generate token
if (isset($oldToken)) {
$token = $oldToken;
} else {
$token = \OC_Util::generateRandomBytes(self::TOKEN_LENGTH);
}
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName, $expirationDate);
if ($result) {
return $token;
} else {
return false;
}
}
$message = 'Sharing %s failed, because sharing with links is not allowed';
$message_t = $l->t('Sharing %s failed, because sharing with links is not allowed', array($itemSourceName));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR);
throw new \Exception($message_t);
return false;
} else {
// Future share types need to include their own conditions
$message = 'Share type %s is not valid for %s';
$message_t = $l->t('Share type %s is not valid for %s', array($shareType, $itemSource));
\OC_Log::write('OCP\\Share', sprintf($message, $shareType, $itemSource), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
}
// Put the item into the database
return self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, null, $itemSourceName, $expirationDate);
}
/**
* creates a unique name for internal ownCloud use for groups. Don't call it directly.
* @param string $name the display name of the object
* @return string|false with with the name to use in ownCloud or false if unsuccessful.
*
* Instead of using this method directly, call
* createAltInternalOwnCloudName($name, false)
*
* Group names are also used as display names, so we do a sequential
* numbering, e.g. Developers_42 when there are 41 other groups called
* "Developers"
*/
private function _createAltInternalOwnCloudNameForGroups($name)
{
$usedNames = $this->groupMapper->getNamesBySearch($name . '_%');
if (!$usedNames || count($usedNames) === 0) {
$lastNo = 1;
//will become name_2
} else {
natsort($usedNames);
$lastName = array_pop($usedNames);
$lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
}
$altName = $name . '_' . strval($lastNo + 1);
unset($usedNames);
$attempts = 1;
while ($attempts < 21) {
// Check to be really sure it is unique
// while loop is just a precaution. If a name is not generated within
// 20 attempts, something else is very wrong. Avoids infinite loop.
if (!\OC_Group::groupExists($altName)) {
return $altName;
}
$altName = $name . '_' . ($lastNo + $attempts);
$attempts++;
}
return false;
}
/**
* Share an item with a user, group, or via private link
* @param string $itemType
* @param string $itemSource
* @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @param string $shareWith User or group the item is being shared with
* @param int $permissions CRUDS
* @param string $itemSourceName
* @param \DateTime $expirationDate
* @param bool $passwordChanged
* @return boolean|string Returns true on success or false on failure, Returns token on success for links
* @throws \OC\HintException when the share type is remote and the shareWith is invalid
* @throws \Exception
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null, $passwordChanged = null)
{
$backend = self::getBackend($itemType);
$l = \OC::$server->getL10N('lib');
if ($backend->isShareTypeAllowed($shareType) === false) {
$message = 'Sharing %s failed, because the backend does not allow shares from type %i';
$message_t = $l->t('Sharing %s failed, because the backend does not allow shares from type %i', array($itemSourceName, $shareType));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareType), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
$uidOwner = \OC_User::getUser();
$shareWithinGroupOnly = self::shareWithGroupMembersOnly();
if (is_null($itemSourceName)) {
$itemSourceName = $itemSource;
}
$itemName = $itemSourceName;
// check if file can be shared
if ($itemType === 'file' or $itemType === 'folder') {
$path = \OC\Files\Filesystem::getPath($itemSource);
$itemName = $path;
// verify that the file exists before we try to share it
if (!$path) {
$message = 'Sharing %s failed, because the file does not exist';
$message_t = $l->t('Sharing %s failed, because the file does not exist', array($itemSourceName));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
// verify that the user has share permission
if (!\OC\Files\Filesystem::isSharable($path)) {
$message = 'You are not allowed to share %s';
$message_t = $l->t('You are not allowed to share %s', [$path]);
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $path), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
//verify that we don't share a folder which already contains a share mount point
if ($itemType === 'folder') {
$path = '/' . $uidOwner . '/files' . \OC\Files\Filesystem::getPath($itemSource) . '/';
$mountManager = \OC\Files\Filesystem::getMountManager();
$mounts = $mountManager->findIn($path);
foreach ($mounts as $mount) {
if ($mount->getStorage()->instanceOfStorage('\\OCA\\Files_Sharing\\ISharedStorage')) {
$message = 'Sharing "' . $itemSourceName . '" failed, because it contains files shared with you!';
\OCP\Util::writeLog('OCP\\Share', $message, \OCP\Util::DEBUG);
throw new \Exception($message);
}
}
}
// single file shares should never have delete permissions
if ($itemType === 'file') {
$permissions = (int) $permissions & ~\OCP\Constants::PERMISSION_DELETE;
}
//Validate expirationDate
if ($expirationDate !== null) {
try {
/*
* Reuse the validateExpireDate.
* We have to pass time() since the second arg is the time
* the file was shared, since it is not shared yet we just use
* the current time.
*/
$expirationDate = self::validateExpireDate($expirationDate->format('Y-m-d'), time(), $itemType, $itemSource);
} catch (\Exception $e) {
throw new \OC\HintException($e->getMessage(), $e->getMessage(), 404);
}
}
// Verify share type and sharing conditions are met
if ($shareType === self::SHARE_TYPE_USER) {
if ($shareWith == $uidOwner) {
$message = 'Sharing %s failed, because you can not share with yourself';
$message_t = $l->t('Sharing %s failed, because you can not share with yourself', [$itemName]);
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if (!\OC_User::userExists($shareWith)) {
$message = 'Sharing %s failed, because the user %s does not exist';
$message_t = $l->t('Sharing %s failed, because the user %s does not exist', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly) {
$inGroup = array_intersect(\OC_Group::getUserGroups($uidOwner), \OC_Group::getUserGroups($shareWith));
if (empty($inGroup)) {
$message = 'Sharing %s failed, because the user ' . '%s is not a member of any groups that %s is a member of';
$message_t = $l->t('Sharing %s failed, because the user %s is not a member of any groups that %s is a member of', array($itemName, $shareWith, $uidOwner));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemName, $shareWith, $uidOwner), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
// Check if the item source is already shared with the user, either from the same owner or a different user
if ($checkExists = self::getItems($itemType, $itemSource, self::$shareTypeUserAndGroups, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_USER, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with user %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with user %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::ERROR);
throw new \Exception($message_t);
}
}
} else {
if ($shareType === self::SHARE_TYPE_GROUP) {
if (!\OC_Group::groupExists($shareWith)) {
$message = 'Sharing %s failed, because the group %s does not exist';
$message_t = $l->t('Sharing %s failed, because the group %s does not exist', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly && !\OC_Group::inGroup($uidOwner, $shareWith)) {
$message = 'Sharing %s failed, because ' . '%s is not a member of the group %s';
$message_t = $l->t('Sharing %s failed, because %s is not a member of the group %s', array($itemSourceName, $uidOwner, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $uidOwner, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
// Check if the item source is already shared with the group, either from the same owner or a different user
// The check for each user in the group is done inside the put() function
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_GROUP, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a group share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
// Convert share with into an array with the keys group and users
$group = $shareWith;
$shareWith = array();
$shareWith['group'] = $group;
$shareWith['users'] = array_diff(\OC_Group::usersInGroup($group), array($uidOwner));
} else {
if ($shareType === self::SHARE_TYPE_LINK) {
$updateExistingShare = false;
if (\OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_links', 'yes') == 'yes') {
// when updating a link share
// FIXME Don't delete link if we update it
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_LINK, null, $uidOwner, self::FORMAT_NONE, null, 1)) {
// remember old token
$oldToken = $checkExists['token'];
$oldPermissions = $checkExists['permissions'];
//delete the old share
Helper::delete($checkExists['id']);
$updateExistingShare = true;
}
if ($passwordChanged === null) {
// Generate hash of password - same method as user passwords
if (is_string($shareWith) && $shareWith !== '') {
self::verifyPassword($shareWith);
$shareWith = \OC::$server->getHasher()->hash($shareWith);
} else {
// reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection
if ($checkExists && (int) $permissions !== (int) $oldPermissions) {
$shareWith = $checkExists['share_with'];
}
}
} else {
if ($passwordChanged === true) {
if (is_string($shareWith) && $shareWith !== '') {
self::verifyPassword($shareWith);
$shareWith = \OC::$server->getHasher()->hash($shareWith);
}
} else {
if ($updateExistingShare) {
$shareWith = $checkExists['share_with'];
}
}
}
if (\OCP\Util::isPublicLinkPasswordRequired() && empty($shareWith)) {
$message = 'You need to provide a password to create a public link, only protected links are allowed';
$message_t = $l->t('You need to provide a password to create a public link, only protected links are allowed');
\OCP\Util::writeLog('OCP\\Share', $message, \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if ($updateExistingShare === false && self::isDefaultExpireDateEnabled() && empty($expirationDate)) {
$expirationDate = Helper::calcExpireDate();
}
// Generate token
if (isset($oldToken)) {
$token = $oldToken;
} else {
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS);
}
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName, $expirationDate);
if ($result) {
return $token;
} else {
return false;
}
}
$message = 'Sharing %s failed, because sharing with links is not allowed';
$message_t = $l->t('Sharing %s failed, because sharing with links is not allowed', array($itemSourceName));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName), \OCP\Util::DEBUG);
throw new \Exception($message_t);
} else {
if ($shareType === self::SHARE_TYPE_REMOTE) {
/*
* Check if file is not already shared with the remote user
*/
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_REMOTE, $shareWith, $uidOwner, self::FORMAT_NONE, null, 1, true, true)) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS);
list($user, $remote) = Helper::splitUserRemote($shareWith);
$shareWith = $user . '@' . $remote;
$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
$send = false;
if ($shareId) {
$send = self::sendRemoteShare($token, $shareWith, $itemSourceName, $shareId, $uidOwner);
}
if ($send === false) {
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
self::unshare($itemType, $itemSource, $shareType, $shareWith, $currentUser);
$message_t = $l->t('Sharing %s failed, could not find %s, maybe the server is currently unreachable.', array($itemSourceName, $shareWith));
throw new \Exception($message_t);
}
return $send;
} else {
// Future share types need to include their own conditions
$message = 'Share type %s is not valid for %s';
$message_t = $l->t('Share type %s is not valid for %s', array($shareType, $itemSource));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $shareType, $itemSource), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
}
}
// Put the item into the database
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, null, $itemSourceName, $expirationDate);
return $result ? true : false;
}
$file = $meta;
if ($file['mimetype'] == 'httpd/unix-directory') {
$itemType = 'folder';
} else {
$itemType = 'file';
}
if ($row['permissions'] == 0) {
$permissions = OCP\PERMISSION_READ | OCP\PERMISSION_SHARE;
} else {
$permissions = OCP\PERMISSION_READ | OCP\PERMISSION_UPDATE | OCP\PERMISSION_SHARE;
if ($itemType == 'folder') {
$permissions |= OCP\PERMISSION_CREATE;
}
}
$pos = strrpos($row['uid_shared_with'], '@');
if ($pos !== false && OC_Group::groupExists(substr($row['uid_shared_with'], $pos + 1))) {
$shareType = OCP\Share::SHARE_TYPE_GROUP;
$shareWith = substr($row['uid_shared_with'], 0, $pos);
if (isset($groupShares[$shareWith][$itemSource])) {
continue;
} else {
$groupShares[$shareWith][$itemSource] = true;
}
} else {
if ($row['uid_shared_with'] == 'public') {
$shareType = OCP\Share::SHARE_TYPE_LINK;
$shareWith = null;
} else {
$shareType = OCP\Share::SHARE_TYPE_USER;
$shareWith = $row['uid_shared_with'];
}
if (OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)) {
$groups[] = $group;
}
}
if (count($groups) == 0) {
$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
}
} else {
$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
}
}
$username = $_POST["username"];
$password = $_POST["password"];
// Does the group exist?
if (in_array($username, OC_User::getUsers())) {
OC_JSON::error(array("data" => array("message" => "User already exists")));
exit;
}
// Return Success story
try {
OC_User::createUser($username, $password);
foreach ($groups as $i) {
if (!OC_Group::groupExists($i)) {
OC_Group::createGroup($i);
}
OC_Group::addToGroup($username, $i);
}
OC_JSON::success(array("data" => array("username" => $username, "groups" => implode(", ", OC_Group::getUserGroups($username)))));
} catch (Exception $exception) {
OC_JSON::error(array("data" => array("message" => $exception->getMessage())));
}
$token = OC_Share::getTokenFromSource($path);
if ($path == $source) {
$item['privateLink'] = $token;
} else {
// If in parent folder, include a path parameter to get direct access to file
$item['privateLink'] = $token . '&path=' . str_replace('%2F', '/', str_replace('+', '%20', urlencode(substr($source, strlen($path)))));
}
} else {
// Check if uid_shared_with is a group
$pos = strrpos($uid_shared_with, '@');
if ($pos !== false) {
$gid = substr($uid_shared_with, $pos + 1);
} else {
$gid = false;
}
if ($gid && OC_Group::groupExists($gid)) {
// Include users in the group so the users can be removed from the list of people to share with
if ($path == $source) {
$group = array(array('gid' => $gid, 'permissions' => $rows[$i]['permissions'], 'users' => OC_Group::usersInGroup($gid), 'parentFolder' => false));
} else {
$group = array(array('gid' => $gid, 'permissions' => $rows[$i]['permissions'], 'users' => OC_Group::usersInGroup($gid), 'parentFolder' => basename($path)));
}
if (!isset($item['groups'])) {
$item['groups'] = $group;
} else {
if (is_array($item['groups'])) {
$gidExists = false;
$currentGroups = $item['groups'];
// Check if the group is already included
foreach ($currentGroups as $g) {
if ($g['gid'] == $gid) {
